Istio Technical Oversight Committee, 28 Jun 2021

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: Technical Oversight Committee 2021/06/28

Description

Istio's Technical Oversight Committee for June 28th, 2021.
Topics:
- CNI Beta Graduation - APPROVED

A

Okay, we are recording, um I think I I would vote for skipping next week because I'm actually out all next week but yeah. So that's my preference.

B

Sorry, what's next tree uh july, 4th.

A

B

Day, oh okay, yeah, okay, yeah. That makes sense.

B

A

B

A

B

The american holidays now.

C

Yeah I'm off next tuesday. Also I mean if we don't have enough agenda. I had a previous skip also.

B

Yeah sleeping seems fine to me.

D

Does anybody have a burning topic for next week's meeting that doesn't happen.

E

And test cases are so what happened was um we were 99 point almost five percent automated and suddenly we came up with the new criteria of finding the pages which are having more hits and marking them as p0.

E

So based on the criteria me eric and brian worked, and we have a new criteria based sheet where, based on that new criteria, there are 24 new identified p0s for this quarter, which needs testing. So what we did was, um I don't know who's presenting. Can you click on that test cases sheet?

E

E

So if you go to the second tab yeah, so each working group is signed for test cases, like literally all other p0s from the old sheet are all all are tested automatically. This one is the new one based on the new criteria. So if we cover them this quarter, then we have 100 percent um automation even with the new criteria. So this is the requests. uh Please pick these up. um It will be very helpful and these are only for automation, yeah.

E

um I also want to remind there are ones which can't be automated. They still needs manual tests, but this is the ones which requires automation based on the new criteria, and we are planning to automate them, and if you go to the first sheet.

E

First sorry.

E

Yeah so column d is this movement and the column b is the owners, so some of them are from the maintainers like the I, they limited the the maintainers one, but the owners are actually the maintainers and assignment is the one which is picked and equally sized for each working group. Four per working group at this point: okay,.

D

D

A clear delineation in the popularity of pages for certain tasks that.

D

Do we have that data.

F

What this is based off of is going to eng going to the web analytics and then downloading the csb and then plugging it into a tool that sorts by number of hits and creates priority off of that, as well as whether that's enough.

D

Any any surprises in the list in terms of popular.

F

Inter so I I was surprised by some of the pages that um some of the discrepancies between what's tested and what's popular, um I don't know if there was necessarily any pages that were popular, that I wasn't expecting to be popular. Okay,.

F

So if you actually scroll over here, you can actually see the number of um hits on the pages in the last column, but yeah.

E

Also, there are some pages which are non-english were also hit high p0, which is also interesting.

F

Yeah, that's true.

G

Did we find any pages which had a really high uh hit count, but the test coverage wasn't there or wasn't sufficient.

E

These are the ones.

G

24 of them, oh wow, all of them are pretty high. I I don't know what uh high power was but yeah. These are. These look like at least two thousand hits or something two.

E

Thousand hits okay. So the way we was two thousand hits for p0 uh 400 for p1 10 for p2 and less than 10 sp3.

H

Okay and and one just highlight to make, if you're actually looking at that, if you're trying to translate from that eng data to this chart is um when brian tabulated this chart, we made sure to highlight the hits by page irregardless of the language of the browser.

H

So basically anybody hitting the eng page whether they were coming from a you know: eng enbr, en whatever browser.

D

Okay, that's those seem like pretty reasonable criteria so.

E

So any questions from the working group leads in the assignment. It's four are working.

F

Good so one question: I have real quick.

E

F

Is for the chinese pages that rank high? I forget if we had any p zeros that were chinese but um yeah two. I think we should try to test yeah, there's two of them that I think we should try to test, but we need somebody who speaks chinese to test them and those got 3625 hits in the month and 2144 hits.

D

It doesn't sound like there's any questions on this.

D

By the month, I think some is what they were saying: correct.

E

This is one month 30 days may 23rd to june 24th yeah.

F

That's the largest csv that um the dashboard dashboard would. Let me download yeah.

G

I mean these pages seem very interesting number of hits and the pages they're all introductory pages to like security and uh like traffic management or ingress gateway, which makes sense to me like as a early adopter. Anyone who is building who is starting out this year, that's what they will refer again and again.

E

Yeah, so there is.

G

E

There is visualization, all of them are like really the the concepts kiyali st or cni plugins.

D

D

uh So the release date, you showed us the the 12th correct date.

E

Yes, it's july 11th, that's the feature. Freeze, okay,.

