►
From YouTube: Istio 1.3 feature tour
Description
In this video, Megan O'Keefe from Google Cloud Developer Relations takes you on a tour of the new features in Istio 1.3.
A
A
So
last
week
the
1.3
minor
release
occurred
and
with
that
came
some
very
exciting
new
features,
I
I
sort
of
got
my
hands
dirty
with
1.3
like
last
week,
so
I
haven't
been
able
to
cover
all
of
the
features
and
the
release
notes
so
I'm,
just
gonna
try
to
highlight
five
or
six
of
them.
I
would
encourage
you
to
check
them
out
some
really
exciting
stuff
with
usability
as
well
as
performance
and
telemetry
with
this
release.
So
it's
good
stuff.
Ok!
So
what
I'm
hoping
to
do
in
this
demo?
A
A
So,
let's
see,
if
I
am
able
to
do
this,
so
here's
what
I
have
to
start
with
and
sorry
if
I
keep
going
back
and
forth
between
slides
and
demos,
I
can
just
stop
doing
slides
if
it
if
it
if
it
bothers
you,
okay.
So
what
I
have
to
start
here
is
a
gke
kubernetes
cluster,
nothing
special
about
it.
Just
plain:
you
know:
1:13
default
version
of
gke
I
have
5
nodes.
A
It's
running
down,
South
Carolina,
I
started
to
South
Carolina
us
he's
from
B,
and
what
I'm
going
to
do
here
is
I,
have
a
install
script
for
1.30
here
and
when
I
want
to
highlight
with
this
installation
profile.
So
if
you
go
into
this
CEO
Docs
and
you
want
to
install
it
generally,
the
guidance
will
be
use
home
template
and
then
apply
the
ml.
A
What
that
lets
you
do
is
really
easily
set
flags
if
you
want
to
install
sto
with
any
kind
of
setting,
so
it
co
exposes
a
lot
of
these
global
flags
like
enable
ple
service
graph
or
use
a
custom
Prometheus
installation.
So
what
I've
got
going
on
here?
The
only
sort
of
new
thing
is
that
I'm
setting
this
global
tag
to
be
to
use
distro
list
images
and
in
sto
1.3
came
the
ability
to
use
distro
l'espace
images
for
all
the
issue
of
control.
Point
features.
What
does
that
mean?
A
It
means
that
these
are
hardened
container
images
of
the
SEO
control
plane
that
have
things
like
package
installers
removed
from
the
docker
container.
You
can
kind
of
read
up
on
this
on
your
own,
but
it's
sort
of
it.
It's
basically
it's
a
more
secure.
Sto
installations
is
the
point
here:
okay,
so
what
I'm
gonna
do
is
I'm
going
to
run
the
script,
install
SCO,
1.3
I
me
know
if
you
can
see
this
on
the
right
here
and
that
other
tab.
A
So
what
we're
going
on
now
is
we're
installing
all
the
CR
DS
there's
gonna
be
like
21
of
them
or
so,
and
then
we're
gonna
watch.
All
the
SCO
1.3
pods
show
up
I
give
my
script
like
20
seconds
to
get
the
CRTs
in
there.
So
CRTs
are
the
isseo
config.
So
it's
installing
the
idea
of
a
virtual
service
on
to
the
cluster
right.
Now.
A
Here's
the
installation
in
all
its
glory-
oh
those
are
all
the
pots
and
if
I
were
to
do
it
described
on
any
of
these
control,
plane,
pods
I'd
be
able
to
see
that
the
base
image
for
a
pilot
and
from
mixer
is
that
distro
list
docker
image.
So
what
I'm
gonna
do
is,
as
this
all
sort
of
comes
on
line
takes
about,
2
minutes
is
go
to
my
next
feature,
so
in
not
in
window
3.
This
isn't
really
anything
new.
A
But
there's
this
open
source
service
graph
tool
called
Jiali,
which
is
a
super
helpful
way
just
de
0
to
see
what's
going
on
in
the
cluster
as
part
of
this
script,
I
deployed
a
sample
app
and
I
can
watch
that
get
created
here
and
what
I
can
do
is
open
up,
Cali
and
see
what's
running,
but
my
IP
is
pending
because
I
just
installed
it,
but
I'm
gonna
wait
for
that
to
a
to
get
created
that
load,
balancer
and
everyone
see
my
terminal.
Ok
here,
awesome
right,
I'm
gonna
do
a
watch
on
that
command.
A
A
Okay,
not
here,
looking
for
it
looking
for
this
to
get
created
so
on
the
right
I'm,
just
to
give
context,
I've
deployed
a
sort
of
sample
application
with
like
a
dozen
micro
services
and
as
part
of
the
installation,
I
exposed
it
through
this
ingress
gateway.
So
it's
just
it's
just
a
demo
retail
app.
It's
got
a
check
out
and
a
catalog
and
the
email
notification
service.
This
helps
us
demo
sto
because
it's
just
enough
services
to
be
like.
A
A
Galle
runs
on
port
two
thousand
twenty
thousand
one.
Usually
I
have
a
default
secret.
You
can
obviously
lock
it
down
with
your
own
passcode,
but
so
here
we
can
select
the
default
namespace
and
here's
the
sample
app
that
I
just
showed.
So
if
you
raise
your
hand,
if
you,
if
you
know
what
kali
is
cuz,
I
don't
have
to
yeah,
I
don't
have
to
go
through
this.
This
whole
thing:
okay,
I'm
just
gonna-
go
through
it
for
just
a
minute
here.
A
So
what
key
ally
does
is
it
exposes
a
service
graph,
any
service
list
and
visualizes
your
SEO
config
in
a
UI?
So
what
we're?
What
we're
showing
here
is
the
service
graph
for
the
default
namespace.
So
I
previously
showed
that
this
is
the
front
end
of
my
our
sample
app
and
a
purple.
Icon
means
that
I've
applied
the
virtual
service
in
this
case,
to
expose
it
to
the
public
internet
and
we're
sending
traffic
load
through
a
load.
A
Gen
pod
from
the
front
end
into
all
of
our
various
back-end
services
and
triangles
represent
services
squares
represent
deployments.
You
can
change
it
to
just
be
served
a
service
graph,
that's
a
little
bit
too
too
busy
green
lines
indicate
G,
RPC
traffic
gray
lines
indicate
TCP
or
sorry
blue
lines
indicate
TCP
traffic.
A
We
can
also
look
at
just
default
metrics,
so
we
can
see.
All
of
the
traffic
is
into
the
shopping.
Cart
service
yeah,
just
basic
basic
metrics
here,
so
that's
key
Ollie,
so
we
know
what's
running,
that's
great,
let's
go
into
here,
however,
so
you
saw
that
I
exposed
a
load
balancer
for
ple.
That
took
a
couple
seconds
to
happen.
New
in
SCO
1.3
is
this
is
two
fctl
dashboard
demand.
A
It
was
actually
experimental
and
one
got
two,
but
it
became
not
experimental
in
in
this
release
and
what
I
can
do
is
do
it
is
Co
CCL,
dashboard
graph
on
ax
and
get
just
see
all
of
the
default
Asiya
dashboards
really
easily.
What
I
want
to
show
here
is
a
couple
of
things.
New
and
1.3
are
a
few
good
dashboard
improvements.
The
first
one
is
for
Citadel.
There
is
now
a
dashboard
for
says
so.
Citadel
issues
the
MT
LS
keys
for
your
SEO
services.
A
It's
that
it's
that
component,
so
there's
a
dashboard
for
that,
which
is
great.
The
other
exciting
thing
is
that
the
pilot
dashboard
got
some
awesome
improvements
in
the
1.3
release,
so
pilot
is
responsible
for
taking
your
traffic
config,
converting
that
into
the
Envoy
API
speak
and
pushing
that
config
down
to
the
town
to
your
services,
and
what
you
can
see
in
this
dashboard
is
not
just
like
the
usage
of
the
pod,
but
actually
what
it
was.
A
The
frequency
of
those
pushes
down
to
those
envoy
proxies
so
yeah,
as
well
as
like
all
of
sort
of
these
envoy
specific
metrics,
which
is
pretty
exciting.
I,
definitely
want
to
drill
down
more
into
some
of
this,
because
I
think
it's
really
cool,
especially
if
you're
an
operator
and
you
you're,
worried
about
things
like
you
know,
is,
is
pilot
able
to
handle
all
the
services
I
have
deployed.
