►
From YouTube: Technical Oversight Committee 2021/08/23
Description
Istio's Technical Oversight Committee for August 23rd, 2021.
Topics:
- Extensibility Roadmap for 1.12
- Security Roadmap for 1.12
- Istio Upgrade survey results and feedback discussion
- Extending Istio's support window - conclusion (n-1 + 6w)
A
A
A
Middle
proxy
is
now
coming
up,
often,
and
we've
had
middle
proxy
telemetry
on
sort
of
the
menu
for
a
while,
but
I
think
now
there
are
other
reasons
to
do
it,
and
what
I
expect
here
is
to
be
able
to
produce
talk.
That
says
here
is
the
design,
and
this
is
the
equivalence
or
lack
thereof,
between
a
sidecar
and
middle
proxy
telemetry.
B
A
A
C
D
A
A
D
So
another
one
thing
that
would
be
great
to
also
track
us
b2
or
something
we
are
working
on
proxies
grpc
and
some
other
things
I
mean
the
microprocessor
that
was
discussed
last
week
would
be
good
to
have
some
some
thought
about
how
we
collect
telemetry.
In
those
cases
where
android
is
not
in
the
pot
or
make
the
full,
instead
of
almost
full
with
middle
proxies,
because
we
need
something.
D
A
F
G
I
can
get
started
the
first
one
is
oh
yeah
between
me
and
shankar,
and
I
I
think
the
first
one
also
includes
yeah
some
alignment
like
across
what
we
were
already
doing
and
inside
google
and
their
external
oss
part.
So
we
want
to
gather
design
complete
for
their
external
certificate
premium
api
and
their
sds
configuration
api.
Currently
they
are
using
either
environment
variables
or
mesh
config.
We
want
to
move
them
out
and
use
crds
to
define
those
apis.
G
F
F
Yes,
they
already
shared
design
earlier
and
I
think
the
initial
implementation
has
been
done,
but
yeah
they
need
to
complete
the
implementation,
and
the
second
part
is
yami
is
working
on
supporting
extracting
george
clint
to
http
header.
He
already
shared
the
design
to
to
the
security
working
group
and
also
networking
working
group.
F
F
G
G
Yeah
the
last
one
also
belongs
to
me
improvements
on
the
documentation.
Currently
we
have
their
security
concept
page,
which
is
pretty
long.
We
have.
We
are
halfway
there
to
get
this
improved,
to
make
it
much
shorter
by
moving
some
of
the
contents
into
their
tasks
or
best
practice,
documentation
and
also
didn't
mention
it
here.
We
also
add
we'll
add
more
tasks
for
the
concept
page
as
well.
H
F
I
I
I
I
I
Looking
at
our
110
survey,
we
got
27
respondents,
which
is
about
double
what
we
got
for
the
one
nine
survey,
and
the
reason
for
that
is
that
now
our
surveys
are
open,
starting
on
the
release
date
and
more
or
less
open
indefinitely.
They're.
Also,
now
a
part
of
the
upgrade
process,
both
helm
and
istio
cuddle
will
dump
a
small
message
to
the
user,
asking
them
to
fill
out
a
survey
about
their
experience.
Upgrading.
I
There
we
go
all
right,
so
the
first
question
that
we
ask
our
users
is
to
get
an
idea
of
the
maturity
of
their
installations.
You'll
notice
that,
as
a
change
from
one
nine,
we
saw
a
lot
more
users
who
have
had
only
some
of
their
meshes
or
some
not.
You
know,
test
message,
meshes
fewer
production
installations
than
we
saw
in
110
or
one
nine
sorry.
This
is
because
we
had
the
survey
open
from
day
one.
So
this
is
an
expected
change.
I
I
We
measure
satisfaction
versus
the
progress
of
installation
and,
in
one
nine
we
had
a.
We
had
a
light
skew
to
the
positive
side
with
some
concerning.
Let's
see,
oh
no,
no,
this
is
particularly
concerning,
but
the
the
skew
was
light
and
we,
of
course
we
didn't
have
a
lot
of
response.
Only
13
respondents
in
nine
looking
to
110,
we
have
a
much
stronger
and
clearer
skew
towards
a
positive
upgrade
experience
for
reference.
I
The
next
question
again
in
one
nine,
we
ask
for
areas
where
we've
seen
the
most
improvement
versus
areas
where
we
need
the
most
improvement.
This
is
what
we
saw
in
one
nine
fairly,
even
across
the
areas
where
we
saw
positive
revision
based
upgrades
had
two
showing
improvement,
two
saying
it
needs
more
improvement.
Upgrade
stability,
biasing
slightly
positive,
skip
version,
upgrades
being
the
most
popular
request
in
one
nine
in
110,
revision-based
upgrades
biases
much
more
strongly
positive,
which
is
great
news.
