►
From YouTube: Config Working Group 1/10/2019
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
This
is
like
almost
one-to-one
mapping
of
command
line
arguments
to
some
settings
and
then
in
file
form.
It's
gonna,
look
something
like
this.
We'll
have
general
you
have
introspection,
which
is
control,
Z
lightness
for
later
settings
or
processing
is
like
this
standard.
Like
the
coffee
processing,
the
main
copy
processing
service
settings,
we're
gonna
have
settings
for
different
sources,
so,
for
example,
this
shows
communities
as
the
source.
We
can
have
a
file
system
source
here
and
is
a
like.
This
is
the
validation
settings.
A
This
will
be
the
file
that
you
would
need
to
write
and
just
put
it
someplace,
and
you
can't
just
point
you
to
that
and
it
will
read
all
of
it
and
then
work
off
that,
so
the
default
settings
will
be
geared
towards
the
deployment
case
like
ideally,
the
kubernetes
deployment
we
have
is
not
gonna
have
hack
this
file.
All
of
the
new
tools
will
just
work.
A
A
A
A
In
the
it's
in
the
other,
peer
I
had
but
you're
gonna
have
essentially
something
like
something
similar
to
this
for
sinks
where
we
may
actually
have
an
old
provider,
and
then
also
this
is
the
second
line
item
that
I
want
to
bring
to
attention.
So
especially
for
dialogue
services.
To
look
for
external
integration,
we
will
need
to
provide
some
sort
of
old
model
that
that
needs
to
be
accessible
and
I'm,
going
to
change
the
network
from
plug-in
to
a
provider
here.
A
A
C
I
have
a
question-
sorry
I'm
very
new
to
this,
so
it
should
be
quite
a
dump
question,
so
they
are
small
that
you
were
just
talking
about.
Do
you
know
that
in
the
helm
flag
we
also
have
a
control
playing
security,
flag,
I
can't
remember
the
exact
flag.
Do
we
have
plan
to
connect
these
two
together
so
that
if
I'm
specifying
helm
I'm
not
using
control,
plane
security,
then
I
I
wouldn't
use
meteor
else
in
Gailey
to
talk
to
other
components?
That's.
C
D
C
D
A
The
equivalent
functionality-
so
let's
just
be
clear
about
this
right,
so
the
the
individual
components
themselves
are
flexible
enough
to
accommodate
the
ways
like
the
full
matrix
right.
So
it
can
have
secure
communication
all
around
insecure
or,
like
you
know,
secure
between
galleon
pilots
with
insecure,
otherwise,
right.
D
But
but
effectively
the
way
things
are
set
up
today,
if
you
say
I
turn
off
its
Citadel,
isn't
there
effectively
if
it's
adela
isn't
present
in
your
cluster,
that's
and
it's
not
provisioning
service
or
provisioning
credentials.
Not
only
do
you
not
have
secure
traffic
between
your
services,
you
don't
have
secure
traffic
between
your
control
components
right
so.
C
E
D
E
D
This
point
you
can
make
this
work,
so
it's
in
your
use
case,
if
you're,
if
you're
providing
credentials
through
some
other
means
yeah
there's
nothing
inherently
composts
are
nothing.
It's
like
they're,
not
couple
to
sit
it
out,
but
Dillon's
point
when
you
flip,
when
we're
talking
about
helm
flags
and
then
the
out
of
the
box
is
deal
install
on
kubernetes
if
Citadel
isn't
present,
that's
reliance
it
at
all
to
provision
service.
So
it's
in
what
else
and
president.
D
C
C
D
That's
the
best,
that's
what
we
want
to
recommend
anyway.
We
want
to
encourage
people
to
secure
the
traffic
as
much
as
possible,
so
we
that
that's!
This
is
key,
so
everything
you
should
do
this
as
possible
to
run
it
in
a
secure
mode,
but
we're
going
to
encourage
people
to
do
the
right
thing
with
best
practices.
C
D
C
C
D
But
you
know
at
some
point
it's
what
was
the
goal
of
minimal?
Is
it?
Do
you
want
to
have
a
single
pod
running
in
the
cluster?
Do
you
want
it
to
be,
like
mini
cube,
to
think
where
it's
very
lightweight
for
smaller
deployments,
that
there
might
be
other
ways
to
address
that,
while
keeping
all
the
functional
control
plan
components
present
for
secure
communication.
C
D
C
It's
just
going
to
be
insecure,
okay,
so
I
think
we
agree
with
that,
so
you
could
run
Cayley
without
see.
Today,
I
was
just
going
to
be
insecure,
which
could
just
be
all
a
minimum
profile,
and
it's
people
wants
more
secure
than
they
have
just
add
options
on
top
of
minimum
profile
standard,
with
a
generic
configuration
and
trick
from
there
right.
