Keith Mattix II
Keith Mattix II
+1 to this direction; when dualstack was more experimental in k8s (and istio) I think this layout made more sense, but I think it's time.
The use-case seems compelling, but I echo @ramaraochavali's question re: the API. Feels like this would need to apply to DR or ServiceEntry or something
Wait: clarifying question - are you trying to change how a sidecar talks to the k8s api server or how istiod talks to k8s api server? If the former, then...
Yeah something like that should work since you're sending your apiserver requests through a gateway. You're right you don't need a ServiceEntry; I was confused about the scenario. The reason...
That's honestly probably reasonable behavior based on the spec reference linked in #53239
Posting the current understanding here: https://github.com/istio/istio/issues/54988#issuecomment-2734863883 As @howardjohn said, the easiest fix is to remove the duplicate config
/assign @candita @whitneygriffith
> Isn't there another out of band metadata exchange channel? There is for ambient (WDS), but still not sure that gets you what you want.
Those static policies shouldn't be attached; I'll send a Pr
Ok so for this to work, we either need to merge in the control plane or in ztunnel. The WDS implementation makes the former a bit difficult,but I don't love...