►
From YouTube: Istio Networking WG meeting - 2018-04-26
Description
Agenda:
- Pilot plug-ins: to fork or not to fork?
- Original dest for ports but not IPs?
A
Insert
filters
into
into
the
processing
chain,
so
we
we
kind
of,
went
back
and
forth
on
how
exactly
this
should
work
in
detail
and
eventually
ended
up
with,
for
the
one.
Api
is
anyway
a
web
mechanism
where
it
would
just
kind
of
ship
the
whole
Envoy
configuration
to
a
web
hook,
which
could
then
modify
it
as
it
liked
and
returned
it
back,
and
that's
been
working
okay
for
us
so
far,
but
now
we're
moving
to
the
v2
API
and
I
had
assumed
that
we
would
build
some
similar
mechanism.
A
B
And
then
there
is
the
other
option
that
okay
down
here
since
I've,
been
pushing
back
a
bit
against
this
web
hook
for
v2.
The
main
problem
with
v2
is
that
the
structure
of
the
protocol-
it's
very
very
hard
to
use
it's
not
really
a
Jason
that
we
generate
it's
a
stream
of
events
and
it
has
all
kind
of
other
semantics
physically
in
the
days
the
structs
are
be
constructed.
So
it's
it's!
It's
a
proto
in
in
in
a
particular
format.
That
is
not
the
easiest
to
manipulate
I
have
no
problem.
D
A
A
I'm
not
particularly
went
to
caisson
right,
like
the
the
v1
API
was
json,
so
it
made
sense
for
the
web
host
different
ways
on
the
v2.
Api
is
proto.
So,
like
you
want
some
some
sense
like.
Ideally,
this
would
be.
You
would
be
able
to
implement
your
your
plugin
in
whatever
language
you
wanted,
but
proto
is
is
fine,
it's
that
doesn't
exist
for
every
language,
but
it
exists
for
basically
all
languages
that
people
would
would
reasonably
expect
to
be
able
to
do
this
kind
of
stuff.
In
now,.
B
One
one
point
I
tried
to
make
in
the
thread
was
that
if
we
are
going
to
have
all
the
protons
that
go
back
and
forth
between
pilot
end
and
voi
go
to
a
some
application,
some
user-defined
application
is
that
more
or
less
inefficient
proximity.
So
you
can
put
a
GPC
proxy
in
front
of
pilot
and
do
exactly
the
same
modifications
without
any
change
in
pilot
and
it
with
more
efficient
because
in
terms
of
round
trips
and
and
all
this
stuff.
B
So
what
you
are
saying
about
the
webhook,
where,
where
pilot
is
making
requests
the
web
proof,
web
book
may
change
the
protein
sense
back
to
Pilate
and
senpai.
What
sense
doing
with
the
exact
same
thing
can
be
achieved
by
putting
a
transfer
Jay
Seabrooks
in
front
of
Pilate.
Send
you
the
pilot
product
does
whatever
it
does
returns
the
proto.
B
F
B
It
happens
as
this
is
our
plan
foot-post
1-0,
to
do
the
pirate
Apollo
communication,
because
we
will
also
have
this
needle.
So
pirate
itself
will
be
a
middleman
between
the
central
pilot
in
remembers
the
design
for
multi
for
e-40
DPN
and
a
multi
class.
This
original
designs
that
we
decided
that
is
too
complicated
for
now,
but
it
will
raise
all
the
same
assumptions
that
you
have
a
fire
working
in
a
regional
cluster
computer
with
a
central
pilot
and
doing
some
sort
of
caching
manipulation
or
others
for
the
local
local
cluster.
A
Have
another
benefit
that
I
can
sync:
oh
yeah
I
mean
so
so
the
the
idea
of
having
some
middle
middle
proxy.
If
it's
talking
G
RPC
is
sort
of
fine.
If
you're
dealing
with
the
XDS
protocol
kind
of
in
its
or
the
Avs
protocol-
and
it's
you
know,
it's
kind
of
full
hairiness
I'm
wondering
whether
it
is
possible
to
present
something
that
is
slightly
friendlier
as
an
integration,
something
that
actually
speaks
the
the
sort
of
semantics
that
that
pilot
understands
about
well.
