architecture: add ztunnel.md #46472
architecture: add ztunnel.md #46472
Conversation
howardjohn
added
the
release-notes-none
istio-testing
added
the
size/L
|
/retest |
|
/retest |
|
|
||
| This document provides an overview of the architecture and design decisions around Ztunnel, the node-proxy component in ambient mode. | ||
|
|
||
| ## Background and motivation |
There was a problem hiding this comment.
I think it may help new folks if there was a bit more of a description of the ambient architecture, so they know where the ztunnel fits. This section motivates some of the reasoning, but when we get to the Goals section, I don't think it will be clear to new folks how it fits in. I think explaining the secure overlay and L7 enforcement layers may make it clearer--but perhaps there should just be a top-level doc in this directory that covers that...
I'm happy to suggest some edits or do a follow-on PR, if you agree.
|
|
||
| TODO: fill in implementation details of how redirection is actually implemented. | ||
|
|
||
| ## HBONE |
There was a problem hiding this comment.
This is all good information. But since sidecars also support HBONE, should we create a separate doc and then point to that from here?
There was a problem hiding this comment.
Thanks for writing this--it's helpful. I was a little surprised to see the file living here, since there's a separate repo for Ztunnel. Is the way to think about it that Ztunnel is something generic, and this is how Istio ambient uses it? Regardless, it may be useful to provide a pointer to the other repo in this doc to clarify where it lives.
howardjohn
force-pushed
the
arch/ztunnel
branch
from
7cede64
to
5dcc225
Compare
|
ping @istio/wg-networking-maintainers-pilot @istio/wg-networking-maintainers-ztunnel |
This introduces a new doc giving an overview of ztunnel. This is all around in various places, but spread out through like 20 design docs...