Open c0c0n3 opened 4 years ago
This blog post:
https://istio.io/blog/2018/egress-monitoring-access-control/
seems to hint that in principle we should be able to have the adapter intercept outbound requests ...
PR #25 implements a stopgap solution. The various sore points listed there mean in general we're better off replacing PR #25's implementation with the one outlined in istio/istio#20602, if possible. If it turns out it can't be done, then we'll have to deal with the shortcomings of #25. But notice that if we move the whole adapter DAPS config to K8s secret volumes (not just the keys), most of those sore points will be non-issues. See #15.
So it doesn't look like there's a better solution to this, at least not for Istio 1.4 whereas from 1.5 onwards it can be done relatively easily with WASM, see what the Istio guys replied on 4 Aug 2020.
See: https://github.com/istio/istio/issues/20602