►
From YouTube: Istio Networking WG meeting - 2018-04-12
Description
Agenda:
- XDS and v2 status
- Mesh expansion updates
- Destination Rules vs Virtual Services.
- Question: Host Header
- AZ testing
A
A
We
may
or
may
not
switch
this
to
two
RDS,
depending
on
on
on
some
testing
that
we
want
to
do.
We
want
to
see
how
it
impacts
the
503,
if
it's,
if
it,
if
there
is
any
chance
that
there
is
a
race
condition
of
the
laser
when
the
routes
are
switched.
Except
for
this
tiny
detail,
we
have
everything
else
has
been
passing
the
test
and
it
seems
to
be
working.
We
had
some
debugging
interface
as
well.
That
seems
to
be
provide
enough
information.
A
The
decision
was
that
in
zero,
eight
will
ship
to
version
of
the
proxy
one
version
of
proxies.
That
is
using
v1
and
one
version
that
is
using
v2
and
theirs
will
switch
at
their
own
pace.
They
will
not
be
forced
to
switch
because
we
want
to
allow
people
who
are
graded
to
not
have
any
surprises.
Since
we
do
is
implementing
alpha
tree.
Only
that's
pretty
much
it
and
since
I'm
talking
do
you
have
any
questions.
Are
this
or
sorry,
let's
list
cruises.
C
D
C
D
A
B
C
A
A
We
are
using
helm,
template
or
East
your
city
and
helm,
which
is
doing
kind
of
the
same
thing
to
convert
the
helm
template
into
an
into
a
vanity
Channel
file.
So
there
will
be
no,
it
is.
They
are
not
removed
yet
I,
don't
know
why.
But
we
electronic
to
remove
the
old
ones
and
there
be
only
one
source
of
to
it
and
that
would
be
the
helm
templates.
You
don't
have
to
use
helm.
You
can
use
East
your
CTL
helm,
which
is
which
has
exactly
the
same
code
as
camp
template.
A
E
A
E
A
E
D
It
was
right
up
bird
call
like
you
know
we
can,
just
if
you
walk
through,
but
it
fits
about
like
tell
us
what
on
my
b2
is,
then
that's
like
you
know,
I
mean
you
not
gonna,
do
any
proper
justice,
because,
like
hobby
and
code,
they've
actually
added
enough
talks
and
so
on
within
the
day,
if
any
a
person
trees
that,
like
you
know,
I,
was
just
make
starting
from
that
and
then
walking
away.
That's.
A
E
D
B
C
E
Now
it's
like
I,
kept
hearing
my
team
member
at
IBM
reporting.
You
know
they
try
this,
they
couldn't
get
it
working.
You
know
it's
like
what
is
the
single
saying
people
can
be
referring
to
you,
so
they
know
what
to
do
and
they
are
a
well
the
issue.
If
there's
a
giving
issue,
that's
known
bad,
we
already
III.
A
A
Still
ending
cutscene,
but
it's
definitely
you
know
we
need
a
lot
of
documentation
have
a
bit
of
dope
on
how
to
debug,
which
may
be
a
bit
out
of
date,
because
people
have
changed
the
code.
There
is
a
readme
file
in
index
D
as
directory.
But
again,
yes,
everyone
will
need
to
test
them
to
document
them
and
to
qohor
steps.
There
is
no
one.
A
G
D
G
A
G
A
For
three,
so
as
a
bit
of
background
here,
the
real
problem
is
the
web
hook.
Is
that
in
the
past
is
a
wave
of
got
a
JSON
and
return
a
JSON
and
everything
was
fine,
the
proto,
even
if
you
convert
to
JSON,
you
will
get
think
with
structs.
That
is,
you
know
almost
impossible
to
hidden
to
to
money
to
modify.
We
could
do
it,
but
it's
I,
don't
think
anyone
will
benefit
from
it.
At
this
point
we
could
help
easy
napkin
slide.
We
could
do
GRDC
webhook.
A
Will
you
pass
a
Protoss
a
real
pro,
but
against
the
proto
contains
tracks?
So
all
the
interesting
stuff
is
inside
structs
which,
if
in
Protoss
also
pretty
hard
to
to
iterate
and
to
to
modify
if
it
wasn't
for
that
for
the
struct,
seeing
and
and
also
pick
I,
wouldn't
have
a
problem
with
that,
but
I
find
it
useful.
It's
relatively
easy
to
add
it.
It's
just
a
matter
of
yeah.
D
A
B
D
B
We
have
people
running
in
production,
they're
gonna,
do
partial
migrations
right.
