►
From YouTube: Envoy Community Meeting - 2019-02-26
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
C
That's
me:
Greg
Anson,
I
work
with
IBM
and
Sto,
and
just
we're
trying
to
integrate
with
a
confident
that
is
limited
to
SAS,
on
SSL,
for
the
authentication
and
in
our
attempts
to
communicate
through
envoy,
to
like
a
broker
for
sending
and
receiving
messages.
We're
getting
a
HPE
invalid
method
and
envoy
access,
longs.
I
was
wondering
if
that
was
related
to
any
of
the
work.
That's
ongoing
with
the
Kafka
support.
I
know,
there's
a
pull
request
and
an
item
tracking
the
work.
Yes.
D
There's
there's
no
Kafka
support
in
envoy
today,
so
there's
no
Sasso
support.
There's
there's
nothing!
Okay,
so
you
know,
if
that's
interesting
to
you,
I
would
I
would
recommend
hopping
in
and
potentially
helping
out.
I
think
we
have
a
good
plan
forward
of
how
to
how
to
move
that
PR
forward.
I,
don't
know
what
the
timeline
it
status
is,
but
we're
at
the
point
now,
where
we've
gone
through
a
bunch
of
iterations,
the
Kafka
folks
have
nicely
just
they
have
like
a
JSON
version
of
their
protocol
so
that
we
can
auto
generate
the
various
classes.
D
C
Well,
no,
that's
great!
It
just
means
that
yeah,
that's
the
PR
that
I
should
be
watching
and
possibly
the
person
I
should
be
badgering
regarding
tassel
support,
but
no
thanks.
That's
that
answers
my
question
so.
B
D
C
E
Hi
this
is
Lynn
and
the
reason
we
are
kind
of
asking
this
is
it's
interesting.
We
actually
find
a
blog,
probably
more
than
one
block
out
there
out
there,
people
actually
using
gke,
and
then
they
were
using
Kafka
I
think
they
were
using
confluence
as
an
example,
so
they
were
able
to
create
service
entry
to
access
confluence,
which
runs
outside
of
the
mesh
and
then
use
this
entry
and
I
believe
they
were
using
TLS
protocol
as
part
of
their
service
entry.
E
So
I
was
so
we
we
know
our
envoy
doesn't
support
sassy,
but
I
guess
we
were
trying
to
understand
what,
if
we
config
to
use
our
TLS
to
access
Kafka,
which
is
external
of
nimesh,
would
envoy
to
allow
the
communication.
Why
would
people
actually
together
working
on
the
blog?
So
those
are
the
questions
we
have.
We
are
say
you
won't
get
any
of
the
intelligence
like
routing
metrics
feature
our
basic
connectivity,
important.
D
Right
here,
I
would
recommend
if
there's
Kafka
questions
like
I,
don't
know
that
anyone
on
this
call
is
gonna
have
more
info
than
what
we
just
said,
but
I'm
happy
to
start
a
communication
with
people
a
compliment.
So
if
you
want
to
know
more,
could
you
just
send
me
an
email
and
I
can
I
can
introduce
you
to
people
a
conflict,
yeah.
E
B
Okay,
next
issue:
this
is
one
at
least
in
said
we
might
want
to
discuss
to
know.
If
he's
on
the
quay
is.
We
need
to
bump
our
use
of
auto
comfort
to
fix
some
snafu,
which
is
theirs
as
a
result
of
this
layering
of
technical
debt,
which
comes
from
the
sea,
make
external
stuff,
basically
we're
trying
to
pass
down
flags
for
like
sanitizers
in
the
environments
which,
if
actually
now,
that
we're
doing
that
as
I've
started
to
actually
cause
external
dependencies
to
build
with
sanitizers,
which
is
a
good
thing.
You
would
think
but
turns
out.
B
B
F
B
F
B
F
D
One
one
thing
we
could
probably
do:
I,
don't
know
if
it's
worth
the
effort
and
we
could
make
to
build
images,
116
and
180
and
just
used
the
18
one
just
for
the
a
Sam
built
and
now
you
know,
I'm,
not
sure
that
that's
worth
it.
