►
From YouTube: Istio Environments Meeting 2021-09-29
Description
Istio Environments Meeting 2021-09-29
A
All
right
good
morning,
folks,
I
think
we
should
be
good
to
get
started
pop
right
into
it.
So
the
first
item
on
the
agenda.
This
is
something
we
discussed,
I
think
two
or
three
weeks
ago.
It's
the
proposal
for
prioritized
leader
election.
So
basically,
for
those
of
you
who
aren't
aware,
we
want
the
default
revision
to
handle
all
of
the
things
that
are
guarded
by
leader
election.
A
Basically,
and
we
talked
about
this
and
basically
I
wanted
to
go
back
and
change
a
few
things
about
the
proposal,
but
in
the
end,
actually
it
stayed
basically
the
same.
A
I'm
the
main
discrepancy
last
time
was
whether
we
needed
to
change
the
actual
kubernetes
leader
election
library
that
we
rely
on
to
make
this
happen,
and
I'm
pretty
convinced
that
we
actually
do
after
working
on
it
for
since
the
last
meeting
so
yeah
this
is.
The
proposal
is
pretty
much
in
good
shape
if
we
could
get
formal
approval
on
it.
That
would
be
great
and
we
also
have
a
a
pr.
That's
that's
up
and
ready
for
review,
so
yeah,
just
kind
of
request
for
comments,
requests
for
feedback.
A
Yes,
yeah
absolutely
so
from
a
few
months
back,
we
made
it
so
that
the
istio
control
tag
command
controls
which
revision
handles
validation.
So
you
want
to
change
the
default
revision,
so
you
do
control
tag,
set
defaults,
revision
whatever,
and
then
it
handles
validation.
A
So
the
only
change
now
is
that
when
you
do
that
same
thing
to
change
the
default,
it
will
also
make
it
so
that
it
handles
like
ingress
status,
controller
updates
and
gateway
status,
controller
updates
and
all
the
things
that
only
one
revision
should
be
responsible
for
and
it'll
just
happen
automatically.
So
it's
kind
of
cool
like
if
you
change
the
revision,
but
it's
your
control
tags
at
default.
A
You
can
look
in
the
logs
and
see
that
the
controllers
on
the
previous,
the
previous
default
kind
of
wind
down
and
the
controllers
on
the
new
default.
You
know
spin
up
and
start
doing
their
thing.
B
Yeah
from
a
user
perspective,
it's
it's
it's.
Basically,
things
will
work
as
expected
in
the
sense
that
the
controllers,
that
matter
I
mean
ingress,
control,
upgrade
and
so
forth,
will
be
controlled
by
the
default
revision,
which
is
you
know
what
you
would
expect
if
you're
doing
a
canary
upgrade.
You
don't
want
canary
to
suddenly
start
picking
up
those
core
functionality.
B
So
it's
more
a
bug
fix
for,
for
you
know,
random
workload,
picking
up
the
critical
work.
A
Okay
thanks
everyone.
That's
awesome
crafting
with
everything
on
that
proposal,
then.
E
Hey
sam
just
very
quickly,
is
there
anything
so
is
there
anything
that
would
have
to
change
for
helm
if
helm's
using
default
revision
labels.
A
E
A
However,
you
want
to
do
it,
however.
We
decide
that
the
best
way
to
change
the
default
with
helm
is
that'll
just
work
with
the
default
later
election,
and
also
it
works
well
with
older
revisions,
and
it
works
well
when
there
is
no
default
as
well,
so
it
won't
block
one
of
so.
If
you
have
three
revisions,
none
of
them
are
default
for
some
reason,
it'll
still
pick
one
of
them.
One
of
them
will
still
win
the
later
election.
So
nothing.
B
Breaks:
yeah,
okay,
some
one
thing
I
want
to
to
add
to
this
proposal.
If
possible,
we
discussed
last
time.
It
is
possible
to
run
issue
without
injection
as
we
discussed
and
it's
a
proposal.
B
A
Right
yeah,
I
agree
with.
B
B
Can
do
it
in
113?
It's
not
really
critical,
but
we
we
definitely
need
to
track
it
because
it's
you
know
there
are
cases
where
users
for
security
reasons
do
not
want
to
have
mutating
webhooks
and
if
they
use
cubic
injector
other
things.
