Investigation/design for network traffic restrictions in ambient mode #1028
Assignees
Labels
design-doc
issue is for or requires a design doc
istio
Issues related to istio components / resources
Comments
mjnagel
added
istio
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related to #681
During initial investigations of istio ambient we discovered that traffic appears to primarily/exclusively flow through the ztunnel port. This seems to make some of our network policies not have an effect. We should ensure that we are able to provide the same restrictions around ingress/egress and make a design for how to do this with ambient.
Definition of done should be a design doc/proposal that ensures traffic lock down, considering these items in particular:
The text was updated successfully, but these errors were encountered: