We need to be able to configure a pod to use mixer with fail open / fail close, overriding the default.
Some pods require policy checks for security, others don't need any policy check.
Envoy metadata is passing annotations/labels to Pilot, and we can use this to fine tune settings for pods.
We may eventually express this in the Sidecar API, but we can start with using just an annotation.
We had a PR to also turn off policy check based on an annotation - not sure what happened to it.
We need to be able to configure a pod to use mixer with fail open / fail close, overriding the default.
Some pods require policy checks for security, others don't need any policy check.
Envoy metadata is passing annotations/labels to Pilot, and we can use this to fine tune settings for pods.
We may eventually express this in the Sidecar API, but we can start with using just an annotation.
We had a PR to also turn off policy check based on an annotation - not sure what happened to it.