Ilya Lobkov
Ilya Lobkov
- Generate new policy CRDs with `mesh` set as a `kuma.io/mesh` label. If label is missing, it will be added automatically by `defaulter` webhook. - Change defaulter webhook to potentially...
### Description Implement a new policy according to the [MeshTrafficPermission MADR](https://github.com/kumahq/kuma/blob/master/docs/madr/decisions/006-mesh-traffic-permission.md)
### Summary For some reason, if TLS Inspector is configured on the inbound unconditionally it's causing TCP Health check failures. ### Steps To Reproduce 1. Configure TLS Inspector on the...
## Problem We need DataplaneInsight to show DPP statuses with HA scenario (multiple Kuma CP instances). But users who need HA probably need a more robust and reliable way to...
### Summary Today locality aware load balancing is implemented using priorities - local=0, remote=1. We couldn't add [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) because it's not compatible with lb subsetting that was...
### Summary Today there are several places where it's known for sure there won't be any error when creating an object of a certain type: ```go res, _ := registry.Global().NewObject(resType)...
**What would you like to be added**: Change [conflict resolution](https://gateway-api.sigs.k8s.io/v1alpha2/references/policy-attachment/#conflict-resolution) rules to use **only** alphabetical order of "{namespace}/{name}". Stop using conflict resolution by "creationTimestamp". **Why this is needed**: Conflict resolution...
Signed-off-by: Ilya Lobkov ## Description ## Motivation and Context ## How Has This Been Tested? - [ ] Covered by existing integration testing - [ ] Added integration testing to...
## Overview Now we have `registration.json` file with spiffe entries that should be registered. Essentially this is simple mapping of ServiceAccount to SpiffeID. That's not really convenient way to manage...
## Overview Security for interdomain implemented in a really simple and naive way. We just share same RootCA between 2 clusters. Spire support `Federations` which allows workloads from one trust...