►
From YouTube: Technical Oversight Committee 2021/08/16
Description
Istio's Technical Oversight Committee for August 16th, 2021.
Topics:
- Networking Roadmap for 1.12
- Gateway Topology graduation to Beta - Discussion
A
A
B
Yeah,
so
I
think
it
was
discussed
a
little
bit
elsewhere,
but
the
idea
is
we're
going
to
try
and
line
up
release
managers
several
releases
in
advance,
just
to
make
sure
that
there's
kind
of
a
little
bit
longer
term.
Funding
for
that
and
folks
can
plan
for
resources
around
it.
B
You
know
to
try
and
get
some
balance
among
the
vendors.
B
Yeah
we
have
one
lined
up
from
google
and
we're
looking
for
one
or
two
more.
So
if
people
are
interested,
then
please
put
a
comment
here
and
nominate
yourself:
okay,.
D
Good,
it's
still
on
the
toc
notes.
I
can
just
hear.
D
For
the
most
part,
items
on
here
are
just
moving
existing
features
forward
and
feature
quality,
so
delta
to
alpha.
The
only
api
that
we
want
to
promote
is
workload
group.
We
decided
that
virtual
service.
We
should
really
prefer
the
kubernetes
apis
for
that
for
destination
rule.
We
want
to
try
to
align
better
with
the
gateway
like
the
kubernetes
gateway
api
and
then
service
entry
and
workload.
Entry,
don't
really
have
anything
holding
them
back,
but
stable
is
a
big
step.
So
we
want
to
put
more
discussion
into
that
proxy
list.
D
Jrpc
was
just
added
support
and
pilot
for
111,
so
I
want
to
try
to
get
that
to
alpha
quality
in
this
release.
Jacob
and
niraj
want
to
get
ipv6
to
experimental
support,
dns
proxy.
We
really
just
want
to
promote
that
to
beta.
For
the
most
part,
it's
good
be
just
enhancing
tests,
especially
around
like
multi-cluster,
multi-network
and
staple
set
edge
cases.
D
It's
a
little
rough
around
the
edges
there.
Now
I'm
not
really
sure
what
this
too
many
specific
items
are
for
a
gateway
api
in
112,
but
I'm
going
to
continue
getting
better
support
there.
D
A
small
thing
is
making
it
so
for
kubernetes
121.
We
start
using
endpoint
slice
mode
by
default
and
pilot
instead
of
reading
endpoints.
D
D
Zhong,
who
is
going
to
implement
his
proposed
api
for
topology,
aware,
load,
balancing
and
finally,
we
have
a
pr
already
out
to
add
some
http
support
on
gateways
and
then,
for
you
know,
lower
priority
items
that
we
may
or
may
not
have
time
to
implement.
I
want
to
try
to
support
hostname
based
load
balancer
resources
to
help
aws
users,
especially
with
using
multi-network.
D
We
want
to
like
investigate
ebpf
as
a
capture
mechanism,
but
I'm
not
really
sure
what
goes
into
that
or
we
don't
really
have
an
owner
for
who's,
going
to
investigate
that
and
then
l,
eds
support
and
vhds
support.
D
We
can
implement
the
apis,
but
a
lot
of
the
actual
benefits
from
them
would
rely
on
some
of
what
we
have
to
do
for
delta
xds
already.
So
I'm
not
really
sure
if
we'll
actually
add
the
apis
or
not.
Now
we
probably
will,
since
it
should
be
somewhat
low
effort,
but
they
probably
won't
actually
provide
real
benefit
yet
and
that's
pretty
much
it.
C
So
on
the
topic
of
ipv6,
is
there
a
reason
you
want
to
go
with
experimental
instead
of.
F
Own
yeah,
so
in
order
to
get
this
done
for
one,
you
have
to
have
endpoint
slices,
it's
only
kind
of
in
later
versions.
This
is
for
dual
stack
it.