It's
perfectly
legit
use
case.
A
B
B
When
you
have
the
the
you
know,
injection
list
will
will
use
this
to
to
select
the
control
plane
because
it
doesn't
have
mutating
weapon.
A
B
Yeah
we
call
it
mesh
and
because
it's
it's
also
supposed
to
be
a
bit
more
independent
to
to
what
mesh
it
is.
I
mean
it
can
be
easier.
It
can
be
other
people
who
are
using
other
meshes,
and
you
know
easy
to
have
a
consistent
way
for
auto
configuration.
Okay,
let's
take
it
offline.
If
you
wanted,
I
think
we
had
an
agreement,
mostly
okay,.
A
A
Okay,
the
next
item
yeah.
So
this
is
with
respect
to
the
proxy
config
crd.
So
last
time
I
think
we
discussed
it
as
a
working
group
together,
we've
kind
of
settled
that
we
wanted.
If
you
have
a
proxy
config
crd
present,
it
should
just
replace
whatever
is
set
in
the
annotation
and
in
the
existing
mesh
config
proxy
config
stuff.
A
So
this
is
an
ongoing
discussion
in
the
pr
for
the
api
change
is
that
maybe
we
shouldn't
do
just
a
straight
up
place
and
we
should
do
some
kind
of
a
smarter
merge
strategy
here,
which
I
think
I
agree
with,
and
that
raises
some
other
questions.
So
yeah.
B
But
remember
the
reason
we
I
mean
there
was
a
reason:
we
we
decided,
we
we
choose
to
have
proxy
config
takeover,
and
that
was
our
back
and
security
and
I
don't
think
we
have
any
approach
that
will
address
this.
If
we,
if
we
match,
because.
F
D
B
If,
if
we
move,
I
mean
there
are
plans
to
move
the
control,
the
proxy
out
of
the
pod,
so
so
it's
you
know
that
in
cni
or
whatever,
I
think
they're
all
kind
of
efforts
to
do
this.
If
that
is
the
case,
then
the
pod
will
be
completely
powerless
to
to
to
mess
with
security
or
with
other
things,
so
the
admin
can
can
enforce
that.
You
know
it
cannot
be
bypassed.
Basically,.
D
B
F
B
It
and
then,
if
the
employee
is
running
outside
of
the
pod.
B
We
could
do
that
as
well,
but
but
why
would
you
take
the
complexity
and
and
to
merge
and
then
to
explain
user
wait
a
minute
if
you're
running
a
mess
in
a
mesh
that
is
enforced
where
security
is
enforced,
then
the
rotations,
though,
are
not
merged,
but
otherwise
they
are
merged,
and
I
mean
what
benefits
do
we
get
on.
D
Well,
I
don't
think
the
setup
that
you
described
is
going
to
be
ready
in
like
at
least
a
year,
which
is
part
of
my
rationale
there,
but
I
think
that
it's
not
great
migration
behavior,
if
one
mesh,
if
one
user,
creates
proxy
config
at
the
global
level
and
suddenly
all
the
annotations
stop
working.
B
No,
no!
No!
I
don't
think
that
was
the
plan.
There
are
separate
issues
I
mean
the
global
level
is
taking
over
the
mesh
config
process
default
and
the
namespace
level
is
taking
over
the
annotation
for
report.
So
it's
not.
D
B
A
A
A
B
B
What
exactly
is
a
migration?
I
mean
it's,
it's
it
it's.
We
are
not
in
a
hurry
to
force
them
to
move,
I
mean
if
they
keep
using
the
annotations
they're
perfectly
fine.
It's
not.
There
is
no
reason
for
them
to
move
as
they
want
to.
C
Well,
the
migration
challenge
is
a
conflict.
What,
if
there's
a
conflict
right
between
the
customer
rituals
in
that
name,
space
or
customer
resource?
That's
selecting
the
workload
and
what?
If
they
are
different
from
the
annotation
so
which
one
is
going
to
win
and
their
workload
might
be
broke
right
because
you
might
be
selecting
a
proxy
config.
That's
not
what
user
wanted
or
the
admin
maybe
selected,
something
that's
conflict
and
that
could
have
broke
the
service.
B
But
then
it's
very
simple:
if
you,
if
you
use
annotation,
we
keep
using
annotation,
we
are
not
removing
it.
