►
From YouTube: Technical Oversight Committee 2021/10/25
Description
Istio's Technical Oversight Committee for October 25th, 2021.
Topics:
- TOC review of Istio Security CRD graduation to v1
- Follow up on extended support window - good adoption of skip-level upgrades
- Delaying 1.12 branch cut to update Envoy, delaying release by 1 week to accomodate.
A
B
Yeah,
there's
a
pr
sven
wanted
that
so
any
reviews
on
that
would
be
good.
A
C
Yeah,
so
I
just
hope,
like
a
tlc,
could
take
a
look
at
the
talk
and
give
comments
and
feedback
and
approve,
if
you
think
that
is,
that
is
good
and
there
are
two
main
takeaways
from
the
work
for
graduating
security.
Crd
from
we
want
beta
1
to
a1.
C
The
second
main
takeaway
is
that
majority
of
the
work
mentioned
this
talk
is
actually
about
testing
stability,
documentation
and
we
do
not
introduce
new
features
in
graduation
work.
Yeah,
that's
those
are
the
two
clean
takeaways.
C
There
are
more
details
in
the
talk
about
like
each
of
those
things
we
prepared
to
do
to
graduated
to
be
white,
so
you
just
take
a
look.
What
you
think.
D
B
F
C
Like
the
authorization
we'll
see,
that
is
a
few.
You
feel
no
feedback.
F
I'm
not
worried
about
adding
to
them.
I'm
more
worried
about
from
from
the
original
eti
is
everything
broadly
used.
Is
everything
works
in
the
promotion
I
mean
additions
we
can
make
at
any
time
is
not
a
problem.
My
my
concern
is,
it
seems
a
bit
strange
that
you
know
I
mean
luckily,
maybe
maybe
we
did
an
excellent
job
of
designing
it
initially,
but
you
know
for
all
apis.
We
typically
find
some.
You
know
parts
that
are
not
commonly
used.
Sometimes
they
don't
work
very
well.
F
G
G
F
Stable
forget
that
many
of
the
apis
were
kind
of
the
jump
to
beta
directly.
I
mean
it's.
It's
changed
to
workload.
I
mean.
D
F
Workload,
selector
is
the
one
that
I
was
worried
about
the
most,
but
apparently
we
are
okay
to
move
it,
but,
okay,
if
the
usage
of
all
treatment.
My
question
is:
if
we
move
to
to
age
point
and
for
to
kind
of
comparative
cps
and
other
things
we
may
have
to
broad
api
surface.
F
That's
I
mean
permissive
mode.
Is
it's
something
that
we
want
to
promote
to
have
v1
as
supported,
or
is
we
we
can
just
select
a
subset
of
the
field
like
we
did
proxy
config?
We
we
didn't,
move
everything.
We
just
went
over
the
field
and
selected
the
ones
that
we
felt
most
confident
that
you
know
socially
stable,
that
can
be
implemented
by
others
and
so
forth.
But
it's
okay.
G
C
G
G
Right
both
of
these
is
an
entirely
new
revision
of
you
know
the
previous
form
of
authorization
policy
request.
Authentication,
you
put
a
lot
more
time
and
effort
into.
I
think
constant
has
a
point
that
you
know
there
is
some
inherent
conflict
between
auto
mtls
and
pure
authn
that
we
do
need
to
be
careful
with.
F
I
know
for
sure
that,
for
example,
approximately
grpc
can
support
and
will
probably
support
our
z.
So
I
have
no
problem
with
odyssey.
It's
it's.
You
know
it's
pretty
standard,
jots
they're,
fine,
they
pretty
much
have
no
support,
but
but
but
the
permissive
point
is
the
one
that
gives
me
concern.
I
know
hedge
bond
would
not
use
it
probably
proxies
will
not
support
it.
So
it's
it's
dangerous.
I
think.
C
But
we
will
so
the
interesting
thing
is
you
think
if
we
promote
it
to
we
won,
we
we
don't
want
to.
Let
you
support
permissive
more
than
we
want.
Is
that
what
you
being
costing
yes.
F
I
mean
permissive
will
probably
go
away
soon
and
will
not
be
supported
broadly
and
it's
dangerous
for
users
to
believe
that
permissive
mode
is
a
v1,
stable
api.
When
a
large
part
of
office,
you
will
not
even
be
able
to
technically
support
it
and
then
three
like
will
go
away
and
it's
also
the
transition
mode.
Anyway,
it's
not
meant
to
be
something
that
is
permanently
used.
B
Yeah
I
mean
the
way
I
see
it
is
permissive
mode
is
almost
not
even
an
api,
because
it's
the
default
behavior
and
it
would
be.
I
just
don't
see
how
we
could
ever
change
that
from
the
default.
H
F
B
B
H
F
I
agree
with
that
now,
I'm
not
saying
we
we
need
to
get
rid
of
it.
For
you
know
people
migrating
to
eastern,
just
saying
that
the
ap
I
mean.
First
of
all,
I
don't
know
if
it
can
be
technically
supported,
I
mean,
even
if
we
want
it,
it
is
not
possible
to
support
it
in
some
environments
with
with
our
implementation,
with
the
port
being
either.
F
Yeah
but
but
it
will
not
be
auto-determined,
not
the
time
is
eventually.
If
it's,
basically,
we
will
do
we
sniff.
We,
we
use
the
crazy
stuff,
alpn
negotiation,
all
the
other
stuff
it
to
be
a
different
implementation,
different
mode.
I
Go
ahead,
justin
yeah,
I
mean
I
agree
with
john.
It
seems
like
the
transition.
It's
important
to
be
able
to
have
this
permissive
mode,
but
also
I
worry
a
little
bit
about
having
some
particular
data
path.
Implementation,
then
dictating
what
apis
we
want
to
support.
I
understand
that
it
can,
if
it's
just
hard
to
implement,
that,
might
be
an
issue
sometimes,
but
it
seems
like
a
fairly
new
addition
to
the
data
path
and
sort
of
letting
that
drive
and
modifying
apis
seems
a
little
to
me.
B
I
would
also
mention
that
we
don't
have
a
technical
solution
to
change
fields
between
v1,
beta,
1
and
v1,
so
to
say
something
like
we
will
just
not
add
this
one
field
or
something
to
the
v1.
Api
really
means
that
we're
going
to
block
this,
for
you
know
a
substantial
period
of
time
until
we
figure
out
that
solution.
F
C
F
C
And
it
loses.
G
So
so
one
question
I
have
young
man
is:
do
we
know
how
often
the
api
is
used?
Is
it
one
per
install.
C
Typically,
we
probably
that
you
mean,
like
someone
like
explicitly
specify
permissive
instead
of
using
by
default,
no.
G
C
G
A
Okay,
one
thing
I
do
want
to
say
is
like
when
we
recommend
user
to
adopt
istio
for
pure
authentication
policy,
we
do
recommend
them
to
change
strict
per
service
first
and
then
per
namespace
and
then
look
at
globally.
So
there
are
a
transition
phases
that
we
wouldn't
recommend
people
to
enable
strict
materials
for
the
entire
mesh.
A
G
Yeah,
I
think
that's
a
fair
point.
Okay,
so
I
guess
that
should
be
some
assessment
made
in
the
document.
G
F
J
I
Networking
apis
may
have
been
at
beta
for
a
long
time,
but
that
was
one
of
the
things
we
wanted
to
avoid
was
staying
and
perpetual
data
not
to
say
that
this
shouldn't
not
necessarily
say
that
we
should
rush
to
move
to
promote
this.
But
on
the
other
hand,
I
don't
know
if
the
past
past
ways
that
we've
treated
apis
is
the
right
way
to
think
about
going
forward
either.
G
C
F
I
I
don't
even
know
if
foxy
configures
the
rest,
I'm
just
saying
that
it's
it's
good
to
have
additional
discussion.
Thinking
about
this,
and
you
know
two
out
of
three-
is
not
badly.
We
are
pretty
clear
about
the
other
two,
this
one.
If
we
are
not
convinced,
maybe
it's
good
to
delay,
release
or
two
there
is
no.
No
I
mean
nobody
will
die
if
we
keep
this
one
for
another
order
or
two
releases.
C
Let's
see
yeah
we
can
we
can,
I
mean
you
mean
we
can
always
use
possibly
to
like
kind
achieve
the
strict
mod
so
that
we
we
still
have
to
do
that
right.
C
Yeah
yeah,
that's
actually
like
in
one
of
the
like
reconditioned
configuration
we
have
in
his
total,
I
o
the
user.
