Comments (9)
multiple sidecars in same pod? Well, we could basically punt on it stating that there can be only one, unless someone is willing to setup some super fancy chaining.
Personally, if I were writing the app from scratch, i wouldn't bother running the init container for ip tables setup. Rather, i would just explicitly invoke the sidecar (depends on how you view the problem: enforcement or opt-in)
from pilot.
We want enforcement for security policies (auth especially). Currently, you can escape rules by setting PID, which is probably good enough for now.
from pilot.
We should also be prepared for scenarios where IPtables setup is not desired (in non kubernetes platforms). If this issue is being tracked for beta (Aug 31st), then support for another platform like CloudFoundry is definitely on the plate.
from pilot.
Is there an adopted specification how to address services and ports with an explicit proxy? Should we adopt linkerd convention and only support HTTP?
from pilot.
@smawson Should this still be part of 0.2 since it now resides in backlog?
from pilot.
This is probably irrelevant now since we have settled on the transparent proxy setup. A better issue would be to enable non transparent proxy in k8s
from pilot.
So should this be closed in favor of that epic?
from pilot.
This issue is orthogonal to the transparent proxy injection.
We need to leave it open and address it in 0.3. We need at a minimum to selectively capture traffic only for some of the container ports, opt-in or opt-out. Some of the other concerns from the description are also valid, but I see the selective capture as higher priority.
from pilot.
Issue moved to istio/istio #1428 via ZenHub
from pilot.
Related Issues (20)
- istioctl not defaulting ns to "default" HOT 1
- Sidecar injection with mutating webhooks HOT 4
- Tests :Sidecar injection with mutating webhooks HOT 3
- Istio injection is not working for modified Deployments. HOT 6
- Ingress with host network HOT 1
- Request Headers Route Rule with composite services does not work HOT 1
- handling service registry client errors HOT 3
- Redirecting all ingress http traffic to https HOT 1
- Relational database adapter for Pilot config store HOT 10
- Diego BBS adapter for Pilot platform data HOT 12
- bazel 0.7 - make setup fails with bazel error on macOS HOT 12
- Use readable cluster names in stats HOT 4
- Build fails on Intel for Istioctl(pilot) HOT 14
- destination.labels is ignored in weighted rule HOT 4
- fails to create mixer configs when namespace field is empty
- Compute Envoy config eagerly rather than on-demand HOT 33
- istioctl kube-inject doesn't work when my pod has 2 containers HOT 2
- Add a script to query pilot for proxy configurations HOT 1
- gRPC-web HOT 1
- How to access the external services when istio with sidecar injected. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pilot.