There
is
no
no
problem
with
that.
So
if
you
have
a
port
that
is
using
annotations,
there
is
absolutely
no
incentive
to
add
the
proxy
config.
If
you
start
fresh
with
a
new
port,
then
you
just
start
using
proxy
config.
B
B
A
We're
just
promoting
a
tiny,
tiny
subset
of
what
is
configurable
through
the
annotation.
So
if
we
just
completely,
if
we,
if
the
logic
is
like,
if
there's
a
proxy
config
annotation
in
the
namespace,
just
totally
ignore
the
annotation.
Sorry,
if
there's
a
proxy
copic
crd,
just
totally
ignore
the
annotation,
then
how
can
the
user.
A
B
If
the
annotation
is
present,
we
we
have
a
flag
that
controls
I
mean
like
like.
We
did
other
things.
If,
if
annotation
is
present,
we
keep
using
it
otherwise
we
use
proxyconfig.
Then
we
don't
break
anyone.
B
B
With
a
flag
somewhere,
because
if
we
start
enforcing
enforce
mode
with
with
you
know,
known
by
possible,
proxies
and
other
things,
then
we
want
the
notations
to
be.
You
know,
kind
of
strict
mode
versus
permissive
and
permissive
you
can
override
with
annotations
in
in
strict
mode.
We
use
only
crds.
C
B
D
I
think
it
should
be
reasonable.
One
thing
I
want
to
make
sure
that
we
do
support,
though,
is
like
right
now
with
external
control
plane
you
have
to
configure
a
bunch
of
stuff
like
addresses
and
root
certs
and
whatever
you
should
be
able
to
set
that
at
the
top
level
and
then
not
let
the
lower
levels
override
it.
D
B
Did
we,
I
think,
rob
or
someone
had
concerns
about
discovery
address
and
the
proposal
was
to
not
have
discovery
address
in
the
crd.
D
B
Are
in
this
api?
No,
no,
I
mean
the
api
has
ability
to
specify
environment
variables,
but
ca
address
is
not
really
a
better
api.
It's
an
internal.
B
B
A
Okay,
so,
basically
as
part
of
the
api,
we
should
document
at
least
for
this
first
iteration,
but
all
the
variables
that
we
need
to
set
as
part
of
the
setup
for
external
sdod.
Those
are
not
going
to
be
overrideable,
that's
kind
of
part
of
the
smart
merge.
I
think
that
that's
very
reasonable.
B
A
One
one
thing:
that's
still
not
clear
to
me,
so
I
I
see
that
if
there's
an
annotation
existing,
then
we
just
don't
look
at
the
crd.
That
makes
sense
for
back
backwards
compatibility.
So
is
it
going
to
be
the
same
idea
for
the
top
level
mesh
config
default,
convict
like
if
anything
is
set
there?
Then
we
totally
ignore
the
global
proxy
config
crd.
B
B
A
B
A
B
B
B
Yeah,
that's
that's
what
I
was
thinking,
but
then
then
we
have
the
risk
of
upgrade
because
if
you
have
an
upgrade
and
well
probably
not
okay.
C
C
D
The
one
difference
I
would
agree
we
probably
should
align
with
what
they
did.
I
you
should
double
check
what
I
said:
I'm
not
certain
that's
the
case,
but
the
one
difference
here
is
that
then
telemetry
there's
no
need
for,
like
the
control
plane
having
a
hard
override,
whereas
here
I
think
we
do
need
that.
D
If
people
don't
have
any
clue
what
I'm
talking
about
in
external
h2d,
what
we're
doing
is
like
it
doesn't
make
sense
for
the
user
to
control
things
like
discovery
address
or
the
root
certificate
for
xds
or
a
few
other
fields,
because
that's
like
the
control,
plane's
decision,
and
so
those
are
kind
of
hard
coded
at
the
control
plane
level.
Whereas
other
settings
you
know,
can
be
configured
by
the
user.
So
I
think
that's
important
to
keep.
B
John,
it's
not
entirely
clear.
I
mean
that
it's
a
strict
requirement
that
they
cannot
be
overridden.
I
mean
the
requirement
is
that
if
you
create
a
pod,
it
will
work
as
expected,
but
if
you
explicitly
set
discovery
address
to
something
else,
as
you
said,
I
mean
you
can
just
not
inject
or
do
other
things
to
do
to
bypass.