We're
gonna
is
our
name
space
by
name
space,
there's
a
little
snip
stuff
to
keep
working
the
campus
to
a
whole
feed
cut
over
and
even
if
they
did,
if
they
can't
get
the
little
script
stuff
injected.
It's
not
gonna
work.
D
That,
oh
so
I
mean
there's
a
PR
that
I
actually
sent
out,
which
sort
of
like
you
know,
enables
I
mean
a
first-class
support
for
lower
with
our
code
itself
and
that
plus
the
there
is
another
thing.
That's
that
we
have
I'm
working
with
this
from
left
to
have
route
filter
configuration
when
those
two
things
land.
We
should
be
able
to
specify
Lua
scripts
per
within
the
virtual
service
itself
or
basically,
like
you,
know,
push
that
as
an
external.
The
configuration
that
people
can
stick
it
in.
D
Eta
for
the
pr9
wise,
probably
end
of
this
week
or
mid
next
week,
where
the,
but
then
that
once
that
here
lands,
then
it's
simple
as
a
direct
approach.
If
you
want
to
simply
enable
Lua
script,
then
it's
very,
very
simple,
because
it's
just
additional
adding
an
extra
proto
filled
with
sand
virtual
service
and
sticking
that
then
as
a
lower
filter.
But
I
wanted
a
little
bit
more
of
an
extensible
approach.
D
For
that
I
think
the
plug
in
filter
is
probably
a
much,
and
so
the
plug-in
interface
is
probably
much
easier
way
or
you
guys
is
much
more
of
end-user
thing
where,
like
you
know,
people
like
Nick,
they
want
to
use
a
lower
filter
for
temporary
thing
and
so
to
them.
It's
it's
a
low
Dutch
thing,
but
there
as
you
as
you're,
adding
additional
stuff
I
would
say
the
plugin
one
is
probably
much
easier
one
for
the
moment.
A
D
A
A
A
A
D
C
It's
like
realistically,
like
explaining.
You
know
China.
This
is
me
trying
to
explain
to
our
users
when
to
use
one
and
when
the
other
ones,
it's
not
really
clear.
Why,
like
one
adverse
the
other,
it's
like
Oh
retries
that
sounds
like
it
should
be
part
of
the
health
stuff
in
destination
rules
I'm
trying
to
think
about.
D
I
think
it's
partly
well
I
guess
yeah
right,
I
mean
it's
partly
tied
to
the
inouye
semantics
of
retries
have
some
some
relation
to
the
/
route.
Cutting
and,
like
you
know
better,
they
retry
by
oh
three
versus
four.
Of
course,
I,
don't
put
them
as
non-id
important
stuff
like
dealing
with
just
plain
pure.
You
know
the
load,
balancing
maintained,
hell,
load.
Balancing
cluster
I
would
certainly
like
to
see
that
we
try
stuff
move
into
a
cluster
level
stuff
which
just
makes
things
yeah.
We
but
I.
D
Help
where
we
actually
explain
here
here
the
demarcation
from
X
to
Y-
and
here
is
B
I'm
gonna
write
a
doc
article
with
a
nice
diversity
which
actually
explains
like
you
know.
These
are
the
the
components
of
the
the
new
b1
alpha
3,
and
this
is
how,
like
you
know,
we
are
structuring
it,
and
this
is
how
you
can
reason
about
it.
That
will
probably
give
a
it's
it's
under
construction.
So
once
we
have
finished
it,
I'll
probably
give
you
some
ideas
like
now:
yeah.
C
B
Yeah
I
mean
it's.
It
is
a
bit
odd,
just
from
be
a
bit
more
flexible
about
saying
that
you
know
there
are
traffic
properties
of
a
curve
post,
driving
versus
pre-wedding
or
at
revving
time
and
retries.
Generally
speaking,
a
post
grabbing
big
leader
and
so
should
go
into
destination
rule.
Even
though
envoy
itself
has
it
in
its
routing
rule.
D
C
A
I
think
one
way
to
think
about
it
is
that
if
you
want
to
apply
to
pair
out,
like
you
have
two
different
destination,
two
different
paths
in
the
virtual
host
and
they
need
to
have
different
retry
intervals.
Then
probably
the
virtual
service
is
the
right
place.
If
it's
something
that
is
global,
meaning
that
anything
go
into
that
class.
That
would
have
that
particular
retry.
Then
probably
it
will
be
a
destination
rule
ability,
if
you,
if
you
put
it
in
this
nation,
really
you
lose
the
ability
to
do
all
right.
Okay,
right.
B
B
Sure
I
mean
it's
a
new
act.
