►
From YouTube: Istio User Experience working group June 60 2020
Description
Istio working group meeting for the User Experience group.
B
B
B
B
Don't
think
I
can
really
do
justice
to
this
PR
or
the
poll
hole
myself.
I
added
some
comments,
feeling
that
was
insufficient
to
only
vision
for
an
argument.
There
are
more
parameters
in
PR
I
thought
that
it
needed
an
option
to
remove
a
particular
is
to
operator
CR,
and
that
would
remove
everything
associated
with
that
particular
CR,
which
I
did
not
see
and
his
command
line
stuff.
B
As
you
remember,
I
have
been
hard
at
work
on
the
commands
for
centralist
EOD
case.
Can
sto
Caudill
talked
directly
without
kubernetes
to
sto
d
and
do
things,
but
I'm
about
to
show
you
as
a
PR
that
does
that
just
for
version
and
it
was
fairly
small.
So
I
believe
this
is
the
story
that
Costin
and
john
agreed
to
last
week
that
there
will
be
two
ways
that
this
will
work.
If
there
is
essentialist
to
the
end
point,
we
will
connect
to
it
by
G
RPC.
B
B
Protocol
buffer
called
or
feature
and
called
control
plane
that
can
come
as
a
response
to
X
DX
and
we're
now
populating
that
with
double-wrapped
Jason
will
be
if
the
speed
R
emerges.
So
this
now
in
the
identifier
field.
That's
the
only
field
in
this
control,
plane
response
we
get
a
double
wrap,
JSON
or
I.
Guess
I
mean
it's
a
string.
It's
wrapped
deserialized
coming
as
a
proto
bob.
We
get
the
component
which
I've
been
setting
to
pilot.
B
Instead
of
this
Tod
read
an
ID
which
I've
been
setting
to
the
pod
name,
although
we
might
want
to
customize
that
in
the
future
to
be
the
pilot
ID,
if
that's
feasible,
and
then
we
have
the
existing
sto
build
info
struct
that
we
have
always
had
before.
So
with
this
PR.
That
is
now
being
returned,
and
with
this
other
PR
we
have
an
experimental
version
of
a
version
command
and
it
takes.
B
B
B
B
Have
a
new
multi
XDS
package
that
will
either
contact
a
single
essentialist
to
the
arrest
or
it
will
contact
via
port
forward.
All
of
the
histories
urban
areas,
cluster
to
be
defined
in
central
endpoint
communities
is
totally
out
of
the
picture,
which
should
be
great
well,
maybe
not
on
a
picture.
You
still
create
one
and
don't
use
it.
I,
don't
know
how
it's
gonna
fly
in
a
team
environment.
B
The
code
itself,
these
are
the
options
I
was
going
to
show
the
XDS
address,
certificates
which
will
be
replaced,
hopefully
with
security
that
is,
do
itself
can
do
if
we
make
that
happen
and
the
label
if
the
user
has
installed
a
special
version
of
this,
do
the
code
itself
is
fairly
tiny,
the
same
stuff
we
saw
before
I
to
query
each
shard
and
merge
them.
So,
let's
see
if
I
can
give
a
demo
of
it
now.
B
B
B
It
as
always
determine
my
manly
version.
This
build
locally
did
not
include
the
control
plan
had
been
a
fire
I
discussed
and
there
were
no
pods
running
on
this
data
plane.
So
you
don't
see
it,
but
there
had,
if
that
other
patch
had
been
here.
This
would
have
shown
the
control
play
version
and
if
they
were
pods
being
controlled,
while
my
laptop
is
2d,
the
data
plane
stuff
would
be
here.
All
the
other
commands
work.
Identically,
I
don't
make
any
changes
to
the
version.
Command
itself
is
the
same
sto
wide
version
command.
B
B
Costin
had
suggested
and
as
an
experiment,
I
implemented
it
XDS
label
so
that
you
could
supply
a
label
when
you
have
more
than
one
is
2d
in
your
sto
system,
different
control,
planes
I.
This
is
used
it
in
front
of
pods.
That
is
one
way
to
do
it.