D
A
Beginning
of
the
meeting,
I
think
it
mostly
makes
sense,
I
think
mandar
actually
from
his
comment.
He
he
kind
of
brought
up
the
telemetry
api
as
the
case
that
you
know,
like
they're,
already
doing
a
merge
that
protects
certain
keys
that
shouldn't
be
messed
with.
So
I
I
have
no
idea
what
the
telemetry
api
needs
protected
there,
but
how?
How
are
we
disaligned
with
them?
I'm
not
100
clear
there,
because
I
thought
this.
B
It
is
not
clear
what
keys
we
want.
We
need
to
protect.
I
mean
it's
again.
It's
it's
john
was
saying
that
if
you
set
environments,
we
should
not
just
replace
the
entire
dictionary,
but.
B
A
Okay,
I
can
also
reach
out
more
to
mandar
and
get
some
clarification.
What
the
telemetry
api
is
doing
and
just
make
sure
this
isn't
totally
gonna
confuse
people.
E
What
are
we
doing
with
the
security
crds?
Are
they
having
some
of
the
same
concerns?
Is
anybody
aware
of
of
because
I
know
like
they're
starting
to
make
those
right
or
or
wasn't
there
an
effort
to
kind
of
make
a
more
robust
crd
for,
I
think
certificates?
I
wasn't
sure.
B
What
kind
of
efforts
and
and
for
security?
There
is
also
the
issue
of
the
new
gateway
apis
and
delegation,
which
which
has
very
yet
another
way
to
to
to
control
attachment
and
but
security
doesn't
use
annotation
too
much.
E
Okay,
the
reason
why
I'm
I'm
bringing
this
up
is
I'm
wondering
if
there's
more
of
you
know
some
kind
of
directive
that
you
know
all
teams
can
be
kind
of
working
through,
so
that
we
make
sure
we
kind
of
you
know
aren't,
aren't
doing
something
a
little
bit
differently
from
each
other.
So
then
you
know
users
have
a
different
experience
from
you
know,
one
layer
you
know
to
another,
so.
B
Yeah,
I
agree.
The
common
experience
is
to
use
crdm
virtual
services
what
controls
virtual
service,
so
the
discussion
here
is
how
you
migrate
from
the
current
status,
with
notations
to
the
desired
status
with
crds,
where
everything
is
consistent.
A
I
think
I
think
sven
made
a
comment
on
the
pr
that
we
kind
of
re-document
for
basically
every
crd,
the
same
structure
of
precedence
and
hierarchy
with
global
resource
namespace
resource
workload,
selectors,
and
maybe
we
should
have
a
central
place
that
we
just
this
is
the
istio
configuration
model.
A
You
know,
maybe
some
crds
behave
slightly
differently,
but
you
know
look
at
this
really
good
guide.
Instead
of
all
of
the
one
off.
B
But
but
annotations
are
the
ones
that
we're
supposed
to
deprecate
at
some
point
and
and
kind
of
move
people
to
the
consistent
one.
So
how
about
the
crd
as
defined
is
following
exactly
what
sven
said
and
and
what
we
discussed
with
no
mention
of
annotation
except
one
either.
If
annotation
is
present,
then
you
know
we
are
going
to
it's
going
to
take
over
or
whatever
I
mean
that,
but
not
not
do
merging,
because
that's
not
part
of
the
general
issues
tragedy
because
they
don't
have
annotation
except
this
one.
D
A
It
okay,
that
makes
sense
too
one
thing
I
was
actually
looking
through
some
implementation
stuff
and
one
thing
that
confused
me
was
the
presence
of
a
proxy
config
discovery
service
and
it
looks
like
it
only.
It
only
functions
with
certificate
like
some
value
with
certificates.
I
I
don't
think
I
have
the
context
on
that.
Does
anybody
know
what
that
is?
I.
B
Think
this
agreement
was
to
remove
discovery
addressing
from
from
proxy
config
for
now.
A
No
sorry
there's
like
a
so
there's
like
a
proxy
config
discovery
service
that
makes
it
so
that
you
can
change
some
values
and
proxy
config
without
a
pod.
Restart,
I
think,
is
what
I
got
from
it.
But,
oh,
oh,
oh
I
don't
know
if
there's
a
design
dock
on
that.