It
actually
creates
a
new
envoy
cluster.
Exactly
primary
downside
here.
Right
now
is
an
envoy
models.
Well,
we
pay
a
resource
cost
because
of
the
creation
of
the
cluster
and
because
we
want
clusters
to
have
meaningful
names,
we
can't
go
and
share
them
by
mangling,
the
name
yeah.
B
C
B
D
A
B
I
Okay,
that
that
question
is
from
me
I
like
to
try
to
understand,
if
am
I,
seeing
this
problem
the
right
way.
My
question
is:
if
we
should
be
operating
the
host
header
cause
on
my
test,
at
least
what
I'm,
seeing
that
when
you
call
the
ingress,
you
are
using
the
host
header
as
the
one
that
is
reaching
grass
to
inside
of
the
mesh
and
I'm
trying
to
create
some
false
basil
on
the
host
header
and
I
was
checking.
I
A
I
So
that's
my
kind
of
my
question
to
see
if,
like
my
emotional
understanding
was
dead
and
I
was
checked,
some
specs
and
I
highlighted
what
I
saw
and
they
did
that
version
of
this
back
and
the
newer
version
that
I
linked
in
there.
The
second
comment
that
seems
to
point
that
we
kind
of
expected
a
pox
can't
expect
if
you're
writing
that
so
I'm
a
little
bit
confused
on
that
that
that,
in
my
first
question,
are
we
supposed
to
be
here?
Writing
that
or
not?
And
if
not.
A
G
I
Now
is
undoubted
like
the
way
I
see
like
everything
is
centered
in
grass
is
like
I
receive,
as
this
nation
held
in
grass
and
like
what
I
was
trying
to
do
is
to
play
with
some
policies
that
I
know
the
destination
is
a
given
resource
and
try
to
use
the
host
for
something
else,
and
what
I
saw
that
if
the
quest
is
coming
from
the
ingress
I
received
in
grass
information?
If
it's
coming
from
the
mesh
I
have
the
right
in
front
like
I?
I
I
I
C
F
B
I
H
B
And
if
you
want
to
know
whether
request
is
internal
or
external,
because
it's
a
common
problem,
but
you
know
you
could
have
a
client
inside
the
mat
match
content,
but
it
was
external
or
vice-versa.
There's
the
X
envoy,
internal
header
and
dynamic,
something
that
we
do
internally
evolve.
It's
simply
just
a
true/false
statement
about
whether
the
request
came
in
I
mean
bless.
Okay,.
B
A
E
E
A
E
I
think
our
headers
are
very
confusing,
because
today
I
was
trying
to
do
the
tracing
stuff
like
we
recommended
like
multiple
headers
for
trace
spam,
but
I
captured
the
headers
bonused
have
like
three
or
four
headers
in
a
documentation,
but
not
everything
in
our
documentation.
That's
even
available
to
for
me
to
propagate
headers.
A
A
E
E
B
B
C
E
B
E
E
A
Really,
what
are
what
I
said
is
that,
instead
of
creating
5lbs,
we
will
only
create
one
in
0-2
when
we
shift
when
you
shift,
we
had
one
load
balancer
for
mixer,
one
load,
balancer
or
pilot
one
for
the
CA
and
one
for
DNS,
because
mixer
split
into
two
components
so
to
mean
to
add
another.
Yet
another
loss,
balancer
and
and
instead
of
that,
we
just
create
one
single
load,
balancer
that
is
running
and
void,
and
it's
forwarding
to
the
proper
service.
A
E
A
A
E
E
I
I
B
Think
it's
it's
pretty
clear
right,
I
mean
if
you
didn't
propagate
poster
and
I,
don't
think
I've
seen
many
systems
with
it.
You
propagate
the
host
header,
either
using
the
host
header
or
by
pumping
it
into
some
other
header.
As
far
as
I
know,
envoy
has
other
standard
headers
for
other
information,
but
report.
That
means
that
you
don't
have
to
repurpose.
Not.
Oh
sorry,.
A
I
B
J
Yes,
I've
just
been
playing
around
that
I've
got
much
too
much
working
because
you've,
mostly
through
my
no
an
error
like
yeah,
it's
the
codes,
much
easier
to
understand
a
thing
for
I.
Think
you
picked
up
quicker,
I,
don't
know!
That's
because
I'm
more
used
to
code
base
night
I
would
play
around
this
weekend
to
get
some
debugging
stuff
in
seriously
deal
and
then
see
how
I,
like
it
after
I've,
had
to
write
a
lot
of
code
against
him.
Oh.
