►
From YouTube: Istio Security Working Group Meeting 2020-04-29
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
To
clarify
there,
so
there
are
three
dots
that
all
talk
about:
how
to
sort
of
give
an
identity
to
a
virtual
machine
that
is
not
part
of
the
mesh.
Costumes
is
new,
we're
already
an
existing
two
written
and
so
from
my
perspective,
I
would
like
to
know
which
you
know
which
of
these
solutions
that
all
do
something
very
similar
for
speed
for
rich
combination.
D
Should
be
merged
with
the
second
thought,
because
the
the
last
talk
is
not
really
proposing
any
provisioning
for
our
provisioning
it
below,
but
instead
yeah.
So
the
second
talk
which
is
when
I
ordered.
So
where
is
the
three
options?
It's
presently
there
last
time,
yeah
and
yeah,
and
the
kasnian
stock
is
new.
Maybe
we
should
that
cost
you
to
go
first,
yeah.
E
E
It
is
true
that
this
document
could
also
be
used
for
for
clouds,
but
my
primary
goal
is
this
document
is
to
solve
the
remaining
of
the
program
because
I
don't
know
how
the
other
document
will
be
implemented
or
when
it
would
be
ready.
But
if
you
super
easy
to
implement
and
can
be,
you
know
even
that
4206
and
the
upshore
design
is
there
is
not
what
we
had.
E
Another
part
I
mean
the
issue
of
these
already
out
indicating
the
caller
the
person
who
is
requesting
panacea
star
and
the
proponent
is
just
what
an
annotation
or
a
mesh
multi-book
shown
to
say
that
a
particular
identity
is
allowed
to
issue
certificates
of
the
certificates
for
the
particular
service
account.
So
you
have
a
service
accounts
product
page
in
the
book
on
any
space.
You
specify
that
christina
gmail.com
this
was
authorized
to
were
over
question.
That
github.com
is
authorized
to
issue
certificates
for
this
identity
by
specifying
the
mapping
between
business
auto.
E
These
are
by
putting
an
outpatient
in
the
service
account
or
body
by
putting
something
in
mesh
wanted,
and
then
my
CI
CD
system
in
github
would
provision
at
the
end
we
get
a
certificate
from
e.
Co
d
will
depress
the
certificate
once
again
and-
and
we
have
a
trace
because
this
year
they
will
have.
We
know
exactly
what
the
tickets
are
issued
on
service,
the
correct
solution
and
web
here.
The
root
CA
do
whatever
the
twenties.
No,
no.
E
What
what
much
that
you
use
for
and
second
it
works
everywhere
you
can,
you
can
integrate
it
with
a
seed
assistance.
You
can
used
or
not
already
doing,
reject
our
own
identity,
and
then
you
know
that
Christina
gmail.com
is
the
one.
The
state
is
DM
and
you
have
all
kinds
of
other
options
that
that
become
possible,
and
that
is
the
change
is
really
just
for
the
map.
A
hash
map
that
much
AG
means
to
what
30
seconds
they
are
allowed
to
provision
and
the
most
controversial
part
of
the
proposal.
E
Maybe
you
should
have
a
naming
pattern
to
say
that
issuer
I
mean
namespace
is
automatically
authorized
to
issue
citations.
That
makes
it
so
we
can
have
if
I'm
admin
of
butene
four
mainstays
I
can
get
a
certificate
or
token
or
open
ID
connect
work
for
that
particular
issue.
Admin
a
book
info
and
then
these
are
counted
also
not
to
do
it
without
extra
configuration
and
headaches
just
possible
any
work.
Loading
is
the
same
with
the
same
booking
for
super
me.
D
Costing,
if
you
are
down
and
I
have
I,
do
have
some
comments.
Number
yeah,
yeah,
so
I
I
feel
that
this
proposal
basically
puts
the
mesh.
Add
me
in
the
loop
right,
essentially
whatever
mesh
enemy
is
doing,
is
a
currently
what
we
try
to
ask
Easter
agents
to
do
so.
Basically,
it
is
with
this
proposal.
Mesh
mesh,
Adam
II
is
going
to
a
caste
certificate
from
is
30
and
then
provision
to
the
VMS.
D
E
D
E
Not
really
hope
anything,
the
operator
is
just
the
person
who's
depressed
at
the
end,
the
person
who
is
you
know
sitting
up
at
Vienna,
starting
this
journey
on
the
VM.