B
Yes,
the
idea
when
we
discuss
this
is
that
since
proxyconfig
can
be
pushed
by
by
xds
server,
we
have
the
ability
at
runtime
to
to
change
those
fields
without
restarting
support.
So,
ideally,
all
the
fields
in
proxy
config
will
be
pushed
dynamically.
So
so
you,
you
will
not
have
to
restart
the
board
ever,
but
implementation
wise,
some
fields
are,
unfortunately,
cannot
be
required
to
start.
So
so
that's
why
we
kind
of
try
to
document
one
or
the
other.
A
B
B
No,
no,
I
agree,
it's
not
worth
it,
but
having
the
some
fields
that
are
dynamic
and
some
fields
that
are
static
because.
D
B
A
Okay,
cool,
that's
everything.
Does
anyone
have
any
other
comments
before
we
move
on.
A
Yeah
yeah,
I
I'm
hoping
to
get
this
api.
Changing
asap
just
want
to
make
sure
it's
yeah
lined
up
and
it's
the
right
change.
A
Okay,
even
yeah.
F
This
should
be
quick.
I
mostly
just
want
to
get
consensus.
I
think
we
already,
I
already
brought
it
up.
I
just
want
to
double
check
that
everybody
agrees
on
the
items
needed
to
call
multi-cluster
stable.
F
The
first
thing
I
brought
up-
and
there
was
a
slight
bit
of
contention
on-
was
that
I
wanted
to
split
out
the
promotion
so
that
multi-cluster
didn't
encompass
like
every
version
and
topology
and
just
kind
of
captured.
Like
you
know,
the
the
you
know,
one
good,
install
method
which
will
be
multi-primary
and
then
just
like
the
core
cross
cluster
service
discovery
feature
rather
than
covering.
F
The
multi-network
case.
I
just
want
to
make
sure
that
those
things
are
all
split
out
like
I
need
to
make
enhancement
pr's,
but
right
now
we
don't
actually
have
like
a
separate
multi-network
feature
status
as
far
as
I'm
aware
of
so
that's
the
first
thing
I
don't
know
if
anyone
disagrees.
F
Cool
and
then
the
second
thing
are
just
a
few
lists
of
items
and
docs.
Probably
the
most
commonly
asked
question
is:
how
do
I
control
you
know?
How
do
I
make
a
service
only
talk
inside
of
one
cluster
or
how
do
I
make
it?
So
I'm
only
talking
to
a
service
in
a
specific
other
cluster.
If
I
have
more
than
two
clusters
and
then
we
have
several
ways
to
do
that,
you
know
we
have
this
old
mesh
config
setting,
which
is
just
a
global
setting.
F
You
can
always
just
create
separate
service
resources
that
have
different
names
in
each
cluster.
If
you
really
want
things
to
be
completely
isolated
and
you
have
control
of
that
and
then
we
do
now
have
a
synthetic
label
that
you
can
use
in
your
destination
rule
selector
to
control
this
as
well,
and
so
these
are
all
useful
and
they
all
have
their
own
cases
where
they're
better
than
others,
and
so
I
just
want
to
make
sure
that
people
are
actually
aware
they
exist.
F
B
Comment,
mesh
config
service
settings
is
not
an
option
because
it's
a
you
know,
alpha
api
and
it's
part
of
mesh
config
and
it's
so
if
we
want
to
have
an
option,
we
can
put
it
in
proxy
config,
maybe,
but
even
though
I
don't
know
how
to,
but
maybe
we
should
just
keep
fewer
options.
Really
I
mean
just
a
destination
label
which
is
needed
anyway
and
and
per
service.
Is
you
know,
part
of
what
user
can
do
without
any
yeah.
F
Sounds
good,
so
that's
like
the
biggest
thing
I
want
to
cover
in
docs.
The
next,
like
most
common
mistake,
is
trying
to
have
two
services
of
the
same
name
that
are
very
different,
like
kubernetes
position
on
this
is
that
if
you're
doing
multi-cluster,
then
you
need
your
name
spaces
to
kind
of
be
vaguely
the
same,
and
so
I
want
to
link
to
their
definition
of
sameness
and
kind
of
expand
on
it.
For
you
know
any
cases
that
istio
has
and
then
just
highlighting
troubleshooting
documents,
and
that
should
be
mostly
it.