They
can
apply
additional
osa
to
achieve
this.
In
addition
to
the
pure
also.
G
A
Yeah,
that's
good.
Okay,
great.
I
tried
to
take
some
notes
so
essentially
for
pure
authentication
we're
going
to
keep
it
as
a
beta
until
we
have
a
plan,
whether
we
are
keeping
it
or
move
it
to
proxy
config,
request,
authentication
and
authorization.
There's
no
objection
from
the
team
here.
F
I
mean
I
think
that
the
current
status
is
proxy
configures
out
of
the
selection.
We
don't
plan
to
move
it
proxy
config
louis
proposal.
It's
actually
perfect,
I
mean
it's
just.
We
will
imply
it
from
the
authorization.
If
you
have
authorization
policy
implies,
you
have
strict
because
plain
text,
you
cannot
verify
the
principle.
If
you
don't
have
authorization
policies,
then
it
can
be
permissive.
A
Okay,
that's
perfect
yeah!
I
added
that
portion
too.
So,
but
let's
let's,
when
we
have
a
plan,
then
we
can
discuss
whether
this
is
beta
or
it's
going
away
with
beta
or
anything
anything
else
we
should
be
discussing
for
this
topic.
A
Yes,
we
can
go
ahead.
Nick.
D
K
Internet
is
not
reliable.
I
apologize
if
I
break
off,
but
I
just
wanted
to
give
a
brief
follow-up
on
our
decision
to
extend
the
support
of
the
111
release.
You
may
recall
that
we
were
aiming
at
a
behavior
change
on
the
part
of
our
users,
we'd
like
to
see
more
frequent
upgrades,
or
rather
not
more
frequent
upgrades,
but
more
frequently
we'd
like
to
see
our
users
on
an
up-to-date
version
or
a
supported
version
of
istio,
and
so
we
extended
the
support
of
111
by
six
weeks.
K
That
support
ended
on
october
5th,
and
I
took
a
snapshot
of
gke
data
around
upgrades
on
october
7th
to
sort
of
capture
how
we
did
and
what
we
found
in
terms
of
upgrades
was
twofold
one.
We
found
that
the
skip
version
upgrades
one
eight
to
one
ten,
one,
nine
to
one
eleven
has
actually
been
a
common
user
practice
since
far
before
we
supported
it
so
about
ten
to
fifteen
percent
of
users
in
any
given
release
that
upgraded
would
do
so
across
two
or
more
major
versions.
K
That
was
interesting
to
see
even
before
we
supported
it
in
one
nine
to
one
eleven.
We
see
28
percent
of
of
all
of
our
upgrades
are
coming
directly
from
one
nine,
so
that
is
a
user
behavior
change,
but
also
we're
seeing
that
we're
supporting
the
existing
behavior
of
users.
Additionally,
one
nine
has
now
had
the
fastest
turndown
of
any
istio
version.
Yet
and
111
has
had
the
fastest
adoption
of
any
istio
version.
Yet
so
I
think
overall,
we
we
have
moved
the
needle
we're
seeing
more
users
stay
up
to
date.
A
A
H
K
I
think
staying
the
course
would
probably
be
what
I
would
advocate.
I
haven't
heard
any
complaints
from
users
that
six
weeks
was
good,
but
not
good
enough.
It
would
be
interesting
if
you've
heard
from
users.
I
would
love
to
see
that
feedback,
but
we
certainly
moved
the
needle.
We
could
try
a
12-week
extension
at
some
point
and
see
if
that
moves
the
needle
further.
K
A
But
I
think
niraj
is
asking
a
really
interesting
question.
So
if
you
guys
look
at
this,
when
we
have
this
announcement
out
there,
we
did
kind
of
say:
did
we
get
any
actual
feedback
on
any
of
these,
because
we
did
say
you
know,
based
on
more
data,
we're
going
to
decide
whether
to
continue
this
path
or
not.
A
A
K
K
A
K
Right,
the
extension
allows
them
to
do
it
while
still
supported
you
know
not
not
leaving
the
support
window
at
any
time.
We
have
seen
the
users
have
been
doing
this
for
quite
some
time,
meaning
that
they've
been
doing
it
without
support
either
for
the
skip
upgrade
itself
or
for
the
older
version
at
the
time
of
their
upgrade.
