Lin Sun
Lin Sun
Hi @ramaraochavali wanted to follow up to see if you have any concerns with adding the 3rd path - local UDS for workload cert (by istio-agent or spire or other)?...
Thanks John! Does this mean if the connection pooling timed out, and rerun the test, we could get 2 different other replicas? cc @pszeto
@pszeto reopen it as we would like to have feedback from you... can you pls let us if the behavior is acceptable given we know why it is only to...
check this out - https://istio.io/latest/docs/setup/install/external-controlplane/#set-up-a-gateway-in-the-external-cluster you can put istiod behind an istio gateway so the mutated webhook can use this new endpoint url via istio gateway Can you try this...
Note: i'm recommending this as I know this approach for other cloud providers when Istiod runs outside of cluster
@igor-nikiforov @obervinov - can you pls explore and let us know if you can expose mutating webhook server to istio ingress gw and use that approach instead in EKS?
Nice thank you @MartinKaburu and @KrisJohnstone for reporting back that updating firewall rules can fix this. are you still required to set hostNetwork to true or not for AWS cloud?...
Thanks @KrisJohnstone, sorry about typing firefox instead of firewall rules, it was on Sunday night. :-( Thank you for clarifying the issue is not with the default EKS CNI, but...
I don't think this can be closed yet. Based on the layer doc, I think user will have to manually modify the Authzpolicy to accommodate the newly deployed waypoint.