►
From YouTube: Istio User Experience WG September 8, 2020
Description
- "istioctl command type/name" enhancement
- organizing istioctl commands better to reflect persona/role
A
Yeah,
so
we
pretty
much
prefer
to
have
a
crd
for
the
defaults
and
the
main
reason
is
the
mesh.
Config
is
actually
not
configurable
in
our
managed
issue
environment,
where
we
don't
allow
users
to
change
mesh
config,
a
lot
of
at
least
most
of
the
field
in
the
mesh
config
and
the
main
reason
is
you
know,
because
if
because
we
automatically
manage
like
the
control
plane
update
forward
use
if
they
change
mesh
config,
you
have
to
think
out,
you
know
it
could
be
overwritten.
A
First
of
all,
second
of
all,
how
do
you
upgrade
the
mesh
complex
to
the
new
version
right?
If
you
can't
solve
that
problem,
it
would
overwritten
for
them.
So
if
we
can
separate
the
admin
default
out,
so
they
could
configure
admin
default
separately
like
the
outlier
detection
time,
our
retry
and
mesh
config
could
be,
you
know
from
really
advanced
user,
but
for
normal
user.
Hopefully
they
don't
have
to.
B
A
B
B
Everyone-
everyone
wanted,
I
mean
it's
it's
just.
The
problem
was
that
that
we
had,
you
know,
values,
global
and
a
lot
of
other
things
and
mesh
config
was
a
better
place
than
those
because
at
least
it
was
an
api,
but
I
agree
we
always
wanted
to
have
mesh
config
and
proxy
configures
proper
crds,
and
we
already
have
proxyconfig.
We
went
that
way
where
it's
the
annotation,
it's
kind
of
a
proper
exposed
api.
A
B
A
B
Yeah,
I
think
the
main
the
main
argument
is
that
mesh
config
was
never
really
user
editable
because
you're
right,
I'm
almost
all
the
time
I
mean
yes,
we
have
ability
to
change
it
at
runtime
and
reload
it
and
and
apply
it,
but
next
time
the
user
is
going
to
do
an
install
or
any
change.
It's
going
to
be
overwritten
and
lost,
and
we
had
this
problem
for
a
very
long
time.
So
it's
kind
of.
A
C
Okay-
okay,
great,
I
will
make
sure
I'm
at
the
next
meeting
and
talk
about
how
we
can
dump
out
that
field
and
explain
it
to
users.
So
the
we've
been
putting
this
off
for
a
while
organizing
the
commands
by
personas
and
roles.
This
this
document
is
very
preliminary
and
I
think
it
is
kind
of
old,
but
I
didn't
I
first.
D
D
E
B
A
So
so
I
that's
a
good
question,
so
I
think
there's
really
three
roles,
so
why
is
the
cloud
operator
like
you
were
saying?
You
know
google
right
operating
issue
for
your
customer?
The
second
row
is
the
platform
team.
Who
is
we
also
called
mesh
admin
early,
which
is
the
platform
owner
of
the
service
mesh
platform
for
a
particular
customer?
F
A
F
A
B
It's
it's
it's
familiar,
for
example
in
in
hosted
services
you
have
the
admin,
so
even
if,
if
the
yeah,
the
user
is
a
user-
and
that
mean
is
the
ones
that
has
been
administered,
you
know
east
ud
or
whatever,
but
he's
not
actually
operating
and
running
the
service.
That's
good!
I
want
to
make
sure
we
have
clear
names
and
separation
between
them,
because
again
it's
a
big
difference
between
mesh
admin
and
the
service
owner
and,
for
example,
I
don't
want
the
measured
bin
to
control
his
upgrades.
A
B
B
B
A
C
B
B
D
A
C
D
A
C
D
I
I
think
so
yeah
I
don't
see
users
wanting
to
poke
around
in.
Unless
I
I
mean
it's
actually,
it's
a
general
purpose,
stiffing
tool.
So
it's
it's
not
really
specific.
It
just
happens
to
be
on
the
manifest,
but
you
can
div
any
ammo
manifest
with
it
that
you
want,
and
it
gives
you
a
pretty
nice
nice
yaml
diff
view
which
is
which
is
not
easy
to
come
by.
D
C
C
C
C
We
have
a
special
annotation
for
these
other
control
planes,
and
then
we
have
this
special
legacy.
Annotation
and
I
almost
don't
want
to
discuss
it
because
we
had
like
a
20-minute
conversation
last
time
about,
should
we
get
rid
of
it
or
should
we
make
it
easier
to
point
this
special
label
at
a
particular
control
plane.
A
D
D
Yes,
we
we
do
need
at
least
the
second
two,
the
the
first
one
is
something
that
it
was
a.
It
was
a
request.
You
know
I
I'm
actually.
I
would
like
to
remove
it,
but
but
somebody
asked
for
it-
and
I
I
don't
know
if
we
can
just
remove
it
arbitrarily,
but
it
just
really
doesn't
do
much
other
than
renders
the
installation
template
for
operator.
