►
From YouTube: Technical Oversight Committee 2021/06/14
Description
Istio's Technical Oversight Committee for June 14th, 2021.
Topics:
- Review ProxyConfig CRD and proposal to move it to Beta
- Discuss request to move releasenotes tool to its own repo.
A
All
right,
next
up
for
the
111
release,
managers,
louis
and
kevin,
I
think,
for
the
pa.
We
were
trying
to
see
if
you
can
get
someone
more
experienced
from
google
or
red
hat
to
help
ryan
and
steve
here.
Do
we
have
a
third
candidate.
B
Sorry
not
yet
all
right
yeah.
I
still
need
to
chase
that
up.
That's
fine!
Just
let
us
know
we
need
to
we'll
do
that.
A
Yep
cni
beta
graduation
doc
feature.
I
did
look
at
it,
it's
really
well
written
and
I
like
that,
do
you
want
us
to
review
it
now
or
just.
B
A
A
C
The
proxy
config-
yes,
let
me
can
you
click
the
link
actually,
since
you're
there's
anything?
Yes,
so
environments
and
networking
working
groups
we
discussed.
This
remember
uc
asks
us
to
to
promote
the
alpha
apis
and
we
picked
proxyconfig
because
it
has
largest
and
broadest
usage
and
it's
probably
most
useful.
C
We
went
over
all
the
fields
in
proxy
config
and
we
found
the
number
of
fields
that
are
either
no
longer
in
use.
Probably
are
not
very
critical
or
are
deprecated
or
are
internal
and
and
don't
make
sense
to
expose
us
an
api,
and
we
ended
up
with
a
with
a
relatively
small
set
of
fields
that
we
believe
could
be
supported
and
should
be
promoted
to
better.
C
In
the
process.
We
discussed
the
relation
between
proxy
config
and
sidecar
and
how
there
is
a
bit
of
overlap,
and
the
proposal
is
to
actually
take
some
fields
from
from
sidecar
like
like
export
and
other
things
that
are
critical
and
also
add
them
to
proxyconfig
and
same
for
some
annotations
or
values.yaml
or
or
things
that
were
currently
spread
all
over
the
place
that
are
probably
belonging
proxy
computer
related
to
proxy
config,
which
we
should
also
add
to
proxy
config.
C
Instead
of
of
the
current
alpha
places,
and
there
are
a
lot
of
comments
the
doc
is,
is
you
know
after
more
comments,
I'll
rewrite
it
to
kind
of
reflect
the
the
the
comments?
But
I
think
we
we.
We
are
pretty
close
to
two
consensus,
at
least
in
those
working
groups,
about
moving
forward
with
creating
the
crd
and
at
least
the
core
part
of
the
of
the
proposal.
C
Proxy
config
can
also
apply
to
gateways,
including
kubernetes
gateways,
but
not
really
different.
I
mean
one
of
the
discussions
was,
to
just
add
everything
to
sidecar.
The
problem
was
that
name
is
weird
and
a
lot
of
things
inside
there
are
very
rarely
used
like
the
whitebox
mode,
while
the
things
in
proxyconfig
are
frequently
used.
C
So
the
idea
was
that
eventually,
sidecar
would
not
be
promoted
to
better
towards
stable,
and
we
would
like
our.
C
No,
it
is
better
one,
it
is
better
one,
but
but
we
could
treat
proxy
configures.
You
know
beta
two
or
kind
of
so
so
we
we're
not
trying
to
remove
sidecar.
For
bit,
I
mean
it
is
just
that
that
it
will
be
easier
for
users.
C
To
I
mean
we
duplicate
a
bit
of
functionality
like
the
egress,
it's
an
opportunity
to
clean
up
a
bit,
the
semantic
and
and
and
the
name
link
for
the
for
the
visibility
stuff,
which
is
the
most
useful
part
of
sidecar,
and
the
rest
will
be
only
for
advanced
users.
F
C
I
think
it's
still
useful
for
the
use
cases
where
you
know
advanced
use
cases,
cases
where
people
don't
use
ip
tables
and
need
to
specify
udp,
port
or
uds
or
or
other
things
that
are.
You
know
some
advanced
features
that
we
need
to
support
because.
E
F
C
No
again
one
of
the
proposals,
and-
and
we
are
pretty
much
close
to
agreement
except
for
the
name-
was
to
just
put
everything
in
cycle.
The
the
problem
was
first
of
all,
that
gateways
would
also
use
proxy
config
and
second,
was
that
a
lot
of
things
inside
karatbar,
very
arcane
and
and
specifically.
