Remix clone Hacker News

I didn't mean replace istio with cilium, I meant running the proxy and routing operations as shared part per node instead of per pod

▲

cyberpunk 2 hours ago | parent [-]

How does that even work with envoy? The magic sauce behind istio is that every connection is terminated using iptables into the envoy process (sidecar), and istiod spaffs envoy configurations around the place based on your vs/dr/pas/access controls etc.

I suppose you could have a giant envoy and have all the proxy-configs all mashed together but I really don't see any benefit to it? I can't even find documentation that says it's possible..

	▲	p_l 2 hours ago \| parent [-]
		Couldn't check all details yet, but from quick recap: It's called ambient mode, and uses separate L4 and L7 processing on ways that would be familiar to people who dealt with virtual network functions - and neither l4 nor l7 parts require sidecar