K
L
F
F
Do
we
want
to
have
all
d1
releases
and
apparently
odds
is
more
popular
with
these
two,
because
1
9
and
1
11,
but
wouldn't
make
sense
for
1,
9,
1,
11,
113
and
so
forth
to
have
even
longer
at
least
to
give
them
more
time,
and
so
so
we
kind
of
keep
the
pattern
of
having
skip
release,
but
with
with
the
deterministic
deterministic,
you
know
which
questions
are
mobile
are
more.
I
don't
know
how
to
say
yeah
popular.
K
I
I
don't
think
that
we
have
enough
data
to
say
yet
that
users
prefer
odd
releases
or
even
releases
before
one
nine
became
our
most
popular
release.
One
eight
had
been
our
most
popular
release,
so
so
we
see
a
fair
amount
of
distribution,
but
I
can
keep
an
eye
on
that
as
we
do
the
110
to
112
cycle
to
sort
of
see
if
there's
a
sort
of
tick-tock
cadence
to
upgrades.
F
I
think
the
number
to
look
at
is
how
many
people
do
each
version
versus
how
many
people
do
skip
one
version,
because
it
doesn't
matter
which
version
they
skip,
but
if
they,
if
they
do
skip
version
because
they
want
to
have
fewer
upgrades
and
they
feel
confident
that
skipping
one
version
is
safe,
then
it
will
be
better.
For
us
to
you
know
not
have
all
versions
be
skipped
versions.
K
Since
I
am
don't
have
permission
to
share
the
raw
data
with
the
group,
the
broader
group
but
cost,
and
if
you
reach
to
me
offline,
I
can
share
the
raw
data
with
you
so
that
you
can
see
those
cadences
thanks.
A
Okay,
it
looks
like
there's
no
further
question
from
mitch.
Thank
you
so
much
for
giving
us
an
update.
I
think
that
really
validates
the
plan
we
laid
out
early
this
year
on
extended
support
on
one
night
has
been
working
out
really
well
with
that
we're
going
to
be
moving
on
to
daniel
to
talk
about
1.12
branch,
cutting
daniel,
take
it
away.
M
Hey
there
yeah
that's
right
ken,
and
we
have
been
discussing
this
and
we
so
we've
been
delaying
the
branch
cutting
for
1.12
because
of
the
issues
around
the
envoy
upgrade
there
had
been,
and
there
still
is
an
automated
pr
that
hasn't
been
merged
in
three
months
this
week
there
has
been
actually
end
of
last
week.
There
has
been
some
progress
exactly
this
is
the
the
open,
pure
that
supposedly
fixes
the
issues
that
stem
from
the
envoy
update,
but
it's
not
merged.
M
Yet,
in
any
case,
we
are
now
almost
two
weeks
behind
on
the
branch
cutting
so
kennen,
and
me
would
like
to
propose
delaying
the
release
by
two
weeks
so
that
we
have
appropriate
testing
time
once
we
cut
the
branch
and
get
the
first
builds,
because
otherwise
we
would
only
have
time
for
a
single
community
testing
week
and
no
buffers
basically.
So
basically,
the
community
testing
week
would
end
of
the
day
of
code
freeze.
If
we
find
problems
late
in
the
testing
week,
we
can't
fix
them.
E
E
We
have
been
discussing
this
by
one
more
question
along
the
same
lines.
I
know
that
envoy
fixes,
like
keep
on
delaying.
How
much
confidence
is
this,
that
this
fix
will
be
available
soon,
although
it's
merged
it
was
merged
last
week,
so
I'm
not
sure.
K
M
B
I
mean
we
may
find
something
community
testing
more
realistically.
If
there
is
something
that's
not
caught
by
our
test,
it's
going
to
be
caught
by
users
after
we
ship
it
just
historically
speaking,
I
think
there
was
still
one
change
where
the
envoy
removed
a
bunch
of
filters
that
our
users
used
through
envoy
filter
that
we
decided
we
would
add
back,
but
I
don't
think
anyone's
picked
that
up,
but
that's
like
one
or
two
hours
of
someone
making
some
basal
changes.
So
I
don't
think
that's
terribly
high
risk.
B
C
Oh
sorry,
I
just
want
to
finishing
another
thing:
is
we
probably
have
a
few
prs
like
waiting
to
be
merged
to
the
1.12
branch
after
the
only
dependency
is
resolved?
C
So
those
things
might,
you
know,
introduce
some
like
a
new
changes
in
the
1.12
that
is
not
fully
tested
because
it's
being
like
a
blocked
for
a
long
time
because
of
the
outweigh
dependency
issue.
M
Right,
so
these
sorts
of
changes
might
increase
the
probability
of
us
hitting
anything
in
the
community
tests.
A
Yeah
so
yeah
I
mean
the
changes
you
mentioned.
Are
they
release
blocker.
C
I'm
so
the
one
I
know
is,
I
have
another
pr
for
implementing
the
job.
Claim-Based
routing,
that's
one!
Pr
like
waiting.
I
get
blocked
by
the
only
dependency
update,
that's
a
feature.
We
are
planning
to
roll
out
in
world
war,
12,
so
yeah,
but
it's
kind
of
like
a.
We
really
needed
that
one
in
one
to
twelve.
A
C
C
A
M
That's
an
option:
yes,
if
we
delayed
by
one
week,
so
I'm
guessing
I'm
hoping
that
this
week
actually
middle
of
the
week,
we
will
be
able
to
cut
the
branch
and
get
the
first
builds
out.
If
we
then
immediately
start
a
community
testing
week.
M
A
Okay
yeah:
let's
focus
that
and
then
see
daniel.
Hopefully
you
don't
need
to
come
back,
certainly
if
we
have
to
have
more
time.
Definitely
you
know
back
again
in
the
tlc
meeting.
M
I'm
sorry,
I
didn't
quite
understand
that.
A
Yes,
that's
just
a
delay
by
a
week
first,
and
hopefully
that
would
give
you
sufficient
time.
If
not,
you
know,
you
can
always
come
back
to
the
tlc
meeting
a
week
and
let
us
know
in
a
week
or
two.
M
A
M
I
don't
have
that
information.
Somebody
just
asked
in
a
chat
how
many
issues
we
usually
find
in
the
community
testing
days.
Maybe
john,
are
you
on
the
call
john
wendell.
H
L
Right
I
mean
the
the
community
testing
day.
One
of
the
things
it
does
is
make
sure
that
the
documentation
is
aligned
with
what's
built
because
the
automation
doesn't
read
the
text
of
the
documentation,
but
apart
from
that
yeah
any
any
real
kind
of
any
real
issues.
What
have
we
been
finding
so
so
yeah?
So
maybe
one
week
is
actually
enough
and
not
really
even
a
compromise.
L
All
rights
correct
so
this
this
particular
thing
shouldn't
involve,
but
any
text
that
has
already
changed
is
not
subject
to
community
review
until
we
declare
community
testing
day
and
that
that
is
one
of
the
clear
functions
to
make
sure
that.
H
L
Okay,
so
so
it
looks
like
the
trc
already
voted
for
one
week,
I
yeah
so
so
maybe
the
decision
is
already
there
and
we
don't
need
to
continue
further.
I
I
just
wanted
to
kind
of
see
why
we
would
be
dealing
it,
but
I
don't
think
that
changes
the
decision
one
week
is
great.
H
M
Well,
somebody
maybe
somebody
from
my
last
time
as
a
release
manager.
A
lot
of
the
testing
was
manual,
so
maybe
somebody
from
the
most
recent
releases
can
speak
up,
but
my
understanding
was
that
the
more
time
we
have
for
this
release
to
get
into
the
hands
of
people
and
have
somebody
playing
with
it
the
higher
the
probability
that
we're
not
going
out
the
gate
with
somebody
that
will
pray
break
production
deployments.
M
F
Go
ahead,
sorry
gusting
go
ahead.
Now
I
was
going
to
ask:
do
we
have
enough
automation
for
stability
and
because
that's
usually
the
kind
of
bugs
we
find
when
when
we,
when
we
let
it
run
for
a
weekend
and
start
using
it
in
practice
and
find
our
kind
of
memory,
leaks
and
other
kind
of
weird.
F
E
So
one
one
thing
to
add:
here:
the
community
testing
has
changed
and
based
on
the
recent
feedback,
last
two
quarters
back
or
two
releases
back
from
the
toc
when
we
discussed
is
most
visited
pages,
are
the
ones
which
are
prioritized
so
two
quarters
back.
E
Our
p
zeros,
which
were
identified
before
has
all
been
automated,
and
then
we
had
a
course
correction
and
we
decided
that
the
pages
which
are
visited
mostly
are
the
ones
we
want
to
mark
easier
and
if
they
are
not
automated,
we
should
automate
them
at
this
point
in
the
community
testing.
We
just
make
sure
that
if
they
are
not
automated,
we
automate
them
or
manually
test
them
and
other
than
that
we
don't
do
any
feature
functional
testing
so
based
on
that
other
than
three.
E
E
E
It
also
depends
on
when
this
envoy
fix
is
also
getting
merged
and
when
we
are
doing
the
code
freeze,
but
I'm
not
expecting
a
lot
of
changes
in
the
community
testing
just
because
from
the
recent
releases
I
haven't
seen
much
bugs
found
during
those
most
of
the
time
they're
automated
when
we
find
them
during
the
releases
anyways.
E
So
costing
a
question
to
you
when
you
talk
about
stability,
what
do
you
have
in
mind?
Is
this
something
you
relate
with
the
community
or
is
this
something
you
relate
with
the
longevity
tests
and
you
see
after
24
hours
to
48
hours,
you
see
those
stable
lung,
stable
tests
like
how
do
you
connect
them
with
it?
So.
F
So,
typically,
what
they
expect
when
you
start
community
testing
people
from
different
companies,
you
know
pick
the
the
release
and
they
also
install
it
in
some
canary
cluster,
where
they
have
their
own
application,
and
if
we
have
tcp
first
broker
or
have
any
kind
of
the
web
feature
or
interaction
with
a
particular
crazy
application
that
we
have
no
clue
they
will
detect
it
in
that
interval.
Second,
is
yes
long
running,
I
mean
you,
let
it
running
for
a
week.
F
You
install
it
today
running
for
a
weekend
and
who
knows
what
will
happen
on
memory,
leaks
or
other
things,
but
the
first
one
is
the
more
important
because
that
community
testing
is
basically
the
interval
where
people
may
try
other
things,
not
only
our
scenarios
which
are
already
tested.
I
completely
agree
that
we
don't
need
to
worry
too
much
about
the
the
you
know
documented
install
upgrade
it's
just
how
to
interact
with
others.
E
So
then,
in
in
that
sense,
constant,
we
don't
run
those
kind
of
community
tests
anymore,
because
we
had
a
very
poor
attendance
that
has
been
stopped
for
a
very
long
time.
This
community
testing
is
very
much
about
the
docs
testing
and
that's
what
we
do
and
most
of
those
are
already
automated.
So
we
really
generally
don't
do
this.
F
I
I
know
we
don't
do
it,
but
my
my
expectation
is
that
when
we
announce
community
testing,
our
users
will
do
it
on
their
own,
because,
if
you,
you
know
kind
of
you
know
vendor
center,
it's
not
only
what
we
do
in
that
world
community
testing,
where
people
sit
around
and
install
it.
But
it's
also,
you
know
it's
a
signal
for
vendors
and
users
to
try
the
new
version
before
it
released
them
and.
A
Yeah,
I
think
it
makes
sense
to
provide
that
extra
buffer
and,
like
vendors,
I
know
sometimes
like
to
try
them
right
just
to
make
sure
that
their
is
your
offering
is
going
to
be
compatible
with
the
upcoming
new
release.
So
having
the
release
candidates
out
there
and
having
that
time
enables
vendor
to
try
them.
F
And
and
maybe
maybe
we
should
make
it
more
clear
that
that
our
expectation
is
that
vendors
will
actually
do
these
actions
that
I
hope
they
are
doing,
because
it's
in
their
interest
and
kind
of
translates
all
community
testings
that
we
used
to
do
and
to
hey
the
new
release
is
coming.
You
have
one
week
or
two
weeks
to
actually,
you
know,
do
this
and
that
and
then
verify
your
application
is
not
going
to
break
with
any
release.
Basically,.
A
Really
we're
out
of
the
time
to
schweither
we'll
have
to
line
up
your
topic
for
next
week.
I
do
know
seven
and
the
toc
team
do
have
a
roadmap,
so
we
can
perhaps
review
it
next
week
too.