►
From YouTube: IstioCon 2021 Welcome & Opening Keynote
Description
#IstioCon2021
Craig Box and Lin Sun, program chairs and Istio steering committee members, welcome you to IstioCon and discuss the past, present and future of Istio.
A
A
I'd
like
you
to
thank
you
for
coming,
and
I'd
also
like
to
thank
some
key
folks
who
have
come
together
to
turn
this
event
from
an
idea
into
reality,
and
I'd
also
like
to
thank
our
partners,
a
big
thank.
You
goes
out
to
google
cloud
aspen
mesh,
cisco,
ibm,
red
hat
solo,
I
o
tetrate
and
rancher
federal.
B
B
Let's
get
all
the
important
stuff
out
of
the
way.
Please
look
around
the
room
and
familiarize
yourself
with
the
nearest
exit
and
we're
sorry
about
the
quality
of
the
coffee.
At
this
event,
we
very
much
hope
to
be
able
to
do
this
in
person
next
year,
but
we
are
happy
that
we
are
able
to
involve
so
many
people
who
wouldn't
otherwise
be
able
to
take
part
a
special
hello
to
our
community
in
china.
We
know
how
much
you
love
sdo,
and
so
we
are
running
a
two-day
program
in
the
china
time
zone
throughout
the
week.
B
B
It
has
been
my
pleasure
to
serve
as
co-chair
of
this
event,
along
with
lynn's
son
lynn,
will
join
us
soon
to
give
a
project
update.
Just
because
we're
not
in
person
doesn't
mean
we
can't
network
or
have
fun.
We
have
some
great
social
hours,
including
activities
on
gather
a
live
cartoonist,
virtual
swag
bags,
raffles
music
games
and
more.
B
C
Istio
is
infrastructure
that
makes
it
easy
to
operate
distributed
systems
at
scale.
It
provides
mutually
authenticated
and
authorized
encrypted
communications
between
every
endpoint.
It
provides
automatic
collection
of
application
level
telemetry,
which
is
the
golden
signals
that
you
may
have
heard
about
from
the
sre
handbook.
It
collects
latency
error
rates
and
overall
usage
of
your
applications
automatically.
C
D
Who
are
working
at
google
svan
and
myself
included
among
them
spent
a
bunch
of
time
trying
to
think
about
what
were
the
next
big
things
going
to
be
in
in
kind
of
workload
and
services
management
and
how,
in
particular
the
kind
of
world
of
you
know,
enterprise
applications
were
going
to
be
modernized
and
how
they
were
going
to
be
brought
into.
C
Had
been
working
on
a
product
called
cloud
endpoints
in
google,
that
was
really
an
api
management
product
focused
on
north-south
communications,
but
in
talking
to
customers,
a
lot
of
them
were
actually
using
it
for
east-west
use
cases
inside
their
organizations,
and
we
had
open
source
part
of
the
product
of
the
product,
but
they
wanted
more.
They
wanted
all
of
it
open-sourced
they
wanted
to
be
able
to
use
it
in
all
their
different
environments
and
they
wanted
more
east-west
features.
C
D
D
C
At
google,
and
so
in
talking
to
these
customers
and
to
the
kubernetes
team
and
kubernetes
community
members,
we
realized
there
was
a
big
opportunity
to
deliver
something
that
offered
all
these
capabilities
in
a
consistent
way.
And
so
that's
how
iste
was
born.
D
So
there
were
a
lot
of
ideas,
kicking
around
a
lot
of
meetings
and
we
were
looking
at
a
lot
of
projects.
You
know
there
were
projects
that
were
already
doing
service
mesh
like
things
externally
as
open
source,
one
of
which
was
a
project
being
built
out
of
ibm
which
had
basically
built
a
kind
of
service
mesh
like
control,
plane
that
sat
on
top
of
nginx
and
had
some
of
the
features
that
we
were
looking
to
build.
But
you
know
you
know,
for
a
variety
of
reasons.
D
We
didn't
think
that
you
know
the
solution
exactly
hit
the
sweet
spot
for
what
we
were
looking
to
do.
But
anyway,
we
we
reached
out
to
the
the
team
at
ibm
and
seeing
as
there
was
a
kubecon
coming
up,
we
all
arranged
to
kind
of
get
together
and
meet
and
chat
and
and
and
see
if
there
was
some
opportunity
for
working
together
as
it
turned
out,
there
was
a
huge
opportunity
for
working
together.
E
We
wanted
to
build
a
framework
that
took
advantage
of
the
extensibility
of
kubernetes
and
used
the
notion
of
side
cars
to
allow
the
smart
mesh
to
be
introduced
without
developers
having
to
change
their
code
in
the
fall
of
2016
at
kubecon.