Restoring
the
configuration
does
not
happen,
change
and
is
not
proposing
to
change
any
based
on
one
whose
provision
Exodia
in
the
common
case
will
have
a
DM
provision
on
Prem.
You
create
the
Vienna
salty
certificates
at
okay,
8080
and
after
that,
the
agent
pointing
us
to
the
expiration
constitute
or
everything
that
was
doing
before
yeah.
D
E
We
have
a
very
proud:
yes,
you
agent
time
to
use
this
proposal
exactly
I,
think
in
your
proposal,
but
it
is
qrd
doing
the
exchange.
So
if
you
are
on
AWS,
you
can
configure
that
use
a
recipe.
Ws
is
authorized
to
create
certificates
for
Quadra
looking
for
at
home
and
then,
if
you're,
the
will
exchange
without
any
information
of
the
operator,
because
you
can
authenticate
aw
yeah.
D
Yeah,
my
preference
is
actually
separate
the
post
job
certificate
versus
the
certificate
that
actually
contains
the
VMs
identity.
So
for
premium
you
can
post
wrap
this
VM
with
some
supposed
to
our
certificate,
but
it's
not
signed
by
SDT.
You
can.
You
can
sign
by
any
Riker
of
sign-off
line
signer
so,
but
we
can
configure,
is
if
your
agent
to
paste
on
this
post
gesture,
well,
post
job
credential
and
then
get
the
match
certificate.
D
E
You
have
a
proposal
for
this,
yes
Lee,
but
it
looks
like
it's
additional
steps.
I
mean
it
seems
that
this
proposal,
you
know
it's
simple
enough
that
can
be
implemented
quickly
and
it's
simpler
than
what
you're
proposing,
because
we
don't
involve
any
other
Authority
any
other
certificate.
Another
step
is
just
I
mean
specifies
who's
allowed
to
just
get
the
certificate
as
a
tip
and
I'm,
not
sure.
Why
would
we
complicate
it?
Yeah.
D
D
E
Specify
this
in
reality
for
B
M,
there
is
always
someone
some
pool
that
is
deploying
that,
yet
they
don't
exist.
You
know
to
be
position,
so
whoever
is
provision
is
IBM
installs.
You
know
whatever
application
around
my
sequel
in
stories,
your
proxy
is
also
the
person
that
is
root
on
the
DM
and
10,
or
should
create
the
provisioning
certificate,
because
the
same
as
the
mineral
also
deploys
and
my
sequel
credentials
will
do
a
lot
of
other
deployment,
but
possibly
it
doesn't
think
out
of
things
to
actually
cross.
The
provisions
is
your
part
of
it.
Yeah.
D
So
if
we
want
to
a
call
this
route,
basically
for
premium,
we
are
saying
this
is
the
basically
the
operator
is
doing
all
the
job
with
or
neither
is
to
H
internal
filter
in
the
loop
right
for
certificate.
Provisioning.
Yesterday,
though,
is
it
is
interpreted.
E
D
D
I
think
this
will
work
I.
Just
my
concern
is:
we
are
basically
separating
the
Flavian
flow
with
the
other
colony
and
flow.
E
D
Then
basically
we
are
we're
overwriting,
the
current
identity,
permitting
architecture
right.
The
entire
flow
is
being
not
used
anymore.
Basically,
the
operator
is
doing
all
the
work
in
the
auto
VM
get
get
a
certificate
or
other
particle
certificate
from
the
beginning,
they
at
the
time
they
were
deployed.
E
B
E
A
B
A
To
expire
to
authenticate
too
easily,
and
then
you
exchange
for
a
new
certificate,
I,
don't
I,
don't
think
that
is
a
good
way
compared
with
using
like
AWS
instance,
dark
or
TCP
service
account
token
to
do.
The
rotation,
which
is
more
aligned
with
using
like
kubernetes
service,
account,
start
to
do
their
rotation,
because
if
you
are
certificated
your
private
key,
for
example,
if
your
private
key
is
leaked
to
some
malicious
user,
that
malicious
user
can
use,
the
private
key
to
further
refresh
hits
a
certificate
and
that
one
that
is
not
secure
right.
E
E
Particular
single
user
has
a
choice
if
they
first
emitter,
because
ever
more
than
they
need
to
be
very
different,
because
if
someone
gives
you
take
your
private
key
for
suppose,
that's
going
to
expire
in
an
hour-
and
it
has
a
same
value.
Dt
was
a
token
and
if
the
exact
your
private
key,
as
we
can
also
get
the
token-
and
it's
far
more
likely
that
the
program
would
be
leak
leak
resistant
over
the
web,
the
private
key
is
not
send
over
to
Maya.
