Technology: istiod
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0104 Medium Impact: 8/10 Mitigation: 7/10 | Istio Ambient traffic fails with timed out waiting for workload from xds | Ztunnel must fetch pod workload info from Istiod over XDS before tunneling. If it doesn't receive a response within ~5s, it rejects the connection with: `timed out waiting for workload … from xds`. Intermittent XDS delays may indicate Istiod overload or misconfiguration (e.g. PILOT_DEBOUNCE_AFTER). | Istio Ambient Troubleshooting | istiod | IstioAmbientZtunnel |