The
other
thing
that
occurred
to
me
and
I
mean,
wouldn't
it
be
less
effort
just
to
make
G
perf
tools.
Work
with
basil,
like
I
I,
mean
I.
D
G
B
B
F
B
D
F
B
B
D
Survey
yeah,
so
you
know
we
keep
talking
about
things
like.
Can
we
update
to
a
bun,
do
it
or
move
to
C++
17?
So
one
thing
that
occurred
to
me
is:
maybe
you
know
every
six
months
or
something
like
that
we
could
send
out
some
type
of
survey
just
to
understand.
You
know
what
what
os's
are
people
deploying
on
what
compilers
do
they
have
access
to?
We
could
ask
them
like:
do
you
have
access
to
a
version
of
GCC
or
claim
greater
than
X
and
I
feel
like
that?
D
J
D
K
B
Chris
just
said:
she'd
see,
if
can
do
that,
you
know
if
Chris
and
the
core,
maybe
we
can
discuss
the
envoys
certification
thing
as
well.
Well,.
D
H
D
D
H
D
D
L
Education
program,
it's
kind
of
up
to
you,
there's
some
folks
that
reached
out
that
it
could
be
interesting
for
as
envoys
being
adopted
by
a
different
cloud
providers
and
offering
kind
of
you
know
envoys,
a
service.
You
know
at
mesh
style
to
have
a
conformance
program
in
place
to
ensure
that
if
people
call
it
Envoy
Utley
meets
whatever
community
standards
are
similar
to
what
we've
done
in
kubernetes,
where
all
the
folks
who
have
a
criminality
service
essentially
have
to
go
through
a
conformance
program.
L
L
D
B
L
Yeah
I
mean
if
it's
not
the
most
important
kind
of
burning
problem
for
folks,
then
I'm
not
too
worried
about
it,
but
as
more
more
of
this
comes
up,
people
generally
want
to
use
the
kind
of
envoy
mark
for
things
and
right
now
we
allow
that.
So
you
know
there's
a
reason:
it's
AWS
at
mesh
and
not
AWS
managed
envoy
whatever
so.
F
For
the
from
the
distribution
side,
we
have
a
lot
of
like
my
based
solutions
on
that
side
as
well,
like
Easter
proxies
one
like
ambassador
had
like
couple
of
them
based
on
my
and
how
how
much
they
are
aligned
with
upstream,
if
you
use,
which
the
management
server
can
act
like
after
boy
does
something
like
that.
It's
also
a
confidence
test
can
do
yeah.
D
Know
what
what
we
should
probably
do
is
and
I'll
take
this
action
item.
I'll
start
a
Google
Doc
of
survey
questions
and
then
maybe
we
can
collaborate
on
what
we
want
to
ask.
Obviously
we
shouldn't
ask
too
many
questions.
People
won't
answer
them,
but
but
let's
let's,
let's
try
to
have
some
type
of
usage
survey
and
then
we
can
go
from
there.
D
J
D
Don't
know
I,
don't
know
that
we
have
an
official
practice
I.
My
my
gut
is
that,
because
this
is
an
extension
that
doesn't
really
touch
anything
else,
it's
probably
okay,
given
the
detail
and
the
dock
to
start
and
just
iterate,
that's
that's
my
personal
opinion,
I'm,
not
sure.
If
other
folks
have
any
different
opinions,
guys.
K
I
wanted
a
this,
is
it
from
solo?
Can
you
hear
me
well
I
just
wanted,
wait
and
fulfill
that
for
catching,
and
we
would
love
to
give
it
away
to
the
community
and
we
have
a
actually
added
filter
that
may
be
able
interested.
So
just
let
us
know
if
you
can
do
all
out
you
can
we
can
help.
We
also
filter
transformation
filter.