A
Yes,
I
think
what
mandal
both
are
trying
to
say
is
also
what
we
discussed
right.
We
totally
understand
that
there
are
overlapping
semantics
here.
The
issue
is
sidecar
is
a
better
ipi,
but
sidecar
is
very
confusing.
If
that's
the
right
word,
at
least
for
me,
it
is-
and
I
have
I've
heard
many
other
users
express
that,
and
the
most
used
functionality
in
the
sidecar
like
question
is
saying,
is
just
to
do
config
ruling
via
your
egress
visibility.
A
So
we
can't
do
much
about
deprecating
those
wheels
and
the
complication
with
sidecar.
So
if
you
move
it
one
way
from
proxy
config
to
some
car,
you
might
make
a
problem
of
course.
So
we
are
looking
for
better
cleverer
solutions
here,
because
I
totally
agree
having
two
things
is
confusing,
but
both
of
us
and
at
least
john
who
we
talked
with-
I
mean
we
don't
have
better
ideas,
merging
everything
into
one
just
feels
like
a
big
api,
which
will
be
even
more
confusing
to
our
consumers.
C
And,
to
be
honest,
I
mean
I'm
perfectly
okay
with
merging
them.
I
mean,
I
think
there
are
trade
offs,
but
I
I
really
need
it
to
be
better.
I
mean,
I
think,
the
plan
we
came
up,
it's
cleaner
for
the
user
because
they
can
focus
on
proxy
config
and
sidecar
will
be
you
know.
Yes,
then
we
need
clear
documentation,
but.
A
For
the
developers
too
right,
we
have
to
have
guidance,
which
is
what
I
am
a
little
worried
about
too
right.
So
is
sidecar
more
or
less
like
a
zombie
api,
then
you.
C
H
I
want
to
tell
me
one
of
the
common
user
cases
with
scica.
Is
visibility
right
to
be
able
to
configure
the
visibilities
of
our
istio
resources?
I
think
that's
like
a
very
common
thing
and
we
recommend
users
to
do
that
in
production
environment,
so
that
really
feels
more
like
proxy
conflict
to
me,
especially.
G
F
C
F
C
I,
like
it
sorry,
john
and
we
have
hands.
Let's
use
this
john.
I
Go
ahead,
john
right,
so
yeah.
One
other
reason
why
it's
good
to
have
another
resource,
I
think,
is
that
the
emerging
semantics,
the
proxy
big
and
sidecar
are
planned
to
be
different.
So
I
mean
I
suppose
we
could
say
these
new
fields
have
a
different
urge
than
the
old
fields,
but
it
may
be
a
bit
confusing,
but
with
proxy
config
we
definitely
need
merging.
So
you
can
do
things
like
set
by
defaults,
like
you
can
today,
like
discovery
address,
that's
very
unlikely
to
be
set
on
a
per
pod
basis.
F
I
my
sort
of
initial
reaction
to
that
is
that
we
should
not
have
different
semantics
right
like
we
should
be
consistent.
It's
really
confusing
for
users
to
not
be
so
yeah.
D
J
C
Yes,
that's
that
good,
but
but
again
the
class
has
inside
the
kind
of
a
custom
field
which
is
proxy
configurability.
So
if,
if
it
doesn't.
C
C
That
that's
a
class
configuration,
however,
the
class
specific
configuration
will
be
represented.
The
content
will
be
proxy
config,
so
I
don't
know
if
they
will
have
a
reference
to
proxy
config
or
it
will
be
in
line,
but
the
semantics
we
need
for
configuring,
that
particular
class.
If
we,
if
we
go
the
way
where
we
are
saying,
then
that
that
seems
to
be
very
close
to.
J
J
Around
class
sidecar
should
get
replaced
by
gateway.
If
it's,
as
you
know,
one
of
the
semantic
divisions
is
routing
or
capture
concerns,
because,
whereas
proxyconfig,
which
talks
about
kind
of
or
a
bunch
of
kind
of
runtime
properties
of
the
proxy,
that's
more
like
a
gateway
class,
it's
not
right.
There's.
Obviously,
api
impedance
between
the
two
right
now
with
site
gateway,
class,
normally
being
a
cluster-wide
crd,
but
I
don't
think
that's
gonna
hold.
J
Gateway
has
the
right,
as
people
have
mentioned,
most
of
what
getsidecar
is
used
is
for
dependency,
pruning
gateway
can
express
gateway,
can
express
that
the
other
thing
is
capture.
I
think
a
gateway
can
also
express
that
with
its
address
type.
So
between
those
two
things
I
think
we're
okay
to
allow
gateway
to
replace
sidecar.