Do
I
need
to
set
up
all
the
scaling,
for
example.
A
So
that's
the
new
pilot
dashboard
new
month,
op
3,
okay,
another
cool
is
Co
CTL
command
that
just
got
released
into
experimental.
This
release
is
the
described
pod
command
and,
as
devrel
I'm
extremely
excited
about
this
I'm.
Just
gonna
run
this
in
the
background,
make
sure
I
have
it
back
someday
great.
A
Ok,
so
I've
got
these
pods
right.
This
is
my
application
on
the
right.
I
want
to
know.
What's
the
issue
config
that's
applied
for
these
pods?
Do
they
speack
em
TLS,
or
do
they
speak
plain
text?
I
can
run.
This
is
Co
CTL,
spelling,
experimental,
scribe
pod
select
any
one
of
these
I'll
just
select
the
first
one
run
this
command
and
it's
Co
CTL
outputs.
This
really
helpful.
If
Co
specific
information
such
as
what
are
the
containers
that
are
in
the
pod,
what
ports
are
they
running
on?
So
just
it's.
You
know
specific
suggestions.
A
It's
asking
me
to
add
a
version
label
to
the
pod.
We
know
that
the
traffic
is
permissive,
which
means
that
it
can
handle
both
plaintext
and
mutual
TLS
traffic,
and
we
know
that
it's
kind
speak
HTTP
and
we
know
that
it
talks
to
a
Redis
database.
I
mean
this
is
so
much
information
packed
into
such
a
small
command.
I
I
think
it's
really
cool
I'm
excited
to
see
sort
of
where
it
lands
once
it
graduates
from
experimental.
A
Okay,
there's
that
feature.
What's
next
port
protocol
detection-
okay,
this
is
this-
was
sort
of
hidden
in
the
release,
notes
somewhere,
because
it's
still
somewhat
experimental
and
it
doesn't
work
for
all
protocols
yet.
But
this
is
huge
so
how
many
of
you
have
tried
to
sort
of
instrument
existing
services
with
this
steal
before
and
ran
into
an
issue
where,
like,
if
your
port
wasn't
named
the
right
protocol,
SEO
couldn't
handle
traffic?
Okay?
This
is
a
very
common
day.
One
use
case
where
it's
like.
A
Oh
I,
had
my
service
I
injected
a
CEO
into
the
pod
and
it
broke
everything.
Usually
the
number
one
reason
for
that
is
port.
Naming
a
lot
of
times.
Folks
are
using
GRP
see
what
that
meant
is
they
had
to
leave
at
a
port
name
or
the
service
that
was
G
RPC,
unfortunately,
for
G
RPC
you
do
still
have
to
name
it,
but
for
HTTP
and
HTTPS
do
1.3
is
the
ability
to
not
have
to
name
your
port
estilo
will
detect
the
port
for
you,
this
is
extremely
exciting.
A
B
A
B
A
I
think
yeah
for
sure.
Yes,
okay,
port
protocol,
deception,
exciting
stuff
new
in
1.3,
another
very
exciting
thing,
so
we
talked
a
little
bit
about
pilot
and
it's
important
job
in
SEO.
New
in
1.3
is
a
up
to
at
supporting
in
the
release,
notes,
90%
reduction
in
pilots
CPU
utilization.
So
that's
an
up
to
write
if
it
depends
on
the
deployment.
The
plant
depends
on
your
scale.
I
wanted
to
test
this
out
for
myself
so
earlier
today,
so
I
have
a
one
dot,
and
this
year
one
thought
to
kubernetes
cluster
running
with
the
same
sample.
A
App
and
I.
Have
this
one
got
three
cluster
running
with
the
same
app
and
I
opened
up
the
pilot
kerf
on
the
dashboard
and
looked
at
the
CPU
usage
for
pilot
and
what
I
saw
so
this
is.
This
is
pilot
CPU
at
like
3
o'clock
today
we're
seeing
I
think
this
is
in
this
is
in
core,
so
we're
seeing
like
you
know
up
to
10
mill
of
cores
for
pilot,
which
it's
not
very
big,
app,
so
yeah,
but
here's
1.2
almost
like
twice
that
right.
So
this
makes
me
really
excited
to
load
test
sometime.