G
Will
be
enabled
by
default
and
then
that
like
no
so
that
means
so
it's
like
you
know,
you
can
definitely
like
allows
you
to
add
just
empty
filter
configurations
that
we
can
simply
stick
into
configuration
with
generate,
which
means
that
all
the
different
URLs
that
are
specified
will
be
always
enable,
and
so
the
filter
configuration
has
to
be
modified,
emit
in
hanoi,
coax
of
an
empty
configuration
and
then
parse
the
actual
information
from
the
virtual
host.
So
that's
that
is
how
the
polyfill
term
is
working
today
and
that
sort
of
makes
it
filter.
G
B
B
So
you
want
what
the
filter
typically
or
something
to
the
routing
group
if
we
can
stuff
it
into
a
CRD,
why
not
could
read
this
here
be,
and
you
know,
if
you
ever
select
or
say,
I
want
for
this
particular
report
and
whatever
input
I
want.
What's
this
extra
fee,
we
could
add
it
and
and
implement
it
in
a
generic
way.
Yep
CRC.
F
C
A
B
G
Me
see
one
more
peer
that
have
something
change
that
happens
that
she
that
needs
to
happen
on
Molly
before
we
can
actually
enable
that
us.
But
these
extensions
was
at
these
dent
in
perpetual
there's,
just
no
need
for
like
API
hygiene
or
that's
like
nice-looking
Edwards
is
effectively
breaking
out
of
these
to
use
abstraction
thing,
so
you
can
do
whatever
you
want
and
like
whatever
I,
and
there
is
no
backward
compatibility,
carries
the
either
anything
about
sorts.
It's
just
like
this
is
just
a
way
by
which
in
weekend
only
way
the
extra
missed
you.
A
F
B
C
B
F
My
point
is
that,
like
that,
primitive
provides
a
way
that
you
could
build
a
better
experience
for
the
user,
using
only
that
primitive
right,
like
so
I
could
to
find
a
custom
CRT.
That's
really
nice,
for
user
to
work
with,
I
implement
a
little
bit
of
logic
to
transform
it
into
an
generic
one,
yeah
yeah
yeah!
That's
right!
That's
one
approach
that
we
could
use.
B
I
To
ask
about
the
difference
between
a
filter
and
a
filter
configuration
so
if
I
have
a
lower
filter
that
say
removes
a
header.
Can
I
then
have
a
filter
configuration
remove
header
one
and
another
one
to
remove
header
to
the
sample
seemed
to
was
unclear
if
I
would
send
the
rule
down
twice
or
if
the
rule
was
already
supposed
to
be
loaded.
How
does
that
happen?.
B
I
F
Yeah
this
and
I
will
point
out
that
this
is
all
getting
pretty
close
to
the
territory
that
mixer
already
covers
with
their
adapter
model,
and
you
know
so.
We
should
probably
draw
from
how
they
have
structured
things
right.
They
have
this
concept
of
an
adapter
with
specific
config
in
this
instance
right,
which
is
a
filter
with
specific
thing.
In
this
case
there
are
parallels
there
that
we
can
draw
at.
F
F
A
F
G
Recently,
already
it
so,
it's
like
we
right
now
have
a
taken
actress
in
the
VIP
when
we
can
always
take
not
present
the
unique.
So
why
is
little
bit
more
generic
in
the
sense
that
you
can
override
an
existing
services?
You
know
they
may
need
to
talk
to
the
service
by
specifying
unique
remains
orchid.
If
you
want
yeah.
L
A
G
G
Allows
you
to
like
add
more
information
on
any
given
service,
whether
you
need
to
talk
to
this
always
using
UNIX
domain,
so
ok
or
a
TV,
six
and
so
on
and
so
forth,
and
then
so
that
is
that's
typically
a
plan.
We
could
get
down
to
that
and
0.8.1
not
two
or
three
or
something
about
sort.