D
And
I
think
what,
when
we
talked
with
the
security
group
there,
their
thought
was:
we
want
to
encourage
people
to
follow
best
practices
and
that
is
securing
their
traffic
when
possible
enough.
That's
not
always
the
case
with
surface-to-surface
traffic
for
variety
reasons,
but
as
a
starting
point
with
your
control
plane.
D
We
you
want
to
have
that
infrastructure
in
place,
so
you
can
lock
down
your
control
plane
and
then
over
time
you
can
start
securing
your
your
surface-to-surface
traffic
as
well,
and
if
we
invest
a
lot
of
time,
making
an
alternate
means
we're
not
really
pushing
people
in
that
best
practice.
First,
Eva's
practice
right.
C
D
Say
this
might
be
a
better
topic
to
discuss
in
fairness
or
I,
don't
know,
but
maybe
here,
but
if
the
goal
for
a
minimal
profile
is
to
have
a
mini
cube-like
experience
there.
The
constant
has
a
thing
called
like
mini
sto.
It's
not
called
that,
though
there's
another
name
for
it,
but
essentially
it's
bundling
all
the
components,
single
blob
or
into
a
single
pod.
If
the
goal
is
to
have
a
mini
cubic
experience,
that
might
be
another
route
for
a
minimum
profile
to
get.
C
D
C
Yeah
I
guess
the
initial:
when
we
create
it,
we
actually
envision
its
use
beyond
just
many
cute.
People
can
actually
use
it
in
production
if
they
wish
to,
which
was
the
case
as
much.
They
don't
care
about
security
or
traffic,
because
their
traffic
might
be
already
secured
within
that
particular
cluster.
A
So
we
switch
to
MCP
we're
essentially
losing
the
innate
security
that
the
EPI
server
provides
for
config
transformation,
a
common
transfer
right
or
straight.
That's
really.
The
crux
of
the
problem.
Then
we
have
MCI.
Mine
did
not
have
a
system
everybody's
listening
to
communities
that
this
is
like
all
secure
by
default,
so
you
can
have
a
profile
that
says.
Oh
my,
you
know,
I
want
minimal
things.
I'm
like
I,
have
my
configuration
just
for
like
I,
say,
pilot
based
scenarios.
I,
don't
need
said
all
that
works
fine,
but
with
MCP.
A
You
need
to
provide
some
measure
of
security
right,
so
some
measure
of
control,
plane
security
and
putting
things
together
in
a
control
like
a
container
or
a
bothers.
You
guys
mentioned
I
think
kind
of
alleviates
that
you
can
actually
even
use.
You
know
UNIX
sockets
or
things
like
that
to
like
sidestep
the
problem,
so
you
can
actually
run
MCP
nay
closed
way,
so
that,
like
it,
doesn't
hit
the
network
right.
So
you
actually
sighs
that
the
control
thing
security
problem
deftly
doesn't
make
sense.
So.
D
This
is
not
any
different
than
XD
s
with
one
circle.
So
if
you
turn
off
ifs,
it
allows
in
present
there's
no
communication
from
envoy
to
pilot
is
not
secure,
so
yeah
yeah,
piloted
to
its
configuration
source
is,
but
you
still
not
end-to-end
secure.
So
it's
along
the
same
lines.
If
you
want
a
secure
control
plane,
which
we
recommend,
you
should
probably
use
Citadel
and
that's
the
same
and
that's
independent
services
service
traffic
and
we
should
have
the
Fox
without
all
right.
C
D
C
A
A
C
There's
a
control
plane,
security
flying
I
was
just
looking
at
this
yesterday
and
then
there's
also
a
security
component.
You
can
enable
which
would
install
Citadel
for
you,
so
you
actually
need
both
of
you
need
a
control
plan
security.
You
need
to
enable
security
components
to
be
true
and
I
believe
there
is
also
another
global
flag
called
mutual
TLS,
that's
the
militarism
and
services.
C
A
C
D
C
That
sounds
good,
yeah,
so
yeah.
The
reason
we
join
is
we're
interested
to
contribute
to
this
component.
You
guys
probably
Sierra's,
already
being
contributing,
so
we
probably
are
going
to
add
one
few
more
people
from
our
sites
to
contribute
to
Kaylee.
So
we're
interesting
to
see
what
other
changes.
How
can
we
help
out
that
type
of
thing.
A
So
we
have
a
few
other
changes
in
in
flights
just
to
publicize
things,
so
we
haven't
endpoints
work.
Nathan
is
doing
right
now,
so
that's
one
of
the
other
big
changes
and
Jason
is
doing
the
incremental
mCP
changes
or
the
newer
version
of
xep
changes.
So
those
are
all
in
flight
for
one
one,
and
we
may
do
some
like
technical
defect
things
to
accommodate
some
of
these
things.
We
think
yeah
leave
like
so
the
galleys,
for
example.
The
eternal
new
structure
may
not
be
amenable
to
accommodate
some
of
these
changes.