The
other
way
to
do
it
is
you're
not
using
this
do
supplying
a
different
address
here,
so
each
X's
address
is
going
to
identify
uniquely
a
control
frame.
B
B
Thing
work
under
the
hood:
the
label
thing
works,
so
you
would
just
doesn't,
if
supplied.
So,
if
there
is
so,
if
this
is
not
supplied-
and
this
is
supplied,
it's
gonna
do
a
boo-boo
Nettie's
get
pods
in
the
sto
namespace
matching
this
label
to
identify
which
control
plant
pods
there
were
so
instead
of
sto
pilot
pre-specify
is
tod,
io,
/
canary,
so
yeah.
B
B
B
Sending
in
that
label
which
currently
defaults
to
sort
of
all
pilots
but
could
default
through
this
a
single
control,
plane
and
then
we're
going
to
this
is
just
to
get
us
to
pods.
We've
always
had
it's
going
to
give
a
list
of
pods
for
each
pod.
We
will
build
a
port
forward
or
currently
we're
sending
it
to
the
insecure
port
which
may
not
be
turned
on
unless
you
have
the
in
all
profiles.
So
once
we
have
that
security
stuff
in
we're
gonna
want
to
use
the
secure
port,
we
start
the
port
forward.
B
B
A
B
C
B
A
B
So
I
was
hoping
for
at
least
directional
responses
from
at
Causton
or
John
about
this
PR.
Maybe
they're
too
busy
I
will
try
to
bug
them
some
more
Liam.
If
you
have
anything
that
might
relate
to
how
you're
using
games
and
stuff
I
think
this
should
be
great
I
wanted
to
ask
you
sort
of
one
question
which
was
initially
I
had
passed
into
my
helper.
B
Where
is
that
code,
so
initially
I
passed
in
the
cube,
config,
cube
context
and
the
revision
so
that
within
that
code,
could
build
a
client
I
think
these
these
methods
cube
client,
whip
revision
and
stuff
I,
don't
know
what
they
sort
of
do.
If
you
don't
have
a
kubernetes,
config
I've
never
tested
it
with
that.
Is
it
I
know
they
don't
do
any
IO.
If
you
call
this,
but
they
maybe
read
it,
I
mean
they'll,
Network
IO
they
may
be
reading
your
local
configuration
I
would
guess
that's
wrong.
B
C
B
Oh
this,
this
rapper
that
I
had
written,
I'm,
not
sure
I,
I,
first
I
tried
passing
in
it
all
of
these
settings
to
build.
My
kubernetes
client
I
also
tried
passing
in
like
a
callback
like
JSON
style
like
if
there's
nothing
good
here
in
the
XDS
address,
call
the
callback
to
get
one
of
these
clients
it.
It
all
seemed
ugly,
which
made
me
think
and
I
should
bring
this
code
out
of
a
library
and
make
it
all
explicit
here,
but
that
seemed
too
ugly
too.
B
A
A
Okay,
we
last
week
so
for
those
on
the
call.
Last
week
networking
asked
us
to
start
moving
forward,
designing
a
CSDs
service,
and
actually
they
asked
us
to
start
implementing.
We
got
a
part
way
through
implementation,
wrote
a
design
doc
and
no
longer
have
consensus
with
the
networking
group.
They
are
objecting
to
the
number
of
config
dumps
that
could
potentially
be
generated
by
a
CSDs
service,
so
we're
kind
of
back
to
the
drawing
board
there.
What.
A
Client
status
discovery
service
envoy
has
defined
as
a
part
of
the
XDS
spec,
a
way
of
getting
information
like
config
dumps
and
whether
a
given
client
is
up
to
date
with
your
XDS
service,
which
are
two
of
the
key
things
that
we
like
to
do
with
this
do
cuddle,
and
so
we
would
like
to
be
able
to
do
those
in
a
way
that
is
consistent
with
how
every
other
X
DSN
envoy
installation
is
doing
it.
But
we've
got
some
objection
yeah,
so.
C
B
Ió
connections
that
Costin
sort
of
made
up
and
it
returns
sort
of
a
vast
number
of
configuration
of
each
connection.
