Nathan Mittler
Nathan Mittler
Ping @costinm @liminw
@nrjpoddar that sounds right to me. @louiscryan can you confirm?
reassigning to @brian-avery who is taking over this work.
FYI @jeremyOT
> My initial gut reaction is that this feels too complicated. @smawson I don't entirely disagree. There were a few things that I was trying to fit into this, however:...
@smawson > We should discuss (2), I don't see why it requires the workload selectors on to and from. We don't have that today for cluster-local right? With MCS model...
@howardjohn > One thing we are looking into for the service-apis implementation is how to handle service/config import/export. Its possible we would want to define a separate policy in Istio...
@EronWright I have no idea, hence the issue :). This bug was effectively created to get someone to look at it and make that determination.
@myidpt I've submitted https://github.com/istio/istio.io/pull/8099 which updates only the `plugin CA` doc. I suspect you'll need to add more children to `Tasks->Security->Certificate Management`