D
So,
regarding
refresh,
if
you
just
send
a
certificate,
that's
going
to
be
expired,
and
then
you
issue
a
new
one,
basically
extend
to
the
lifetime
of
a
certificate,
but
there
must
be
some
rules
can
show
that
right.
That
must
be
some
oscillation
to
authorize
this
extend
their
lifetime.
Otherwise
it's
there's
no
difference
compared
to
our
donbas
plus
certificate
you,
you
can
always
extend
it
forever.
A
You
can
see
all
gasp
and
benefit
right
by
rotating
the
our
root
certificate.
You
can
reduce
their
exposure
of
single
root
certificate.
Sorry
single
primary
key
like
more
times,
which
could
be
like
yeah,
could
be
decrypted
or
were
like
using
some
technique.
You
can.
The
malicious
user
can
decrypt
that,
but.
E
Refresh
has
been
reviewed,
approved
chips
is
been
around
from
zero
to
I,
don't
think
I
mean
this
document
is
not
trying
to
reopen
the
particular
design.
You
can
think
that
we
need
to
improve
the
illustration.
You
know
we
can
see
the
separate
document.
How
to
improve
registration.
I
think
that
the
settled
method.
A
Yeah
I
I
would
say
if
you
are
saying
the
private
key,
it's
more
secure
than
the
token
I
think
yeah
in
concept.
That
is,
but
also
in
concept,
because
you
are
using
the
token
to
bootstrap
their
private
key.
Then
that
means
the
put
the
token
should
be.
It
shouldn't
be
more
less
secure
than
their
private
key.
Otherwise
you
can
use
it
to
put
bootstrap
right,
hi.
E
A
A
D
D
E
Can
do
whatever
the
other
if
they
can
generate
the
energy
the
path
by,
but
he
owns
the
DM
by
running
SSH
or
politics
or
whatever
technology,
and
whatever
the
data
will
give
it
whatever
puddings
are
using
other
people.
Whatever
pudding,
they
use
to
petition
a
GM
and
the
field
power
will
be
will
depend
with
yadi.
So.
E
E
E
Let
me
easier,
yeah
good
first
put
to
solve
the
Crocker
is
which
cannot
be
stopped
by
token,
because
your
own
frame
or
another
series
and
second
it
gives
another
alternative
for
people
on
count
if
they
use
the
same
mechanics
Detroiter
the
empty,
multiple
clouds,
any
multiple,
it
may
be
better
to
have
a
consistent
way
to
deploy
instead
of
having
this
one
I
use,
this
position
is
the
other,
but
they
are
free
to
use
whatever
we
choose
is
just
give
them
one.
You
know,
of
course
you
can
do
it.
There's.
A
A
proposal-
and
this
is
my-
it
might
be
a
little
bit
long
term-
there's
a
solution
in
spiffy
word
right:
the
user
one
time
bootstrap
token,
instead
of
certificate
that
you
can
prevent,
like
some
attack
vectors
like
when
you
this
manual
step
of
providing
a
certificate
and
put
that
into
the
VM
it's
vulnerable.
If
someone
gets
the
certificate,
they
can
use
it
anytime.
If
you
use
a
one-time
token,
then
that
will
expire
within
a
time
or
within,
like
after
the
first
of
youths
that
could
be
more
secure.
Yeah.
E
Good
point
and
I
wanted
to
put
it
in
the
document,
but
I
want
it
out.
The
other
way
to
use
this
mechanism.
Is
you
give
this
provisioning
token
or
30
M
you
exchange
it
immediately.
Oh
you
is
it
ridiculous.
I
would
start
open
is
the
certificate
of
the
bootstraps
ethnicity.
That
means
accepting
including
Android.
E
In
some
cases,
the
certificate
that
April
is
going
to
put
on
again
is
not
going
to
be
used,
for
what
we
were
told
is
just
to
introduce
for
the
first
time
and
gives
a
person
refresh
token,
and
that
also
shows
the
program
of
putting
labels
into
that
to
make
sure
that
always
we
have
the
labels
and
IP
and
all
the
enter
information.
We
want
you
but
yeah.
D
E
Vision,
certificate
certificate
is
not
a
big
difference,
I
mean
my
proposal,
is
you
certificate
is
because,
yes,
we
have
was
a
doctrine
only
for
a
particular
food.