D
C
C
C
At
a
previous
meeting
we
said
we
want
to
get
rid
of
this
post
install
which
no
longer
does
anything
and
pre-check.
I
think,
do
we
think
this
is
admin
only.
Do
we
think
that
users
want
something
more
like
what
lynn
was
talking
about
in
her
service
mesh
contact
to
take
a
look
at
your
workload
and
tell
you
if
it's
a
good
workload
for
istio
steve
current
pre-check
is
telling
you
if
your
kubernetes
cluster
has
the
right
version
in
memory
for
sdo
control
plane.
Do
we
want
a
pre-check,
a
data
plane,
pre-check.
B
B
F
C
D
D
C
B
A
I
mean
certainly
pre-check
is
not
useful
for
people
who
rarely
manage
the
service
mesh
environment
right,
but
it
could
be
useful
for
people
learning
istio.
They
can
just
you
know,
run
this
to
before
they
install
insta,
because
it
helps
you
to
check
for
it.
For
instance,
we
don't
support
kubernetes,
115
and
1.7
at.
D
A
C
C
C
C
So
if
you
have
any
special
things
to
say
about
these
commands
regarding
these
add-on
commands,
grafana,
jaeger,
prometheus
and
zipkin,
I
had
something
I
wanted
to
talk
to
costume
about
with
that.
So
currently
these
commands
work
by
looking
for
the
demo
installations
that
we
do.
I
was
thinking
that
it
would
be
nice
if
these
commands
worked
in
a
different
way.
C
If,
when
you
are
the
mesh
admin,
you
install
some
prometheus
in
your
own
way,
and
then
you
want
your
user
to
be
able
to
bring
up
grafana
that
this
dashboard
grafana,
rather
than
looking
for
istio
in
the
control
plane,
just
there's
a
url
that
it
does
and
I'm
gonna
make
this
thing
work
with
a
total
hack,
so
I'll
just
mention
this
hack
to
you
all
now.
Currently,
this
thing
looks
at
looks
at
istio
system
and
the
idea
is
that
in
the
future
we'll
be
able
to
specify
a.
C
Arfana
url
and
all
that
it
will
do
is
it
will
open
that
url
so
that,
in
a
sense,
that's
stupid
because
you
could
just
type
in
something
like
open
food
bar
grafana,
but
the
reason
it's
not
going
to
be
stupid
is
that
we
now
have
istio
cuddle
settings.
So
if
I
do
a
steel,
coil
x,
config
list,
all
these
settings
appear.
So
the
idea
is
that
I'm
going
to
make
these
commands
just
give
you
settings
so
that
if
you
type
this
in
it
could
just
be
a
reminder
for
you.
B
I
I
not
a
big
fan
of
you,
know,
feature
bloat
and,
and,
and
you
know
I
would
expect
most
people
to
never
touches
your
cattle
in
their
life.
I
mean
normally,
you
do
not
need
to
use
these
your
cutters,
that's
kind
of
a
clutch,
it's
something
that
it's
again
we
get
to
attach
by
two
to
two
cent
to
complexity.
B
I
mean
next
we're
going
to
add
the
istio
cattle
mail
comment,
because
maybe
people
want
to
send
an
email?
It's
it's
not
really.
I
think
it's
useful
to
keep
the
dashboard
graphana
to
do.
Support
forwarding
if
you
happen
to
have
graphene
installed
in
your
cluster.
Is
your
cutter?
Could
you
know
either
search
for
labels
or
or
specify
a
namespace
and
do
support
forwarding.
B
Don't
open
url,
I
mean
if
it's
doing
a
port
forward.
I
think
it's
useful.
If
you
can
add
the
search
for
graphon,
I
mean
to
get
namespaces
or
or
have
a
label
in
the
namespace
that
is
running
rafana
or
some
other
way
to
or
put
the
main
space
parameter
and
do
the
same
thing,
because
normally
I
would
expect
people
to
install
graphara
in
the
namespace
rafana
or
some
other.
C
C
B
B
It's
it's
too
much
work
and
not
natural,
because
again
in
in
a
normal
company,
there
is
a
group
that
is
going
to
a
different
group
that
is
going
to
maintain
grafana,
for
example
in
google,
and
I
think,
I'm
pretty
sure,
in
red
hat
and
all
other
companies
there
is
manage
grafana.
That
is
offered
just
like
managing
security.
I'm
not
saying
we
should
have
that.
I'm
saying.
C
B
Sure
that
would
be
a
different
project,
not
easy.
I
mean
it's
not
just
your
job
to
keep
track
of
other
things
I
mean.
Maybe
kubernetes
will
have
some
feature
like
that,
or
maybe
there
is
a
cube
cattle
described
cluster
which
actually
gives
you
that
some
some
urls
like
that,
if
you,
if
you
do
describe
cluster,
you
can
see
some
of
the
things
that
are
installed
in
in
kubernetes
with
some
I'm
just
I'm
trying
to.
