-
-
Normally when I use kubectl to interact with shared/production clusters, I use credentials for a user with read-only permissions. But the user has the ability to impersonate a user with admin-level p…
-
See: https://istio.io/docs/tasks/telemetry/kiali/
-
(This is used to request new product features, please visit for questions on using Istio)
**Describe the feature request**
We use User Impersonation (https://kubernetes.io/docs/reference/access-a…
-
We should document for users how they can remove the webhook (which is not needed for sidecars) and turn off CRDs they don't need (Sidecar, etc)
---
Previous we had an idea about an "ambient only"…
-
### Is this the right place to submit this?
- [X] This is not a security vulnerability or a crashing bug
- [X] This is not a question about how to use Istio
### Bug Description
In our most b…
-
**Describe the feature request**
One of the most desirable features of a mesh network is being able to force all communication over that network to be mTLS. This is a hard requirement for many of our…
-
### Is this the right place to submit this?
- [X] This is not a security vulnerability or a crashing bug
- [X] This is not a question about how to use Istio
### Bug Description
In `serviceEntryHand…
-
**Is this a BUG or FEATURE REQUEST?:**
**Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?**: Yes
**Bug:**
Y
**What Vers…
-
**Describe the feature request**
Configure Ingress Gateway per [Envoy's best practices for the edge proxy](https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge):
```
overload…