steeling
steeling
I think it's much simpler to reason about if we have a single location for dispatching proxy events. We can publish on multiple topics simultaneously, so we should be able...
Multiple CI runs is an interesting case, although I'd imagine that applies to us more so than to customers? If so, it seems like what we have with KIND is...
> These are all really good points. From my perspective, we have three options here: > > 1. Keep the underlying multi-mesh code as-is and remove the user experience from...
Note that this is currently possible by integrating with OPA https://github.com/openservicemesh/osm/issues/1874
Maybe not long term, but getting data on if this unblocks people would be good. I’d be hesitant to prioritize this until we explicitly here that folks can’t use OPA
No this would be separate. We can create a new issue for custom trust domains, I don't believe that's currently captured
So right now custom trust domains leave an awkward story with respect to the webhooks, which require a certificate SAN of `..svc` So this would alleviate that issue for customers...
K8s requires that the SAN is of the form `..` This is a problem for users who are integrated with a PKI setup where they are required to leverage a...
https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#configure-admission-webhooks-on-the-fly