For
you
know
what
customers
describing
is
white
box
mode
right.
C
I
said,
but
in
practical
terms,
creating
a
crdn
with
a
most
conservative
set
of
fields
that
are
currently
not
duplicated
and
not
confusing,
and
promoting
this
you
know
from
from
alpha
to
beta,
should
be
you
know
reasonable.
At
this
point,
I
think
it's
not.
C
J
C
J
C
C
H
I
I
D
J
Hopefully,
gateway
class
gives
up
on
being
a
concrete
type
and
becomes
a
controller
interpreted
type
reference.
That
would
be
better
correct.
John
yeah.
C
G
C
And
and-
and
the
main
reason
is
I
mean
the
reason
one
is
to
have
validation
and
also
you
know
consistent
with
the
rest
of
the
apis,
but
also
an
important
use
case
that
mirage
mentioned
information
is
a
dock.
If
you
have
programmatic
creation
of
pods,
the
current
mechanisms
of
putting
annotation
doesn't
work
because
it
requires
changes.
The
code
and
having
a
crd
with
selector
would
allow
us
to
configure
those
use
cases.
A
So
I
mean
from
what
I
can
see
it
feels
like
proxy
config
crd
might
be
a
good
choice
here,
naming
we
will
have
to
bike
share
a
bit
just
because
these
all
things
sound
similar,
and
it
should
be
clear
to
the
user
for
moving
the
config
pruning
pieces
from
sidecar
to
proxy
config.
It
doesn't
look
like
we
have
consensus,
but
I
do
want
to
talk
more
about
it.
A
J
A
I
mean
the
last
two
options,
basically
are
interesting,
but
don't
ex
I
mean
the
last
option
is
if
the
user
has
created
those
policies,
but
if
they
have
not,
they
still
might
want
graphic
pruning
right.
So
we
will
need
to
have
a
fallback.
The
third
option
about
service
annotations
is
it
being
frozen
in
kubernetes.
Now.
J
C
And
and
the
other
tools
whenever
policy-
and
I
am
are
back-
are
nice
because
they
they-
you
know
it's
it's.
The
user
sets
something
that
is
enforceable.
C
A
C
C
A
C
H
H
C
Sure
I
mean,
let's
separate
the
problem
alpha
promotion
to
beta
for
things
that
are
spread
across
her
sink
and
solve
this
problem.
First,
maybe,
and
then
how
to
optimize
other
things.
Nothing
that
I'm
proposing
in
in
this
is
new
or
doesn't
exist.
It's
just
fields
that
are
all
fine
different
places
and
are
not
configurable
with
the
right.
J
J
There's
certainly
no
reason
in
the
long
run
for
sitecar
api
not
to
be
deprecated
with
the
existence
of
this
and
the
gateway
api
right
because
gateway
api
to
like
extend
your
question
about
semantic
swim
lanes.
Gateway
api
is
very
clearly
traffic,
routing
and
traffic
capture,
so
that
would
that
isn't
going
to
change
so
there's
a
very
clear
division
of
capabilities
and
requirements
between
the
two
apis.
J
J
A
J
J
C
C
J
K
C
A
Correct,
currently,
it's
in
line
right.
J
A
C
J
C
C
No,
no,
the
mesh
config
except
I
mean
the
proxy
config
inside
mesh
config-
will
be
ignored
in
this
case,
because
again
we
want
the
validation
and
all
the
other
stuff.
We
may
keep
it
for
backward
whatever
transition
or
other
thing.
That
means
that's,
that's
movement,
but
in
the
end
we
want
to
be
in
a
state
where
there
is
no
proximately
image
conflict,
because.
J
Okay,
so
if
this
proposal
saying
that
we're
going
to
take
proxy
configurator
mesh,
config
yep,
gradually
slowly,
okay
and
you're,
saying
it
both
exist
in
this
new
system-
name
space-
we're
going
to
take
proxy
connect
by
default,
yep
right
as
the
system
system-wide
default
yep,
our
general
pattern
has
been
for
control
plane,
wide
defaults.
They
would
become
referenced
resources
out
of
mesh
config,
because
mesh
connect
still
represents
the
root
configuration
for
a
given
control.
Plane
instance
correct.
E
C
Okay,
I
can
take
a
stop
at
this.
It's
not,
it
may
be
controversial,
but
at
least
we
can
discuss
it.
H
Yeah
so
just
make
sure
we're
on
the
same
page.
So
basically
mesh
config
is
per
revision
right.
So
there
are
configuration,
that's
control,
plane,
specific,
like
ca
address,
it's
going
to
be
unique
for
different
revisions,
so
you
could
have
your
own
match,
config
from
110
to
111,
but
proxy
config.