F
And
then
the
next
thing
would
be
tooling:
the
bug
report
command
right
now
we
don't
really
tell
users
and
some
of
them
get
confused
that
you
need
to
actually
run
it
separately
against
each
cluster.
It
might
be
possible
to
add
support
to
just
make
it
automatically
run
against
all
the
clusters,
but
we
don't
have
that
today
and
then
I
also
want
to
just
add
something
to
it.
F
So
it
actually
collects
a
few
multi-cluster
specific
data
points,
and
then
we
have
a
bunch
of
the
multi-cluster
commands
are
sitting
under
like
the
experimental
that
have
been
around
for
a
while
the
remote
clusters
one's
new,
but
it's
pretty
much
just
grabbing
data
from
a
debug
endpoint,
it's
pretty
safe
and
then
create
remote
secret
has
been
around
since,
like
1.5
or
1.6.
F
And
then,
as
far
as
upgrade
testing
goes,
that
is
tricky.
We
don't
really
have
automated
up
to
upgrade
tests
in
general
as
part
of
our
integration
tests
outside
of
one
helm
upgrade
test,
I
tried
to
start
porting
that
to
multi-cluster,
but
it's
kind
of
tricky.
F
B
B
F
B
B
F
Yeah,
it
is
bigger
than
multi-cluster,
but
I
remember
it
was
somebody
mentioned
it
as
like
a
feature
promotion
requirement.
If
you
don't
have
it
for
everything
that
might
be
a
little
looser,
but
I
at
least
want
to
get
some
manual
test
run
with
that
I
can,
or
just
manually
trigger
our
integration
tests
against
the
setup
that
has
the
multiple
versions
installed.
B
F
Yeah
that
mean
that
the
install
part
is
really
tricky,
especially
in
a
way.
That's,
you
know
runnable
in
ci.
I've
talked
to
sam
a
lot
about
this
and
we
are
working
on
it,
but
I
just
there's
no
way.
I'm
gonna
be
able
to
do
that
and
these
other
items
in
the
112
time
frame.
F
F
So
just
but
the
thing
that
is
not
well
tested
and
might
have
bugs
is
removing
clusters
from
an
existing
mesh
using
the
cluster
local
controls
and
the
destination
rule
label,
you're
able
to
move
traffic
away
from
a
cluster.
But
right
now
it
there's
no
way
to
fully
remove
a
cluster
from
pilot's
view.
Without
stod
restart,
it
will
try
to
purge
all
the
services.
But
I've
observed
a
couple
cases
where
it
doesn't
do
it
correctly,
and
so
that's
the
my
biggest
concern
as
far
as
a
bug
that
would
block
us
from
promoting.
F
B
More
common
is
unintentionally,
one
cluster
goes
down
because
you
know
there
is
the
zone
is
not
available.
There
isn't
something
happening.
B
F
What
we
ended
up
doing
is
you
know
if
informers
and
and
reachability
to
the
apis.
The
like
remote
api
server
starts
to
fail.
We
have
a
bunch
of
metrics
that
users
can
monitor
to
know
that
they
need
to
start
moving
traffic
away
from
that
as
well.
But
to
tie
those
two
things
together,
it
seems
pretty
dangerous.
F
We
should
use
locality,
load,
balancing
with
failover
and
other
mechanisms
to
deal
with
this,
rather
than
having
the
control
plane
explicitly
start
dropping
in
points.
B
At
some
point
we
don't
don't.
We
have
to
to
drop
end
points.
I
mean
if,
if
a
cluster
is,
if
and
if
a
cluster.
F
B
B
B
And
you
know
you're
having
an
inconsistent
state
and
again
that
infrastructure
we
have
today
where
we
we
get
the
endpoints.
If
we
had
synchronization
like
what
I
think
nate
or
someone
else
was
working
on
with
endpoint
slice,
synchronization
and
then
persistence,
then
we
could
have
a
consistent
approach,
but
that's
a
new
feature
that
is
probably
not
even
close
to.
F
F
Okay
and
then
testing
is
pretty
good.
It's
been
pretty
good
for
a
long
time.
There's
a
few
things
that
have
just
got
skipped
that
need
to
be.
You
know,
unskipped
or
we
need
to
find
out
if
they're
real
bugs.
