►
From YouTube: Technical Oversight Committee 2021/06/14
Description
Istio's Technical Oversight Committee for June 14th, 2021.
Topics:
- Review ProxyConfig CRD and proposal to move it to Beta
- Discuss request to move releasenotes tool to its own repo.
A
B
A
B
A
A
C
The
proxy
config-
yes,
let
me
can
you
click
the
link
actually,
since
you're
there's
anything?
Yes,
so
environments
and
networking
working
groups
we
discussed.
This
remember
uc
asks
us
to
to
promote
the
alpha
apis
and
we
picked
proxyconfig
because
it
has
largest
and
broadest
usage
and
it's
probably
most
useful.
C
We
went
over
all
the
fields
in
proxy
config
and
we
found
the
number
of
fields
that
are
either
no
longer
in
use.
Probably
are
not
very
critical
or
are
deprecated
or
are
internal
and
and
don't
make
sense
to
expose
us
an
api,
and
we
ended
up
with
a
with
a
relatively
small
set
of
fields
that
we
believe
could
be
supported
and
should
be
promoted
to
better.
C
In
the
process.
We
discussed
the
relation
between
proxy
config
and
sidecar
and
how
there
is
a
bit
of
overlap,
and
the
proposal
is
to
actually
take
some
fields
from
from
sidecar
like
like
export
and
other
things
that
are
critical
and
also
add
them
to
proxyconfig
and
same
for
some
annotations
or
values.yaml
or
or
things
that
were
currently
spread
all
over
the
place
that
are
probably
belonging
proxy
computer
related
to
proxy
config,
which
we
should
also
add
to
proxy
config.
C
Instead
of
of
the
current
alpha
places,
and
there
are
a
lot
of
comments
the
doc
is,
is
you
know
after
more
comments,
I'll
rewrite
it
to
kind
of
reflect
the
the
the
comments?
But
I
think
we
we.
We
are
pretty
close
to
two
consensus,
at
least
in
those
working
groups,
about
moving
forward
with
creating
the
crd
and
at
least
the
core
part
of
the
of
the
proposal.
C
Proxy
config
can
also
apply
to
gateways,
including
kubernetes
gateways,
but
not
really
different.
I
mean
one
of
the
discussions
was,
to
just
add
everything
to
sidecar.
The
problem
was
that
name
is
weird
and
a
lot
of
things
inside
there
are
very
rarely
used
like
the
whitebox
mode,
while
the
things
in
proxyconfig
are
frequently
used.
C
F
C
E
F
C
A
Yes,
I
think
what
mandal
both
are
trying
to
say
is
also
what
we
discussed
right.
We
totally
understand
that
there
are
overlapping
semantics
here.
The
issue
is
sidecar
is
a
better
ipi,
but
sidecar
is
very
confusing.
If
that's
the
right
word,
at
least
for
me,
it
is-
and
I
have
I've
heard
many
other
users
express
that,
and
the
most
used
functionality
in
the
sidecar
like
question
is
saying,
is
just
to
do
config
ruling
via
your
egress
visibility.
A
So
we
can't
do
much
about
deprecating
those
wheels
and
the
complication
with
sidecar.
So
if
you
move
it
one
way
from
proxy
config
to
some
car,
you
might
make
a
problem
of
course.
So
we
are
looking
for
better
cleverer
solutions
here,
because
I
totally
agree
having
two
things
is
confusing,
but
both
of
us
and
at
least
john
who
we
talked
with-
I
mean
we
don't
have
better
ideas,
merging
everything
into
one
just
feels
like
a
big
api,
which
will
be
even
more
confusing
to
our
consumers.
C
And,
to
be
honest,
I
mean
I'm
perfectly
okay
with
merging
them.
I
mean,
I
think
there
are
trade
offs,
but
I
I
really
need
it
to
be
better.
I
mean,
I
think,
the
plan
we
came
up,
it's
cleaner
for
the
user
because
they
can
focus
on
proxy
config
and
sidecar
will
be
you
know.
Yes,
then
we
need
clear
documentation,
but.
A
C
H
I
want
to
tell
me
one
of
the
common
user
cases
with
scica.
Is
visibility
right
to
be
able
to
configure
the
visibilities
of
our
istio
resources?
I
think
that's
like
a
very
common
thing
and
we
recommend
users
to
do
that
in
production
environment,
so
that
really
feels
more
like
proxy
conflict
to
me,
especially.
G
F
C
F
I
Go
ahead,
john
right,
so
yeah.
One
other
reason
why
it's
good
to
have
another
resource,
I
think,
is
that
the
emerging
semantics,
the
proxy
big
and
sidecar
are
planned
to
be
different.
So
I
mean
I
suppose
we
could
say
these
new
fields
have
a
different
urge
than
the
old
fields,
but
it
may
be
a
bit
confusing,
but
with
proxy
config
we
definitely
need
merging.