The
customer
ratios
that's
going
to
be
created,
it's
going
to
be
global
across
different
revisions
on
the
cluster.
Is
that
how
yes?
Okay,.
C
J
Yeah
john
I'm
not
actually
trying
to
mesh
config
beta
to
proxy
config
data.
I
just
want
to
have
a
basic
understanding
of
what
we
expect
the
evolution
path
to
be
rather
do
the
work
right.
So
just,
but
I
just
want
to
see
the
design
part.
J
C
J
C
So
when
mesh
config
moves
to
beta,
if
it
moves
to
beta,
then
we
definitely
will
add
the
reference
and-
and
that
actually
is
a
pretty
good
idea
for.
C
A
J
C
And
that's
something
we
support,
so
that
was
my
original
thinking
that
we
use
the
east
ui
referendum
put
on
every
label,
including
destination
rule
and
whatever
to
make
it
bound
to
a
revision.
C
C
C
A
C
H
But
not
for,
but
not
for
injector
right.
This
is
only
to
deprecate
the
annotation.
It's
still
resources.
Yes,.
A
C
Okay,
and
and
and
to
be
clear,
we
can
go
ahead
with
with
creating
the
beta
proto
hidden
from
from
api
and,
and
you
know,
read
it
and
make
the
code
changes
while
we
are
in
parallel
addressing
the
other
cases,
because
111
is
around
the
corner
and
probably
to
not
be
finished
111,
but
at
least
we
I
I
like
to
have
some
progress.
G
Made
so
so
so
what
my
my
one
last
comment
is
that
if
we
can
get
some
directional
sense
quickly
about
whether
this
is
going
to
land
11
or
not
it,
it
will
be
very
helpful.
So
if,
if
I
guess,
if
cost
team
gets
these
answers
in
a
week,
I
think
we
should
still
try
to
have
this
approval
by
next
week.
G
A
C
One
level,
so
I
I
I
thought
a
bit
about
this
this
and
in
111.
C
I
think
what
the
most
important
thing
for
when
you
learn
from
my
perspective,
is
to
just
go
over
all
fields
in
proxy,
contains
existing
proxy
config
and
put
documentation,
saying,
hey,
zcld
is
going
to
be
part
of
the
beta
api
and,
and
you
can
rely
on
it
and
this
field
is
you
know,
deprecated
or
hidden
or
or
you
should
not
rely
on
it
and
that
that
will
be
impactful
for
users,
because
at
least
they'll
have
clarity
of
what
exactly
will
be
supported,
and
if
we
have
agreement
on
some
fields,
they
can
make
some
decisions
based
on
that
and
then
transition
will
be
easier.
C
C
C
Alpha
with
the
quick
comments
indicating
the
stability
of
the
field,
saying
that
this
field
is
going
to
be
promoted
or
I
don't
know
how
we
can
express
it,
I
was
thinking
to
have
a
better
crd.
I
don't
know
the
proto
proto,
at
least
with
the
cleaned
up
version,
but
people
who
want
to
use
other
api
with
the
fields
that
are
documented
as
better.
C
At
least
that
was
my
my
simplest
plan
to
to
to
make
progress
and-
and
you
know,
provide
somebody
to
use
this.
C
J
C
To
be
created,
we
create
a
cfd.
This
is,
if
we
have
all
the
elements
in
place,
that's
fine,
but
we'll
not
promote
it
or
or
tell
people
to
start
using
it.
C
A
proto
yes,
but
I
don't
think
even
if
we
created
segmentation
as
part
of
112
work
kind
of
to
spread.
The
word
no
will
not
be
documented.
Basically
we're
not
documenting
111
that
you
can
use
this
new
resource
until
we
have,
and
it
gives
us
more
practice
and
more
feedback
from
users
on
on
how
they
feel
about
that.
C
So
you
know,
first
of
all,
clarity
on
what
fields
are
supported
or
not.
Second,
moving
the
other
fields
that
are
now
in
values.yaml
into
proxy
config
and
again,
I'm
not
against
adding
the
proxy
proxy
crd
is
just
I
don't
know
if
you
have
time
to
do
it
right
and-
and
I
would
rather
you
know,
I'm
okay
to
have
the
crd
and
some
code
that
is
using
the
crd.
So
we
can
test
and
if
it's
perfectly
working
then
we'll
document
it.
But
I
do
not
want
to
commit
for
111
do
to
the
entire
thing.
J
C
J
The
difference
between
that
and
112
would
be
migration
tooling
and
upgrade
support
for
users
between
those
two
states.