So
you
should
not
be
much
of
an.
B
To
call
external
service
is
now
called
service
entry,
and
we
is
a
reason
for
that.
She
had
a
very
good
point.
That
is,
we
are
not
using
it.
Only
4x10
are
using
it
for
mesh
expansion.
We
are
using
it
for
this
kind
of
stuff
that
you
just
described.
It's
just
a
general
purpose,
way
general
way
to
add
services
that
are
not
particle,
then
it
is
basically.
G
F
I
write
I
think
we
ever
wanted.
In
my
opinion,
there
was
a
bad
smell
that
we
ever
had
any
code
that
dealt
with
internal
work.
We
talked
to
in
points
you
tell
us
how
to
talk
to
end
points,
and
we
shouldn't
need
anything
more
than
that
might
yeah.
What's
that
baby,
you
know
what
it
should
be
ought
to
be
enabled
or
not
for
those
off.
G
G
They
don't
do
good
and
yeah.
The
same
thing
applies
to
mixer
as
well,
which
was
treating
external
services
in
a
very
funny
way
yeah,
but
there
is
a
rate
today
as
a
stopgap
measure
to
allow
you
to
specify
whether
this
service
is
external
or
internal
to
the
mesh.
It's
like
an
enum
option
that
you
can
actually
have
to
specify.
This
is
the
services
interment
of
the
mesh
right.
C
B
F
M
F
That
shouldn't
even
trust
this
to
pro
that
interesting
gateways
and
and
party
CX
PC
policies
are
far
more
flex
again.
Gateways
are
for
bridging
trust
domains,
which
is
really
at
the
heart
of
what
you're
getting
at
right.
The
external
source
is
really
the
thing
that
we
care
about
for
external
services
is
that
we
have
it.
They
live
in
a
different
trust
domain
than
our
mesh
and
gateways
are
the
tool
that
we
built
for
bridging
and
trust
me.
F
G
G
N
L
L
F
B
N
G
So
you're
gonna
have
a
500
configuration
files
or
you
can
just
like
dynamically.
So
every
time
I
was
thinking
just
every
time.
An
endpoint
in
my
pee-can
just
kept
the
coordinated
that
configuration
file
and
then
I'm
take
it
which
a
well
as
of
that
from
registry,
which
is
directly
watching
and
updating
it
to
pilot,
but
it's
in
something
or
near-instantaneous.
In
some
sense,
this
is
also.
B
It's
it's,
you
know
if
you
have
Lourdes
and
you
100
machines
is
a
mass
expansion.
Probably
you
are
better
off.
If
you
use
coaster
or
some
some
kubernetes
or
some
Atari
are
not
registered,
I
mean
your
database
yeah.
If
you
have
10
20
machines.
Yes,
you
can
use
this
mechanism,
but
you
don't
want
to
mind
where
you
go
and
edit
and
if
you
already
have.
I
C
B
G
C
F
C
B
B
Have
a
way
to
represent
labor,
so
what
we
used
in
the
first
version
of
pregnancy,
expansion,
we
couldn't
put
labels
and
we
couldn't
combine
services
and
do
a
lot
of
other
stuff,
so
that
was
absolutely
needed
to
have
some
intensive
e-center
easy
answer
to
that.
At
the
same
time,
some
people
needed
to
help
present
things
up
our
external,
exactly
the
same
properties,
the
same
fields,
the
same
name,
the
same
exactly
same
content
should
have
two
different
names.
C
I,
don't
think
so.
I
I
think
the
service
should
be
able
to
have
a
label
based
and
points
plus
remote
end
points
that
are
necessary
selected
by
label
right,
but
I,
don't
think
we
should
have
a
service
entry
for
this
I
think
we
should
just
I,
don't
know
right
now
our
definition
maps
to
kubernetes
Eclipse
to
select
my
label.
E
C
Like
we
are
no,
but
we
are
like
we
discussed
about
having
services
right
with
different
types
of
endpoints,
and
now
we
are
kind
of
instead
of
having
different
types
of
endpoints,
we
suddenly
have
different
type
of
services.
