verify the compatibility with Istio

[freeznet]

No description provided.

[EronWright]

A link to the original Istio design doc, may be useful.

Some aspects to investigate:

1. Authorization polices allow for connectivity between pods in the mesh. What connections are to be allowed? e.g. function pod to broker.
2. Remember that function pods must not use the broker's Kubernetes service account or secrets.
3. All pods need to have a label service.istio.io/canonical-name with the name of the Function object or FunctionMesh object. This service name will become the 'source' traffic label in the Istio graph explorer. e.g. "function mesh X is sending traffic to Pulsar cluster Y".
4. if the function mesh has a Service, rename the ports to use the Istio naming convention.
5. Istio doesn't allow for init containers that perform network calls. Will this cause a problem?
6. Is there any pod to pod communication? Are requests made to a headless service or to a pod ip? (mTLS issues)
7. Does the operator have a webhook? one needs an exclusion rule like this.

Feel free to setup a meeting for discussion and clarification. This will help accelerate the project to meet the deadline. Most importantly we need a design doc.