Why Waypoint Proxy is not a Daemonset

I’m reading more about the ambient mesh and it looks really great, although one that is bugging me is why the waypoint proxy is not a daemonset. Why does ztunnel connect to an external pod outside the instance?

I primarily see below issues with it.

  • istiod could always have downtimes and still have very minimal impact to the actual traffic up to some duration. but with waypoint proxy it becomes a very critical component in the architecture, isn’t it better to reduce the risk by simply using it as a daemon set
  • cross az transfer costs would be very high
  • even without cross az transfer, network bandwidth as a resource is getting wasted just for L7 policy

Very much interested to learn more about the reasoning behind this :slight_smile: