Adam Gilat
Adam Gilat
My use case is the same as any Istio controlled pod - traffic control, observability, and security. For example: - Controlling API-based traffic with RBAC (builds may call other infra...
/assign @mattmoor @ian-mi
Looking at the code - the reason seems to be that all build steps run as init containers, where `istio-proxy` is a "real" container. I guess this is a must...
@ImJasonH The main functionality we're interested is running builds for semi-trusted tenants. Basically the build-environment version of a multi-tenant cluster. For example, we might whitelist a certain tenant to access...
Sure, it's a big topic but here's the main points I can think of: - Network Access Control - k8s does this with NetworkPolicy (not really k8s, but CNI implementations...
@mattmoor hey, thanks for jumping in. About istio's auto-injection, I think Istio just ignores namespaces without the `istio-injection=enabled` label - so that should be good enough (but only if people...