So
you
can
do
things
like
set
by
defaults,
like
you
can
today,
like
discovery
address,
that's
very
unlikely
to
be
set
on
a
per
pod
basis.
F
D
J
C
C
C
That
that's
a
class
configuration,
however,
the
class
specific
configuration
will
be
represented.
The
content
will
be
proxy
config,
so
I
don't
know
if
they
will
have
a
reference
to
proxy
config
or
it
will
be
in
line,
but
the
semantics
we
need
for
configuring,
that
particular
class.
If
we,
if
we
go
the
way
where
we
are
saying,
then
that
that
seems
to
be
very
close
to.
J
J
Around
class
sidecar
should
get
replaced
by
gateway.
If
it's,
as
you
know,
one
of
the
semantic
divisions
is
routing
or
capture
concerns,
because,
whereas
proxyconfig,
which
talks
about
kind
of
or
a
bunch
of
kind
of
runtime
properties
of
the
proxy,
that's
more
like
a
gateway
class,
it's
not
right.
There's.
Obviously,
api
impedance
between
the
two
right
now
with
site
gateway,
class,
normally
being
a
cluster-wide
crd,
but
I
don't
think
that's
gonna
hold.
J
Gateway
has
the
right,
as
people
have
mentioned,
most
of
what
getsidecar
is
used
is
for
dependency,
pruning
gateway
can
express
gateway,
can
express
that
the
other
thing
is
capture.
I
think
a
gateway
can
also
express
that
with
its
address
type.
So
between
those
two
things
I
think
we're
okay
to
allow
gateway
to
replace
sidecar.
For
you
know
what
customers
describing
is
white
box
mode
right.
C
C
J
C
J
C
C
H
I
I
D
J
C
G
C
And
and-
and
the
main
reason
is
I
mean
the
reason
one
is
to
have
validation
and
also
you
know
consistent
with
the
rest
of
the
apis,
but
also
an
important
use
case
that
mirage
mentioned
information
is
a
dock.
If
you
have
programmatic
creation
of
pods,
the
current
mechanisms
of
putting
annotation
doesn't
work
because
it
requires
changes.
The
code
and
having
a
crd
with
selector
would
allow
us
to
configure
those
use
cases.
A
So
I
mean
from
what
I
can
see
it
feels
like
proxy
config
crd
might
be
a
good
choice
here,
naming
we
will
have
to
bike
share
a
bit
just
because
these
all
things
sound
similar,
and
it
should
be
clear
to
the
user
for
moving
the
config
pruning
pieces
from
sidecar
to
proxy
config.
It
doesn't
look
like
we
have
consensus,
but
I
do
want
to
talk
more
about
it.
A
J
A
I
mean
the
last
two
options,
basically
are
interesting,
but
don't
ex
I
mean
the
last
option
is
if
the
user
has
created
those
policies,
but
if
they
have
not,
they
still
might
want
graphic
pruning
right.
So
we
will
need
to
have
a
fallback.
The
third
option
about
service
annotations
is
it
being
frozen
in
kubernetes.
Now.
J
C
C
A
C
C
A
C
H
H
C
Sure
I
mean,
let's
separate
the
problem
alpha
promotion
to
beta
for
things
that
are
spread
across
her
sink
and
solve
this
problem.
First,
maybe,
and
then
how
to
optimize
other
things.
Nothing
that
I'm
proposing
in
in
this
is
new
or
doesn't
exist.
It's
just
fields
that
are
all
fine
different
places
and
are
not
configurable
with
the
right.
J
J
There's
certainly
no
reason
in
the
long
run
for
sitecar
api
not
to
be
deprecated
with
the
existence
of
this
and
the
gateway
api
right
because
gateway
api
to
like
extend
your
question
about
semantic
swim
lanes.
Gateway
api
is
very
clearly
traffic,
routing
and
traffic
capture,
so
that
would
that
isn't
going
to
change
so
there's
a
very
clear
division
of
capabilities
and
requirements
between
the
two
apis.
J
J
A
J
J
C
C
J
K
C
J
A
C
J
C
C
No,
no,
the
mesh
config
except
I
mean
the
proxy
config
inside
mesh
config-
will
be
ignored
in
this
case,
because
again
we
want
the
validation
and
all
the
other
stuff.
We
may
keep
it
for
backward
whatever
transition
or
other
thing.
That
means
that's,
that's
movement,
but
in
the
end
we
want
to
be
in
a
state
where
there
is
no
proximately
image
conflict,
because.
J
Okay,
so
if
this
proposal
saying
that
we're
going
to
take
proxy
configurator
mesh,
config
yep,
gradually
slowly,
okay
and
you're,
saying
it
both
exist
in
this
new
system-
name
space-
we're
going
to
take
proxy
connect
by
default,
yep
right
as
the
system
system-wide
default
yep,
our
general
pattern
has
been
for
control
plane,
wide
defaults.
They
would
become
referenced
resources
out
of
mesh
config,
because
mesh
connect
still
represents
the
root
configuration
for
a
given
control.
