►
From YouTube: Istio Ambient Mesh Launch Demo
Description
Watch Christian to explain key Istio ambient components and demo around some ambient capabilities.
A
In
this
demo,
we're
going
to
take
a
look
at
a
couple
of
scenarios.
The
first
is
when
applications
need
to
communicate
with
each
other,
but
don't
need
layer,
7
capabilities,
and
this
is
a
way
that
a
lot
of
people
start
off
with
the
service
mesh.
They
just
want
to
enable
Mutual,
TLS
and
layer,
7
or
sorry
layer,
4
control,
Network
policies
between
the
applications
and
in
istio
ambient
mesh.
The
way
this
is
implemented
is
with
the
Z
tunnels.
A
So
let's
take
a
look
at
what
what
that
looks
like
to
do
that
we're
going
to
start
by
installing
istio.
Actually,
if
you
come
here
and
look
at
our
cluster,
we
don't
have
istio
system
and
we
have
a
handful
of
applications
here.
Very
simple
sample
applications
that
I'll
use
to
demonstrate
this
this
capability,
so
the
Sleep
service
here,
if
I
exec
into
it
I,
can
call
hello
world
and
get
a
response
from
one
of
the
services
and
in
this
case
I
see
I,
see,
load
balance
in
between
V1
and
V2.
A
A
If
I
come
back
here
and
we
look
on
the
bottom
pane,
we
see,
istio
system
has
been
installed
as
a
namespace.
If
I
click
into
that
namespace,
we
see
some
components
that
run
as
a
cni
plug-in
on
the
Node.
We
see
the
sdod
control
plane
and
we
see
the
Z
tunnel
agents
that
are
deployed
as
a
damage
set
one
per
one
for
node.
A
A
But
if
we
come
into
the
Sleep
application,
which
we
see
is
running
on
the
ambient
worker
node
and
we
exec
into
it-
and
we
come
back
down
here
to
this
pane-
we
find
the
Z
tunnel
that's
running
on
the
ambient
worker
node,
and
maybe
we
watch
its
logs
watch.
It
full
screen
and
if
we
now
do
our
curl
hello
world.
A
A
A
And
we're
going
to
look
at
term
shark
on
on
the
default
on
the
default
device
and
let's
come
back
here
and
let's
make
a
call,
let's
make
a
couple,
calls
just
to
capture
some
traffic
between
sleep
and
hello
world
and
we'll
stop
that
we
have
enough
traffic
now.
A
A
A
Now,
a
big
part
of
the
service
mesh
is
also
enabling
layer,
7
capabilities,
and
so
that's
where
the
Waypoint
proxy
or
the
layer
7
capabilities
of
the
ambient
mesh
come
into
the
picture.
So,
instead
of
the
traffic
passing
between
these
tunnels,
we
can
actually
pass
them
and
hand
them
off
to
a
layer,
7
Envoy
proxy,
which
then
implements
certain
capabilities
like
retries
fault,
injection,
header,
based
manipulations
and
so
on.
In
this
demo,
we
are
going
to
deploy
a
waypoint
proxy
and
we
are
going
to
inject
a
layer.
A
So
to
do
this,
let's,
let's
get
out
of
term
shark
here,
let's
get
out
of
this.
We
are
going
to
apply
a
waypoint
proxy,
which
is,
let's
take
a
look
at
it,
which
is
the
the
layer
7
proxy
for
the
hello
world
services.
A
So
one
thing
you'll
notice
is
we
don't
try
to
share
layer,
7
components
between
different
identities?
We
want
to
keep
those
separate
and
we
can
create
this
Waypoint
proxy
by
applying
this
this
Waypoint
and
then
we
should
see
a
new
proxy
comes
up,
which
then
would
enable
us
to
write
layer,
7
policies
about
traffic
going
to
the
Hello
World
Service.
A
So
now,
if
I
come
back,
we
can
take
a
look
at
a
virtual
service
which
is
a
familiar
API
in
istio
that
specifies
traffic
rules
when
I.
Try
to
you
know
when
a
client
tries
to
talk
to
hello
world
and
in
this
case
we'll
do
some
layer,
7
matching
and
then
we'll
do
some
fault
injection.
In
this
case,
100
of
the
time
we
will
delay
the
calls
by
five
seconds.
A
A
So
thanks
for
stopping
by
go
check
out
the
istio
ambient
mesh
and
please
provide
us
feedback
thanks.