C
B
Yeah
one
one
thing:
rafana
is
that,
typically,
when,
when
it's
managed
graphana,
you
have
a
username
and
password
and
unfortunately
it's
not
used
integrated
with
single
sign-on
systems
and
people
have
problems.
If
you
go
to
a
url,
I
mean
it's
not
a
http
url,
usually
an
https
url
and
at
least
for
the
ones
that
I
tried.
You
need
to
type
the
username
and
password
that
is
created
in
in
grafana
itself.
B
A
C
C
Total
dashboard
grafana
it
would
you
hadn't,
set
this.
It
would
currently
it
says
no
graffana
pods.
The
new.
The
new
error
message
will
be
no
graphanopods.
If
you
have
a
dedicated
grafana,
please
add
it
to
this
config
file,
and
then
you
type
it
you
do
that
and
then
you
type
it
again
and
it's
just
there.
It's
just
a
convenience
method.
It's
not.
B
Useless
because
if
you,
the
real
problem,
is
how
do
you?
Actually?
What
do
you
type
in
when
graphing
opens?
You
need
a
username
and
password
it's
an
https
url
and
it's
authenticated.
Your
browser
is
caching
that
for
you,
caching,
from
where
I
mean
you
need
to
sign
up,
you
need
to
be
added.
It's
an
entire
process
for
that
and
why
I
mean,
do
we
have
commands
to
open
google?
Do
it?
Do
I
go
easter
cat
or
google
search
opens
a
browser?
I
mean
it's,
not
our
documentation.
C
B
A
B
B
But
we're
trying
to
make
it
easier
easier,
not
by
adding
more
features
and
functionalities
that
don't
belong,
belong
to
istio.
If
we
believe
that
it's
so
such
an
important
feature,
maybe
grafana
should
have
a
grafana
cattle
and
promote
yourself
should
have
a
prometheus
cattle
that
have
that
opens
their
own
dashboard.
However,
they
see
fit.
B
A
C
A
C
B
B
F
C
B
B
C
C
C
B
B
A
B
A
That
is
true,
except
that
the
external
sdod
actually
needs
way
more
permission
than
create
a
remote
secret
because
create
a
remote
secret.
Most
of
the
permission
was
just
read
permission,
the
external
issue.
They
need
a
whole
lot
more,
so
we
don't
actually
use
create
remote
security
for
external
code.
C
C
B
B
B
B
A
A
A
B
C
D
And
I
think
I
think
that
this
this
is
actually
not
not
a
big
work
item
to
to
offer
both
options.
Actually
I
mean
we
can
we
can
decide,
but
but
in
any
case
it's
going
to
be
based
around
the
the
cobra
command
framework
we
already
have
and-
and
if,
if
you
have
that,
then
it's
a
pretty
trivial
effort
to
include
it
into
istio
cuddlic
if
we
want
or
keep
it
as
a
separate
binary
right.
C
C
We
don't
want
users
to
be
overwhelmed
when
they
type
is
to
cuddle,
except
to
see
to
see
commands
like
operator
and
profile
that
maybe
they
can't
use.
If
we
could
get
half
of
these
commands
out
of
here
and
hide
them
under
istio
cuddle,
istio
admin
or
istio
cuddle
admin
that
might
help
it
would
just
be
moving
some
things
around
in
the
hierarchy.
D
B
C
B
No,
we
leave
the
commandance.
It
is
because
we
cannot
change
backward
compatibility,
but
we
are
the
keyboard
main
command.
That
has
only
the
admin
commands
and
we
deprecate
and
change
the
start
stage
changing
the
documentation
and
when
the
documentation
is
changed,
we
can
start
stop
using.
So
I'm
not
saying
now
do
that,
but
just
start
the
issue
admin
make
sure
that
all
the
admin
commands
go
into
histo
admin.
C
B
B
A
A
B
I
I
I
can
give
you
an
example.
I
mean
we
have
jk
in
kubernetes
in
google
and
that
you
know
it's
a
managed
kubernetes
and
that's
the
job
of
google
to
figure
out
how
to
install
and
keyboard
main
doesn't
apply
same
thing.
With
this
I
mean
we
having
google
have
traffic
director
and
we
have
you
know
kind
of
other
managed
estiods
that
we
can
run
where
the
user
will
not
have
to
have
any
way
to
administer
it.
B
D
B
That's
how
it's
changing
I
mean
by
by
by
making
it
clear
that
they're
separate.
So
you
know
you
can
have
a
managed
issue
and
you
can
have
separate
role
and
you
have
separate
commands
and
you
are
not
required
to
I
mean.
Even
for
multi-tenant.
We
agreed
that
the
api
is
the
line
of
demarcation
and
you
should
not
assume
that
you
are
running
an
sdod
to
have
a
talent.
D
B
A
B
Yeah,
it's
that's
not
really.
My
concern,
I
mean
I
don't
really
care
about
that
means
because,
for
example,
in
google
probably
not
use
this
to
admin
at
all.
My
concern
is
for
users
who
are
just
using
history
to
not
be
confused
by
having
some
commands
that
have
no
effect
and
or
worse.
Who
knows
what
will
do.