Plane
instance
correct.
E
C
H
Yeah
so
just
make
sure
we're
on
the
same
page.
So
basically
mesh
config
is
per
revision
right.
So
there
are
configuration,
that's
control,
plane,
specific,
like
ca
address,
it's
going
to
be
unique
for
different
revisions,
so
you
could
have
your
own
match,
config
from
110
to
111,
but
proxy
config.
The
customer
ratios
that's
going
to
be
created,
it's
going
to
be
global
across
different
revisions
on
the
cluster.
Is
that
how
yes?
Okay,.
C
J
J
C
J
C
A
J
C
C
A
C
H
A
G
G
A
C
C
C
Alpha
with
the
quick
comments
indicating
the
stability
of
the
field,
saying
that
this
field
is
going
to
be
promoted
or
I
don't
know
how
we
can
express
it,
I
was
thinking
to
have
a
better
crd.
I
don't
know
the
proto
proto,
at
least
with
the
cleaned
up
version,
but
people
who
want
to
use
other
api
with
the
fields
that
are
documented
as
better.
C
J
C
C
A
proto
yes,
but
I
don't
think
even
if
we
created
segmentation
as
part
of
112
work
kind
of
to
spread.
The
word
no
will
not
be
documented.
Basically
we're
not
documenting
111
that
you
can
use
this
new
resource
until
we
have,
and
it
gives
us
more
practice
and
more
feedback
from
users
on
on
how
they
feel
about
that.
C
So
you
know,
first
of
all,
clarity
on
what
fields
are
supported
or
not.
Second,
moving
the
other
fields
that
are
now
in
values.yaml
into
proxy
config
and
again,
I'm
not
against
adding
the
proxy
proxy
crd
is
just
I
don't
know
if
you
have
time
to
do
it
right
and-
and
I
would
rather
you
know,
I'm
okay
to
have
the
crd
and
some
code
that
is
using
the
crd.
So
we
can
test
and
if
it's
perfectly
working
then
we'll
document
it.
But
I
do
not
want
to
commit
for
111
do
to
the
entire
thing.
J
C
J
The
difference
between
that
and
112
would
be
migration
tooling
and
upgrade
support
for
users
between
those
two
states.
Yes,
implementing
the
crd
itself
is
not
particularly
difficult.
Implementing
the
migration
is
the
much
harder
thing
is
that
what
you're
suggesting
we
try
and
do
for
111,
or
is
that
yes,
the
more
reasonable
right?
So
it's
we
do
have
a
crd.
J
C
C
F
F
C
L
G
Question
is
what
what
what
is
the
exact
kind
of
feedback
that
you're
looking
for,
because
the
shape
the
general
shape
is
in
use
today,
the
the
override
structure
is
also
in
use
today,
sans
sort
of
the
name
space
scoping,
which
is
missing.
We
have
a
mesh
scope
and
a
workflow
scope,
so
that
is
not
changing,
and
then
the
thing
that
is
happening
is
a
cleanup
of
fields
that
have
just
accumulated.
A
I
Yeah,
it
seems
like
adding
it
as
alpha
doesn't
really
do
anything
like.
It
seems
obvious
that
an
api
should
go
alpha.
Beta,
stable
and
skipping
levels
is
wrong,
but
that's
because
that's
how
other
projects
are
able
to
do
it
because
they
have
proper
versioning,
but
for
us
we
can't
change
it
anyways.
So
if
we
ship
it
as
alpha,
it
might
as
well
be
called
beta,
because
we
can't
remove
any
of
the
fields
when
we
promote
it
anyways.
So
is
there
really
any
benefits.
F
F
K
J
F
J
I
C
K
K
J
Yeah,
I
mean
literally,
the
only
thing
we
can
do
today
between
alpha
and
beta
is
hide
things
from
docs
if
we
actually
built
the
feature
to
do
that
which
we
haven't
built
in
many
ways,
that's
already
aligned
with
our
well,
it's
not
quite
aligned
with
our
deprecation
goals,
as
we
would
like
to
deprecate
api
alpha.
Api
features
faster,
but.
A
L
J
L
So
this
is
the
tooling
so
that
you
can
pull
the
actual.
So
we've
we've
got
the
the
tool
that
creates
the
release.
Notes
takes
all
of
the
files
and
it
generates
release.
Notes
from
that,
and
the
request
here
is
to
be
able
to
pull
in
that
tooling
without
putting
in
the
rest
of
the
tools
repo.
So
it's
only
for
the
command
itself.
Oh.
H
F
F
L
H
I
Yeah
just
compile
the
binary
like.
If
I
go,
I
don't
I
don't
get
upset
when
kind
adds
dependencies,
because
we
just
we
don't
have
a
go
dependence
on
them.
We
just
use
their
binary
right
same
with
cube,
cuddle
or
hundreds
of
other
tools.
It
doesn't
seem
reasonable
to
expect
that
we
have
small
dependencies
for
a
binary
tool.