F
It
went
yeah
like
the
amount
of
testing
required
in
order
to
get
this
done
and
kind
of
it's
more
for
not
many
people
probably
are
are
kind
of
using
this
right
now
and
some
of
the
code
changes
required
for
this
are,
I
would
say,
there's
gonna,
be
issues
right,
like
even
with
the
amount
of
testing
that
I'm
trying
to
do
right
now.
You
know
we
keep
kind
of
finding
subtle
bugs.
So
I
think
that's.
Why
we're
we're
kind
of
opting
for
this
experimental
mode
right
now,.
C
So
I
think
the
big
difference
between
south
and
experimental
is
that
experimentally
looking
for
more
feedback
on
the
direction
you
should
go
on.
The
reason
I
asked
is
because
ipv6
is
alpha
right
now
and
it
this
would
mean
that
we'd
have
one
ipv6
feature
that
was
often
one
that
was
experimental.
I
don't
know
if
that
would
create
confusion
or
anything,
but
that
was
like
that.
One.
G
A
G
B
G
Let
me
take
over
into
his
back.
Does
anyone
have
any
questions
on
the
networking
working
roadmap
items
for
112
concerns.
G
G
Just
I
mean
start
with
the
network
start
the
toc
agenda.
Unless
somebody
has
questions
for
the
networking
working
group.
G
Perfect
yeah,
thank
you.
So
I
just
have
one
question
stephen
for
the
networking
roadmap.
So
bts
h-bone,
do
you
have
any
more
updates?
I
guess
you
were
asking
for
you're.
Seeing
a
future
is
on
the
call
right.
G
G
All
right,
I
don't
have
anything
else,
so
we
should
move
on
to
the
next
working
group
unless
other
toc
members
have
concerns
or
questions.
G
H
G
Who's
next
tnt
extensions
working.
True,
we
got
to
call
them
by
the
new
names.
E
G
Right,
hang
on
a
minute,
let
me
just
picture
spin
type
set.
Let
we
don't
misunderstand.
A
C
So
on
a
note
for
jacob
sling,
real,
quick,
that's
actually
already
merged
as
of
friday,
so
it's
already
promoted,
but
you
might
want
to
replace
it.
G
Yeah
I
mean
it's
worth
revisiting.
Does
it
take
just
one
approver,
because
I
know
I
approved
it
to
merge
it.
G
F
Sure
so
gateway
topology
has
been
around
now
in
istio,
since
1.6,
I
believe
in
1.
10.
We
promoted
it
from
experimental
to
alpha
based
on
feedback
from
the
tlc.
So
currently
we
are
wondering
what
is
the
path
forward?
F
Basically,
for
this
feature,
how
can
we
get
it
from
alpha
to
beta,
for
instance,
this
lives
currently
in
in
in
mesh
config,
and
it's
in.
F
Sure,
sorry,
it's
a
proxy
config,
and
so
I
know
that
there
are
ongoing
initiatives
for
the
mesh
config
crd,
as
well
as
the
prox
config
crd,
but
there
are
also
comments
within
the
proxy
config
rfc
that
is
currently
out
to
actually
include
these
as
part
of
the
networking
apis
which
are
are,
you
know
basically
considered
stable
at
this
point,
and
you
know
we
shouldn't
be
touching
them,
especially
because
this
would
be
altering
kind
of
the
gateway
kind
of
resources.
F
So
you
know
the
question
I
have.
Is
you
know
what
is
the
path
for
for
this
from
going
from
alpha
to
beta?
You
know,
could
it
be
more?
Is
there
anything
blocking
this
other
than
say
you
know
better
documentation,
or
you
know
additional
unit
tests,
I'm
kind
of
given,
given
those
limitations
that
we
have
right
now.
J
Custom
go
ahead
from
from
environments,
we
go
for
112
we're
scheduled
to
have
proxy
config
as
a
crd,
so
from
the
point
of
view
of
if
after
the
api
review,
because
for
the
first
thing
is
in
investment
and
proxy
config,
we
have
very
low
bar
to
add
apis.
I
think,
for
anything
that
we
promote
to
data,
we
need
drc
to
approve
the
api.