D

But not the bug freeze, I would say so not.

E

The cool please uh code fees is on third august and the release is 10th august.

D

So these these tests, these p0 tests, need to be done or addressed by that date, correct.

E

The testing asynchronous testing is uh starting from 12th of july, so other than this. Some manual testing for p0s at least needs to be done, but would be great if we can start the automation now. So we have time for normal testing.

E

D

We should probably move on.

C

Do we have any update on the release manager.

D

uh I do not know.

C

Okay, I've worked with ryan, um I believe he got his first pr merged and he's a developer to the israel community. Now, um certainly, you know we're cutting the release now, so it would be great if we can identify an experienced person.

D

D

I don't know kevin, are you here? Have you had a chance to talk to anybody? I I I had a couple of conversations last week about it, but.

F

Captain's on vacation this week, okay.

D

All right: well, I I will definitely follow up again this week be honest: you need to resolve it very soon, so.

C

Yeah thanks louie.

D

um It doesn't look like any of the.

D

There are any docs waiting for approval. um There are obviously a lot of api reviews in life. I I know niraj, you were taking a look at a lot of stuff. I was taking a look at the telemetry api. um I'm gonna try to get some time with doug today to look at it.

D

um Are there other api reviews that are blocked or need tfc feedback.

I

There is the rate limit stuff, but I think we are going to do a little bit of more pre-work on the dock, uh but there is.

D

I

A proposal sort.

D

Of yeah I looked at it.

D

I I saw there were a lot of comments about the the kind of the usability api, so yeah, that's something I need to think about a bit too. You know have others on the toc had a chance to look at the rate limit api.

C

Yeah, so so yeah, I I feel like maybe I'm missing something but the railing meeting api. I think it's lagging like the scenarios of rainy meeting and also there was not a lot of examples in the api that to help people make sense and think about how user was consuming them.

C

I'm hoping you know, the documentation meant that you are referring to will help fill some of those gaps.

I

Yes, it it will yeah, but we will have more uh more docs as in more examples of what scenarios it supports.

I

um I mean generally, if you, if you look at it in mixer, we had a rate limiting api and then we didn't have it and now people are asking for this so, but we will add explicit documentation.

C

Yeah, that would be great. Thank you.

G

So I think, last week in networking with our working group, we had an interesting conversation. I think it was brought up by costan around how does rate limiting work with load, locality or retries.

G

I think we should think about it. I don't want it to be a blocker for the first api, but it should be in.

B

Line with that direction,.

G

Other and should not be in conflict, so we end up migrating things again.

I

Yeah that makes sense.

J

uh But uh for do you see, I think, uh the common theme and- and uh you know the important thing is: do we want to to continue to be uh to have the apis basically represent uh refactoring of employee apis, but with the same kind of feature set and effectively locals into envoy?

J

Only or uh do he wants ats to be a bit more abstract and implementable with other you know possible, uh proxies or clients or gators and and then maybe you know, have other vendors implement the same apis to become kind of a cross vendor api, and I think that has an important.

J

This decision affects how we represent a lot of apis and and the other things we are going to do.

D

Yeah, I think that's that's, definitely a fair question.

D

Anyway, we're not going to do the design review here.

D

But there's obviously a lot of to discuss on that api and and if it does make sense, um to have an explicit kind of in-person review meeting for that api uh commander. Don't be shy about trying to set one up.

I

Yep yeah, I think I think that we need to. We need to talk first, because otherwise there is yeah the the and, why has to be laid out, and then we can talk about these things.

B

C

Now is the vasam api, the wizard deployment also target for the next uh release. 2011.

I

It is but but but fortunately that api is like has been approved already and uh now we're just implementing it. So but yes, it is.

C

Okay, because I still saw a lot of unresolved comments um in the api repo for that api.

I

B

I

There anything specific that you you're talking about, because I mean it, it is merged and it did go through kind of very extensive reviews already, but I mean, if you still have any concerns, then please raise it back. Otherwise it must be just some ap review hygiene where people haven't resolved the the comment when the issue was actually resolved.

C

I

C

One from daniel- or maybe we are looking at the wrong one, because I saw savannah, had a lot of good comments. I think zoho had interesting comments too, but none of those are resolved. I actually was surprised to hear the api already merged. Maybe we were looking at the ramp here.

I

Oh okay, I will. I will follow up.

C

Okay, thank you.

D

Yeah mandor can you and lynn sync up offline yeah? Thank you.

