Keith Mattix II
Keith Mattix II
/test release-notes
/cherry-pick release-1.27
NetworkPolicy is implemented by your CNI, not by ambient. For workloads in the mesh, use [AuthorizationPolicy](https://istio.io/latest/docs/reference/config/security/authorization-policy/) to set your allow and deny rules. You can read more details [here](https://istio.io/latest/docs/ambient/usage/networkpolicy/). Hope...
Fair warning that you'll still run into issues since the communication between ztunnel and istio-cni is still over a single, shared unix domain socket on the host (last I checked...
I'm curious if we can augment the existing subsets in DR to have this functionality
It sounds like the ask is to failover to a different `Service`/envoy cluster; IIUC, failover priority just sorts endpoints within a single cluster
@MorrisLaw if you look at the Envoy docs I linked; notice how there's a stateful formatter added to the listener and the cluster? For proxies that have this proxyconfig field...
Can someone provide more information about the use-case for different discoverySelectors per revision?
Do you have apparmor enabled on your nodes?
Hm, I think this is actually a different issue than what we fixed; this error is a binary copy but what we were seeing in other issues was due to...