J
You
know
as
it
is,
because
it's
a
responsibility
that
will
you
know
we
need
to
support
it
for
a
very,
very
long
time
and
we
cannot
just
take
you
know
things
we
added
experimental
and
automatically
promote
it
without
the
property
review,
but
if
the
decision
is
to
keep
it
in
proxy
config
and
I'm
okay
with
that
in
112,
we
have
a
vehicle
and
it
will
be
a
crd.
So
we
can,
we
can
do
whatever
is
necessary
to
maintain
it
and
to
test
it
now.
J
My
concern,
I
put
a
note
on
the
side,
is
forward.
Client.
Sir
details
interacts
with
another
discussion
in
security
and
networking
about
how
to
set
headers
about
security
related
properties
and
again
we
should
have
a
consistent,
ideally
reconsistent
behavior.
We
cannot,
you
know,
do
things
differently
and
we
should
treat
it
as
an
api
that
we
want
to
support
a
long
time.
But
in
the
end,
if
the
decision
is
to
keep
it
as
it
is
and
not
doing
anything,
then
we
have
the
fake
screen
112.
J
Not
necessarily,
but
at
least
we'll
be
having
crds
that
you
know
we'll
have
some
validation
and
we
we
will
have
some.
We
already
have
a
review
about
which
deals
to
kill
and
which
fields
to
to
promote.
Maybe
alpha
two
may
be
better,
that's
a
different
decision,
but
at
least
this
is
moving
forward
and
and
it
will
have
a
proper
city
and
some
garbage
removed.
G
Yeah
so
lin,
in
my
mind,
at
least,
if
we
are
making
the
proxy
config
crd
and
since
mesh
config
or
proxy
configure
column
have
been
an
alpha
for
a
long
time.
It
would
probably
make
sense
to
make
a
beta
directory
since
we
are
going
to
take
the
fields
which
we
know
we
want
and
move
it
there
right
like.
These
are
the
fields
that
belong
there,
so
at
least
that
part
should
be
beta
and
then,
as
we
already
have
like
within
a
beta
api,
we
do
have
some
alpha
fields
so
going
forward
when
we.
J
J
That
I'm
happy-
and
I
think
I
agree
with
I-
mean
it's
been
around
four
and
stable
for
a
very
long
time.
It
makes
sense
to
move
to
better,
but
if
it
if
those
particular
fields
belong
in
network
in
in
in
gateway
or
in
proxy
configuration
up
to
debate
and
and
needs
to
be
resolved.
Oh.
G
I'm
not
talking
about
these
fields.
I
was
talking
about
general
proxy
and
faith
yeah,
all
right
so
now
for
this
one,
I
think
that
debate
can
be
had
which
also
lou
is
mentioning
right.
Where
does
this
belong,
but
they
belong
in
a
gateway
class
api?
Do
they
belong
in
proxy
config
or
do
they
belong
somewhere
else?.
G
What
do
you
think,
since
you
mentioned
gateway
classes?
We
did
discuss
this
when
I
was
creating
this
api,
but
we
never
got
a
resolution.
H
Yeah
for
me,
I
think
the
gateway
question
definitely
blocks
going
this,
but
I'm
not
sure
how
I
feel
about
getting
into
beta.
I
kind
of
feel
like
this
has
been
around
for
a
while
and
is
something
we
think
users
should
be
able
to
keep
using
and
it's
going
to
proxy
convict
going
to
beta,
as
it
sees
okay.
K
K
I
know
there
are
people
actually
using
this,
even
when
I
was
at
ibm.
So
definitely
there
are
users
very
interested
in
these
type
of
features.
J
J
What's
the
concern
cc
so,
first
of
all,
for
for
jots,
we
are
saying
that
the
proper
way
to
set
you
know
elements
of
this
of
the
from
from
the
authentication
layer
is
using
digital
service
set
headers
or
whatever
it
comes
from
the
discussion.
J
Whatever
is
a
result
for
jot,
it
should
be
consistent
and
xfcc
in
particular,
is
very
hard
to
parse,
and
it's
not
really
a
very
good
api
that
we
want
to
support
long
time,
because
again
it's
it's
it's
it's.
It
has
a
syntax
that
it's
you
know
very
variable,
and,
and
so
so
so
if
we
start
extracting
claims
from
certificate
and
trusting
the
certificates,
probably
we
don't
want
this
api
in
particular,.
J
Well,
we
we
don't
actually
use
it
in
in
anywhere.
It's
just
pass
through
and
the
syntax
is,
you
know
we
can
have
a
different
field,
including
not
including
I
mean
full
certificate,
not
for
certificate
and
whatever
it's
a
pretty
complicated
config.
It's
not
just
pass
it
to
so
I
I
I
security,
review
and
and
and
security
and
networking
should
reviews
what
how
we
want
to
deal
with
with
claims
from
mtls
or
from
from
jobs
and
should
have
a
consistent
story.
M
J
No,
this
is,
this
is
a
very
specific
header
and
it's
particularly
bad.
If
you
want
to
do
security
decisions
based
on
it,
I
mean
given
the
syntax
and
and
how
difficult
it
is
to
pass
correctly.
It
has
quotes
and
and
and
certificates,
and
then
you
have
either
full
certificate,
or
so
I
I
actually
try
to
use
it
for,
for
you
know,
different
things,
and
and
and
it's
it's
a
it's
a
huge
pain,
even
if
it
wasn't
a
huge
pain.
J
J
Tcp
will
obviously
never
get
it.
It
has
to
be
http
because
it's
a
header-
and
we
also
have
this
authentication
info
using
in
authorization,
so
so
just
passing
into
application.
It's
it's
and
I'm
not
sure.
If
application,
I
really
want
to
have
it
in
this
format,
in
particular,.
N
J
That
that's
exactly
what
I'm,
what
I
want
to
support,
but
they
are
not
supported
if
you
are
in
an
open
in
a
gateway
to
popular
case.
So
if
the
mtls
is
not
terminated
in
in
the
gateway
directly,
but
you
go
to
network
topology,
the
information
that
you
talk
about.
They
are
passed
in
this
header
and
nobody
is
parsing,
this
header
and
we
we
ignore
them.
Basically,
that's
what
I'm
talking
about.
So
we
don't
support
our
own
api.
If
you
are
in
a
network
topology
in
a
gateway,
topologies.
N
J
That's
that's
a
header
delegation.
We
have
mtls
terminated
in
the
front
end
and
then
the
information
is
passed
somehow
to
to
easier
and
easter.
Would
you
know
somehow
use
it
in
its
own
api
and
trick
it
as
it's
a
pretty
complicated
program
and-
and
I
want
to
make
sure
we
have
a
you-
know,
an
understanding
of
how
we
are
going
to
solve
it
before
we
promote
an
api
to
that.
That's
my
point.
G
G
I
don't
know
if
you
want
to
make
what
kind
of
choices
you
want
to
make
right.
This
is
basically
to
mostly
for
application
consumption.
If
you
want
your
proxy
can
also
make
decisions
based
on
it,
but
this
field
right
now
just
tells
you
whether
you
are
forwarding
whether
you
are
sanitizing
or
whether
you
are
appending
right.
G
J
You
know
how
about
you
know
document
with
what
is
the
content
of
xfcc,
how
it
is
used,
because
if
you
know
it
was
added
to
us
an
elf
as
an
experiment
and
it
was
never
reviewed
properly.
I
think
the
fact
that
nobody
really
understands
what
it's
inside.
It's
probably.
G
J
You
know
I
mean
from
from
this
group,
I
mean
we,
we
we,
we
don't
seem
to
even
know
that
it's
not
using
authorization.
K
Yeah
so
so
I
think
my
comment
earlier
was
around
the
ip
address,
which
is
the
x
forwarded
for
header.
I
think
that
is
really
clear
well
with
as
far
as
the
instruction
and
how
users
are
going
to
use
it,
the
x
forwarded
client
search.
K
I
do
think
it
would
be
nice
if
we
can
have
a
little
bit
more
guide
on
how
this
could
be
used,
because
the
documentation
right
now
essentially
only
teaches
you
how
you
could
potentially
enable
it
and
what
are
the
options
you
could
do
to
enable
this,
but
it's
like
in
like
a
guidance
of
as
a
user.
What
am
I
going
to
do
with
this
information?
I
think
niraj.
You
are
more
indicated
as
the
application
developer
for
the
service
owner
now.
This
is
the
additional
information
they
can
potentially
leverage
and
pass
through
their
application.
K
I
think
it
would
be
nice
to
provide
that
level
of
detail.
If
we
have
a
little
bit
of
steps
like
the
first
one
xff,
then
you
know
there's
automation
around
it
too.
G
Yeah,
so
I
think
that's
a
fair
point:
we
can
beef
up
the
documentation,
so
that's
the
feedback.
I
guess
jacob
for
you
right.
We
can
make
sure
I
think.
Currently
this
points
to
onward
documentation
but,
like
I
think,
when
cost
was
saying
sometimes
the
onward
documentation
is
more
confusing.
So
we
that
this
that's
definitely
doable.
J
Yes,
and
and
also
you
know
what
I
was
mentioning
if
the
let
get
a
topology
terminates
mtls
in
a
proxy
in
front
of
istio,
I
want
to
make
sure
the
issue
apis
are
respected
in
the
topology.
So
client
said
that
credentials
are
part
of
our
back
and
are
not
misbehaving.
J
That's
what
that's
how
the
termination
would
use.
I
mean
that's
what
you
do.
The
first
front-end
terminates
mtls
and
then
is
passing
this
header,
but
we
just
pass
it
through
without
applying
it
in
our
pack.
So
we
have
an
arbuck
saying
that
mtls
client
principle
must
be
x.
We
don't
see
it
because
it's
a
header
that
we
we
ignore.
Basically.
J
K
G
Yeah,
I
mean
those
I
mean,
like
I
said
those
are
valid
to
add
as
later
on,
we
can
say:
okay,
this
is
how
you
do
these
things
in
authorization
I
think
currently
what's
allowed
is
you
can
do
per
hop
validation,
as
I
can
see
so
at
the
gateway
you
can
configure
authorization
policies
which
will
say
only
allow
traffic
for
these
principles
and
then
at
the
service
level.
You
can
say
I
only
want
to
be
contacted
by
ingress
gateway
principle
right,
that's
how
you
will
have
authorization.
G
J
J
N
I
think
that
would
be
a
new
feature
request
right,
because
xfcc
here
it
was
originally
implemented
for,
like
only
using
the
user
application
like.
Actually,
we
have
like
several
github
issues
filed
by
customers,
asking
that
they
prefer
to
use
that
heater
in
the
application.
That's
why
we
added
this
in
the
first
place,
but
for
use,
starting
also,
that
would
be
a
new
visual
crisp.
H
G
H
H
G
That
and
beefing
up
the
documentation
as
constant
and
then
mention
that
that's
a
totally
valid
request.
Yeah.
H
J
Then
can
you
can
we?
Can
we
just
at
least
get
a
doc
with
some
examples,
because
I
I
don't
know
if
everyone
looked
at
the
xfcc
header
or
try
to
use
it,
I
mean
write
a
small
application
to
use
it
and
see
how
it
works
and
and
and
then
we
can,
we
can
have
a
more
important
discussion.
I
think.
K
G
H
G
F
Okay,
so
yeah
so
just
to
clarify,
then
is
this
going
to
be
this?
This
will
be
waiting
on
a
proxy
configure
or
or
mesh
configurities,
or
this
can
happen
if
like
say
that
doesn't
actually
get
through.
H
K
So
can
you
configure
the
forward
client
search
detail
also
in
proxy
config.
G
Okay,
I
think
I
think
the
summary
is
basically
we're
talking
about
the
gateway
topology
field,
which
is
part
of
proxy
config.
The
xff
x
forwarded
four
header,
which
is
configured
via
num,
topology
or
number
of
hops.
That
seems
useful
and
clear.
Many
people
are
using
it
the
xfcc
side
of
house
where,
at
the
gateways
you
decide
you
want
to
sanitize
you
want
to
set.
You
want
to
append
that's
little
unclear
in
terms
of
how
users
can
use
it
and
what's
a
benefit.
G
So
that
was
one
request
to
make
sure
we
add
more
examples
and
clarify
the
documentation
before
we
can
mark
them
as
data,
and
the
beta
promotion
is
contingent
on
the
fact
that
proxy
config
is
not
contingent,
but
proxy
config
itself.
Crd
will
be
beta
in
112
and
if
it's
not,
then
probably
will
promote
this
independently.
B
Yeah,
certainly
we
have
to
get
proxy
config
sorted
out.
I
think
I
agree
with
that.
L
I
know
I
have
a
question
here,
so
if
you
set
their
gateway
to
be
forwarding
their
or
constructing
their
xfcc
header
and
send
it
to
the
backend
services
right
and
are
we
able
to
today?
Are
we
able
to
configure
their
avoid
proxies
on
the
workloads
to
also
forward
that
to
their
back-end
application.
L
G
L
I
see
yeah,
I
do
agree
that
oc
policy
based
on
their
x,
f,
xf
cc,
will
be
very,
very
important
in
the
future.
If
we
want
to
promote
it,
because
we
can't
rely
on
the
back
end
to
consume
it,
and
also
we
don't
have
flexibility
to
configure
their
services
avoid
proxy
to
like
to
decide
what
to
do
right,
yeah,
but
I
I
think
it's
okay
to
promote
to
beta
and
since
the
default
is
forwarding,
we
can
still
rely
on
their
user's
backend
to
consume.
It.
J
Yes
and
to
clarify
that
implies
that
we
require
that
any
back
end
in
front
of
an
initial
gate
or
any
proxy
in
front
of
each
other
is
supporting
this
header,
and
they
will
follow
this
because
so
basically,
we
are
adopting
x,
fx
xf
cc
as
a
core
api
that
we
support.
Since
it's
part
of
the
api.
L
Right,
the
only
like
concern
here
is
sfcc
is
not
where
understood
standard.
There
might
be
misuse
of
it
right.
It's.
L
L
So
itself
is
about
security
information
and
it's
not
we're
understood
standard.
I
think
that's
the
risk
here
yeah,
but
I
think
beta
is
okay
might
be,
but
not
ga.
If
we
want
to
go
ga,
we
want
to
defend
their
all
c
and
allow
users
to
define
on
z,
based
on
that,
so
that
we
can
close
their
loop
just
on
their
envoy,
avoid
proxy
not
depend
on
the
back
end.
F
Sure,
I
guess
one
question:
should
we
update
the
security
best
practices
to
just
make
sure
that
people
are
at
least
aware
of
this
so
that
they
don't?
You
know
kind
of
make
assumptions
based
on
like
what
they
believe
this
field
could
be
or
or
should
the
documentation
updates
be
sufficient.
L
We
can
add
a
small
section
to
talk
about
this.
Yes,
but
yeah
we
need
more.
L
I
guess
we
just
need
to
refer
to
the
their
avoid
documentation
or
or
our
documentation,
which
one
is
better
like
very
clear
to
point
out:
here's
how
you
should
consume
it
right
to
prevent
users.
C
Since
this
is
already
promoted,
how
do
we
want
to
follow
up
on
feedback.
G
A
Yes,
so
it's
two
weeks
left
and
I'm
not
even
sure
who
would
be
providing
me
as
one
person.
I
know
this
whole
toc,
but
I
need
one
poc.
A
I
I
need
one
pair
strategy
document
for
his
to2022
so
that
I
can
kick
up
the
roadmap.
I
know
toc
is
supposed
to
do
that,
but
I
need
one
person
who
I
can
connect
with
or
I'm
happy
to
connect
with
all
of
you.
But
since
everyone
is
busy,
the
financial
can
take
the
charge
and
make
the
job
easier.
For
me
I'll.
C
Well,
let
me
rephrase
that
I'm
off
I'm
off
from
the
27th
through
the
end
of
august,
but
I
can
lead
it
through
them.