A
A
Just
kidding,
ok,
I've
sort
of
left
the
most
exciting
things,
perhaps
for
last
how
many
of
you
are
familiar
with,
like
the
mixer
component
of
this
do
so
right.
So
there's
this
CEO
has
the
pipe
the
pilot
piece,
which
is
kind
of
for
traffic
citadel,
which
is
kind
of
like
for
security
mixers
for
telemetry.
Its
job
is
multiple,
but
part
of
its
job
is
to
ingest
metrics
and
get
them
to
various
backends,
such
as
Prometheus
forever.
You
know
new
in
sto.
1.3
is
the
beginnings
of
something
called
envoy
native
telemetry.
A
What
this
means
is
that
a
sidecar
proxies
themselves
and
forward
metrics
from
your
workloads
directly
to
the
back-end
telemetry
service
of
your
choice.
So
that's
correctly
described
on
what
of
it.
That's
all
by
native
telemetry.
This
is
huge
for
performance,
I
mean
if
you're
a
major
customer-
and
you
actually
want
to
get
this
up
and
running
in
production.
Mixer
tends
to
be
the
first
anything
that
comes
up
as
far
as
like.
Well,
it's
not
quite
at
the
performance.
A
We
need
for
the
scale
that
we
have,
so
this
is
huge
being
able
to
go
direct
from
envoy
to
to
Prometheus
what
I'm
gonna
try
to
do
live
right
now
is
disable
mixer
telemetry
turn
it
off
an
able
onboard
native
telemetry
go
back
into
Griffin
ax
and
see
if
we
can
get
metrics
directly
from
so
I
tried
this
once
today.
It
will
see
if
it
works,
so
so
this
is
so
I'm,
not
there's
no
magic
here.
A
So
what
I'm
gonna
do
is
just
create
and
a
new
gemmell
where
all
I'm
doing
is
I'm,
saying
mixer
telemetry
enabled
equals
false.
Then
I'm
gonna
delete
a
co
telemetry,
which
is
mixer,
then
I'm
going
to
apply
these
custom
envoy
filters
which
allow
the
Envoy
native
telemetry
to
happen.
I
thought
what
I'm
doing
I'm
gonna
run
this
command
here.
A
Then,
on
the
right
here,
what
we'll
see
is
if
Co
telemetry
is
gonna,
go
away,
it's
gone
to
policies
still
there,
but
we're
not
using
that
terminating
it's
gone.
Okay.
We
can
see
this
Envoy
filter
metadata
exchange
in
stats
filter.
You
can
read
up
about
how
it's,
how
it's
working
exactly
and
then
I
think
I
saw
off
microphone
and
dashboard
up
we're
gonna
go
into
the
service
dashboard
for
Sto.
So
Dan
talked
about
this
sort
of
magical
thing
that
you
can
do
from
the
graph
on
the
side,
which
is
create
these
service
dashboards.
A
On
your
behalf
for
all
the
services
you
have
because
we're
using
the
same
protocol
for
telemetry.
So
what
we
can
see?
Okay,
so
there
is
a
small
bug
that
I
haven't
reported
yet,
but
the
way
that
things
are
getting
reported
in
gravano
when
I
had
mixer,
they
were
getting
reported
as
cart.
Service
default
cluster
local,
which
is
the
long
name
of
a
kubernetes
service
and
with
Amba
native
telemetry
they're,
getting
reported
as
short
name
port
I'm
gonna
file
that
it's
gonna
be
fine.
A
A
B
There's
begginers
bread,
it's
a
big
deal,
so
mixer
is
one
of
the
biggest
scaling
issues
as
especially
in
telemetry,
because
if
you
every
pot
that
has
just
an
aqua,
a
sidecar
there's
these
golden
metrics
about
it,
so
you've
got
half
a
dozen
vendors
in
please,
but
the
metrics
are
also
not
just
so
many
metrics
for
this
pocket.
Every
single
deposit
might
said
to
it
every
single
day
Rabbani
would
send
out
regular.
B
He
can
track
the
cross
product
of
every
possible
source
and
destination,
so
you
have
a
comet
or
explosion
of
Dana
and
every
single
pot
that's
before
can
handle
that
they
got
some
pod
and
it
doesn't
think
onto
it.