K
D
K
D
Problem
as
I
understand
it
is
that
Rama
has
a
situation
where
you
know
they
have
some
management
servers
that
are
coming
up
and
down
and
a
new
management
server
comes
up.
It
doesn't
yet
have
all
of
the
information,
so
it
goes
and
it
responds
to
a
CD
s,
update
with
clusters
and
then
envoy
ask
the
management
server
for
all
of
the
all
the
EDS
updates.
D
B
Is
that
well
I,
didn't
that's
roughly
right,
I
mean
I
have
to
refresh
myself
on
what
on
there's
one
detail
that
which
is
what
happens
on
the
EDS
front
like
envoy.
So
when
you,
when
you
update
a
cluster,
that's
true
necessary
cause
any
activities
you
have
on
the
ideas
front
data
unless
it's
like
removing
and
adding
a
watch,
that's
probably
what
it's
doing,
which
then
causes
and
some
people's
remember.
D
Yeah
go
ahead.
Well,
right,
I
was
gonna,
say
so,
just
just
by
itself.
That
actually
scares
me
because,
like
do,
we
know
that
the
like
the
whole
host
supply
to
the
new
host
that
seems
potentially
not
right
and
to
and
I'm
done,
but
like
I,
it
seems
like
it's
a
problem
on
the
management
server
side,
which
is
the
management
server,
is
ding
connections
before
it's
ready
to
actually
serve
them.
So.
B
Yes,
I
agree
with
them.
The
last
points
and
I
think
there's
two
separate
things
to
discuss.
The
first
is
one
of
those
world
of
correct
semantics
here,
and
we
can
discuss
that
whether
it's
okay
to
you
know
keep
the
rdds
post
and
the
other
thing
that's
to
think
about
is
like,
what's
the
correct
mechanism
for
implementing
this
I
kind
of,
feel
that
the
trunk
I
think
it's
kind
of
like
hairy
and
complicated
and
it
transfer
a
host
across
I
agree.
B
D
But
in
in
this
particular
case,
I
guess
I
still
don't
understand.
Let's
say
that
you
did
the
caching.
How
would
you
even
detect
the
caching,
because
if
the
cluster
config
changes,
let's
say
someone
changes
some
TLS
setting
or
like
something
else
yeah?
How
could
you
guarantee
that
that
it's
the
same
host
like
I,
I,
guess
I,
just
don't
fundamentally
don't
understand
how.
B
Okay,
so
that
no
getting
into
the
semantics
I
mean
I,
think
you
know
from
a
new
mechanism
point
of
view.
What
you
do
is
you
just
keep
the
last
node
instead
of
hosts
for
that
cost,
when
you
feed
it
back
where,
when
the
cost
that
comes
back
up-
and
you
know,
there's
only
been
an
update,
so
everything
that's
the
issue
there.
B
So
the
issues
like
is
it
safe
to
feature
you
to
reuse,
the
same
hosts
across
a
cost
or
updates
and
I
think
that
the
good
example
is
switching
from
HTTP
to
HTTPS
or
back,
and
then
it
comes
down
to
I.
Think
do
you
care
about
eventual
consistency
or
strong
consistency,
because
in
its
eventual
consistency,
the
measurement
service
should
be
sending
a
host
update
anyway,
like
it
should
be
doing
a
push
based
one.
So
let's
say
we
switch
from
HTTP
to
HTTPS,
you
get
a
c.d.s
update
and
then
immediately
after
that,
you
should
get
some.
B
B
B
Say
is
just
the
my
TL
DR
is
yes,
I
am
in
total
agreement
that
the
management
server
could
fix
this
problem.
The
second
is
I
think
we
could
do
things
slightly
more
elegantly
by
not,
you
know
doing
surgery
in
cluster
manager,
and
the
final
thing
is:
what
are
you
think?
The
crux
of
the
issue
comes
down
to
is
whether
we
care
whether
we
care
about
being
able
to
make
like
if
it
goes
like
this
early
discussion,
we
head
around
ATS
about
how
concerned
we
are
about.
You
know,
reusing
resources.