Evaluate if we can enable includeInboundPort by default #15834
Comments
|
@johnma14 could you do some investigation on this and report back? |
|
The feature is implemented in 1.3 and we are planning to enable it by default in master - the main gap is testing, in particular around security. @lambdai - can you link the current tests and docs / options ? |
|
@linsun This work has been captured under the PR's mentioned in this WI: #6259. The annotation was enabled by default in this PR: istio/installer#355. Closing this WI. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature request
A few of our users spent long time to debug istio issues this week where they had forgot to declare container port and mTLS doesn't work.
We need to identify gaps and additional automated test to ensure our newly added “traffic.sidecar.istio.io/includeInboundPorts” is working and can be enabled by default in 1.3 (or at least 1.4). Per release note of 1.2 (https://istio.io/about/notes/1.2/), this is a future direction the community would like to take anyway.
Describe alternatives you've considered
declare container port manually or add the includeInboundPort annotation mannually
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[x ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
cc @esnible @huang195 @rvennam @sdake @duderino
The text was updated successfully, but these errors were encountered: