►
From YouTube: Technical Oversight Committee 2021/02/12
Description
Istio's Technical Oversight Committee for February 12th, 2021.
Topics:
- Alpha promotion of Gateway Topology
- Roadmap planning concerns
- Networking 2021 and 1.10 roadmap presentation
- Review of potential breaking changes
C
Yeah,
can
I
make
a
quick
announcement
before
we
start
sure
yeah,
so
I've
just
launched
in
steering
I'm
actually
going
to
change
jobs
next
week.
So
next
thursday
I
will
start
with
solo.I.
Oh
I'm,
hopefully
to
be
able
to
lead
their
contribution
to
istio.
So
it's
super
exciting.
For
me.
Yeah.
C
C
B
Okay,
so
let's
see
weekly
reminders,
we
started
recording
release
manager,
nominations
we
have
sam
nominated.
Do
we
have
anyone
else?
Thank
you,
sam.
By
the
way,
if
you're
on.
C
G
C
C
A
We
still
need
release
management
exactly
last.
E
I
think
last
week
kevin
and
mandar-
you
had
said
that
maybe
you
will
try
to
find
people.
Did
you
have
any
success.
G
E
G
B
A
B
We
have
three
okay,
so
we
need
two
more
okay,
the
we
have
a
doc
for
offline
review,
brian,
what's
the
status
if
you're
on
the
stock.
Oh.
E
I
J
B
Okay
and
then
we
have
this
gateway
topology.
What's
the
status
of
this
one,
did
this
get
resolved.
E
This
did
get
approved
in
the
networking
working
group.
Well,
that
was
the
last
status
unless
people
in
the
toc
and
this
meeting
have
any
objections.
I
think
it's
pretty
much
approved.
It
has
gone
all
through
the.
It
has
gone
through
all
the
stages
and
there
is
an
enhancement
issue
which
we
can
look
at.
K
D
Yeah,
I'd
like
to
point
out
that
I
put
an
item
at
the
top
of
the
of
the
queue
basically
to
to
say
that
I
I've
noticed
recently
that
people
are
kind
of
inserting
at
the
top.
When
you
know
sorry,
I'm
still
waking
up.
Other
people
already
had
items
and
it's
it's
fair.
It's
more
equitable
to
put
your
items
at
the
bottom
of
the
queue
and
in
order
to
send
this
message,
I
I
put
this
little
blurb
at
the
top.
Sorry.
B
And
then
people
put
things
up
yes,
but
it's
mostly
known,
I
was
mostly
just
teasing
right.
I
think
that
I
think
that's
fair,
yes,
make
sure
when
you
add
an
agenda
item
put
it
at
the
bottom.
I
think
something
that
we
all
should
do
is.
I
would
recommend
people
put
a
time
bound
on
their
items
like
how
long
they
think
it
should
take,
and
we
should
try
to
stay
within
that
time
bound.
J
B
A
Yeah,
so
we
there
there
was
a
there
was
a
request
or
asked
from
the
toc
to
have
a
yearly
roadmap,
and
then
there
is
a
general
format
of
reviewing
the
quarterly
roadmap
of
a
release
and
then,
after
the
release,
there
is
a
retrospective.
So
we
were
discussing
that
in
the
working
group
leads
and
seems,
like
I
mean
it's
a
lot
of
process
work,
obviously
for
everyone
to
work
on,
we
have
been
doing
that
at
least
the
yearly
came
up.
A
You
know
starting
last
week
of
november
and
we
are
still
working
on
it
now.
It
is
at
a
point
where
you
know
we
are
working
on
that
perspective
and
quarterly
and
yearly
roadmap
and
there's
a
general
concerns.
There's
a
lot
of
work,
so
I
just
wanted
to
hear
from
the
toc.
What's
the
best
way
forward,
do
we
need
all
of
them
is
that
is
there
value?
A
Was
the
question
asked
by
the
working
group
leads
in
doing
yearly
and
like
quarterly
does
have
a
value,
but
do
we
want
to
do
yearly
and
the
retrospective?
How
do
we
want
to
go
about
it?.
J
D
J
J
J
E
I
So
the
challenge
that
I
saw
with
it
is
just
a
year
is
a
hard
time
to
come
up
with
a
plan
for
ahead
of
time.
I
don't
mind
doing
it,
but
things
change
very
rapidly
in
the
project
and
trying
to
plan
out
a
year
means
that
information
that
might
not
be
accurate
and
it's
hard
to
hard
to
go
out
and
plan
that
far
in
advance
and
know
that.
J
D
Yeah,
I
I'm
wondering
if
we
can
similar
to
what
lou
was
saying,
simply
make
the
plan
less
good.
You
know,
and
if
it
was
not
so
much
a
road
map,
but
more
just
ideas
for
the
next
year.
Something
real
just
like
that
yeah,
but
even
goals
is
stronger.
I
mean.
I
E
I
do
think
like
there
is
value
in
creating
like
a
theme
based
doc
doc
or
what
the
toc
plans
to
achieve
for
the
project
which
maybe
it
was
a
month
late
this
time,
hopefully
we'll
do
better
next
time.
I
think
and
then
based
on
that
just
rough
ideas
like
we
were
saying
I'll,
be
good
with
it.
I
Brought
up
in
the
workgroup
leads
meeting
was
that
we
didn't
actually
have
the
tocs
high
level
overview
until
after
we
come
up
with
road
maps.
Nice
yeah.
J
Yes,
we
we,
we
fully
recognize
that.
H
E
D
B
B
Sorry
can
you
hold
on,
I
can
hear.
B
Okay,
you
can't
hear
me
okay,
I
don't
know
why
that
was.
I
was
just
saying
that
the
we
should
do
it
in
early
yeah
in
early
december.
We
should
try
that
yeah
sounds
good,
have
tsc
produce
the
themes.
A
I
would
suggest
actually
mid
november
swing,
because
toc
also
needs
some
time
if
plan
is
available,
but
before
december
it
will
give
some
time
for
the
working
depletes
to
produce
the
roadmap
for
next
year.
It
will
be
too
late
if
we
do
that
in
december.
J
But
yeah
I'm
fine
with
either
what
the
the
proposed
dumbing
down
of
the
the
working
group
roadmap
right
to
goals
or
themes.
Do
you
have
any
objections
to
that?
Does
that
help
or
hurt
you
in
any
way
and
kind
of
your
organizational
role.
A
No,
it
does
not
all
so.
My
general,
you
know
concern
was
to
have
a
consensus.
Do
we
want
a
yearly,
as
was
a
quarterly
roadmap,
because
I
think
that's
where
the
more
contentions
are,
that
quarterly
is
more
detailed
and
when
we
review
the
yearly
it
does
capture
the
quarterly
roadmap,
like
let's
say
for
the
current
one,
but
it
does
not
go
into
the
details
so
are
we?
J
A
L
I
I
think
that
probably
works
I'll,
just
say
that,
from
from
my
perspective
in
ux
there's
a
lot
of
time
that
is
poured
into
roadmaps,
we
spend
about
two
weeks
a
quarter
either
on
retrospective
or
on
the
next
quarter's
roadmap,
as
well
as
the
annual
roadmap.
L
Then,
in
the
toc
meeting
we
spend
probably
three
weeks
a
quarter
reviewing
road
maps
reviewing
retrospectives,
then
we
have.
The
weekly
working
group
leads
meeting
where
we're
looking
at
our
roadmap
and
checking
how
we're
doing
on
it.
I
don't
think
that
that
is
bad,
but
it
simply
means
that
the
payoff
for
all
of
that
investment
needs
to
be
very
visible,
certainly
in
2020
on
the
annual
roadmap.
We
know
that
we
didn't
have
the
kind
of
payoff
that
we
needed
to
justify
the
investment
there.
L
I
would
be
in
favor
of
that
I
also
would
be
in
favor
of
making
it
moving
it
to
a
meeting
that
is
not
all
hands
on
board.
L
I
often
don't
need
to
know
about
the
telemetry
roadmap
for
a
given
release,
and
so
just
reducing
it
to
the
actively
interested
parties
could
also
reduce
the
amount
of
investment.
That's
going
in
there.
J
I
mean
the
reviewing
the
road
maps
right.
It
is
a
useful
kind
of
cross-functional
thing
for
the
working
groups
to
check
in
and
and
to
know
what
the
other
hand
is
doing.
J
A
That
working
group
leads
meeting
louis.
We
discussed
that
not
a
mandatory
to
do
the
retrospective.
If
a
working
group
lead
leads,
think
that
they
need
it
and
it's
helpful,
they
can
actually
fill
up.
These
slides
and
toc
can
review
it
offline,
but
if
they
feel
like
we
don't
need
to
do
that
or
maybe
there
is
no
time
that
it's,
then
it's
not
mandatory
and
they
can
skip
it
all.
B
I
have
a
a
couple
of
quick
comments.
I
think,
on
the
on
the
rubik
presentations.
I
agree
with
louie.
These
are
actually
important,
especially
for
other
working
group
leads
to
understand,
like
what
other
groups
are
doing.
I
think
we,
actually
we
want
that,
especially
actually
mitch.
Ux
really
should
understand
what
every
other
working
group
is
doing.
I
know
it's
a
lot
of
time,
but
I
think
it's
important.
B
The
other
thing
is
ideally
the
yearly
roadmap
would
help.
The
working
group
leads
in
defining
the
the
quarterly
roadmaps
right,
the
release,
rip
maps.
So
ideally,
this
would
be
and
a
document
that
you
can
refer
to
when
creating
the
111
roadmap
right
and
see.
Okay,
our
backlog
from
our
yearly
is.
B
E
Yeah,
I
think
so
I
was
going
to
say
the
two
points
that
he
just
said.
So
I'm
not
going
to
repeat
that,
but
basically
looking
at
the
quarterly
roadmaps
and
toc
meetings
is
one
of
my
favorite
parts
here,
not
just
because
I
get
to
understand,
what's
going
to
happen
all
the
crosstalk
and
trying
to
understand
collectively
how
it
is
moving.
E
But
it
looks
like
mitch,
you
were
saying
it's
less
useful
and
the
usefulness
is
being
measured
by
how
much
you
we
have
actually
achieved
in
the
roadmap
that
we
set
out
early
in
the
quarter
early
in
the
year.
So
there
can
be
a
lot
of
things
that
might
have
gone
wrong
because
of
which
we
didn't
achieve
it
right.
E
If
that's
the
only
measure
of
usefulness
that
you're
talking
about,
we
can
work
on
lots
of
different
things
to
improve
the
efficiency
there.
Is
there
some
other
usefulness
that
you're
trying
to
get
out
of
these
activities,
but
you're
not
getting
like?
Is
there
some
value,
which
is
inherently
missing.
L
That's
a
good
question
and
I'm
not
sure
that
I
have
a
clear
answer
to
it:
I'm
simply
observing
that
there's
a
great
deal
of
investment
on
the
working
group
leads
side
and
it
doesn't
always
feel
like
there's
value
for
that
investment.
If
that
makes
sense,
unfortunately,
I
know
that's
pointing
out
a
problem
and
not
a
solution.
B
B
E
So
another
thing
can
be
better
course,
correction
and
sort
of
actually
maybe
at
least
twice
in
a
quarter
understanding
where
we
are
with
our
proposed
promises
for
the
quarter
like
it
looks
like
that
part
is
also
missing.
We
actually
don't
measure
until
the
end.
They
say.
Okay,
we
didn't
finish
these
things,
so
they
move
on.
C
Yeah,
that's
good,
so
guys
I
feel
like
there's
huge
value
on
the
overall
roadmap,
because
that's
also
made
out
your
user,
the
workgroup
roadmap.
You
know
it
should
be
minimum
time
spent
because
it's
really
used
internally
by
our
contributors
and
the
community
right.
So
I
hate
to
say
you
know
we
would.
We
would
not
require
you
guys
to
spend
a
lot
of
time.
It
should
be
minimum
time
and
adjust
as
needed.
J
You
know
that
one
we
have
made
a
statement
that
we
do
want
to
track
that
in
detail,
but
we
could
possibly
just
break
that
out
from
the
other
aspects
of
the
roadmap,
which
are
more
feature,
function,
oriented
and
say:
look
those
things,
they're
attracted
a
very
kind
of
coarse-grained
aspirational
description
of
what
we
want
to
do
for
the
annual
and
then
we
just
right.
We
just
have
a
more
detailed
tracking
for
api
progress
or
or
feature
progression.
J
A
Right
yeah,
unfortunately,
the
eagerly
came
up
at
the
same
time
as
110.
So
I
I
share.
You
know
it's
it's
a
lot
of
work
yeah,
but
I
I
understood
what
you
said.
Louis.
J
C
So
giving
our
dates
around
it's
your
account
I
assume
most
likely
going
to
have
instagram,
probably
early
next
year.
Also
it
does
seems,
make
sense
to
have
like
the
most
recent
roadmap
produced
before
the
conference.
So
I
kind
of
like
what
lui
mentioned
like
early
in
the
year,
so
maybe
the
first
quarter
would
be
more
dedicated,
not
much
feature
from
world
group,
but
you
know
having
the
roadmap
produced
by
the
toc
and
then
the
war
group.
A
So,
let's
do
this:
let's
not
spend
more
time
right.
In
summary,
we
did
agree
that
we
need
a
yearly
and
a
detailed
quarterly
roadmap.
So
let
me
come
up
with
the
dates
for
the
next
year,
so
we
are
marching
towards
it.
While
we
are,
you
know,
last
q4
of
2021.
A
and
having
said
that,
I
would
suggest
let's
go
with
the
networking
yearly
roadmap
in
this,
because
we
are
30
minutes
in
the
meeting
now.
Yeah.
B
A
Yeah
is
there
anything
urgent
before
we
go
there
before
the
road
map
as
a
p0
in
the
agenda,
I
just
want
to
make
sure
that's
not
leaving
behind.
M
M
Add
that
if
tnr
doesn't
need
to
do
the
1.10
roadmap,
we
had
planned
on
doing
both
of
them
next
week.
B
J
B
Just
asking
I
was
asking
who's
who's
presenting
the
networking
road
map.
H
It's
not
a
big
deal.
If
not,
I
can
just
describe
it.
Okay,
yeah.
I
think
this
is
most
of
the
stuff
we've
already
talked
about
in
previous
road
maps,
as
kind
of
longer
term
plans.
I
actually
don't
think
there's
anything
here,
that's
going
to
be
surprising.
Potentially
so,
first
up,
we
have
better
transport
security.
We've
been
working
on
this
for
a
quite
a
while
now
and
that's
going
to
continue
to
be
a
focus
in
2021.
H
E
K
J
Yeah
josh
you
want
uchen
was
out
for
a
while
right
yeah,
so
that
josh
left
did
you
leave.
I
I.
M
K
Okay
and
and
progress
has
been
made
on
the
employee
side,
I
mean
we
are
not
the
only
one
working
on
this
is
what
kind
of
work
on
one
way
side
that
is.
H
Yeah,
I
think
we
haven't
really
done
anything
on
the
easter
side
because
it
relies
on
the
envoy
stuff,
but
the
envoy
side
side's
been
progressing
quite
a
bit
so
got
it,
that's
good.
I
think
it
will
very
suddenly
happen
on
the
east
joe
side,
and
it
will
quickly
happen
because
the
control
plane
changes
are,
you
know
pretty.
H
Okay,
we
go
down
this
one,
then
the
the
next
one,
where
we
talked
a
lot
about
having
better
global
defaults
for
things
like
timeouts
connection
policies,
that
sort
of
thing
so
users
don't
have
to
go
configured
and
you
know
hundreds
of
different
destination
rules.
H
So
we've
done
some
work
on
that
already,
but
we're
going
to
continue
exploring
that
a
bit
more
in
2021.
Hopefully
this
next
one
has
been
on
a
roadmap
for
quite
a
while.
So
it's
kind
of
been
already
in
the
yellow
or
red
that
we
want
to
promote
cni
out
of
alpha
stabilize
it,
improve
it
a
bit,
make
it
more
usable.
H
We
don't
have
an
owner
for
that
right
now,
so
it's
kind
of
tricky,
but
I
think
it's
pretty
important
because
it's
a
big
blocker
for
a
lot
of
users
and
it's
not
great
to
tell
someone
either
use
an
alpha
feature
or
go
use
another
solution
because
they
can't
use
estio
without
cni.
So
it's
important,
but
we
do
need
an
owner
next,
one
removing
custom
extensions.
This
is
really
low
priority,
but
it
would
be
nice
to
have.
We've
talked
about
moving
all
the
extensions
out
into
wasms
that
we
could
use
upstream
envoy
so
yeah.
H
This
is
more
of
a
nice
to
have.
We
don't
have
any
owners
dedicated
to
this
right
now
either
it's
probably
at
the
bottom
multi-tendency.
We
are
starting
to
explore
it
a
bit.
I
don't
think
we
have
any
concrete
designs,
which
is
why
we
it's
kind
of
vague
right
now,
so
the
action
here
is
not
really
to
go,
implement
multi-tenancy,
but
more
to
figure
out
what
exactly
we
want
to
do
for
multi-tenancy
and
then
maybe
we'll
implement
it
as
well
in
2021,
depending
on
what
happens,
but
for
now
it
is
intentionally
vague.
K
And
we
have,
we
have
some
items
that
we
are
working
on.
I
mean
we
have
some
designs
and
proposals
to
improve
isolation
and
in
progress
actually,
but
we
don't
have
the
big
scheme
already.
H
Yep
yeah
next
is
some
form
of
delta
or
on-demand
xds.
H
It's
mostly
lower
priority
because
for
now
it
is
mostly
just
performance
optimization
and
we
haven't
had
too
many
users
screaming
about
issues,
but
I
could
see
it
being
the
kind
of
thing
that
suddenly
becomes
the
p0
once
we
start
hitting
a
wall
somewhere,
so
it
would
be
good
to
get
work
on
this
started
soon.
H
H
Your
current
plans
are
to
potentially
be
ga
by
the
end
of
the
year,
so
we
definitely
need
to
keep
up
adoption
with
them
and
make
sure
that
we
drive
the
direction
of
the
project
in
a
way
that
aligns
with
east
geo
and
allows
us
to
adopt
them
for
gateway
and
sidecar
traffic,
so
we're
working
closely
with
them
and
continuing
on
that
this
next
one's
basically
linked
to
it,
but
the
stability
of
the
networking
apis.
This
is
effectively
a
thing
that
we
do
not
plan
to
promote.
H
The
networking
api
is
a
virtual
service
destination,
rule
gateway
because
we
are
instead
going
to
move
with
the
service
apis
and
effectively
treat
those
as
the
stable
hto
networking
apis
once
they
are
ready,
is
the
plan.
So
we
don't
want.
H
Our
apis
and
then
tell
users
to
migrate.
So
then
they
have
to
migrate
twice,
which
is
painful,
go
ahead.
Niraj.
E
Yeah,
so
you
just
said
that
these
apis
will
be
called
gateway.
Apis
is,
is
that
signifying
that
they
don't
anticipate
it
to
be
configured
for
east-west
traffic
or
is
going
to
be
a
separate
set
of
new
apis?
That's
going
to
be
defined.
H
E
H
Yes,
we
are
we're
still
working
on
how
exactly
we're
going
to
model
it
and
how
we'll
push
it
to
users.
But
I
agree,
and
we
will
keep
that
in.
C
H
Yeah,
so
all
of
the
apis
for
quite
a
while
will
probably
remain-
I
mean,
there's
probably
thousands
and
thousands
of
virtual
services
out
there
in
the
wild,
and
we
have
no
intention
of
just
stripping
those
out
and
making
users
migrate
forcibly,
so
we'll
probably
have
to
keep
those
apis
around
for
a
very
long
time.
I
don't
want
to
say
forever,
but
you
know,
probably
quite
a
while
to
allow
people
to
migrate.
H
So
in
that
sense
they
will
definitely
be
there
now,
whether
the
optimal
or
like
recommend
recommended
is
to
use
sidecar
or
a
you
know.
One
of
these
new
apis
is
still
kind
of
up
in
the
air.
The
nice
thing
about
all
of
our
apis
is
they
they
layer?
Well,
so
you
could
definitely
use
like
their
hdp
route
and
gateway
and
replace
our
gateway
and
virtual
service,
but
then
still
layer
on
the
destination
rule
and
the
sidecar
apis
that
we
have
today.
So
whether
those
will
be
fully
replaced.
H
K
Also,
one
thing
to
keep
in
mind
is
that
kubernetes
apis
are
intended
to
be
multi-vendor,
so
there'll
be
multiple
implementations
of
multiple
vendors,
but
it's
also
a
baseline.
So
we
have
the
core
features
that
all
vendors
support
and
that's
the
main
power
of
them,
but
users
want
advanced
features
that
are
only
specific
to
each
use.
They
will
probably
continue
to
use
these
two
aps
for
those
specific
features
and
they
will
not
list
you
for
if
they
use
those
features.
B
So,
john,
I
think
once
we
have
a
little
bit
more
clarity
on
kind
of
how
these
all
fit
together,
we
probably
should
do
a
review
in
toc
of
the
you
know
what
it's
all
going
to
look
like,
not
that
we
have
control
over
the
kubernetes
apis,
but
you
know
we
at
least
can
sort
of
say
where
we
think
things
look:
okay
versus
where
we're
worried
and
help
drive
that
conversation
too.
K
B
J
The
gateway
use
cases
seem
fairly
obvious
and
straightforward.
The
sidecar
ones
are
still
not
totally
figured
out.
B
Later,
just
to
have
that.
J
J
But
it
is
getting
close,
so
I
I
do
suggest
that
people
who
specifically
spend
a
lot
of
time
on
the
networking
apis
start
familiarizing
themselves
with
the
current
state
of
the
gateway
apis.
Just
remembering
that
gateway
the
term.
These
their
gateway
is
a
collective
noun
to
refer
to
a
set
of
api
changes
and
not
just
the
gateway
resource
itself.
G
E
Yeah
now
I
think
this
is
good
discussion
on
how
how
we
can
be
vigilant
of
these
changes
coming,
but
I
do
think
we
should
move
on.
H
Yeah,
so
the
next
one
is
the
multi-cluster
service
discovery.
So
this
is
another
new
api
out
of
kubernetes
that
refers
to
how
multi-clusters
work
and
we
want
to
be
one
of
the
first
implementers.
I
don't
know
all
the
details
here.
H
Okay,
yeah
the
next
next
two,
our
next
one
ipv6
hardening.
We
have
some
testing
it's
alpha
right
now.
I
am
searching
those
bugs
that
we,
we
don't
catch
in
our
tests,
but
we
don't
really
have
an
owner
right
now,
so
we're
kind
of
stuck
in
alpha
state.
G
H
We'll
see,
then
we
would
love
to
get
this
to
beta
and
have
better
testing
fix
up
any
bugs
that
we
have
yeah.
Let's
see
coming
to
kubernetes.
H
Awesome,
the
next
one,
maybe
even
should
be
p3
is
alternative
capture
mechanism.
So
right
now
we
we
do
ip
tables,
of
course,
there's
some
limitations
and
performance
issues
and
just
general
dislike
of
ip
tables
that
we've
looked
into
having
alternative
methods
to
get
traffic
to
the
sidecar.
H
We
probably
this
would
be
just
I
mean
potentially
just
design
at
this
point,
we'll
see
we
don't
have
an
owner
for
this
either.
So
it's
kind
of
in
a
vague
territory
right
now,
but
it's
something
that
we're
looking
into
the
next
one
is
also
fairly
low
priority.
It's
supporting
http
3
at
the
gateway,
so
we're
not
trying
to
tackle
general
udp
support,
either
at
the
gateway
or
sidecars
due
to
some
complications,
but
hdb3
is
actually
relatively
easy
compared
to
generic
udp
supports.
H
B
H
So
I
think
the
most
important
one
is
cni,
that's
owner
list,
but
actually
also
important.
I
I
honestly,
I
don't
know
it
sounds
like
there
might
be
some
people
from
google
interested
in
pushing
this
forward,
but
I
haven't
heard
any
anything
inclusive,
the
other
things
like
alternative
capture
mechanisms.
H
I
don't
know
if
anyone
will
pick
this
up,
but
I
also
don't
think
it's
horrible.
If
we
don't
do
it
in
2021..
I
don't
know
if
that
answered
the
question
really,
but.
B
E
For
alternative
capture
mechanisms,
I'm
assuming
edpf.
G
E
E
J
Right,
yes,
we
are
friends
with
the
system.
Folks,
if
that's
what
you
mean
yeah,
we'll
we'll
certainly
talk
to
that
the
gke
networking
team
about
this
subject,
but
yeah
we
still
have
to
do
an
independent
evaluation
of
the
pros
and
cons
of
you
know
well
mostly
about
what
kind
of
dependencies
would
be
acceptable
to
take
right
to
do
this.
I
J
K
And
a
long
time
to
complete,
I
think
the
udp
capture
is
probably
the
top
for
the
most
important
problem
to
resolve,
because
that's
a
missing
feature.
B
Yes,
okay,
let's
should
we
move
on
to
quarterly.
B
H
Let
me
see,
I
think
our
1.10
plan
is
just
the
top
part
of
that
dock,
but
yeah
we
have
like
the
grudge
things
that
are
planning
to
graduate
on
110.
If
you
scroll
over
to
the
side,
I
think.
H
Yeah,
so
it's
mostly
just
start
work
on
some
of
these
that
that
we're
able
to
find
owners
for
and
we're
hoping
that
we
can.
The
things
that
we're
actually
trying
to
do
actively
in
1.10
is
the
global
defaulting
cni.
H
If
I
mean
we
need
to
find
owner
and
we're
definitely
going
to
have
a
lot
of
active
work
in
better
transport
security,
but
then
we
don't
have
any
any
solid
plans
beyond
just
continuing
with
these
other
longer
term
efforts,
so
we're
not
trying
to
introduce
anything.
Anything
too
new
in
1.10
just
continue
existing
efforts
and
stable
stability.
B
Okay,
the
other
one
we
had
was
test
and
release.
A
H
Oh
yeah,
so
last
week
we
talked
about
wanting
to
review
breaking
changes
in
the
2c,
so
I
figured
if
we're
going
to
do
that.
I
noticed
a
couple
breaking
changes,
so
I
wanted
to
bring
them
up
here
to
I
guess
at
very
least
trial
around
what
that
would
look
like.
If
that
sounds
good.
H
H
The
next
one
is
about
removing
the
server
header
by
default,
or
I
think
it
just
entirely,
I'm
not
sure
if
we
even
plan
to
make
configurable,
which
is
probably
fine
for
the
vast
majority
of
users.
The
concern
is
that
some
obscure
users
depend
on
random
headers
being
there
and
maybe
they're
doing
some
logic.
Based
on
that,
I
really
don't
know
why
someone
would
do
it,
but
you
know
people
will
do
anything
that
we
give
them
so.
E
John,
so
just
a
small
clarification:
it's
not
removing
server
sql
header,
but
actually
preserving
the
server
header
added
by
the
application
itself,
so
making
the
configuration
be
passed
through
rather
than
by
default,
always
override
and
make
it
server.
Fuller
listed.
H
E
It
is
yeah
it,
it
won't
be
a
breaking
change
and
that's
what
we
were
discussing,
but
we
couldn't
come
up
with
a
real
use
case
of
why
to
even
expose
a
configuration
and
expand
our
surface
area
here.
J
What
does
the?
What
does
the
gateway
do
same
thing.
J
J
J
J
I
think,
and
then
we
can
decide
if
there's
any
value
in
having
a
flag
which
there
may
not
be
any
value.
E
It
puts
istio
server
colon
steel
dash
invoice
for
everything,
whether
it's
not
south
or
east,
west,
okay,.
K
And
and
javelin
for
east
west
was
was,
if
someone
relies
on
the
address
once
once
they'll
be
broken
by
what
we
are
doing,
because
if
you
add
these
two,
then
suddenly
you
get
a
different
header
than
what
you're
getting
before.
K
J
B
That's
what
the
what's
that
other
is,
there's
some
other
header
we
can
append
to
to
track
it
or
maybe
that's
in
the
drawing.
K
J
A
B
J
K
K
If
you
want
to
just
up
to
to
have
a
you
know
kind
of
flag
to
turn
it
off,
if
we
run
into
problems.
J
E
Yeah,
I'm
totally
okay
with
that
by
the
way,
also
again,
just
like
everything
else,
there
is
an
honorable
filter
break
glass
thing
here,
which
is:
if
someone
really
wants
it.
J
Yeah,
okay,
it's
not
captured
in
the
notes,
but
all
right.
We
don't
question
that.
N
C
B
H
Yeah,
let
me
give
a
quick
background.
It
may
help
if
you
open
the
dock,
if
that's
easy,
so
if
you
just
ignore
usdo,
if
you
you
know,
when
you
bind
your
application,
you
bind
it
to
some
ip
address.
Generally,
people
are
binding
it
to
either
localhost
wildcard
or
the
ip
of
their
pod.
H
So
if
that
table
probably
kind
of
describes
this,
but
when
you
add
istio,
we
configure
the
inbound
clusters
to
forward
to
localhost,
and
so
this
actually
changes
behavior.
So
if
you
bind
to
localhost
now,
your
service
is
actually
exposed
to
the
world,
and
the
other
concern
is
that
if
you
bind
to
the
pod
ip
now,
it's
not
exposed
to
the
world.
So
this
ends
up
with
a
lot
of
people
having
issues
with
applications
that
bind
to
the
pod
ip.
Some
common
ones
are
zookeeper
and
elastic
search,
and
so
what
will
happen?
H
Is
they
install
estio?
Suddenly,
all
the
traffic
stops
working.
They
have
no
idea
why
access
logs,
don't
really
help
envoy
logs,
don't
really
help
you
just
get
like
connection
refused,
and
it's
it's
pretty
tricky
to
debug.
You
know
we
have
a
goal
of
making
eastfield
just
drop
in
place,
and
so
ideally
we
preserve
the
behavior.
So
I
think
everyone
they
said
I've
talked
to
is
in
agreement
that
preserving
the
same
behavior
as
kubernetes
is
clearly
better,
but
the
one
concern
is
that
this
will
change
the
behavior
of
existing
users
of
istio.
H
So
unfortunately,
it's
it's
tricky
to
do
some
auto
migration
or
detection,
because
we
don't
know
what
the
application
is
going
to
bind
to
and
they
may
actually
do
it
at
any
point
in
the
pod's
life
cycle
right,
they
could
bind
an
hour
into
the
pod.
So
it's
not
like
we
can
even
do
startup
detection,
so
it's
tricky
to
provide
migration
here.
What
we
do
have
is
a
script
that
will
run
through
the
entire
cluster.
H
Look
at
all
the
binds
actively
running
in
all
pods
that
have
issue
and
detect
ones
that
are
on
localhost,
so
they
can
run
this
before
upgrading
figure
out
which
ones
they
need
to
change
and
then
modify
their
applications
before
upgrading
we
also
will
allow,
is
using
the
sidecar
ingress
configuration
users
can
explicitly
choose
how
they
bind
to
their
application.
H
So
we
had
a
few
users
run.
This
there's
like
five
users
that
I
convinced
that
have
pretty
large
clusters
and
there
was
a
few
that
were
using
localhost
and
there
was
basically
two
cases.
One
was
they
were
actually
intentionally
doing:
localhost,
but
they're
already
using
sidecar
and
already
explicitly
configuring
it
to
connect
to
localhost.
H
H
We
did
not
consider
a
cve
part
of
the
reason
is
that
it's
only
so.
The
behavior
that
I
mentioned
with
easter
with
the
service
is
it's
only
if
that
port
is
exposed
in
the
service.
So
if
you
have
your
random,
like
like
the
admin
port
of
onboard,
for
example-
that's
not
exposed,
so
you
would
have
to
listen
on
localhost
and
expose
it
in
the
service,
which
is
kind
of
an
obscure
thing.
M
J
J
Go
ahead
then
yeah.
H
No,
the
plan
was
to
implement
it
off
by
default
in
1.10
and
make
a
lot
of
noise
telling
people
to
run
the
script
and
migrate,
because
users
can
change.
Do
all
the
changes
ahead
of
time.
They
don't
actually
need
the
change
applied
to
change
their
services
or
generate
the
sidecar
config.
H
H
It
could
be
done,
it's
it's,
not
a
huge
change,
it's
mostly
testing
do.
Do
we
want
to
backboard
it.
J
J
I
don't
know
knowing
that
we
could
is
useful.
Whether
we
have
to
or
not,
I
think
depends
on
what
reaction
we
get
from
asking
people
to
run
the
tool.
H
K
But,
but
having
it
as
an
option
that
user
can
opt
in
and
can
select.
I
think
it's.
It's
super
safe
and
useful.
H
J
I
think
the
thing
is,
you
know
we
don't
necessarily
have
to
speed
the
process
up
in
time,
but
we
give
users
a
bigger
window
for
adoption.
If
we
backboard
well
at
some
point,
we're
going
to
say
we're
going
to
change
the
default
behavior.
H
Right
but
users
can
adopt
the
correct
behavior
now,
even
without
the
patch
like
they
can
go
change
their
local
host
binds
to
wildcard
binds.
I
mean
they
can't
change
them
to
pod
ip
binds.
I
suppose,
but
I
think
most
people
are-
will
go
to
wild
card.
That
seems
the
vast
majority
of
applications
are
doing.
J
J
J
How
are
users
directed
to
provide
feedback
about
running
the
tool?
Is
the
tool
linked
in
the
one.line
release,
notes.
H
The
plan
originally
before
this
one
nine
discussion
was
to
have
a
blog
post
and
whenever
we
finish
this,
which
would
presumably
be
in
the
next
few
weeks
and
then
have
it
also
in
the
1.10
release,
notes.
J
H
J
E
B
H
B
H
H
J
K
J
J
If
that's
occurring,
it's
a
red
flag,
yeah,
but
the
fact
that
we
have
to
you
know
exact
into
every
pod
to
figure
this
out
right
is
not
tenable
to
be
put
into
istio
couple
analyzer.
If
there's
some
other
way
of
knowing
that,
then
that
might
be
and
it
would
become
part
of
the
the
upgrade,
the
pre-upgrade
verification
and
we
worked
into
the
normal
process.
E
H
J
B
L
J
J
C
E
Yeah
there
is
a
lot
of
benefits
not
just
for
some
traffic
patterns
like
zookeeper,
but
also
security-wise
right,
but
I
don't
think
without
alert
without
sufficient
alerting.
We
can
just
flip
the
switch
here.
E
John,
did
you
get
the
feedback
you
wanted?
I
I
know
I
don't
think
it's
an
explicit
approval
for
turning
it
on.
Unless
we
see
more.
H
Yeah,
it
looks
like
we
need
to
investigate
better
detection
than
the
script.
I
don't
think
we
can
have
perfect
detection
like
easter
cut
analyze,
but
we
can
do
like
metrics
as
well.
Have
multiple,
we'll,
probably
have
the
script
and
metrics,
maybe,
and
maybe
an
optional
audit
log
investigation
like
I
think,
there's
no
server
bullet,
though
we
can
just
do
a
lot
of
different
things,
and
hopefully
some
of
them
stick.