A
J
A
J
I
know
it's
not
working
because
we
need.
This
is
the
thing
we
need
to
change
norm
voice.
So
there
was
of
the
local
cluster
named
in
v1
envoy
needed
to
be
in
the
CDF
response.
We're
not
gonna,
bother
doing
the
CDF
stuff
for
v1,
so
we're
going
straight
to
be
to
and
in
v2
it's
static,
getting
the
bootstrap
which
I,
don't
think,
really
works
with
our
cluster
naming.
J
D
What
are
you
saying
is
that
you
mean
the
easy
stuff
is
actually
a
boot
time
configuration
for
annoy
you.
Cannot
you
can't
figure
it
an
envoy,
no
matter
what
you
do,
whether
that's
in
the
booth,
it
is
essentially
in
a
in
a
configuration
file
or
a
command-line
option
and
we
cannot
be,
will
have
to
restart
envoy
and
in
order
to
like
an
update,
the
the
local
AZ.
So
the
only
option
is
either.
D
J
A
Would
I
have
no
program
with
with
what
we
are
doing
III?
We
can
even
do
a
fetcher
availability
zone
from
pilot.
Let
me
do
it
Jake
in
order
he
shall
request
to
pilot
ends
in
starting
to
I.
Have
no
problem
with
that.
My
my
question
was:
if,
with
the
easy
fetching
from
pilot,
if
we
are
okay,
I
mean
if
we
have
everything
we
need
to
invidual
I
mean
we
have
to
invest
or
some
testing,
or
we
are
confident
that
this
feature
is
working
somehow
yeah.
J
A
Mean
man,
what
do
you
think
it's
funny?
It's
just
it's
just
it's
each
one
of
the
feature
that
is
pretty
tricky
to
test
I
mean
I,
am
trying
to
either
test
that
easy
is
stretched,
fine
and,
and
and
that's
probably
going
to
be
okay,
but
I
want
to
test
the
EDS
response
to
make
sure,
because
it
is
it's
also
related
I
mean
it
is
to
to
do
some
some
AZ
related
grouping,
okay
and
I'm,
not
entirely
for
how
again
we
can
validate
this.
You.
D
D
That's
what
I
was
saying
actually
initially
increases
I
mean
the
only
way
to
do
this
as
to
like
have
a
dynamic
operation,
a
nun
way
to
like
update
its
own
AZ,
but
Matt
feels
that
that's
just
like
you
know,
sort
of
concurrently
with
the
core.
These
are
like
moot
time
configurations
that
you
need
to
have
so
option
one
is
we
just
do
what
we're
doing
today,
which
is
we
start
on
more
and
then
we
restart
on
Y
once
we
have
all
the
AV
information.
Oh
my.
A
D
D
It
will
download
it
here,
whatever
that
API
it
is
and
get
the
AZ,
and
then
it
would
start
on
wait,
but-
and
in
this
case
it
had
no
dependency
per
se
on
pilot
in
just
simply
different
yeah
and
to
fetch
that
information,
but
that
just
increases
the
side
of
size
of
the
sidecar.
By,
like
you
know,
the
runtime,
either
EMB
additional.
A
Not
necessary,
it
can
be
turned
off
and
you
may
restrict
how
much
it
is
and
it's
more
complexity,
but
it
doesn't
matter
I
mean
around
click.
Ooh,
baby,
I
sell
for
around
2
pi.
What
is
kind
of
the
same
thing
is:
there's
no
or
not,
if
not
even
faster,
to
do
around
it
to
pilot
and
with
this
occasion
to
also
get
additional
data.
The
reason
I
want
to
do.
A
It
is
because
it's
our
opportunity
to
get
additionally
for
additional
2
AC,
so
pyro
can
control
other
star
type,
startup
time
options
like
you
know,
logging
or
whatever
else
pilot
they
want
to
200
she's.
Now
we
have
the
metadata
that
we
pass
with
a
note
in
in
80's.
Take
it
we
can
take
it
offline.
I
I
don't
spend
too
much
time.
It's
just
something:
I
want
people
to
be
aware
of
endo
to
clean
off.
B
J
B
J
E
A
D
D
A
D
K
D
K
J
B
A
B
G
C
A
B
So
maybe
what
we
should
try
and
do
is
kind
of
schema
times
that
default.
Config
I'm
the
injector
said,
but
it's
the
ability
to
your
own
boy
to
fetch
it
dynamically,
or
certainly
the
pilot
agent
to
fetch
it
dynamically,
and
if
pilots
down
on
boy
could
still
come
up
with
the
default
ones
from
the
injector.