Certain part of Nephio uses SRIOV and default Service Mesh might not work out of the box (Wim Henderickx )
We cannot enable Service Mesh blindly .. We might have to selectively enable for certain workloads.
Target Service Mesh for control plane services. Enable service mesh for "default" k8s network. VPC-RAN, VPC-Internal, VPC-Internet (data plane towards the Internet) k8s should not be used.
Service Mesh use for Management cluster
Communication channel between mgmt cluster and workload cluster needs to be secure. Currently mgmt cluster connects to worker cluster .. and not vice versa. Eventually we will need worker cluster to connect mgmt cluster in a secure way.
Consider dual stack and full IPv6/IPv4
Secrets Mgmt
Mgmt cluster to worker cluster connection uses secrets ... This could be the first step to target.
Secrets mgmt across multiple clusters
Every new repo created using gittea per worker cluster requires a token to be used... this token is pushed to the worker cluster.
Action items
Clomonitor PR to be raised to add LFN section (Ved)
Service Mesh Requirements (Shiv)
Secrets Mgmt flow for the identified scenarios (Anurag)