We
already
have
a
certificate,
however,
you
want,
and
we
can
create,
put
a
short
expiration
time
and
make
sure
that
it's
kind
of
only
usable
for
getting
various
entities
I
think
it's
reasonable
to
do
it
already
to
the
book.
D
Iiii
think
for
for
the
current
for
the
current
proposal
with
OSI
is
there
are
a
lot
of
security
concern
on
that
right
because
they're,
the
operator
is
actually
provision
you,
the
private,
key
and
manually
copy
a
service
on
to
all
basically
copies
to
the
VMS.
E
Explain
the
rate
or
can
he
she
said,
create
a
CSR
as
private.
He
owns
the
DN
itself
is
on
the
food
that
so
how
much
what
you
want,
your
purpose,
automation,
the
automation,
can
go
to
the
VM
use,
TPM
or
whatever.
It's
not
that
he
and
to
generate
a
private
key
and
just
a
CSR
is
leading
the
VM.
So
that
see,
I
put
a
step
by
step
to
make
sure
that
that
this
year
that
yeah
in
this
use
case,
the
private
key,
can
be
only
on
the
VM
and
never
needed.
E
E
D
E
D
D
Actually,
we
witness
need
those
three
options.
The
the
first
two
are
are
using
communities
in
yourself
about
the
last
one
is
not
yeah.
If
we
want
to
discuss
their
that's
fine,
yeah
I
was
also
a
debating
with
the
swell
on
which
option
to
go
with,
but
my
current
preference
is
to
choose
the
one
not
dependent
on
API
server.
E
How
to
use
this
document
to
use,
for
example,
a
PTM
or
or
harder
token
to
make
sure
that
is
warrant
is
that
the
private
is
protected
in
space
with
the
VM
and
how
to
use
it
properly
and
I.
Think
that
will
probably
clarify
this
Constitution
because
again,
their
main
work
benefits
of
work.
But
what
the
etiquette
is
that
it
can
be
used
at
Harvard
a
blur
and
to
make
sure
that
it's
nepotism
tokens
can
be
easily
copied
over,
but
the
private
key
can
be
protected.
So
in
every
Libya.
E
A
Yeah,
so
what
louder
solution
just
thinking
aloud
here?
It's
have
the
VM
always
generates
their
private
key.
When
you
are
bootstrapping
and
then
after
it
generates
a
key
pair,
it
exposes
the
public
key
or
the
CSR
into
like
VM
pass,
and
then
your
CI
CD
system
just
grab
that
CSR
or
public
key
from
that
path
and
do
a
call
to
the
east
ud2
praveen.
Your
certificate
manually
right
was.
E
D
E
D
I
think
we
don't
need
a
story
to
a
post
chapter.
Yes,
I'm
privy
Em's
identity,
but
yeah
I.
Think
the
other.
The
other
talk
us
when
de
I
have
we
actually
want
to
focus
on
the
case
that
the
VM
already
has
some
existing
identity.
So
in
the
case,
if
already
has
the
poster
of
credential,
then
after
that
rather
provisioning
for
illegal
crime,
then
we
are
complementary
right.
We
are
not
conflicting,
researching
each
other.
No.
E
We
are
because
right
because
again
focus
on
work
for
both
needed,
but
again
the
other
option
is
simpler
and
easier
to
use
them.
Probably
again,
people
will
use
this
only
for
for
DM
sent
and
the
other
foot
I
know
if
it's
worth
duplicating,
but
it
is
your
trade
and
I'm
not
opposed
to
other
social.
No.
D
E
My
immediate
goal
is
to
are
Toto
to
make
sure
that
we
have
as
soon
as
possible
a
solution
for
the
games.
I
don't
evolve
coping
with
privacy
of
the
CH,
because,
right
now
what
people
are
doing
is
atrocious.
Taking
the
private
ta
poverty
of
the
sea,
a
stealth
movie
took
computer
for
some
user
and
then
they
use
it
to
send
stuff.
For
me,
that's
not
really
really
bad
I
cannot
imagine
anything
worse
in
terms
of
yeah.
D
E
B
D
D
So
the
first
one
is
what
we
originally
proposed
in
the
inter
last
meeting.
So
the
idea
is
to
have
Saudi
for
other
purpose,
all
the
options.
The
assumption
is,
the
VM
already
has
some
existing
credential,
so
the
VM
could
be
a
cloud.
Vm
could
be
RTC,
IBM
or
EWS,
a
VM
or
some
other
Caribbean
or
some
on
premium,
which
already
has
a
posture
of
credential.