H
H
Something
in
the
next
week
and
then
we'll
jump
on
and
make
sure
it
gets
finished
up
by
the
end
of
august.
A
B
Yes,
so,
hopefully,
everybody's
aware
that
still
releases
prior
to
110
do
not
work
with
kubernetes
122.,
and
so
we
have
an
interesting
kind
of
window.
Alignment
issue
for
support.
B
John
recently
noted
that
on
the
supported
versions,
page
that
we
have
actually
tested
110
with
122.,
but
yeah
we're
going
to
be
in
this
situation,
where
we
have
an
interesting
support
window
gap
and
it
might
just
be
a
good
idea
to
say
that
110
is
supported
on
122
instead
of
being
tested,
but
not
officially
supported,
because
it
represents
an
inching
support.
Cliff.
G
B
So
I
mean
you're
correct.
The
issue
I
think
we're
seeing
is
that
certainly
at
google
right
we're
seeing
122
start
to
roll
out
into
gke's
rapid
channel,
and
so
we
we,
we
had
a
support
gap
right
where
we
had
to
tell
users
that
they
had
to
take
110,
which,
at
the
time
or
like
before
several
days
ago,
was
the
only
supported
release
that
would
work
on
that
kubernetes
version.
B
So
it
certainly
created
a
bit
of
a
headache
for
us.
I
just
I
was
wondering
if
it
was
causing
headaches
for
other
people,
and
maybe
it's
just
good
enough
to
say
that
it's
tested,
but
it's
not
supported
right
and
we
could
just
leave
it
at
that.
K
So
I
thought,
there's
a
technical
challenge
to
get
it
working
because
they
they
removed
some
of
the
api
for
the
beta.
C
M
C
K
Okay,
so
one
tenant
is
also
moved
to
not
using
the
beta
api.
B
Hard
time
so,
the
right
we've
already
said
that
it's
tested,
but
not
supported.
We
could
say
that
it's
supported
right,
it's
not
strictly
in
in
policy,
but
it's
an
interesting
challenge
for
users
today,
right
who
are
going
to
move
to
122.
right.
Well,
they
can't
right
the
challenge
for
us
at
google.
Was
it
with
gk's
channels
right?
B
B
B
B
B
C
I
H
H
G
Yeah,
I
think
there
are
two
things
right:
either
we
revise
and
create
a
smart
policy
that
can
handle
this,
which
I
think
is
a
little
trickier,
because
if
you
look
at
110
we
already
have
four
officially
supported
releases
and
then
three
additional
releases
which
are
tested.
That
means
somebody
has
at
least
done
the
work
for
seven
kubernetes
releases
right.
So
I
think
the
other
thing
that
what
lewis
was
trying
to
start
was
maybe
saying
in
the
beginning.
Is
it
an
exception
case?
G
G
G
G
B
H
And
there
there
still
could
be
a
problem
there.
I
think
that
nurse
was
pointing
out
like
so.
Let's
say
one
time
came
out:
a
user
is
on
110
one
uh-huh.
If
they
go
and
upgrade
kubernetes
without
upgrading
istio,
maybe
it
breaks
because
they
didn't
read
the
fine
print
that
only
110.3
is
supported
on
yep.
B
Right
I
mean-
maybe
maybe
we
have
to
like
look
at
how
we
represent
the
data
yeah.
Maybe
we
caveat
the
patch
release
or
something
like
that,
so
you
get
you
know
122
in
parenthesis,
1.10.4
right
and
then
it's
fairly
clear
right.
But
given
that
we're
on
a
three-month
cycle
and
they're
on
a
four-month
cycle,
we
will
have
one
release
where
there's
two
months
of
drift
right.
E
K
B
G
B
People
must
be,
I
suspect,
you
know,
you
know,
m
out
the
end
service.
Mesh
solutions
in
the
market
are
scrambling
right
now
to
figure
out
why
their
customers
are
broken
when
they
get
upgraded,
if
they,
if
they
copied
what
we
did
or
didn't
copy,
what
we
did
so,
I'm
sure
there's
some
wailing
and
gnashing
of
teeth
going
on
elsewhere.