steeling

With the new split of MeshCatalog, compute.Interface, and k8s.Client, there is no need to have an interface for the MeshCatalog. The MeshCatalog strictly contains business logic, with no actual API...

as part of the helm chart. Optional: it would be nice if the mc-tunnel used a custom image, to abstract that we are using a plain sidecar. This gives us...

This can be done with existence of a meshed serviceexport, or the MeshedCluster property. We can either create/delete the deployment, or scale down to 0 replicas, but we need to...

Having the validating and mutating webhook on the same binary, helps keep versions coupled. This is a task to simply move the validating webhook from the osm-controller to the osm-injector.

Rollbacks are currently unsupported in OSM. There's a lot of ways to accomplish this. The main tasks are: 1. Roll-forward only CRD's 2. Execute any special commands necessary to restore...

What portions of our release can we automate? Automation not only makes our jobs easier, but removes the possibility for human error. For instance in the last release we introduced...

remove the k8s.Controller and kubernetes.Interface from pkg/ingress.client, in favor of the compute.Interface, and switch usage of update/delete/get/list Secret to the new secret methods.

Configure the mc-tunnel's envoy configs, this should be a single inbound-listener (no outbound listener required) that uses the tls-inspector to forward to the in-cluster service.

Should we add an additional listener here? This will reduce performance impact on in-cluster requests, but will require some iptable updates

Configure the outbound listener to watch the clusterset.local services and forward to the appropriate endpoints.