So
I'm
going
to
look
into
those
and
then
the
only
real
feature
that
we
want
to
make
sure
we
support
better
is
hella
service
and
staple
sets.
Staple
sets
are
a
little
weird
because
you
could
end
up
with
name
conflicts
across
clusters
and
right
now
we
do
have
kind
of
partial
support.
F
The
way
it'll
work
is
when
there's
a
name
conflict.
It
will
choose
the
more
local
endpoint,
but
that's
still
not
very
good,
and
I
don't
really
recommend
people
using
it,
but
we
do
have
a
couple
of
users
who
have
tried
out
the
experimental
multi-cluster
headless
support
using
the
dns
proxy
and
dns
auto
allocation.
F
B
How
does
it
work,
if
you
have
you
know
three
replicas
in
cluster
a
and
three
replicas
in
cluster
b
or
four
replica
cluster
b?
We
randomly
select
them
one,
because
the
whole
definition
of
stateful
set
is
that
you
know
they
are.
F
Shards
right,
which
is
why
I
don't
really
like
the
the
mcs
version
rather
than
you
know,
doing,
hyphen
one
two:
three:
it
has
a
first
hyphen
for
which
cluster
and
then
a
second
hyphen,
for
which
instance,
which
works
a
bit
better.
B
Work
because
again
you
you,
when
you
deploy
a
stateful
set
in
a
cluster,
it's
you
know,
it's
presumably
sharding.
You
know
the
data
into
the
three
stateful
sets
and
if
you
I
mean
she
needs
to
be
aware
of
this,
I
mean
it's.
It's
kind
of
something's
application
built
in
is
doing
the
shutting
you
cannot
chart.
B
My
point
is
not
a
feature
that
we
can
probably
support
in
as
stable
or
you
know,
because
it's
not
well
defined
and
we
don't
even
know
supporting
replica
staple
sets
in
one
cluster.
Only
that's
okay,
that's
reasonable.
F
B
F
A
Do
we
have
any
like
guidance
on
that
right
now
or
do
we
have
a
way?
That's
untested
or
it's
just.
We
need
to
figure
out
even
what
we
want
to
do.
F
So
I've
done
a
few
proof
of
concepts
where
I've
used
the
destination
rule
label.
To,
like
you
know,
do
traffic
shifting
and
find
ways
to
slowly
move
traffic
away
from
a
cluster,
but
there's
nothing
that,
like
truly
drains
long-lived
connections
that
we
have
and
then
once
that's
done,
you
can
delete
the
remote
secret
and
stop
watching
that
other
cluster
and
when
you're
doing
traffic
like
that,
it
seems
to
work
pretty
well.
F
But
I
know
recently
john
sent
me
a
case
where
an
extra
remote
secret
that
was
like
malformed
was
added
and
then
deleted,
and
then
the
endpoints
were
never
cleaned
up
and
I'm
not
sure
if
that
bug
is
reproducible
outside
of
a
case
where
you
know
like.
I
don't
know
if
I
can
reproduce
that
case
where
the
remote
secret
was.
You
know
correct,
because
essentially
what
had
happened
is
there
was
two
remote
secrets
with
different
cluster
names,
but
they
pointed
to
the
same
cluster
when
the
bad
cluster
name,
one
was
removed.
F
Every
endpoint
for
every
cluster
was
wrong.
It
was
all
pointing
to
just
one
cluster,
even
though
there
was
like
four
clusters,
and
I
haven't
been
able
to
replicate
that
yet
and
so
that's
why
I'm
somewhat
concerned
about
the
ability
to
just
delete
a
remote
secret
and
assume
everything
is
going
to
be
cleaned
up
properly.
F
F
How
do
you
shift
traffic
away?
You
have
the
topology
label.
F
F
Yeah,
so
I
mean
I
think
is
like
for
our
you
know
operational
guide
on
here's
the
things
you
should
do.
If
you're
going
to
bring
multicluster
to
production,
should
we
start
like
heavily
recommending
top
or
the
topology
aware
load,
balancing
stuff
with
fallout
with
failover.
B
F
All
right,
yeah,
I
think
we
have
a
few
mechanisms
to
do
that
in
our
kind
stuff.
We
can
just
like
remove
the
ip
routes
and
see
things
start
to
freak
out.