Yes,
implementing
the
crd
itself
is
not
particularly
difficult.
Implementing
the
migration
is
the
much
harder
thing
is
that
what
you're
suggesting
we
try
and
do
for
111,
or
is
that
yes,
the
more
reasonable
right?
So
it's
we
do
have
a
crd.
J
It
is
experimental,
beta,
experimental.
J
C
C
Yeah,
I
was
joking,
no
I
I
meant
I
met,
we
have
the
crd,
but
we
are
not
yet
promoting
domenting
it
us,
please
use
it
or
start
using.
It
is
just
we
say
that
it's
working
progress
and
right.
I.
F
Yeah,
I
don't
know,
I
might,
I
think
it's
fine
to
do
it
in
experimental
or
even
alpha
honestly,
because
those
are
that's
what
those
are
for.
I
agree.
We
should
not
go
straight
to
beta,
but.
F
C
L
G
Question
is
what
what
what
is
the
exact
kind
of
feedback
that
you're
looking
for,
because
the
shape
the
general
shape
is
in
use
today,
the
the
override
structure
is
also
in
use
today,
sans
sort
of
the
name
space
scoping,
which
is
missing.
We
have
a
mesh
scope
and
a
workflow
scope,
so
that
is
not
changing,
and
then
the
thing
that
is
happening
is
a
cleanup
of
fields
that
have
just
accumulated.
G
So
I
I'm
working
like
what
kind
of
feedback
will
like.
Are
we
looking
from
users
here?
A
For
me,
I'm
making
sure
that
the
upgrades
actually
work
and
if,
if
you're
saying
it's
a
better
quality
api,
then
the
migration
upgrade
better
be
spot
on.
If
you
make
it
alpha
experimental,
I
think
we
can
have
some
mishaps
along
the
way.
I
Yeah,
it
seems
like
adding
it
as
alpha
doesn't
really
do
anything
like.
It
seems
obvious
that
an
api
should
go
alpha.
Beta,
stable
and
skipping
levels
is
wrong,
but
that's
because
that's
how
other
projects
are
able
to
do
it
because
they
have
proper
versioning,
but
for
us
we
can't
change
it
anyways.
So
if
we
ship
it
as
alpha,
it
might
as
well
be
called
beta,
because
we
can't
remove
any
of
the
fields
when
we
promote
it
anyways.
So
is
there
really
any
benefits.
F
F
K
J
F
J
I
C
K
K
J
Yeah,
I
mean
literally,
the
only
thing
we
can
do
today
between
alpha
and
beta
is
hide
things
from
docs
if
we
actually
built
the
feature
to
do
that
which
we
haven't
built
in
many
ways,
that's
already
aligned
with
our
well,
it's
not
quite
aligned
with
our
deprecation
goals,
as
we
would
like
to
deprecate
api
alpha.
Api
features
faster,
but.
A
Yeah
well,
we
have
five
minutes.
So
let's
discuss
brian's
topic.
I
hope
it's
a
quick
one.
Brian
do
you
want
to
talk
about
it.
L
Yeah,
so
this
is
quick.
I've
gotten
requests
from
people
to
be
able
to
use
the
release,
notes,
tooling
and
separate
projects
without
actually
pulling
in
the
entire
tools
repo.
So
the
only
question
here
is
for
permission
to
create
a
separate
repo,
we've
already
discussed
it
in
test
release.
J
L
So
this
is
the
tooling
so
that
you
can
pull
the
actual.
So
we've
we've
got
the
the
tool
that
creates
the
release.
Notes
takes
all
of
the
files
and
it
generates
release.
Notes
from
that,
and
the
request
here
is
to
be
able
to
pull
in
that
tooling
without
putting
in
the
rest
of
the
tools
repo.
So
it's
only
for
the
command
itself.
Oh.
H
J
Can
we
can
we
just
call
it
release,
notes,
tool
and
or
something
to
indicate
it
confused
me
yeah.
F
Can
you
explain
what
what
problem
this
is
solving,
so
what?
What
is
it
about
pulling
in
the
whole
thing
that
was
causing
problems?
Why
do
we
need
to
do
this,
so
this
is
just
because.
F
L
H
I
Yeah
just
compile
the
binary
like.
If
I
go,
I
don't
I
don't
get
upset
when
kind
adds
dependencies,
because
we
just
we
don't
have
a
go
dependence
on
them.
We
just
use
their
binary
right
same
with
cube,
cuddle
or
hundreds
of
other
tools.
It
doesn't
seem
reasonable
to
expect
that
we
have
small
dependencies
for
a
binary
tool.