We
have
a
regular
service
which
select
based
on
neighbors,
and
we
have
a
service
entry
which.
F
E
M
E
B
E
C
C
F
C
F
F
We
talked
about
like
I
am,
but
I
talked
about
it
too,
and
in
hangout
solve
it
and
the
short
answer,
and
we
talked
about
when
we
named
virtual
service
virtual
service
as
well.
Will
we
threw
around
a
bunch
of
different
names?
We've
been
over
like
the
service
is
just
a
really
overloaded
thing
is
the
is
the
short
answer
for
why
and
it's
not
named
service
all.
B
C
M
M
E
A
B
A
Can
I
can
I
just
put
a
sharp
point
on
on
the
original
discussion
with
what
I
think
we
have
have
agreed
one?
We
are
if,
if
service
entry
doesn't
already
support,
UNIX
domain
sockets
will
work
to
get
that
in
and
then
number
two.
The
the
mechanism
that
we've
started
around
Lua
scripting
is
going
to
be
expanded
to
allow
the
insertion
of
of
arbitrary
filters
and
filter
config
without
any
any
pilot
code
changes
or
for
the
person
who
wants
to
add
a
new
filter.
Yep.
B
H
F
B
L
B
C
G
K
G
A
A
F
F
B
C
G
C
B
If
you
have
one
in
your
endpoints
that
you
have
to
means
that
you
need
to
put
one
in
your
endpoints
in
indy
tcd
in
this
quest
with
platform
registry,
you
can
have
ten
clusters
each
to
each
cost,
with
100,000,
endpoints
and
pilot
can
can
can
get
the
endpoints
from
each
of
them
and
aggregates
them
using
the
platform
adapter
with
the
registry
adapter.
So
it
from
from
this
point
of
view,
we'll
get
to
a
million
endpoints.
You
took
scale
better
to
have
ten
endpoints.
Each
with
100,000
is
then
to
step
101
million
in
incentives.
F
B
Point
out
that,
technically
you
can
have
the
service
entry
replicated
in
one
her
in
each
data
center
and
then
it
would
behave
the
same.
So
technically
you
could
have
you
know,
standards
and
service
entry
and
have
the
platform
adapters
just
convert
from
whatever
his
internal
representation
service
entry
and
presents,
and
so
it
technically
is
not
something
which
service
a
phrase
with
the
correct
implementation,
mostly
yeah.
So.
J
C
C
J
So
let
me
put
some
context
on
this.
I
was
talking
with
some
of
the
Cloud
Foundry
product
people
and
due
to
some
limitations
that
that
we
might
want
to
address
on
our
side,
they
had
questions
about
whether
the
sto
data
model
might
be
extended
to
to
have
services
that
didn't
explicitly
define
ports
on
them
and
whether
we
could
imagine
having
a
service
which
had
an
IP,
maybe
a
VIP,
but
and
would
have
a
cluster
that
it
forwards
to,
but
that
the
the
port
would
be
whatever
original
destination.
J
B
B
G
I
think
the
original
destination
port
I
mean
whatever
they
want.
It
requires
something
like
you
know,
meaning
today
the
original
destination
cluster
is
like
the
IP
and
the
port
has
one
and
even
within
our
own
API.
We
have
a
use
case
where
we
want
to
do
things
like
from
start
out
a
tear
out
to
start
out
a
pap,
but
what
Gabe
is
asking
is,
like
you
know,
from
like
one
dot,
one
dot,
one
dot
star
dot
star
so
in
the
code
and
on
whether
that
feature?
G
B
J
O
B
Of
course,
it's
also
kind
of,
if
you
put
all
you,
know
zero
to
sixty
five
thousand.
You
also
need
to
make
sure
that
other
more
explicitly
than
our
steak
priority
and
it's
it's
yeah
look
it's
insanity,
it's
super
difficult,
but
it
requires
some
work
on
and
voyons
on
testing
and
when
our
side
I
see
a
habit
of
eating
pilot
that
yeah.