We
connected
with
the
team
at
google
who
are
building
a
very
similar
framework,
focused
mostly
on
observability
and
security.
D
Was
you
know,
envoy
was
just
starting
to
come
out
as
an
open
source
project.
We
had
gotten
wind
of
it
a
couple
weeks
before
it
was
going
to
be
publicly
announced
and
we
were
doing
technical
evaluations
of
it,
and
there
were
a
couple
of
things
about
envoy
that
made
it
particularly
attractive.
F
F
D
Pretty
enthusiastic,
you
know
we
had
to
do
some
due
diligence
about
performance
and
scale
and
kind
of
the
viability
technically
of
all
this
kind
of
stuff.
So
we
worked
on
building
out
a
prototype
with
a
control,
plane
and
matt.
You
know
very
graciously
put
in
a
bunch
of
work
to
help
us.
You
know
answer
some
of
the.
C
Google's
initial
contributions
to
istio
were
really
based
on
the
work
we
had
done
in
cloud
endpoints,
so
we
focused
on
security
on
how
to
set
up
a
strong,
encrypted
authenticated
and
authorized
channel
between
endpoints.
We
focused
on
policy
enforcement,
making
sure
that
only
the
right
services
could
talk
to
a
particular
service
and
on
telemetry
collection,
making
sure
we're
we're
collecting
those
gold
signals
collecting
logs
integrating
tracing
all
that
kind
of
good
stuff.
E
Part
of
the
goal
of
microservices
is
to
enable
different
teams
to
build,
deploy
and
operate
each
service
independently,
but
real
systems
are
usually
a
combination
of
services
working
together,
istio
through
the
envoy,
sidecar
mesh
concept
and
a
rich
programmable
control
plane
enables
all
of
these
interactions
to
be
observed,
secured
and
controlled
transparently
and
because
it
is
natively
integrated
into
kubernetes.
You
don't
have
to
learn
a
new
system
to
know
how
to
add
istio
to
your
environment.
I.
D
And
so
you
know,
if
you're
an
application
developer,
and
you
were
thinking
from
first
principles.
What
would
I
like
a
network
to
be
able
to
do
to
make
my
life
easier?
D
That's
how
I
like
to
approach
the
problem,
and
so
that's
kind
of
how
I
think
about
what
s2
is
trying
to
solve,
is
to
give
tools
and
controls
to
developers
of
applications
so
that
they
can
have
the
network
do
what
they
wanted
to
do
right,
whether
they
wanted
to
provide
some
reliability
concern
facilities,
whether
they
wanted
to
provide
security
or
whether
they
want
to
be
able
to
control.
Who
can
you
know,
talk
to
the
software
that
I
write
or
and
who
can't
and
be
able
to
do
that
in
a
more
devolved
way?
D
A
lot
of
the
kind
of
traditional
it
infrastructure
is
very
centrally
managed
and
there's
not
a
lot
of
control.
That's
devolved
down
to
the
application
owner
and,
and
so
istio
kind
of
presents
a
model
for
doing
that
in
a
way
that
doesn't
put
the
application
owner
and
infrastructure
admin
in
conflict
right.
It
gives
them
a
way
to
layer
those
concerns
so
that
they
can
both
get
what
they
want.
F
We
have
lots
of
people
that
are
focusing
on
building
microservice
architectures
and
it's
just
too
hard
right
now.
It's
we
live
in
a
polyglot
world
where
people
are
trying
to
develop
their
architectures
with
lots
of
different
languages
and
there's
all
these
common
problems
that
people
face
in
terms
of
observability
and
networking
and
having
an
sidecar
out
of
bam
proxy
allows
us
to
push
a
lot
of
functionality
from
protocols
to
security,
to
observability,
to
policy.
B
B
Istio
is
also
the
engine
that
powers,
a
number
of
service,
mesh
and
developer
products,
google's
anthos,
red
hat's,
openshift
service,
mesh,
vmware's,
tanzu
service
mesh
and
with
services
like
ibm's
cloud
code
engine
and
the
digital
ocean
app
platform.
Many
people
will
interact
with
sto
without
ever
knowing
it.
B
B
H
I've
been
in
open
source
for
the
last
eight
or
nine
years,
and
really
a
project
starts
to
feel
mainstream
when
businesses
start
to
depend
on
it
every
day,
be
it
businesses
like
us
at
tetrate
who
are
building
solutions
on
top
of
istio
or
end
organizations
who
are
running
their
infrastructure
on
istio,
and
you
know,
kubernetes
saw
this
similar
wave
of
adoption.