There
seem
to
be
these
protobufs.
That
would
return
things
in
a
more
envoy
style,
but
I
think
that
the
problem
is,
we
don't
have
a
good
record
for
it.
We
just
say
that's
how
the
present
Mitch
know.
A
The
request
is
defined.
The
service
is
pretty
well
defined,
as
it's
got
requests
in
response
mode
and
streaming
mode
where
the
breakdown
is
is
that
by
default,
CSDs
returns,
not
only
the
status
of
a
connection
like
it's
synced,
it's
stale
or
it's
unknown,
or
something
on
those
lines,
but
also
all
of
the
config.
That's
intended
for
that
connection
and
the
networking
team
is
concerned
that
that
will
not
be
performance,
the
generating
that
many
config
dumps
could
be
problematic.
A
So
there's
a
number
of
possibilities
such
as
the
commit
reports
boot
matters,
so
you
can
limit
the
number
of
nodes
that
you're
collecting
data
on
I
think
eventually
what
we
may
be
able
to
get
them
to
agree
to
is
when
a
node
matcher
specifies
a
single
node,
then
we
return
a
config
dump.
Otherwise
we
return
only
status.
B
C
A
Yeah
my
thought
on
that
is
the
node
matters
that
were
allowed
specify.
It
supports
several
several
nodes.
There's
an
exact
match
or
resin
regex
max
match.
Excuse
me
prefix
as
well
as
suffix
based
matching
my
thought
is.
We
can
probably
get
the
networking
team
to
agree
that
if
a
specific
node
is
specified
with
exact
match,
though,
then
we
should
include
the
config
dump
and
perhaps,
if
it's
in
anything
but
exact
match
mode,
there
would
not
include
config
dumps
with
it
I'm,
not
sure
about
envoy
compatibility
there
as
their
tooling
is
not
yet
written.
B
C
C
A
D
They
concerned
with
the
API
in
its
duty,
implementing
the
service
or
with,
is
to
cut
all
calling
the
service
both
so
the
if
the
problem
is,
if
they're
concerned
about
this
Duty
implementing
the
service,
because
the
performance
that
is
not
common
to
sto,
based
on
what
I
understand
of
this
being
a
Envoy
service
on
go
API.
So
this
issue
it
assists
elsewhere.
D
A
Up
his
TD,
we
might
be
able
to
get
that
through
I
think
if
this
is
a
little
bit
difficult,
because
I'm
essentially
imagining
responses
based
on
our
communications
over
the
last
two
weeks,
but
I
expect
that
their
response
would
be
that
that
could
never
be
enabled
by
default.
It
would
never
move
it
out
of
move
out
of
experimental.
At
that
point,
that's.
D
Fine,
so
I
think
what
you,
maybe
what
we
can
do
is
I
think
this
is
kind
of
similar
to
it.
William
was
suggesting,
maybe
implemented
a
little
bit
differently,
but
keep
it
off
by
default
and
say
if
we
turn
it
on
by
default.
Here
are
the
numbers
they're
horrible,
because
things
just
walk
up
and
you
can
say
it's
not
a
problem
with
the
client,
because
we're
client
is
just
calling
the
API.
We
don't
have
a
sufficient
API
to
do
filtering
and
then
you
just
you
know
somebody
sends
a
PR
to
envoy
and
says:
hey.
D
Could
we
add
another
field?
Dad
know
the
field
if
they
agree
it's
a
problem
and
then
the
CLI
can
start
using
that
and
then
then
we
can
kind
of
figure
out
what
the
CLI
syntax
would
be
and
what
the
default
behavior
is
rather
than
trying
to
patch
over
it
at
the
CIA
CLI
level-
and
you
know,
have
some
heuristics
that
maybe
don't
exactly
match
the
upstream
API
and
there's
a
incompatibilities.