So
the
idea
is
that
is,
the
agent
will
actually
send
to
the
existing
VM
credential
to
a
community.
D
D
For
example,
the
API
server
is,
probably
it
areas
hosted
API
server
TK
if
a
server
actually
in
the
ticket
case
is
fine,
but
so
there
are
some
cases
VM
to
not
have
direct
access
have
access
to
the
API
server
itself.
So
the
proposal
is
to
have
duty
as
the
intermediate
agent.
So
basically
is
your
agent
will
Center
CSR
to
easy
and
the
ECOT
is
going
to
send
a
request
to
communicate
api
server
along
with
the
vm
credential
and
asking
can
I
use
Oki
exchange.
D
It
is
the
VM
credential
for
our
communities,
joy
token
and
the
if
API
server
allows
the
request.
Basic
API
server
will
locate,
the
communities
are
back
and
if
API
server
allows
the
request
and
it
will
return
a
commnets
jar
token
and
then
in
co,
t
can
can
paste
on
the
converse.
Just
talkin
ensured
a
certificate
and
the
retained.
Who
is
the
agent?
What.
E
D
Me,
let
me
go
through
Kosovo
option:
string,
okay,
costing
yeah
yeah,
so
so
the
advantage
of
this
yeah
is
a.
We
can
use
a
better
to
authorize
and
still
use
cornetist
your
token
to
post
trap
other
the
remaining
steps.
However,
my
current
concern
is
we
currently
have
order
out
of
the
like
SES
logic
in
sto
is
the
agent
and
we
have
other
micro,
SD
s
and
plugins.
So
like?
Oh,
he
is
the
agent
with
this
proposal.
We
actually
need
to
remove
order.
Logic.
Tool
is
duty
instead,
so
its
duty.
D
So
for
the
community's
case,
the
community's
George
is
actually
on
Easter
agent,
but
with
this
proposal,
comme
des
George
will
only
be
available
on
Easter
T.
Then
all
the
EDC
logic
on
Easter
agent
will
help
to
be
replicated
on
duty,
which
is
not
young,
which
is
the
reason
I
I
do
not
want
to
go
with
this
route,
and
I
also
feel
that
the
dependency
on
communities
API
server
just
doing
the
oscillation
is
not
ideal.
So
our
morale,
let
let's
go,
go
to
the
third
option.
D
Third
option:
yeah:
this
is
the
cirrhotic,
so
the
third
option
is:
we
will
have
e
still
T
to
to
a
post
authentication
after
bein
credential
and
also
to
the
oscillation
so
II
still
T.
Will
we
will
provide
a
identity
mapping
rule
saying
that
this
VM
credential
can
be
mapped
to
mesh
mesh
identity
based
on
this
law,
so
the
Atome
were
defined,
sorrow
and
the
provision
yet
in
study
and
the
based
on
this
rule
is
dirty.
You
can
decide
which
mesh
identity
talk
to
provision
and
return
the
certificate
back
to
history
agent.
D
D
E
D
E
Wait
to
move
into
action
three
and
and
basically
have
the
same
implementation
for
both
of
them,
because
in
reality
both
proposals
can
be
implemented
very
easily
by
just
you
know,
using
the
existing,
a
notational
service
accounts
and
and
probably
20
lines
of
code
in
the
authentication
pack,
so
we
can
get
it
even
in
1.5
or
one
dot.
Each.
D
E
F
D
D
Still
T,
you
will
actually
have
to
have
some
authentication
mechanism
implemented.
So
one
possibility
is
that
we
can
run
my
in
front
of
e
study.
The
embroidered
a
already
provides
the
ODC
record,
josh
token
authentication
and
plus
the
music
notes
right.
It
can
also
authenticate
to
the
client
certificate.
E
E
Yeah
and
also
we
have
already
in
1.53,
one
wonders
what
a
Paragon
we
have
ability
to
authenticated
open,
ID
connect,
meaning
that
you
tell
it
gets
a
token
that
is
compatible
with
standard
tandem.
You
connect,
they
need
to
work
already
Jersey
to
enable
you
to
specify
which,
which
all
three
you
are
trusting
and
then
it
will
be
automatically.
E
The
actual
code
is
definitely
metric
is
coming
from
it
from
a
tokens
of
the
VM
custom
metadata
server,
for
it
got
it
from
whatever
other
means
can
be
your.
You
know
your
personal
accounts
or
anything
else.
As
long
as
you
have
an
identity
from
a
crafting
authority,
that
is
your
dinner
taking
the
flow
is
identically
in
my
case
github,
that
is
getting
his
certificate
using
its
own
certificate.