We
saw
with
kubernetes
from
2014
all
the
way
to
now
how
businesses
are,
depending
on
kubernetes,
to
run
their
infrastructure.
H
I
J
There
were
three
main
criteria
that
we
evaluated
when
we
decided
to
build
a
product
on
stu.
First,
we
wanted
to
ensure
that
the
data
plane
proxy
is
lightweight
performance,
cloud
native
with
dynamic
reconfigurability
and
allows
extensions
in
multiple
languages.
Secondly,
we
wanted
the
architecture
to
allow
policy
enforcement
as
close
to
the
workloads
as
possible,
which
still
does
via
car
proxy
architecture.
J
Third,
but
not
the
least,
we
wanted
to
work
with
the
driving
open
source
community,
where
we
could
not
only
contribute
code
and
features,
but
we
could
bring
our
expertise
from
service
providers,
enterprises
and
networking
and
help
shape
the
direction
of
the
project
in
in
our
evaluations.
Stu
was
always
at
the
top
of
the
list
in
all
the
three
categories,
which
is
why
we
chose
to
work
with
istio
and
build
our
product.
J
I
B
To
support
our
ecosystem
and
make
sure
they
have
a
stake
in
the
project,
we
made
two
governance
changes.
Last
year,
first
google
transferred
the
istio
trademarks
to
a
new
organization,
the
open
usage
commons,
to
provide
neutral,
independent
oversight
of
the
marks.
This
ensures
that
the
trademark
is
open,
just
like
the
code
and
operation
of
the
project.
B
Secondly,
we
opened
up
the
istio
steering
committee.
Previously
membership
was
allocated
to
companies
proportional
to
their
contribution
to
the
project.
At
its
inception,
we
still
think
that
it's
important
to
have
direction
from
those
who
are
invested
most
in
the
project's
success.
So
we
are
now
looking
at
annual
contributions
with
a
cap
to
make
sure
that
no
one
vendor
can
control
the
project.
B
B
K
L
N
L
F
M
K
There
are
so
many
features
still
provided,
so
you
can
just
pick
up
one
that
you
are
interested
and
hands-on
to
try.
It
join
the
easter,
select
and
easter
github
submit
prs
issues
or
discussions
start
small
and
keep
contributing
you
will
find
working
with
the
easter
community
is
fun
and
rewarding.
I
look.
B
J
H
D
I
really
hope
you
all
enjoy
the
conference.
I'm
super
excited,
and
I
know
we're
all
sad
that
we
can't
get
together
in
person,
but
I
am
very
happy
to
welcome
you
all
to
istiocon.
I
look
forward
to
talking
to
you
virtually
in
the
rooms
waving
from
great
distances
through
screens
etc,
and
I'm
very
much
looking
forward
to
it.
A
P
P
P
P
Let's
start
with
is
your
community.
The
number
of
contributors
has
grown
over
the
last
12
months
is
we
now
have
350
plus
contributing
companies,
a
500
plus
pr
authors
and
close
to
2
000
contributors.
That's
really
amazing.
Growth,
github
star
has
been
commonly
used
to
measure
a
project's
popularities
and
you
can
see.
Istio
has
continuous
steady
growth
on
github
stars
very
good
sign
in
march
2020.
P
P
Since
we're
talking
about
users,
I
like
to
quickly
talk
through
the
three
key
personas.
We
believe
service
mesh
have
developers
who
are
the
owners
of
the
service.
They
write
code
for
the
service
they
deploy
and
operate
the
services,
the
platform
owner,
who
sets
the
overall
service
mesh
strategy
and
onboarding
strategy
for
each
of
the
services.
P
P
P
P
P
P
If
you
have
no
istio
from
the
very
beginning.
We
have
a
mixer
component
that
does
authentication
authorization
and
telometry
and
extension
throughout
the
year.
We
move
the
authentication
and
authorization
into
ongoing
proxy,
so
mixer
is
no
longer
on
the
request
flow
and
the
proxy
can
make
that
decision.
P
If
you
were
early
users
of
istio,
we
have
replicate
control,
play
model
and
share
control
play
model
super
confusing,
but
now,
based
on
your
needs
of
high
availability
of
control
play,
you
can
decide
whether
you
want
to
run
seod
in
one
cluster
or
in
each
of
the
cluster
of
your
multi.
Cluster
environment
depends
on
whether
you
have
flap
network
or
multi-network.
P
We
also
simplified
vm
virtual
machine
onboarding
experiences
concepts
such
as
workload
group
to
represent
a
deployment
of
services
running
on
vm
and
workload.
