►
From YouTube: 2020-04-16 Istio community meeting
Description
Istio service mesh user community meeting on 4/16/2020
B
A
A
Okay,
so
work
one
minute
over,
so
we'll
go
ahead
and
get
started.
Thank
you.
Everyone
for
joining
today
is
April
16th
if
you're
checking
the
dates,
and
that
would
make
it
Thursday
of
this
week
very
difficult
to
keep
track
of
days
during
the
given
conditions
that
we're
all
in.
But
yes,
it
is
Thursday
April
16,
we're
gonna.
We
actually
have
a
pretty
packed
agenda,
so
I'm
gonna
jump
right
in
first
off
I
wanted
to
discuss
the
one-sixth
release
timelines
here.
I
can
go
ahead
and
share.
A
Can
you
guys
see
my
my
browser?
You
should
be
able
to
yeah
okay,
so
the
one
six
release
milestones
just
wanted
to
keep
everyone
up
to
date
on
where
we
are
and
what
the
plan
is
currently
we're
on
track
with
the
one
six
release
we're
currently
in
the
execution
phase.
So
everyone
should
be
aware
of
that,
but
we're
quickly
coming
up
on
completing
and
getting
to
build
readiness
and
starting
the
stabilization
portion
of
our
one
six
release.
A
The
reason
why
I
bring
this
up
because
we
do
have
a
sign-up
sheet,
a
community
testing
signup
sheet,
and
this
is
getting
ready
for
day
one
as
well
as
day
two
with
you
so
on
the
release
here
day,
one
is
coming
up
towards
the
end
of
this
month,
so
April
29th,
which
might
seem
like
a
long
ways
away,
but
it
really
isn't
so
just
wanted
to
bring
everyone's
attention
to
that.
We
do
have
the
one
six
community
testing
signup
sheet,
it's
open
ready
for
people
to
start
signing
up.
A
A
So
this
is
good
overall
for
the
project
and
what
we
would
like
to
do
is
get
from
the
community
areas
that
you
would
like
to
see
some
attention
or
focus
or
additional
work.
If
there
are
any
areas
that
you
would
like
to
see
from
a
community
standpoint,
you
start
raising
those
issues
now
just
go
ahead
and
create
get
issues
so
that
we
can
prioritize
those.
We
can
review
those
and,
as
these
interns
start
to
come
on
board,
we
may
be
using
some
of
those
ideas
or
assignments.
A
It's
a
great
opportunity,
especially
if
you've
got
a
little
project
that
you'd
like
to
see
done
here,
and
there
hasn't
been
enough
commitment
or
enough
people
to
actually
do
it.
We
may
have
some
additional
interns
that
can
come
on
and
start
doing
some
work
so
get
those
issues
raised
and
get
them
up
there
so
that
you
can
start
to
enjoy
alright.
A
So
what
I
would
like
to
do
for
the
bulk
of
this
meeting
is
to
really
turn
it
over.
We've
got
two
special
guests
with
us
today
to
go
over
some
additional
material,
which
I
think
most
of
you
will
find
pretty
pretty
exciting
and
extremely
helpful
in
the
direction
and
strategy
where
we're
going
with
us
do.
Project
first
up
is
Christian.
Hopefully
everyone
knows
Christian
from
the
sto
community
from
Seoul
Ohio
Kristin.
A
B
Share
screen,
oh
sure,
drop,
that
for
you
there
you
go
there.
We
go
all
right.
You
should
be
able
to
see
my
screen.
I've
changed
the
resolution
for
those
of
you
that
are
on
smaller
screens,
and
so
what
we
can
talk
about
today
is
setting
up
and
managing
multiple
clusters,
or
you
have
sto
deployed
and
specifically,
where
you
have
this
replicated
control
plane
model
where
you
have
each
cluster
basically
has
its
own
control
plane
and
there's
many
reasons
and
pros
and
cons
for
doing
the
various
scenarios.
B
But
this
what
I'm
gonna
show
today
is
gonna,
be
focused
on
this.
We
had
Sully
been
working
on
an
open
source
project
called
service,
mesh
hub
service
mesh
hub
and
the
goal
behind.
It
is
to
be
a
management
plane
to
simplify
managing
multiple
clusters
of
steel
or
a
service
mesh
in
general
from
both
a.