A
D
D
So
you
correctly
from
I
think
you
could
make
progress
there
and
figure
out
how
to
parse
things
and
what
the
right
oh
yeah
and
then
independently,
which
data
is
not
a
problem
yeah
and
then
independently
figure
out
it
make
it
perform
it,
and
once
it's
perform
it
based
on
either
a
pilot,
specific
flag
or
special
special
encoding
in
the
match,
identify
or
the
actual
stream
API
change.
Then
we
can,
you
know
optimize
the
COI.
B
Mitch
I'm
worried
about
not
getting
this
in
four
one
seven
and
then
having
these
two
ways
of
doing
things.
This
way,
which
is
the
real
SD
I/o
connections
which
I'm
been
doing
now.
Do
you
think
a
it
performant
version
of
this
that
maybe
never
returns?
The
configs
could
be
implemented
to
get
us
most
of
the
way
there.
A
Implementation,
wise
I
have
an
early
working
copy
locally,
so
I've
already
got
the
code
written
based
on
last
week's
meeting.
The
problem
is
pushing
it
through
review
and
no
I
don't
expect
that
we
could
probably
push
this
through
review
in
time
for
one
seven,
given
the
controversy
that
it's
already
kicked
up.
B
B
Centralist
UD,
the
idea
is,
we
have
to
get
rid
of
the
slash
debug,
which
will
not
exposed
and
the
slash
version
which
will
not
be
exposed
via
the
gateway.
You
want
all
the
commands
to
work
if
there's
no
port
forwarding
happening
so
this
item,
2
4,
1,
1
4
tracks
everything
that
needs
to
be
done
for
the
commands
that
talk
to
the
control
plane.
B
A
B
A
B
Make
you
do
it,
but
some
of
these
when
they're
dropped
like
it
may
not
be
a
biggish
deal
so
for
proxy
status
for
users,
who
are,
you
know,
have
their
own
sto
cluster,
we're
gonna
port
forward
into
all
the
ports.
So
it's
not
maybe
a
problem
that
we've
dropped
on
shopping
for
users
who
are
in
centralized
duty.
They're
only
gonna
see
the
status
of
their
particular
of
where
they
connect
to,
because
we
can't
just
keep
reconnecting
hoping
we
get
a
different
pilot,
so
at
least
they'll
have
some
shonali,
although
maybe
not
what
we
want
well.
A
B
When
he
had
done
this
stuff
so
I
had
this
I
had
this
my
pull
here,
this
draft
ball.
It
uses
the
connections,
thing
Costin,
put
an
axe
and
point
in
there
and
they've
been
willing
to
put
other
end
points
in
the
question.
Is
these
these
weird
events
that
are
not
documented
by
envoy
that
Costin
has
just
sort
of
made
up
I
couldn't
even
find
them
documented
in
the
wiki
or
there's
any
list
of
them
anywhere?
B
Just
for
the
error,
it
would
be
good
to
have
like
a
table
of
the
things
that
we're
allowed
to
call
from
the
client
that
are
not
public
API
is,
but
our
experimental
API
is
to
just
keep
the
client
functioning
in
one
seven
and
then
to
track
sort
of
those
I
can't
I
can't
just
say
well.
If
if
CSDs
goes
in,
then
we're
all
set,
boys
were
not
because
that
makes
this
confusing.
B
B
These
things
about
security,
so
it
does
two
things.
It
goes
up
to
envoy
to
get
the
separation
and
we're
gonna
continue
getting
that
from
envoy
in
this
version,
although
we
could
get
it
from
possibly
CSDs
and
the
control
plan
instead,
but
we
used
to
call
debug
to
get
the
authentication
stuff.
Is
it
TLS,
but
not
TFS?
They
came
from
a
debug
and
point,
so
we
I'm
gonna
be
kind
of.
D
Tonight's,
a
few
questions
about
this
four
contacts
inside
then
solely
kind
of
getting
back
into
things.
So
we've
got
three
weeks
four
weeks
until
could
complete.
We
have
two
weeks
and
code
complete
two
weeks.
Okay
and
for
central
is
DoD.
Is
that
don't
we
calling
out
like
it?
Are
we
tracking
that,
through
a
feature
stage
so
saying
like
it's
kinda
going
to
be
alpha
and
what
about
seven
or
it's
going
to
be
beta
and
production?
