During initial testing of Istio ambient we encountered issues with Authservice protected applications and ended up using sidecars instead of ambient for these workloads. This issue should identify a path forward (design doc may be necessary) for how we utilize Authservice in an ambient mesh.
3 potential solutions:
Ambient configuration, no other resources required (this did not appear to work when testing initially)
Ambient + Waypoint proxies
Sidecar mode (i.e. these workloads would not be part of the ambient mesh)
The design should consider functionality first, but also management of resources via the operator.
During initial testing of Istio ambient we encountered issues with Authservice protected applications and ended up using sidecars instead of ambient for these workloads. This issue should identify a path forward (design doc may be necessary) for how we utilize Authservice in an ambient mesh.
3 potential solutions:
The design should consider functionality first, but also management of resources via the operator.