B
How
do
you
boot
stop
bootstrap
and
register
and
discover
all
of
the
components
that
are
running
to
federating,
shared
root,
4i
identity
and
then
treating
the
cluster
as
one
unified,
single
or
all
of
the
meshes
individual
meshes
as
one
single
unified
virtual
mesh
and
then
the
API
that
we've
written
on
top
of
that?
So
let
me
just
let
me
just
show
you
before
I.
B
Do
I
just
want
to
point
out
that
on
ours
on
our
YouTube
I've
recorded
just
as
of
last
night,
the
four
parts
deeper
dive
into
what
this
stuff
is
actually
doing
so
definitely
check
out
the
solo
YouTube.
What
I'm
gonna
show
here
is
a
little
bit
of
an
abbreviated
demo
just
be
respectful
of
the
time
here.
So
the
first
thing
that
we're
gonna
see
here
this
is
a
live
demo.
B
This
is
itself
types
for
me
and
some
of
you
may
have
seen
my
demos
I'd
like
to
have
these
scripts,
because
otherwise
a
lot
of
typing
in
front
of
people
can
get
mistyped.
So
here
we
see
we
have
sto
1.5
installed
on
cluster
1
and
we
also
have
an
sto
1.5
installed
on
cluster
2.
We
have
book
info
at
least
some
components
of
it
deployed
onto
cluster
1
that
we
have
product
creates
from
the
normal
book
info
demo,
with
version
1
and
version
2
of
reviews
on
cluster
2.
We
have
fewer
of
those
components.
B
We
have
version
3
of
the
reviews
and
the
rating
service.
So
that's
not
what
we
have
two
clusters
and
different
components
and
services
on
each
on
each
cluster.
So
the
first
thing
we're
going
to
do
is
mesh
TTL
install
so
we're
going
to
install
the
service
mesh
hub.
All
that
comes
up
if
you
come
back
here
to
the
github
project
and
click
down
here
on
Docs.
B
So
we've
installed
service
Michelle.
Let's
take
a
look
at
the
components
that
make
up
service
mesh
hub.
Not
too
many
components
are
in
charge
of
running
the
the
networking
components
and
driving
the
control
planes
of
each
of
the
clusters
and
the
discovery
components
which
we'll
be
taking
a
look
at
here.
This
is
on
a
third
cluster,
so
this
happens
to
be
the
coin
like
this,
so
we
have
cluster
1
and
cluster
2.
We
see
sto
and
some
of
the
workloads
deployed.
We
have
service
mesh
hub
in
this
case,
deployed
on
cluster
1.
B
So
if
we
do
mesh
detail
check,
we
can
cross
your
fingers
to
make
sure
that
everything
is
up
correctly
and
that's
good.
Now.
What
we're
going
to
do
is
register
our
cluster
1
and
cluster
2,
so
we'll
pass
in
the
name,
basically
passing
in
a
cute
config
that
allows
it
to
connect
up
to
these
different
clusters.
B
We
see
that
registration
for
cluster
1
is
fine.
Let's
do
the
same
thing
with
cluster
2.
Well,
even
though
service
no
Shelby
is
running
on
cluster
1,
we
you
know
theoretically,
could
have
had
that
run
remotely
and
now
that
we
have
registered
these
clusters,
if
we
do
keep
CT
I'll
get
to
Bernays
clusters
is
a
C
or
D.
That's
part
of
service
mission.
We
can
see
that
those
have
been
registered
and
if
we
do
get
meshes,
we
should
see
that
it's
discovered
that
there
are
sto
service
match
workloads
running
on
those
different
clusters.
B
In
fact,
oh
that's
the
longer
term.
That's
the
longer
game.
I
forgot!
This
is
abbreviated
when
I
was
gonna,
go
into
more
detail
about
that
alright,
but
so
now
we
have
these
two
different
clusters:
we've
registered
them.
Let's
see
how
to
unify
their
routes,
trust
amines,
so
the
first
thing
that
we're
going
to
look
at
is
when
I
as
2-way
a
mutual
TLS
enabled
on
both,
but
they
both
have
different
route.
B
Trust
omits
if
I
call
from
reviews
to
ratings
on
cluster
one
and
I
take
a
look
at
the
mutual
TLS
certificate
exchanges
happening
there
and
the
root
of
that
chain.
We
see,
we
have
something
you
they
use
e
key
K
as
the
as
the
root
on
this
class
server.
