Steven Landow

cc @costinm, can you recommend a replacement resource?

Networking tests still using RequireSingleCluster are both testing different install approaches (operator, helm). They would each involve re-implementing the logic for installing cacerts, pushing secrets, etc. Things that have RequireMultiPrimary:...

It does bring up a question of how we can prevent one case we didn't predict basically taking a node out of commission. I'm sure we've talked about that before....

Tested with `kubectl --namespace twopods-istio exec fortioclient-5d4db69df6-5sxdv -- fortio load -jitter=False -c 2 -qps 1000 -t 240s -a -r 0.001 -grpc -ping -httpbufferkb=128 -labels 01565ec6_qps_1000_c_2_1024_v2-stats-nullvm_both -payload-size 1024 xds:///fortioserver.twopods-istio.svc.cluster.local:8079`

Everything is still fully backwards compatible. You need both the env and the scheme to actually utilize XDS.

I don't know about porting too much of this. The general approach is ok, but the corner detection breaks down when we have vertices really close together. ![Screenshot from 2020-10-02...

I have a very work in progress prototype that uses PROXY protocol to inform the Waypoint of: * Source/Destination address (part of PROXY natively) * Identity. Currently very hacky, just...

The zTunnel code required to enable this is here. It needs some cleanup for sure, but it's functional. https://github.com/istio/ztunnel/pull/789 I am just switching the control plane code _away_ from using...

The biggest open questions are: * Secure naming. How can the waypoint use it's outbound zTunnel to ensure the remote presents the expected identity. * Getting metadata from the waypoint...

@zengyuxing007 slightly different [ sleep -> ztunnel ] -> [ ztunnel -> waypoint for httpbin -> **ztunnel again, outbound** ] -> [ ztunnel **inbound** -> httpbin]