Entry
to
represent
vm
services
as
a
kubernetes
pod
really
help
users
to
onboarding
their
services
running
on
the
vm
dns
proxy
helps
to
automatically
resolve
mesh
names
to
mesh
ip
really
help
out
resolving
the
services
running
on
the
vm.
P
We
also
introduce
identity,
bootstrapping
health
check
and
auto
registration
for
the
services
running
on
the
vm.
This
really
helps
to
integrating
and
onboarding
the
services
running
on
the
vm
to
participate
as
part
of
the
mesh
realize.
A
lot
of
our
users
are
on
kubernetes
today
when
they
start
to
adopt
service
mesh.
P
P
We
introduced
the
protocol
declaration
in
kubernetes
service
descriptors
so
that
our
developers
have
an
easy
way
to
declare
protocols
in
their
kubernetes
service
yaml
file.
We've
also
started
to
transform
informal
apis
to
formal
apis
as
more
and
more
users
are
leveraging
the
informal
api
external
authorization
is
a
good
example.
P
P
P
P
There
are
formal,
checklists
and
approval
required
for
each
of
the
future
promotion,
whether
you
are
promoting
it
from
experimental
to
alpha
or
to
beta
or
too
stable.
You
need
to
get
worker,
please
approval
and
also
the
toc
member
approval.
You
need
to
have
design
documentation,
issued
io,
documentation,
test
automation,
a
lot
of
requirements
for
different
stages.
P
P
P
P
I
can
type-
and
I
find
out
this
link
that
has
a
interesting
kubernetes
demo
application
from
william
from
vmware,
and
I
looked
at
every
single
application
here
and
I
landed
on
this
stance.
P
P
P
This
is
my
ci.
It's
your
cardo
point
into
my
cluster.
I'm
going
to
install
istio
using
the
demo
profile
because
I'm
doing
a
demo.
P
P
P
P
P
These
are
two
are
my
favorite
configuration
and
now
I'm
going
to
check
out
the
r2d2
robot,
my
kids
favorite,
and
we're
going
to
try
to
ship
to
the
united
states
this
time
and
I
live
in
raleigh.
So
let's
go
ahead
and
calculate
the
cost.
For
that,
as
you
can
see,
you
know
the
traffic
is
secure.
P
The
green
traffic
is
http,
but
what's
not
secure
is
the
web
service
from
the
outside
to
the
through
the
through
the
the
outside
to
the
web,
so
we're
going
to
config
is
your
gateway,
resource
and
virtual
service
to
solve
that
problem.
P
So
in
my
cloud
I
have
this
host
with
trusted
key
and
search,
so
I'm
just
plug
that
in
into
my
insta
gateway
resource
and
I
config
with
visits
the
slash
prefix,
please
redirect
the
traffic
to
the
web
service,
the
robot
or
web
service
88
port
number.
P
Interesting
robots
here,
so
I'm
not
sure
if
every
single
traffic
is
mutually
as
strict.
What
I'm
going
to
do
is
enforce
our
mutual
tl
strix
on
the
global
mesh.
Now,
as
I'm
shopping,
I
can
see
you
know.
Mesh
white
mutual
gears
is
enabled
look
at
that.
Thank
you
kylie
for
telling
me
that
now,
let's
look
at
the
it's
still
configuration.
P
Now,
I'm
looking
at
the
service
dashboard.
It
shows
me
like
all
the
data's
claimed
and
server
successful
rate.
It
shows
me
incoming
requests
and
response
code
from
both
the
client
and
server
side.
It
shows
me
the
traffic's
mutual
pls,
so
a
lot
of
data
just
by
injecting
the
cycle
and
also
enable
nutritious
to
make
sure
all
the
communication
are
through
mutual
chaos.
P
P
P
Well,
he
predicted
that
2018
is
the
year
of
service
mesh
and
he
was
absolutely
right.
2018
council
connect
super
glue
and
linkedin
linkedin2o
was
born
in
2019.
To
me.
It's
also
a
year
of
service
match
because
projects
like
gray
matter
projects
like
smi
projects
like
kuma
and
traffic
and
measuring
we're
all
born
that
year,
a
lot
of
growth
and
new
projects
in
these
two
years,
2020
is
the
year
of
istio
innovation.
P
P
P
P
A
Thanks
to
lynn,
for
that
keynote,
on
behalf
of
the
organizers
committee,
we'd
like
to
thank
each
of
the
people
who
helped
put
these
presentations
together,
but
we
would
especially
like
to
thank
all
of
you,
our
istio
community,
as
lynn
said
so
well
without
you,
we
wouldn't
be
here,
so
please
enjoy
the.