If
we
look
at
the
same
call
from
reviews
to
ratings
on
cluster
two,
we
should
see
a
different
route,
because
those
are
those
are
separate.
B
Those
are
separate
clusters
as
we
install
them
and
we
didn't
install
them
with
a
root
truck,
so
we
see
them
they're
different
and
what
we're
going
to
do
with
service
finish.
Hug
tooling
here
is
unify
those
two
clusters
and
those
two
meshes
we're
going
to
create
this
virtual
mesh
that
defines
things
like
well,
what
is
what
is
the
route
that
we
want
to
share
between
the
two
clusters?
B
What
mode
of
Federation
do
we
want,
in
this
case
we're
going
to
say
permissive,
which
just
means
that
we're
going
to
enable
service
discovery
for
all
of
the
services
between
the
cluster
and
we
can
find
fine-tune
that,
but
right
now,
everything's
going
to
be
permissive.
We're
gonna
follow
a
shared
trust.
We
trust
model
here
and
we're
not
going
to
at
the
moment
enable
access,
control
and
we'll
group
these
two
measures
here
and
we
of
course,
could
have
more.
So
let's
apply
that
to
our
management
plane
and
in
this
case
that's
running
on
cluster
1.
B
And
now,
if
we
go
back
and
take
a
look
at
it,
we
should
see
through
the
status
once
your
fingers
aren't
through
the
status
fields,
that
all
of
the
various
components
to
setting
up
this
virtual
mesh
haven't
been
accepted
and
are
correct.
Now,
as
part
of
doing
that.
Now,
what
we've
done
by
creating
that
virtual
mesh
is:
we've
created
a
new
root
certificate
and
then
we've
told
the
remote
service
measures.
The
two
different
service
measures
go
generate.
B
Your
own
cert
and
key
pair
create
a
certificate
signing
request
and
the
management
plane
will
sign
that
those
certificates
with
the
root
CA,
so
a
diagram
very
quickly
of
what
that
looked
like
so
on
each
mesh,
we're
creating
the
the
key
private
key
and
an
certificate
pair
and
we're
creating
a
certificate
signing
request.
The
service
mesh
hub
will
then
go
sign
those
certificates
using
its
using
the
route
that
we
define.
Let's
take
a
look
at
that.
B
B
We
see
that
we've
created
this
virtual
mesh
certificate
signing
request
and
if
we
take
a
little
bit
closer
look
at
that,
we
should
see
that
here's,
our
here's,
our
CSR
and
the
status
accepted
we
can
see
the
certificate
and
we
can
see
the
roots
as
part
of
that
chain.
Now
we're
doing
that
because
we
don't
want
to
transmit
keys
and
and
so
forth
across
the
across
the
wire,
so
I'm
doing
it
on
each
of
the
meshes.
B
B
And
at
the
moment
for
is
co
to
pick
that
up,
we
need
to
balance
this
DoD.
This
is
this
is
something
that
we're
working
on
solo
to
fix
will
contribute
this
up
to
to
this
do
and
we'll
do
that
on
both
clusters.
Tufts
was
one
class
or
two,
so
it
picks
up
their
individual
intermediate
certificates
and
keys
that
have
been
signed
by
the
root.
B
B
Those
kind
of
look
like
they're
running:
let's
try
it
now
if
we
run
that
that
same
command
to
inspect
the
certificates
on
cluster
blonde
between
reviews
and
ratings,
what
we
should
see
is
the
certificate
chain
and
then
the
root
this
fruit
ends
with
E
are
Y
and
have
that
handy?
Okay,
so
that
looks
good
on
cluster
one.
If
we
do
the
same
thing
on
cluster
two,
we
should
see
the
same
fruit
when
we
do
ER
y,
which
is
what
we
see
here
now.
B
So
that's
that's
how
we
unify
the
identity
for
the
meshes
and
and
and
do
that
in
a
way.
That's
that's
secure!
Now,
once
we
have
this
virtual
mesh,
we
can
build
an
API
on
top
of
that
to
manage
things
that
traffic
routing
and
access
control
policies
and,
and
so
forth.
I'll
show
this
very,
very
quick,
so
as
part
of
federating,
these
meshes
like
I,
said
we're
creating
the
service
entries
so
that
the
services
across
the
meshes
can
see
and
talk
with
each
other.