I
This
is
an
area
that
the
environments
working
group
has
been
investing
in
for
quite
some
time
and
we're
beginning
to
see
positive
feedback
from
our
users
on
revision-based
upgrades.
We'll
look
a
little
bit
more
at
that
later.
We've
our
users
are
happy
with
upgrade
tooling
and
stability,
but
still
skip
version.
Upgrades
are
a
very
strong
ask
from
our
users
the
ability
to
upgrade
from
one
eight
to
one
ten
one,
nine
to
one
eleven
within
the
support
window
questions
there.
I
So
we
did
not
get
any
qualitative
feedback
from
these
users
on
why
they
selected
skip
version
upgrades,
so
skip
version.
Upgrades
are
supported
within
110,
so
you
can
upgrade
from
one
eight
to
110
and
that
was
announced
shortly
after
the
110
release.
However,
you
can't
do
it
within
the
support
window,
like
one
eight
went
out
of
support
before
skip
version.
Upgrades
from
1
8
to
110
were
possible.
I
I
I
I
I
Users
prefer
revision-based
upgrades
slightly
over
in-place
upgrades.
We
do
still
have
a
large
swath
of
users
who
don't
know
how
they
upgrade
istio,
which
I
I
don't
know
what
conclusion
to
draw
from
that.
But
it
is
great
to
see
revision
based
upgrades
gain
some
traction
here.
Excellent
work
from
the
environments
working
group.
I
You
know
I
have
divided
the
like
feelings
on
that.
On
the
one
hand,
if
you
just
run,
you
know
an
install
command
without
any
special
flags
you
get
in
place.
On
the
other
hand,
if
you've
copied
your
install
command
from
anywhere
in
the
istio
documentation,
you've
very
likely
gotten
a
revision
based
upgrade.
H
I
I
Not
having
time
to
do
the
canary
or
revision
based
upgrade,
is
a
concern
then
again,
when
you're
working
in
production
moving
fast
is
not
necessarily
the
best
for
the
users
who
prefer
revision
based
upgrade
by
the
way.
Last
time
we
only
had
one
person
explain
why
they
were
preferred
revision
based
upgrades
so
having
three
this
time
again.
Big
improvement
in
this
area,
and
we
are
seeing
that
perception
is
changing.
There's
more
safety,
there's
more
stability,
we
can
move
progressively.
I
I
A
lot
of
diversity
of
perspective,
this
did
not
come
from
the
survey,
but
it's
relevant
to
the
discussion
at
hand.
I
know
last
two
weeks
ago,
when
we
were
discussing
which
release
we
should
extend
the
life
cycle
of
one
of
the
comments
was
that
the
110
release
should
have
much
higher
adoption
than
one
nine.
I
So
takeaways
are
again
revision
based
upgrades.
I
am
just
super
thrilled
to
see
that,
finally,
catching
on
with
our
users
still
a
strong
expectation
about
those
direct
upgrades
or
skip
version
upgrades
and
looking
forward,
we
do
already
have
the
111
survey
open.
It's
been
open
since
day,
one
for
istio
111,
with
links
in
all
the
appropriate
places
after
upgrade,
but
it's
been
about
a
year
since
we've
conducted
a
survey
that
focused
on
anything
other
than
upgrade
behavior
and
experience.
I
I
B
Thank
you
so
much
mitch.
This
is
very
encouraging
data
and
I
do
agree
with
you
about
the
wider
survey.
I
was
actually
just
thinking
about
this
recently,
especially
with
the
roadmap
documentation.
You
know
we're
trying
to
produce.
I
think
it
aligns
really
well
if
we
can
collect
some
type
of
global
survey.
Not
only
just
for
upgrades,
especially
upgrade
has
been
improved.
Quite
a
bunch
now.
C
C
Seems
like
on
the
next
one
right
now
we're
talking
a
lot
about
in
place
versus
revisions.
We
may
want
to
add
something
about
tags,
and
if
that
causes
a
lot
of
confusion,
then
that's
a
sign
that
we
poorly
documented
the
new
tags
feature.
So
I
think
even
that
would
be
a
good
signal,
but
I
would
in
theory
hope
that
we
once
we
start
pushing
that
then
in
place
becomes
or
sorry
revisions
becomes
both
more
used
and
gets
better
ratings,
and
that
would
be
a
good
way
to
prove
that's
working
as
expected.
I
K
B
So
meet
you
just
a
quick
question
as
we
throw
it
into
the
next
topic,
the
data
you
have
on
gke,
that's
regardless,
which,
like
there's
no
subset
of
user.
It
will
be,
I
guess,
a
general
data
from
gke,
because
your
other
server
is
switching
for
one
turn
right.
So
people
may
not
take
time
to
even
look
at
110,
so
they
wouldn't
even
spend
time
to
look
at
that
survey.
So
it's
a
very
targeted
set
of
sampling
data
from
the
27
participant,
but
the
the
gke
data
you
presented.
B
E
I
E
C
And
what
exactly
are
we
going
to
tell
the
users,
because
if
we
decide
we're
not
going
to
keep
1.9
support
when
we
resolve
the
issue,
then
we'll
just
suddenly
drop
the
support.
So
I
feel
like
we
should
we
don't
want
to
tell
users
that
it's
supported
up
until
some
arbitrary
date
that
we
make
a
decision.
I
Normally
we
also
do
give.
I
think
it's
maybe
a
three
week
or
a
four
week,
heads
up
to
users.
Hey
support
for
this
release
is
ending
on
this
date.
That
announcement
did
not
go
out
as
far
as
I
can
tell
for
the
one
nine
release,
so
we've
already
been
been
more
silent
than
normal
about
the
end
of
support
for
this
release.
That.
C
I
C
I'm
fine
with
bumping
it
to
a
specific
date.
I
just
don't
want
to
bump
to
an
undefined
state,
maybe
sooner
or
later,
and
I
think
that
it's
given,
I
think
we
already
have
all
the
info
that
we
need
to
make
a
decision.
So
if
we're
going
to
be
doing
things
like
this,
it
almost
seems
like
we
better
just
come
to
a
vote
or
something
and
or
whatever
we
need
to
do
to
reach
consensus
this
week
or
so.
E
C
E
C
Yeah,
we
discussed
a
six-week
extension
so
that
way
we
don't
have
as
many
overlapping
ones,
but
you
still
get
like
right
now.
You
basically
have
to
skip
level
upgrade
in
one
day
if
you
want
to
stay
in
the
window,
so
this
would
give
you
a
six
week
window,
but
we
don't
have
the
full
overlap,
which
also
means
that
we
end
up
with
an
extra
release
during
this
time
when
we
cut
the
branch
and
we
have
master
and
next
release
and
then
the
two
three
previous
supported
releases
so
yeah.
I
B
C
I
D
E
H
I
They
already
are
supported
and
they
are
thoroughly
tested
both
across
in
place
and
revision
based
in
helm
and
in
using
istio
control.
So
those
are
functional,
however,
in
order
to
make
use
of
them.
Currently,
our
users
must
allow
their
existing
install
to
lapse
in
terms
of
support,
yeah,
okay,
yeah,
there's
somewhere
in
the
neighborhood
of
six
to
12
weeks
to
perform
an
upgrade
depending
on
how
aggressive
they
are
and
how
large
their
installs
are,
and
the
idea
is
to
provide
them
with
support
during
that
upgrade
period.
A
I
Level
upgrades
we
have
both
the
one
nine
survey
was
conducted
before
skip
level
upgrades
were
provided
for
users,
the
110
survey
most,
I
think
all
of
the
respondents
would
have
come
in
after
we
announced
that
support,
whether
they
particularly
saw
that
blog
post
or
not
is
a.
I
can't
answer
that
question.
D
Okay,
so
on
this
skip
level
upgrade
I
mean
we
do
have
some
tests,
but
you
know
the
upgrade
process.
Even
for
n
to
n
plus
one
has
always
been
pretty
complicated,
pretty
risky
with
real
applications
and
all
kind
of
things
that
users
need
to.
Do.
I'm
not
sure
it's
safe
to
claim
that
we
support
arbitrary.
You
know
n
minus
x
versions
upgrade
with
with
what
we
have
right
now
I
mean
it's
super
superficial.
In
my
opinion,.
D
E
I
E
E
E
C
L
M
L
We
basically
until
until
we
have
like
a
following
release
that
we
wish
to
support
so
so
like
one
six
is
still
being
supported,
but
we
will
be
ending
that
soon.
So
there's
not
really
a
set
timeline,
it's
more
or
less.
You
know
until
we
can
actually
get
the
next
version
that
we
do
want
to
support,
and
then
we,
you
know,
give
people
probably
about
six
months
to
migrate.
Okay.
So
it's.
M
M
So
I
think
like
where
we're
at
now
coming
up
with
a
release
based
on
1.9,
we
would
be
supporting
1.4,
1.6
and
1.9
until
we
moved
to
a
later
release-
and
I
think
you
know
just
this
just
has
to
do
with
our
internal
versioning,
but
because
of
the
differences
between
one
four
right
and
later
that
one
may
perhaps
linger
longer.
But
once
again,
that
would
be
just
critical.