Look
right,
I've.
B
Been
told
it's
sort
of
works
in
one
six
and
it's
sort
of
gonna
be
alpha
in
one
seven
I
believe
okay.
So
if
the
problem
is
not
users
installing
its
operators,
IBM
wants
to
install
central
is
duty
so
that
we
can
administer
people's
clusters
correctly
without
ister
being
located
and
do
upgrades.
It
also
really
helps
with
the
multi
cluster
stuff
to
be
able
to
talk
to
estudian
one
control,
plane
and
pods
on
another
right.
D
B
So
our
documentation
says
things
like
use
proxy
status
to
check
on
the
status
of
your
proxies
and
I
was
doing
a
lot
of
experimentation
with
webassembly
writing
filters,
putting
them
in
Envoy
filters
and
if
you
screw
up
envoy
filter
the
proxy
rejects
it,
and
you
don't
know
it
except
through
proxy
status.
The
analyzer
can't
tell
it
because
it's
a
filter
is
doing
things
that
are
only
known.
It's
the
file
name
of
a
location
on
the
sidecar,
so
anyone
who's
been
using
proxy
status.
B
That
seems
to
be
the
the
big
one
Lynne
Sun
has
been
telling
me.
I
had
to
make
work,
so
people
can
know
if
their
proxies
are
good
and
that's
why
I've
been
focusing
so
hard
on
it.
It
would
be
very
frustrating
to
say
was,
since
your
cloud
provider
is
managing
your
sto
you're
not
going
to
know
if
your
envelope
filters
have
screwed
up
your
sidecars
okay,.
D
So,
if
is
tedious,
see
it
we're,
assuming
it's
going
to
be
iBM,
has
there
their
motivations,
but
putting
that
aside
for
a
moment,
if
we're
going
to
say
this
is
beta,
and
we
expect
people
to
you
know
realistically
they're
gonna
start
using
it
in
some
production
environments,
I,
don't
think
we
can
have
regression
with
fundamental
debug
tools.
So
we
either
need
to
say
that
this
needs
to
work,
or
you
can't
call
all
is
DoD.
So
let's
do
D
beta
and
what
i7,
and
so
that
either
means
you
know,
there's
proper
s.
D
We
get
the
necessary
attention
escalation
to
resolve
whatever
consensus
issues
there
are
between
groups
or
we
say,
let's
just
it's
going
to
go
and
1.8,
and
that
means
centralized.
Dod
is
going
to
be
alpha
or
maybe
there's
some
like
intermediate
intermediate
thing
that
can
kind
of
make
people
that
want
to
use
it
earlier
happy,
but
it
would
be
less
than
ideal.
D
B
B
D
Don't
know
how
to
motivate
them
by
doing
what
I
said.
I
think,
which
is
you
know
it's
getting
some
agreement,
so
other
people
say
we
don't
really
need
proxy
status.
We
can
still
everybody
agrees.
This
might
be
the
leads
are
going
to
the
TOC.
We
agree.
We
can
call
center
sto
D,
you
know
beta
whatever,
without
some
without
proxy
status.
Let
me
say
yeah
we're
cool
with
that.
Then
that's
there's
not
that
much
you
could
do
in
in
steel
cuddle.
D
There
might
be
some
like
one-off
tools
that
you
might
have
to
build,
but
there
is
agreement.
Yes,
we
are
not
going
to
call
beta
unless
we
have
that
working
pricey
stops
working
then
there's
the
two
options
we
push
out
the
beta
or
whatever
we're
calling
it
or
we
get
some.
You
know
we
get
people
to
nail
things
down
sooner,
because
really
it's
two
weeks
yeah.
D
A
A
A
D
Without
any
Israel
is
there
like,
if
you
just
if
I
wanted,
to
write
a
one-off
tool
and
I
could
maybe
decide
my
own
first
Nabisco
cuddle
to
use
I
could
ring
proxy
status.
I
could
use
it
with
central
acidity,
but
it
doesn't
require.
It
doesn't
take
a
heart
dependency
on
any
of
these
changes
in
his
DoD.
