Faseela K
Faseela K
/test integ-distroless
@ericvn just created the issue, so that this can be tracked and fixed.
> Doesn't Sidecar scoping handle this? > > In multitenant situations I would imagine its typical to not actually have _permission_ to read from all namespaces? @howardjohn sidecar scoping solves...
> @kfaseela Gateways have namespace scoping options already: PILOT_SCOPE_GATEWAY_TO_NAMESPACE or use new Kubernetes Gateway API which has this as default Would try this end to end along with sidecar scoping...
> Great, one selector makes much sense to me Great! thanks @hzxuzhonghu @howardjohn : 1 selector is good enough for us as well!
Thanks @RiverPhillips ! Hope you changed the cargo version to 0.14.1 as the steps I pointed to was a bit older one with version 0.12
> > should we expand the integ tests to cover the improvements > > Yes, about the integ tests to cover the improvements, and you mentioned the [external test](https://github.com/istio/istio/pull/39986#issuecomment-1218236681), I...
@howardjohn any comments? Though the current feature is extremely useful and helps us get rid of the envoy filter we have been using so far, the need to explicitly disable...
mTLS "or" TLS on the same port, "without" the need of explicit peerAuth disable would be good enough(if that is easier to achieve). Like if we specify hybrid sidecar and...
> > For simplicity why cannot we make user-defined tls override istio tls? > > @hzxuzhonghu , I agree this would be the simplest approach. Basically TLS config on the...