B
If
we
look
at
any
one
of
those
particular
well,
this
is
on
cluster
two.
If
we
look
at
any
one
of
those
particular
service
entries
well,
I,
guess
we
won't
that's
the
longer
version
of
the
demo.
Sorry!
Well,
we
can.
We
can
use
this
traffic
policy
resource
to
manage
the
traffic
splits
between
the
clusters
and
because
everything
is
unified
at
the
trust
domain.
They
a
traffic,
should
flow
across
the
clusters
without
without
any
issues.
So
that's,
let's
just
do
that
real
quick!
We
come
here
host.
B
Of
instances
or
based
on
the
request,
so
in
this
case
it
just
happened
to
be
this,
is
we
haven't?
We
haven't?
Actually
we
haven't
actually
applied
it
yet
I'm
just
shipping
to
showing
it
to
you.
This
is
this
is
a
a
traffic
policy
that
we
will
enforce
in
a
second
when
I
apply
it,
but
I
just
want
to
show
you
what
things
look
like
right
now
so
I'm
on
the
product
page.
B
If
we
refresh
a
couple
times,
we
see
that
traffic
will
be
load,
balance
between
B
1
and
B
2,
which
are
running
on
cluster
1.
But
if
we
add
this
traffic
policy,
we
should
route
75%
of
that
traffic,
as
we
can
see
here
to
cluster
2
and
and
2
reviews
on
on
cluster
2.
So
if
I
refresh
here,
we
should
see
the
red
one
75
percent
of
time,
and
we
do
so
so
quick.
B
You
know,
let
me
show
you
what,
if
you
have
this
cluster
federated
now,
what
are
the
things
that
you
can
do
with
it,
and
you
want
to
treat
it
like
a
single
unified.
Also,
even
though
it's
running
on
multiple
different
ones,
and
the
last
thing
that
I'll
show
is
all
of
this
gets
driven
into
the
sto
control
plane
eventually.
So
this
is
a
sto
virtual
service
that
we
see
here.
So
the
management
plane
is
controlling
the
control
planes
and
we
built
some
convenience
tooling
around.
B
What
are
the
rules
that
are
running
in
a
particular
cluster
for
a
particular
service,
so
you
could
have
made
multiple
different
traffic
rules
and
fault,
injection
and
retry
policies
and
so
forth
and
using
some
of
the
tooling
here,
we
can
very
quickly
see
exactly
what
what
applies
to
those
particular
workloads
so
I
know:
I
went
over
quite
a
bit
there.
I
apologized
and
I
went
a
little
fast,
like
I,
said
checkout
service
mesh
hub
on
on
github,
the
docs
walk
through
to
some
of
the
stuff
that
I
just
did
and
then.
B
Lastly,
on
our
YouTube
I
created
a
play.
That's
where's
that
playlists
dive
into
service
smash
hub.
Oh
well,
there's
there's
there's
three.
Otherwise
it
go
into
a
lot
more
detail
than
than
what
I
just
did
here.
So
thanks
Dan,
thanks
community
for
I,
don't
know
if
there's
time
for
questions,
but
just.
A
B
D
So,
in
your
set
up
during
the
Federation
aspect,
you
are
giving
the
context
of
every
one
of
your
clusters
to
your
mesh
hub
cluster.
That's
correct
the
the
context
for
each
of
the
clusters
that
would
like
to
register
with
the
management
plan.
Yes,
there
any
like
security
issues,
you
know
doing
that,
because
one
of
the
advantages
of
this
it's
like
replicated
control
plan
approach
has
its
docked
right
now
is
that
you
don't
have
to
give
it
to
context.
All
it
needs
is
the
gateway
address.
D
B
E
So
Christian
I
have
a
quick
question.
I
assume
you
will
have
the
same
limitation
as
replicate
control
plane.
Well,
you
couldn't
do
cross
cluster
routing
among
one
single
subset,
for
example,
review
version
one:
do
you
have
any
customer
asking
for
that,
or
is
your
primary
customer
more
asking
for
hey
I?
Don't
care
about
cross
cursor
routing
for
the
same
subset
as
long
as
I
can
do
cross
cross
routing
among
different
subsets,
which
is
what
you
showed
I
think.
B
So
the
the
subsets
within
a
particular
destination
rule
for
a
single
cluster
I,
don't
believe
those
will
span
across
clusters,
like
you
said,
but
what
we
did
here
in
the
demo
is
create
a
you
know.