G

So many just to summarize from telemetry side, they're gonna. If all the in-flight mergers do get resolved, the there's gonna be a wasm extension api, there's gonna be a metric and access logging configuration along with tracing tracy, might have gone in before I don't remember and rate limiting. Is that everything, or am I missing something.

I

That's uh that's correct. Those those are those are the things that's correct.

B

D

Okay, do we have anything else to talk about.

K

So I added a better graduation doc at the uh agenda for today. If you scroll down, you can.

K

Okay, I like to uh briefly walk through this and get use his approval.

K

K

Yeah yeah, so this dog is a list of required work items for senior validation, we're targeting 1011 release for cinema beta, and uh there are. There are several major things about uh scenario. Migration first is uh upgrade and operation safety, so the uh busy scenario runs as a cluster singleton and it is not revision based and we need to make sure that sinai could uh upgrade and operate safely by the user, uh and we need to all. We need to also clarify the doc for the user like how how do they actually operate out sinai?

K

And then these undockful is already approved by the networking working group and uh work is in progress, and second theme is uh supportability, so, uh unlike the rest of istio, like sinai runs as a network plug-in, so it runs at no level. So it's hard to debug and monitor it using kubernetes first class way.

K

So this, what kind item is about integrate sunai with the institute tooling, as well as uh some other uh flow, like some other way, such as uh plum is still so nice log into uh like suni install container so that we can generate metrics and dump blocks into cinecom senior, install container and get first class kubernetes support experience for it and the last two parts just test and document.

K

uh So we need. We need to have better task force tonight and currently uh we have a job which runs all networking uh tests with not enabled as part of the pre-summit test, and also we we're going to have tests which covers the ash cases such as sinai, risk condition, mitigation, yeah, and that is about test uh and as far as uh documents so uh like current document is not very user friendly.

K

It makes uh like uh the user operation with all the uh configuration reference, so we're going to do a uh we are going to re-work on that we're going to like redo the snare document, just to make it more user-friendly, and there are some operation optional items uh such as like better risk mitigation and actual performance impact.

K

But we are considered them not. As a beta blocker uh yeah, so that is basically the plan. uh I'm not sure whether to see uh member have any uh feedback on this or is there anything missed or if not, can we approve this plan? A networking working group has already uh approved this uh plan, ready.

D

So there's there's a couple of optional items listed in the dock, um so presumably none of those optional items are considered a blocker for beta right.

K

uh Of the optional ones, which is the most desirable to have uh the last one, I think deployment simplification so basically want to combine like currently there's two uh scenario: containers one is before repair one is for install and there's no uh like reason to separate those two containers uh and- and it makes monetary also hard uh since promise doesn't have a good way to script like uh it.

K

It busy uh complicate the monitor story for uh if we have two candidates here so, but the other two, I think, uh definitely not as a beta blocker, I'm actually already working on the deployment certification to fully balance the probability. So, okay.

G

Peter a question around tooling and logs, so I think I mentioned this in the networking meeting too, I mean most of the cni plugins have this kind of a daemon certain, possibly something running on the node for which they also have to get logged. So how is that solved? Is it normally solved by sending the logs from the node local process over to daemon set.

K

uh So at least for calico they just dump or they log like they. uh In addition to kubella lock, they also dump log into a uh file uh into the uh at the edit node okay. So uh that is one way, but I think it's still not quite friendly. So uh the the way I'm currently working on is just send all the log from the sinai uh plug-in process to the container via a uds socket, uh and that way we can save all the file, rotation and processing.

B

I

After peter suggested, this uh I spoke with some of the cni some of the celium cni maintainers, and they are also now thinking about doing the same as to take the locks from the node and stick it into the actual demo and get them into kubernetes. So so, hopefully more people will do this.

D

Okay, so we we are going to aggregate the logs into the demon. Oh.

K

G

Yeah, I was just curious if it's common but yeah overall, it looks good actually when it simplifies users can use the same tooling. So I like it.

D

K

Okay, so if you don't know other questions, uh can we approve this plan.

C

Yeah- and I think you confirm all the annotation would continue to work in cli right, yeah.

K

At least all the annotation covered by the networking presuming test will work like because we have that test. uh We have a previous summary test job for chennai, which all runs all the networking integration tests so but yeah. I think all the annotations should just work. Okay,.

D

Yeah, this sounds reasonable to me.

B

Same here no, I I can approve this from my side. It's approved.

A

Yeah, it looks good to meet you.