B
B
A
B
B
Internal
Jen,
that's
where
what
so
the
disconnections
are
here
and
there's
these
knacks
that
are
here
so
by
looking
at
these
necks
I
should
be
able
to
tell
which
pods
have
sort
of
rejected
the
code.
However,
I
was
unable
to
get
the
next
stuff
to
work.
There's
this
knack
thing
I!
Maybe
that
I
should
do
a
deep
dive
on
this
tomorrow
to
try
to
get
it
working.
It
seemed
not
to
work
and
maybe
start
trying
to
fix
it.
Myself.
I
was
unclear
if
Costin
would
accept
me
writing
more
of
these.
A
B
A
B
B
D
C
B
B
D
I
guess
my
concern
is
like
I
more
than
once
in
the
past
kind
of
had
this
we've
kind
of
done,
something
that's
good
enough
for
a
particularly
release,
but
it's
not
it's
not
fully
fleshed
out
and
things
aren't
maybe
not
completely.
It's
not
like
there's
a
nice
package
here
is
this
feature.
It's
fully
tested,
there's
full
CLI
support,
there's
full
control,
quite
support.
Everything's
kind
of
you.
D
Launched
so
you
say:
well,
we
have
control
pay,
support,
multiple
control
by
support
in
a
particular
version,
but
not
fully,
and
it's
you
know
it
can
may
be
confusing.
I
think
it'd
be
nice
if
we
could
kind
of
stuff
everything
at
the
same
time.
Maybe
that's
not
possible,
so
I
mean
I
would
be
generally
in
favor.
If
we
could
do
this
right
and
1.8
I
was
just
trying
to
understand
41.7,
doing
something
experimental
I
think
is
better,
might
be
confusing
to
have
to
version
commands
and
to
proxy
status
commands.
D
D
If
sharding
is
the
issue
like
you
can't
just
keep
asking
can't
you
seen
quest
and
hope
you
ventually
reach
everybody,
there
might
be
things
that
are
IBM.
Could
do
corporate
providers
Pacific
to
kind
of
mitigate
that
until
there's
better
upstream
support?
So,
for
example,
maybe
you
have
a
proxy
and
you
that
you
control
a
proxy
service.
You
call
your
XDS
connections
to
say.
Give
me
config
for
everybody
that
thing
that
you,
this
new
service
that
you
want
has
can
do
the
D
Maxime.
D
D
Just
using
the
XDS
address
flag
right,
alright,
you
see
its
fastest
single
adversary
and
then
hopefully
you
know
if
we,
if
we
get
things
together
for
1.8,
you
could
use
that
same
tool
on
call.
1.8
is
DoD
and
it's
DoD
itself
would
do
would
do
that
if
it's
simply
a
fan-out,
it's
it's
work.
Something
has
to
be
launched,
but
it's
sounds
straightforward,
you're
doing
a
query
label
you're
doing
the
same
sort
of
thing
you
would
do
on
the
client
anyway,
you're
gonna,
search
by
label
and
then
connect
each
so.
B
I
had
an
earlier
version
of
these
slides
that
showed
that,
if
have
I
may
not
have
them
now,
so
there
had
been
an
earlier
version
that
had
had
a
piece
out
here
that
sort
of
if
it
got
this
particular
request,
it
would
talk
to
all
of
these
2ds.
It
was
felt
that
that
was
confusing
and
that
it
would
be
better
if
each
is
2d
talk
to
its
siblings.
When
one
of
these
requests
came
in
sure,
and
if
that
was
HTTP,
I
would
sort
of
know
how
to
do
it.
B
When
it's
GRP
see,
I
got
a
little
confused
about
timeouts
and
what
was
gonna
happen,
but
I
could
imagine
myself
writing
that.
So
I
could
imagine
that
for
one
seven,
when
this
happens,
I'm
sort
of
subscribing
to
my
other
siblings
and
asking
them
this
question
I
think
that
would
be
possible.
I
think
Costas
liked
it.
He
wanted
these
events
to
sort
of
flow.
He
didn't
like
this
picture,
but.