Keith Mattix II
Keith Mattix II
@sridhargaddam thank you for this PR and for organizing it. I will get this on my list for review this week
> Considering this problem-space touches security, compliance, and packet flows I feel we should provide a very binary guarantee, even if it's for a temporary implementation, and disallow any holes...
> Could it be injected via a webhook, forcing the pod to restart and run the init container when added to the mesh? There is no event for a node...
I think what you're suggesting is feasible @aaronjwood, but I think this PR gets us to about the same place as a practical matter. Anybody installing a new CNI onto...
/test integ-ambient-mc
I added my thoughts here: https://github.com/istio/istio/pull/55149#issuecomment-2669135461
Succeeded by #39056
Yeah this totally makes sense to publish given Helm is our way forward. Can anyone from @istio/wg-environments-maintainers or @istio/wg-test-and-release-maintainers help out with next steps here? I'm happy to do whatever...
Use trustDomainAlias in meshconfig: https://istio.io/latest/docs/tasks/security/authorization/authz-td-migration/