It's
talking
to
those
other
things
you
know
give
some.
You
know
some
back.
You
know
plant
six
and
something
back
in
there
while
in
the
process
could
handle
that,
but
try
to
take
all
of
that
they're
missing
upon
and
bundle
that
all
into
what
process
just
means
now
well
heck
and
maybe
we're.
B
B
B
A
Great
alright,
so
that's
ongoing
native
telemetry.
Those
were
kind
of
all
the
features
I
had
time
to
sort
of
explore
and
demo
41.3.
So
far,
I
did
want
to
add
one
cool
bonus
demo
of
something
I
learned
that
SEO
could
do
recently.
I,
don't
know
why
I
didn't
know
this
before,
but
did
you
know
that
SEO
has
the
ability
to
inject
response
headers
into
your
service
requests,
so
it
can,
it
can
remove
them,
it
can
strip.
Headers
can
also
add
them.
A
I
was
talking
to
a
user
last
week
who
had
a
very
interesting
use
case
for
this.
This
is
not
new
one
one,
but
three
I'm
just
that
I
just
added
a
network.
Oh
they
use
a
CDN
like
fastly
or
some
other
CDN,
and
they
have
a
lot
of
services
and
fastly
has
this
header
that
it
uses
to
determine
whether
or
not
it
should
cache
a
request
or
not,
and
they
had
just
brought
another
service
online
and
they
had
they
want.
A
They
didn't
want
to
cache
these
requests
and
they
were
already
using
SEO
and
they
were
like
the
CEO
can
do
things
with
headers
it
can.
It
can
look
at
the
headers.
Can
it
manipulate
the
headers?
The
answer
is
yes,
so
last
time,
I'm
going
to
show
is
adding
a
catch,
false
and
also
a
hill
in
New
York
header
to
all
it
requests
to
the
front
end.
So
sorry,
it
sorry
that
this
was
to
longtree
focus
here.
Is
a
traffic
demo
Seco
sort
of
close
out
here?
So
let's
see
what
I'm
doing
here.
A
So,
if
you're
not
familiar
with
the
SEO
config
model,
the
idea
is
to
control
traffic.
You
add
a
virtual
service
CRD,
it's
a
yamo
file
with
a
rule.
What
I'm
gonna
do
is
modify
the
front-end
ingress
rule
to
say,
headers
response
ad
and
it's
just
a
key
value
map
of
headers,
okay
and
just
to
prove
I'm,
not
faking.
Here,
I'm,
gonna,
curl,
curl,
I,
sorry,
I'm
trouble
seeing
Maya,
it
looks
right,
Earl,
I,
front
end:
I
can
see
here's,
here's
all
the
headers
I
get
just
square
sort
of
by
default.
A
It's
some
SEO
injected,
headers
I'm
gonna
do
is
I'm
going
to
apply
the
CMO,
my
alias
there
and
I'm
gonna
run
the
same
curl.
We
can
see
that
the
headers
are
there.
It's
just
like
a
cool
thing:
I
learned
this
week,
like
I,
feel
like
there
are
so
many
other
use
cases
of
this.
Just
if
you
ever
want
to
learn
more
about
it.
A
It's
kind
of
hard
to
find
you
know,
but
I
will
show
you
where
in
the
docs
you
can
find
the
documentation
on
this
because
there
aren't
there
is
documentation,
let's
see
your
reference,
figuration
traffic
management,
virtual
service,
headers
header
operations,
so
the
header
that
there
is
an
example
in
the
docs
of
removing
headers.
If
you
want
to
learn
about
that,
there
was
not
an
example
of
adding
headers,
so
I'm
gonna
try
the
font
to
add
one
okay.
That
was
that
was
a
bonus
demo
question.
B
A
I
write
examples
at
this
website
is
steal
by
example,
dev,
where
you
can
learn
in
very
small
bits
how
to
do
small
things,
and
also
not
so
small
I
can
crypt
all
your
traffic
with
SEO
and
it
all
the
docs
refer
to
the
longer
SEO
Doc's.
If
you
want
to
drill
down
deeper
this
to
you
by
example,
know
Deb
thanks,
Dan
helping
me
a
traffic
tirelessly.
Ok,
any
any
questions
for
humoring
me
through
all
this
fun
day.