C

Yeah looks good, um I assume, there's no documentation impact.

K

uh Documentation you uh so you mean the user-facing document.

C

Yeah for graduate to beta other than you know you change from alpha to beta. Oh.

K

There will be uh like the dot will need some rewrite, because current dock is not very user friendly. It mixes like the a uh like operation uh with, like the reference, like you, just dump everything into one page, which is not quite good like it. So I think we need to at least separate those and yeah.

C

Okay, I guess yeah, I guess: can we make the approval contingent on the documentation, simplification, yeah.

K

It is part of this. It is part of the uh the beta graduation doc. If you look scroll down, there is a doc change. Yeah.

C

G

Another question for you peter uh so once cni is beta, I mean because of the security implications of the non-cni mode. um Is there us like? Are we going to take a stance around default at some point? If this is stable, it can be.

G

I mean I know it will cause a lot of issues if we switch, but I'm trying to understand if you can move towards making cni the default thing, or is that just out of the realm.

K

I would be cautious about that because tonight.

J

K

Default will require a goodness kubernetes low level, support, at least like at least for key, for example,.

B

K

Is not the default uh networking configuration mechanism yet so uh enable e69 on it will just not work uh so yeah, so I would be conscious, then I'd.

G

Say yeah yeah for openshift users. I know it's the only way out, but I wasn't sure what's happening with other cloud providers. Okay,.

I

So, though, um though, I think what the goal should be to make cni the default right and.

B

I

Think yeah, so so, then, uh the parts that we have to decide is how how do we get there? So I think at some point not that far into the future the doc should say use cni like they should say, use cni, and then they should say: okay. Well, if you can't use cni, then this is the other way, but at some point we'll switch the docks and then at some point it will actually just uh do it, but I think that that's kind of consistent with where it even we want to head.

C

G

C

Challenge is the different cloud provider I mean instruction, is different and then testing who's going to do the testing on those.

D

Yeah I mean I, I don't think we can we're not suggesting we switch the default now. Yep and john mentions that maybe we want the race condition fix.

D

G

That can be a gate to a stable, yeah yeah.

C

And performance measurement too- hopefully it's going to be faster, but it will be good to have data too.

K

Yeah, if we have a better mitigation and get rid of the validation unique container, it will definitely be a bit faster. But right now it's not going to be obvious faster.

C

Yeah agreed yeah that that's the caveat, a lot of people didn't realize when they first.

I

Played with cni.

C

That we have the validation container in there yeah.

D

Okay, well, it's approved.

D

Oh, I can mark that in the dark.

C

So what is our process now so once you have this thing marked as documentation marking the documentation as approval now, do you still need anybody approved when you update, I, I think brian avery made a p a pr process to upgrade the feature status. Okay, so.

F

You update the markdown file for your feature and then once all that's complete once everything looks good to promote it to the next level, you update features.yaml um to state the new level. Tsc approves that and then it goes live on. Suio.

C

Okay got it, so you still want us to go. Approve that pr as well assuming the work item here has been checked off, sounds good.

K

C

Yeah thanks peter thanks peter.

D

um Okay, I think we are done.

C

Now john had a additional license.

D

Oh, um it came up in steering.

D

Kevin was going to come back. Having talked to the red hat lawyers.

D

I forgotten who, on the google side, was going to talk to the google lawyers. I think we there was a discussion. um I don't think anybody's here is on fire about this.

A

Yeah, if I remember the internal discussion, it was fine because we're not we're not including their code or anything, but don't quote me on that wait. This is recorded. Oh.

D

Your opinion can be quoted sven you're, not a lawyer.

B

A

We'll verify, but I think we had no problems with it.

D

um Yes, and do you want to take that one as an ai for the google one I know kevin was doing it on the red hat side, or maybe brian. I don't know if you've talked to kevin.

F

Yeah, I'm not sure if he's on it. Okay.

D

Well, we won't get an answer for kevin this week.

G

Yeah his application.

D

D

Okay, I'm just gonna capture that in the notes.

G

John, does this uh decision block your release, changes or anything for now.

F

Or you're, just oh, it's not a big deal. I just okay yep.

D

Yeah, I wouldn't do anything based on this at the moment.

A

Yeah, there's nothing blocked by it other than that we generally keep up to date, so.

D

Okay, all ready have a good weekend. Okay,.

C

So so see you guys in two weeks then no meeting.

D

Next monday,.

A

All right thanks, everyone thanks! Thank you.