We
kind
of
did
do
you
know
the
subset
routing
to
version
r2
the
review
service
that
was
actually
running
version,
three
of
reviews
in
a
different
cluster,
so
I
mean
we
could
we
can
still
build
that
abstraction
out
on
top
exists
and
but
the
functionality
is.
F
Still
there
so
I
guess
to
clarify
on
lintons
question
there
does
this
use
the
SMI
based
gateway,
routing
that
we
added
for
cross
cluster
okay,
so
that
it
does
do
the
full
subsets
as
long
as
you
have
the
same
subsets,
to
find
it
both
clusters?
Okay,
this
is
the
way
that
we
set
up
the
SN
I
that
s
my
base,
rounding
at
the
gateway
for
across
cluster.
A
F
I
mean
this
is
the
fundamental
problem
with
the
rep
like
so
in
general,
we
also
recommend
the
this
replicable
playing
appointment.
The
fundamental
problem
is,
you:
don't
have
a
unified
identity
domain
for
services
right
right?
That
is
the
fundamental
shortcoming
that
you
have
to
bridge
in
some
meaningful
way
exactly
exactly,
but
this
is
this:
is
this.
A
D
A
D
B
D
G
Guys
hi,
can
you
me
yes,
yeah?
Of
course
we
would
love
to
talk.
I
mean
we
working
very
closely
with
SEO
right
now.
We
would
love
to
help.
We
have
anyway,
some
features
some
a
one
that
I
think
I.
Think
for
my
team,
just
open
one
bugs
about
the
rotation
of
this
certain.
We
would
love
to
contribute
it,
and
there
is
a
lot
of
other,
like
I
plan
to
dr.
A
A
C
C
C
If
you
want
to
understand,
what's
going
on
hundred
under
the
cover
and
then
show
you
how
you
can
use
it
Battista
so
web
assembly,
as
you
guys,
probably
know,
it
was
designed
essentially
for
extending
what
you
could
do
in
bed
platforms
as
a
way
of
supplementing
what
was
done
through
mainly
JavaScript
and
Bassem.
Essentially,
is
a
pre
compiled
portable
cross
platform.
Binary
instruction
set
that
you
can
run
in
a
virtual
machine,
and
we
are
talking
about
kind
of
stack
based
virtual
machines
like
p8,
that
browsers
use
vadym
is
not
a
language
itself.
C
It's
a
target
of
compilations
and
there
are
many
many
languages
that
are
these
days
you
can
compile
to
wasm
and
then
use
your
code
with
pretty
good
performance
in
your
browser
and
all
major
browsers,
support
but
assembly.
So
why
are
we
interested
after
Bassem
web
assembly
was
started?
People
started
looking
at
other
use
cases
for
several
lists
operations,
and
some
people
thought
that,
oh,
that
would
be
a
good
way
of
extending
network
proxies
and
Annemarie
has
a
started
supporting
razzin.
C
There
is
a
bunch
of
peers
and
some
of
which
have
been
up
streamed
and
some
of
which
are
still
inside
in
comparison.
It
was,
and
we
used
to
have
and
still
have
lure
extensions
and
on
void
that
we
can
use
to
extend
the
code.
Obviously
vazov
now
has
much
larger
community
is
actually
maintained,
and
that
is
another
way
of
extending
envoy
and
therefore
easier.
So
let's
have
a
look
at
how
we
can
use
vadym
the
main
project
that
kind
of
started.
C
The
goal
has
been
to
have
a
low-level
API
and
then,
on
top
of
that,
a
higher
level
API,
where
different
languages
can
easily
be
ported
and
supported
for
producing
the
Rosenbach
miners
right
now
there
are
runtimes
and
the
proxy
Bazin
project
for
c++
ross
and
assembly
script,
and
I
will
look
at
the
simpler
one.
The
c++
sdk,
I
think,
looking
at
the
proxy
wasm
project,
may
be
the
easiest
way
of
getting
your
hand
dirty.
If
you
want
to
start
looking
at
the
assembly,
I'm
modules.
C
Everything
is
done
through
callbacks
and
registering
functions
between
the
VM
and
the
proxy,
and
in
order
to
accomplish
anything,
you
essentially
need
to
implement
two
classes,
a
root
context
and
a
context
and
override
the
existing
methods
that
exist
for
these
two
functions
and
then
register
them
and
you're
good
to
go.
