zengyuxing007
zengyuxing007
This problem does exist, and I reproduce it using 1.21.0-beta.1 in ambient mesh mode. The problem is that ztunnel is not forwarding the request and does not consider the pod...
@bleggett The root cause of this problem is that ztunnel does not have the workload information for the redis pod because istio determines that it is not ready, so it...
> Istio isn't supposed to elide the pod when it's not ready, only if it's not _running_. not sure if that is working incorrectly or what @howardjohn when a pod...
> If your init container wants to egress to the network before the pod is ready, the solution is probably to support port exclusions in ambient, so the init container...
rund? the latest Ambient traffic interception method, in-pod redirection, does not cover rund scenarios.
> @zengyuxing007 Can you elaborate on what a 'rund' scenario is? @rootsongjc [RunD](https://www.alibabacloud.com/blog/a-paper-on-rund-a-lightweight-secure-container-runtime-for-high-density-deployment-and-high-concurrency-startup-in-serverless-computing_599753) is an implementation of a secure container like[ kata container](https://katacontainers.io/) Because it's actually a mirco vm, inpod...
How can we ensure uninterrupted traffic for the business pods on this node when the ztunnel Pod undergoes a restart or update?
> > How can we ensure uninterrupted traffic for the business pods on this node when the ztunnel Pod undergoes a restart or update? > > This question is out...
Is it possible to dynamically update iptables scripts? iptables rules can be executed via pilot-agent, not by istio-cni. and ztunnel is the responsible call for triggering the iptables creation and...
> There is no pilot-agent running anywhere in ambient Yes , #49092 Just like this PR, we may be able to have something like pilot-agent.