Keith Mattix II

icon indicating an email [email protected]

icon company @microsoft icon location Dallas, TX icon location Istio @ Microsoft

Results 442 comments of Keith Mattix II

Istio wild card egress rule for Azure service bus common host: "www.servicebus.windows.net" not working

First, upgrade your istioctl version so that it'll be compatible with recent versions. Then run: `istioctl pc log POD_NAME --level debug`

envoy: use upstream http filter for metadata

Not stale

envoy: use upstream http filter for metadata

@kyessenov do you need some help picking this back up?

Support multiple outbound ports instead of only one 15001 to avoid local source port exhaustion

Multiple outbound ports is tricky due to our iptables rules....are you saying the sidecar isn't reusing/pooling connections to the same 5-tuple?

Running MQ on AKS we expose UI and was able to connect to it and test using port-forward. We use Istio to handle routing and TLS, and when trying to expose the UI via Istio we’re seeing “upstream connect error or disconnect/reset before headers. reset reason: connection termination”

Are you injecting sidecars in your application or your MQ instances? Do you have logs you can share?

Running MQ on AKS we expose UI and was able to connect to it and test using port-forward. We use Istio to handle routing and TLS, and when trying to expose the UI via Istio we’re seeing “upstream connect error or disconnect/reset before headers. reset reason: connection termination”

Are your clients connecting through an istio ingress gateway? What's the request flow?

Ordering of WasmPlugin and AuthorizationPolicy

> My recommendation is to rationalize the extension ordering in a consistent way, that is not tied to the current inadequate Istio implementation I agree with this, but is it...

Ordering of WasmPlugin and AuthorizationPolicy

I am also happy to help if more hands are needed :)

Need doc on authorization policy

I can probably tackle/repurpose the L4 authZ policy doc. It may also be helpful to have a doc about how to reason about authorization generally in Ambient

Multicluster documentation uses the operator installation model

You should be able to use `networkGateway` in the gateway helm chart to configure an eastwest gateway