So
with
that
said,
let's
have
a
look
at
a
simple
example.
C
That
I
have
from
the
proxy
Bazin
project,
and
this
is
the
source
of
the
C++
code,
and
it
has
an
example,
root
context
that
override
just
one
function
and
then
the
example
context.
That
is
the
main
context
that
is
used
for
each
stream
for
each
request
that
context
get
created
and
the
root
context
can
be
used
for
the
same
plugin
and
for
multiple
requests.
So,
as
you
can
see
here,
a
bunch
of
these
functions
have
been
overwritten.
C
Very
simple
stuff,
as
you
can
see,
the
main
thing
that
we
can
see
in
the
response,
the
output
of
ham
is
module
when
we
run
it
is
that
here
we
are
going
to
add
a
header
and
replace
another
header.
This
is
what
you
do
so
the
rest
are
logging,
the
existing
headers
or
lot
for
request
and
response.
So
writing
the
code.
You
write
it
in
C++.
You
need
to
kind
of
mention
that
you
register
these
two
contexts
that
we
use
the
example
context
and
example
root
context,
and
that's
about
it.
C
You
get
calls
then,
for
example,
there
is
a
request.
You
get
a
call
and
request
headers,
then
you
have
functions
to
access
the
header
and
modified
and
manipulate
them,
and
this
is
your
source
code.
The
next
step
would
be
compiling
this
into
a
Bassem
binary.
So
if
I
go
back
I
again,
if
you
want
to
get
a
little
bit
more
of
the
details,
you
can
use
what
is
recommended
in
the
proxy
Bassem
director
github
repo.
C
C
This
is
all
you
need
to
do
to
build
it,
build
up
as
a
module,
so
I
have
a
simple
make
file
that
I
need
to
make.
This
is
a
mate
while
right
and
the
bass,
MC
c,
plus
plus
code,
and
I
am
using
a
masam
SDK
image.
We
two
point
one
which
is
I
have
built
so
as
instructed
in
the
repo
you
can
follow
that
and
the
first
time,
if
you
use
just
as
an
SDK
version
2.
That
really
is
some
time
for
building
the
libraries
and
all
that
now.
C
Yes,
yes,
there
are
a
bunch
of
calls.
There
are
also
calls
for
accessing
the
payload
directly
for
network
filters,
and
there
are
calls
for
going
out
to
another
external
service
using
HTTP
or
do
RPC.
So
these
are
all
documented.
I
will
kind
of
show
that
very
quickly.
So
this
is
come
all
right.
Now
we
have
a
thousand
binary
right
and
then
I
for
starting
just
testing
I
think
it
is
maybe
at
least
in
my
opinion,
wiser
to
just
started
on
way
itself
not
get
involved.
It
sto,
because
that
comes
the
case.
C
C
Can
you
say
it
again?
Maybe
there
was
they
thought
it
was
off
of
mute
yeah.
So
as
long
as
you
have
access
to
this
file,
this
is
the
Bassem
file.
If
you
look
at
the
I
will
use
a
docker
compose.
If
you
look
at
it
dr.
compose
and
copying
my
Bassem
tabasum
to
this
file
right,
so
all
it
takes
to
just
test.
Its
thing
would
be
like
a
compose
and
I
have
a
lot
of
debug
statements
here
and
you
can
access.
C
18,000
and
you
get
the
example
body-
that's
a
static
kind
of
grip
server
built
into
the
end
boy
right
now
we
are
using,
and
here
you
can
see
the
headers
and
everything
and
you
can
see
the
two
headers
that
they
added
or
manipulated.
So
it's
just
like
that.
The
way
that
you
essentially
have
hooks
for
certain
events,
you
get
control
of
the
system.
Essentially
you
can
run
your
code
in
the
virtual
machine
and
then
there
are
ways
of
getting
back
the
results
into
the
proxy
and
that's
a
simple
example
of
doing
that.
C
C
C
C
Yes,
so
now
the
new
headers
I'm
just
using
the
root
context,
so
the
context
itself
is
created
for
each
request.
But
the
idea
is
that
in
the
proxy
version
that
you
can
have
hierarchical
contexts
that
different
streams
can
share
and
possibly
different
filters.