F
Agreed
are
there
any
other
things
in
this
dock
that
you
think
need
to
be
added
or
clarified
before
bringing
it
to
tlc.
F
Oh,
that's
a
good
point.
Yeah.
It
is
only
supported
flat
network.
We
don't
really
have
a
way
to
make
it
work
with
multi-network
right
now
and
speed
forces
yeah,
then
staple
set.
Isn't
I
wouldn't
really
claim
support
for
cross-cluster
stable
set
at
all.
B
F
C
C
F
No
headless
should
work
across
like
across
clusters.
Even
if
you
have
like
two
headless
services
foo
in
each
cluster,
they
should
be
able
to
call
each
other.
B
Everything
both
photos
in
our
flat
network-
everything
that
is
that
involves
a
multi-network
will
require
probably
each
one
or
six
single
changes.
B
C
F
G
A
Okay
and
john,
I
think
we've
got
the
rest
of
the
time.
D
Yeah
my
two
were
quick.
One
was
just.
I
have
the
pr
in
doc
for
the
automated
gateway
controller
stuff
we've
been
talking
about
just
need,
review
on
the
pr
and
kind
of
official
approval
on
the
dock.
I
think
it
sounded
like
we
had
agreement
there.
We
just
don't
have
the
checkbox.
D
Yep
mine,
too
cool
the
other
thing
was
just
distrulis.
This
is
we
talked
about
this
a
bit
in
the
test
release,
but
just
wanted
to
bring
it
up
here
because
there's
some
relationship,
I
think
we're
planning
to
ramp
up
on
on
this
a
bit,
making
it
more
sported,
adding
better,
tooling
docs,
making
more
test
run
on
it,
etc.
D
We
still
keep
keep
it
as
an
option,
not
the
default
now
yeah.
So
for
now
it
will
be
an
option
opt-in
in
the
future.
I
think
we
want
to
move
in
the
direction
where
it's
a
default,
we'll
always
keep
the
other
one
as
an
option.
I
think,
but
that
would
be
a
wider
discussion.
I
mean
there's
a
lot
of
implications
there
in
terms
of
backwards
compatibility
and
debug.
B
B
We
discuss
in
the
past
of
having
some
flag
that
says,
production
versus
development
mode
and
based
on
that
we
can
have
different
circuits.
For
example,
in
production
we
have
mtls
at
the
default.
We
can
have
distress
as
a
default.
We
can
have.
You
know
the
annotations
that
we
discussed
earlier
ignored
and
so
forth.
I
mean
kind
of
strict
mode
versus
development
model.
However,
you
want
to
call
it.
D
Yeah
yeah
in
terms
of
the
debugging-
that's
probably
the
biggest
blocker
for
us
ever
making
this
default.
But-
and
I
know
we've
been
burned
by
keps
in
the
past,
but
I
believe
that
they're
actually
going
to
have
a
thermal
containers
on
by
default
in
kubernetes,
1.23
and
so
real
users
may
have
it
in
their
clusters
by
say
march,
if
they're
early
adopters,
so
it
may
may
actually
finally
happen.
I
don't
have
a
whole
lot
of
a
lot
of
faith,
but
it
is.
B
D
All
right
yeah-
that's
all
I
want
to
mention
we'll-
have
bigger
discussions
in
the
future
if
we
try
and
make
it
default,
but
for
now
we're
just
trying
to
make
it
better,
perhaps
beta
except
I
realized
that
1.12
is
way
sooner
than
I
thought.
So
I
there's
a
very
minimal
chance
that
that
will
happen
when
not
12,
but
perhaps
when
at
13.
B
John
one
question:
you
did
this
wonderful
work
with
helm,
uploading
the
you
know
to
the
repository.
Do
you
think
it's
possible
to
do
the
same
thing
for
the
rpms
or
debian
files
to
to
have
you
know
repo
ad
equivalent.
B
Equivalent,
where
we
don't
tell
people
to
call
some,
you
know
unsigned
files
from
from
the
internet.
D
Yeah,
I
don't
know
what
it's
like
to
host
like
our
own
thing:
I'm
not
as
you're,
probably
more
familiar
than
I
am
with
with
the
stuff,
but
I
from
my
understanding
it's
very
hard
to
get
into
like
the
official
repos,
so
yeah.