E
E
D
B
A
A
Okay,
X
think
we
can
go
back
to
the
next
one
if
we
have
done
this.
So
last
night's
really
just
a
announcement
fabrication
of
the
file
based
in
Grasse
gateway,
external
third
management
from
1.7.
So
in
Middlesex
we
already
removed
the
task
of
setting
up
their
secure
in
grass
gateway
through
file
month
bio-based,
but
it's
still
supported
Emond
all
six,
but
we
are
going
to
clean
out
the
code
and
only
do
SDS
only
support
SDS
we're
doing
this
for
multiple
reason.
A
Right
for
the
first
reason,
it's
the
foul-mouthed
has
its
significant
drawbacks
today,
which
is
like
it
requires
a
restart
of
being
where
Gateway,
when
their
files
are
changed.
So
that's
one
thing:
the
other
thing
is
ready
for
our
maintenance.
We
need
to
maintain
like
two
different
implementations
for
the
same
basically
the
same
feature:
that's
the
second
consideration
and
also
the
SD
as
its
covering
all
the
use
cases
of
amount.
We
will.
We
will
support
so
SDS.
We
are.
We
will
first
to
give
a
migration
dark,
published
1.6
mm.
A
E
One
comment:
I
mean
what
the
vacation
is.
A
void
always
gets
configurations
using
it.
Yes,
so
in
the
resonator
in
origin
is
newest
configuration,
it
doesn't
means
that
we
are
going
to
require
that
ingress
always
run
with
secret,
are
about
technicians
and
in
the
domestic,
or
that
means
that
I'll
mounted
secret
are
are
going
away,
because
there
is
the
very
important
Swiss
kiss
wonder.
What
we're
saying
is
that
just
like
work
for
regular
water
to
work
load
in
yes
agent
is
your
agent
will
be
able
to
load
the
pipes
and
presenter
playing
boy
over
it.
E
Yet
so
the
configuration
is
consistently.
We
signifies
that
put
past
and
we're
gonna
have
to
watch
every
start
and
work,
but
very
much
amount,
because
in
some
cases
you
do
not
want
to
grant
increase
permission
to
read
or
the
secret
committee
Iturbide
directly.
You
want
to
help
ever,
but
no
Commission
and
that
remount
the
parking
ticket
with
a
very
quite
a
particular
make.
E
A
E
C
A
E
E
E
C
E
F
I'm
sorry,
it's
super
confusing
I
have
to
say
so.
It
sounds
like
qinger
for
my
use
of
perspective
leave
unspecified
the
Gateway
resources
using
the
file
based
approach.
It
would
continue
to
work
in
1.6,
but
in
1.7
you
will
have
to
kind
of
migrated
to
the
STS
way,
because
I
believe
the
credential
specify
differently
in
between
the
fowl
base.
Was
there
I
see
a
space?
Is
that
true?
No.
F
A
F
A
Because
a
fowl
mount
it's
still
serving
some
scenarios
that
secret
it's
not
accessible
from
the
ingress
gateway.
In
that
case,
you
still
mount
the
secrets
into
their
engine
or
ingress
gateway
path.
There
differentiates
previously
the
envoy
if
we
all
do
actually
read
from
file,
but
now
we
are
not
doing
that.
Ii
still
agent
well
read
from
the
file
and
serve
that
he
answered
through
as
the
ask
to
to
their
ingress
gateway
on
boy.
Does
that
make
sense?
Okay,.
A
G
E
Purposes:
abutting
number
eight.
It
may
happen
what
what
what
whatever
suggest
a
separate,
because
we
do
want
to
avoid
this-
was
the
overhead
of
maintaining
anything
and
also
the
problem
is
that
we
don't
have
yet
another
implementation.
Where
your
deal
with
someone
else.
Yes,
many
things
all
secret.
So
until
we
hit
when
we
have
it,
we
can.
We
can
complete
it
that
the
kids
are
mounting.
Okay,
bye-bye
I,
don't.
C
E
C
A
We
still
need
the
user
guide.
I
think
you
know,
therefore,
but
that
one
will
be
a
like.
Another
default
default
still
will
be
there.
Sds
API,
but
a
fair
amount.
Api
wait.
We
can't
deprecated
that
low
house
have
it
somewhere
and
user
can
refer
to
it
if
they
defend
out
there.
An
ingress
gateway
part
cannot
access
the
security
in
the
system
because
you
use
that
way.
Okay,.