So
now,
I
am
essentially
using
a
root
context,
even
though
each
time
I
get
a
sorry
each
time,
I
get
the
new
context
I'm
using
the
root
context
to
store
this
number
that
I'm
incrementing
one
by
one
right.
So,
if
I
show
you
the
code,
it's.
C
C
C
This
is
that
was
the
old
code.
Now
I
have
just
a
simple
variable
in
the
root
context
and
for
each
request.
I
get
a
new
context,
but
in
while
I
am
processing
the
message
I
refer
to
what
I
have
stored
in
root
and
that's
why
I
get
a
different
number
each
time
and
then
I
increment
that
counter.
So
there
is,
there
are
ways
of
passing
information
through
these
contexts
as
between
streams,
and
you
can
also
have
multiple
kind
of
filters
like
filters
and
lock
filters
in
the
same
binary
as
a
module.
C
The
new
header
is
now
to
try
to
this
new
header
is
now
tree
and
so
on
so
forth.
So
that's
another
feature
that,
in
the
design
of
our
sieve,
Azzam
has
been
built
in
I,
believe
some
of
it
is
still
ongoing
and
in
terms
of
how
this
thing
will
work,
but
for
the
most
part
the
basic
stuff
works.
So
the
other
thing
is
that,
right
now
the
filters
that
I
showed
you
in
the
way
that
the
basal
module
is
being
accessed.
C
C
Instead
of
using
a
file,
I
am
using
URI
and
for
this
example
again
in
my
daughter,
compose
I
started
web
serving
myself.
So
very
simple.
It
just
serves
this
file.
If
you
look
at
docker
compose
file,
you
can
see
that
I
have
nginx
running
as
my
web
server
and
and
I'm,
not
passing
the
Bazin
binary
file
anymore.
C
C
C
Sorry,
for
changing
the
windows
too
many
times,
so
let's
go
to
the
network
filter
and
look
at
some
other
functions
that
are
accessible
so
now.
This
is
another
setup
again
all
these
are
part
of
the
context,
but
you
can
essentially
rewrite
them
on
downstream
data
on
upstream
data
and
downstream
connection
close
and
so
so
on
so
forth,
and
while
the
project
proxy
wisdom
has
been
going
on
with
the
wrong
times
for.
C
C
C
If
I
can
go
example
out
and
mean
that
go
here
again,
there
is
the
context
we
have
on
HTTP
request.
Headers
things
are
being
changed
here
on
HTTP
requests.
We
make
a
HTTP
call
and
then
it
process
the
response
on
the
HTTP
call
response.
So
there
are
limited
number
of
functions
that
are
available
as
part
of
the
API
are
the
things
that
you
can
use.
C
Of
course
you
have
to
have
TinyCo
and
again
this
builds
a
Bassem
file
and
I
think.
Similarly,
we
can
have
composed
up
so
in
this
particular
case,
for
each
request
and
we
go
outside
to
a
together.you
iud
just
calculate
the
cash
for
it
and
based
on
the
cash
we
either
reject
the
request
or
allow
it
right.
So
here
is
a
403.
C
C
And
to
make
sure
that
I
keep
credit,
this
is
where
the
proxy
Bazin
support
for
GUI
is
it's
not
part
of
proxy
Bassem
and
I.
Think
it's
still
in
the
works,
but
it
works
at
basic
level,
at
least
that
all
the
test
functions
go
through
and
work
fine.
So
what
about
sto,
if
you're
interested
in
using
resin
for
a
steel?
What
do
we
need
to
do
at
the
end
of
the
day?
C
That
brings
me
to
razz
me
project
from
solar
oil
and
that
have
automated.
They
have
automated.
Almost
all
of
these
steps,
that's
how
I
got
started,
trying
to
see
how
I
can
use
bathroom
with
steel.
They
I
will
go
through
some
examples
that
you're
using
razz
me.
You
can
create
a
directory
that
has
all
the
scaffolding
you
need
for
building.
Then
you
can
build
your
image,
your
binary
Bassem
file
and
then
you
can
upload
it
to
a
hot
call,
but
dip
assembly
harp.
C
C
C
Easy
way
of
using
plasma
modules
again
this
is
the
address
for
asking
project.
So
why
doing
it
as
me
in
it
I'm
going
to
go
through
it,
you
can
create
the
directory
that
has
all
the
files
and
you
can
make
changes.
Then
there
is
Bazin
build
and
you
build
the
yasm
binary
and
then
you
can
push
it
into
the
resum
webassembly
hard
and
then
you
can
deploy
your
filter.
Let's
have
a
look.
How
this
is
done
should
have
a
time
here.
C
So
again,
I
think
I
have
already
read
me
filed
here
for
myself,
so
creating
a
new
folder
is
essentially
as
simple
as
that.
So
I
have
installed
as
me
again
in
that
website,
you
can
find
how
to
download
and
install
it.
It's
just
matter
of
seconds
I
can
in
it
and
then
I
have
a
choice
in
because,
as
me
is
going
to
setup,
the
files
for
me
I
have
a
choice
or
choosing
the
language.
I
didn't
go
into
CPP
here
you
have
a
choice
of
eesti
or
glue
and
then
all
has
gone
right.
C
Roxie
see
that
is
essentially
has
the
basic
stuff
in
it
and
you
can
go
ahead
and
change
it
or
when
you're
comfortable.
You
can
make
this
file
from
scratch
yourself
building
it
again.
It's
a
matter
of
just
using
your
asmi
file.
Razmik
command.
Lets
me
build.
It
takes
a
bit
of
time,
so
I'm
not
going
to
do
that
right
here.
C
It's
as
a
matter
of
doing
something
like
that
as
me:
build
CPP
the
current
directory.
You
specify
the
name
of
the
image
you
want
to
be
created
and
essentially
the
bath
Rasim
module
gets
created
and
then
gets
pushed
into
the
web
assembly
heart
and
under
the
name
and
tag
that
you
have
provide
and
all
in
then
you
can
essentially
push
that
image
into
the
assembly
hub
and
at
the
end
of
the
day,
you
can
do
something
similar
to
this.
C
Which
I
think
I
have
done
here
essentially
I'm
saying
that
what
is
the
my
Vashem
binary?
It's
in
the
as
in
Bihar
I
pick
a
name
for
it.
I
can
specify
a
namespace
that
I
want
this
module
to
be
applied
to
here.
I
haven't
so
it
will
be
on
the
default
namespace.
So
if
I
do
I'm
not
running
all
this,
in
a
small
cluster
on
IKS
cube
city,
I'll
get
an
ORAC
filter.
C
Last
night,
when
I
was
testing
this
you're
going
to
redo
this
again,
just
I
want
to
show
you
what
is
there.
So,
as
you
can
see,
these
filters
get
created
for
the
pods
that
I
had
running
in
my
default
namespace.
So
some
simple
files,
services,
hello
world
and
they
slip
right
and
I-
want
to
also
show
you
what
is
running
in
the
Aurasma
namespace,
and
this
cluster
has
three
nodes
and.
C
And
this
is
again
I'm
running
out
of
ideas
at
the
headers
that
I
have
added
in
this
particular
example,
I'm
doing
a
little
bit
of
modification
of
the
header
host.
If
you
see
it
I
just
for
the
sake
of
demonstration,
I'm
using
HTTP
pin
but
yeah,
you
can
see
here
that
HDTV
being
default
is
being
used.
So
that's
what
the
code
is
doing.
If
we
want
to
have
a
quick
look,
that
is.
A
C
Yeah
so
I
think
for
someone
who
wants
to
get
started.
Probably
razz
me
would
be
the
easiest
way
by
getting
your
hands
dirty.
The
good
thing
is
that
it's
still
the
beginning
of
the
project,
I
would
say
it's
kind
of
young.
You
may
run
into
bugs
here
and
there,
but
the
good
thing
is
that
the
solo
people
are
people
who
are
working
on
balance,
mirror
very
responsive
and
fix
the
problem.
If
there
is
any
so
that's
great
and.
H
H
G
A
Hopefully,
hopefully,
everyone
has
heard
this
before,
but
I'll
echo
it
again
using
wasm
is
the
strategic
direction
for
building
customized
plugins
into
the
SEO
service,
mesh,
primarily
directly
into
envoy
versus
the
old
style
mixer
adapters.
So
definitely
an
area
that
is
worth
exploring.
Take
a
look
at
the
last
be
project
to
make
it
easier
for
you
to
create
those
plugins
looks
fairly
easy.
I
know,
Mohammed's
been
doing
it
a
while,
so
he
makes
it
look
easy,
but
hopefully
picking
it
up
is
not
terribly
difficult
for
folks,
especially
with
project.