Istio User Experience Working Group, 15 Sep 2020

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: Istio User Experience Working Group September 15, 2020

Description

- four UX epics for 1.8

A

So mitch and I have broken down the work items for one eight into these four categories, and that is how we are viewing our roadmap and I wanted to take everyone through what the roadmap is and who was assigned to each item and see if we think everything on this is correct. If anyone wants to volunteer for things.

A

So these are the four epics.

A

So the first epic is our traditional troubleshooting stuff. Istio cuddle commands that.

A

That work with.

A

For for the user, these are the user facing commands and I don't think the shared view of xds events is here. I mean it's got no sort of issue um or owner. I should probably I didn't mention that didn't have an order. Let me add that.

B

I've been working on that as far as ownership is concerned. Ed do.

A

You want to own it.

B

Yeah, I'm happy to own that.

A

A

Okay, so we've completed one item so far. The um uh using tokens uh now works perfectly. I believe you don't have to um do any certificate. Stuff anymore uses the secure endpoint- and I didn't put it on here, but I should that there is a new work item which I think we should do for this, which is to make that the default.

C

uh It can you can ask you: uh are the tokens also added to regular commands that you've got to go to the debug endpoint? uh There is recently some discussion about. um You know the fact that debug endpoint is insecure and and we need to either shut it down or move it to https plus tokens, because some security people complained.

C

And I think john was trying was was looking into uh into a fix for one seven or.

A

Right, so we we could. We could backport the token stuff to one seven, it's very isolated the the control plan already. Does it so the.

D

A

Could easily get that um it's got two or three line change: to make uh xds the default for version of proxy status, which are the two commands that we have working with xds and that would eliminate version. Would let us close down port 14. and proxy status? Would let us close one of the debug endpoints.

C

uh And to to clarify a bit, uh I'm not asking about uh using xds, I mean all this stuff over xds that you added I'm talking about a small patch in one seven, and I don't know how far we need to backport it where uh the debug endpoint, which is now it's on slash on 888 or 50, whatever, on the same plaintext port, it's switched to the https port and uh requires jot authentication, because the concern people had was that right now that is exposed without authentication.

C

And uh you know we could add this job authentication and move it to https with relatively small effort, without changing everything else.

A

If you put that in 172 control plane, uh I can probably put it in 172 or 173. Yes, you go okay,.

C

Let me let me check with john, because he was looking at this uh and and uh let's include between us.

A

I I don't want to start working on it until there's a daily build of the control plane. That has it because I don't want to work in parallel. Okay,.

C

I got it, I got it I'll I'll sing with him and uh yep.

A

Okay, so this wasn't on our roadmap, but I think it should be there we should um for one in it. We should definitely stop using the debugging endpoint, maybe for 172., uh and I can easily own that, although this particular one I have marked, as um I think, good first issue, I'm trying to get more people to join the work group and contribute um the make file has been marked at p0.

A

I wanted the environment's work group to take it over, since they do the make file for the other stuff. Stephen dake thinks that um istio cuddle should should make these certificates.

A

No, you agree absolutely uh do you think it should use um uh ssh libraries or should it invoke ssh commands.

C

Open said so just use the exact same code that is uh in the make file. I mean it's, uh it's it's not really easy. We already have code in in one of the utilities.

A

The make file the make file calls keygen and all that should I be doing the same thing, calling command lines or should I be calling libraries no.

C

No, no calling library, I mean reusing code that already exists because uh the code in the in the make file uh it's a reproduction of what we are doing in the in one of the libraries.

A

All right, you might.

C

You might appoint me at the library yeah.

A

C

A security tools, it's in security tools that remember in launch 1 6. We told people to use security tools some other stuff, and that was a tool that was doing this kind of stuff. It was generating I'll point you, okay,.

A

Okay, so um in theory I could do this or we can get a volunteer to do it.

C

Is for someone who worked on the make file or is familiar with this or someone from security? It doesn't have to be you personally.

A

I have looked at the make file. I could I could do it. I know how to do it um so restoring um the istio cuddle off in command is a big deal. We marked it as p0 because we get so much demand for it and the security work group was working with us. I believe, is that not what you said mitch you went there and they wanted to restore it with us.

B

uh Yes, that's a qualified. Yes, they had some ideas about how it might need to change in order to continue to be relevant, given the changes to the api, but they wanted to. They had the same commitment as we have to the use case.

A

Okay, do do they have someone who knows often better than me who can write a debug endpoint for it.

B

Assume so, but we did not talk about individual ownership, uh it was meant to be part of their roadmap. I was not able to attend their roadmap review, so it's possible they've, already assigned an owner.

A

Okay, um there's the istio cuddle issue is not linked to any issue they have. So I I put a comment asking them to take it over, but it's unclear if they just do the back end and tell me how to do the front end or if they do the front end.

B

One question that came up in that discussion was whether there is internal data from pilot needed to answer this question or whether there's sufficient information to answer it within the scope of an analyzer, especially now that analyzers share a code base with pilot and can be built off of common logic.

A

So before we before, we say that I want to say that several items down is this item. We marked as p2 to tell you what the tls configuration is by looking at ongoing configuration, so that is one possibility as um a pilot endpoint or recreating that logic ourselves.

A

um It does not matter to me where the logic is in the past, when I have tried to write code in istio, cuddle, sriram and other toc people have said it's better to put it into the control plane where it gets maintained by the real group. If you do it on your own, it's going to eventually diverge.

A

So that's my only thought on that.

B

Yeah, so their analyzers don't live inside of istio cuddle. Thankfully they they live inside of the pilot code base, uh even though we run.

D

B

Of istio cuddle, so it's a nice compromise between the two uh it's worth investigating. It may not be viable, but it's worth looking into.

A

Well I'll be happy to help in any kind of way, I'm good at writing analyzers, but I just don't know the authentic stuff yep me too,.

B

A

um Of course, that same logic will be used by us to cuddle describe uh and um we have a off z improvement that the they are already working on, and I don't know the status and I sent a message to yang yangman zoo.

A

They have several pr's that have merged, but I'm not sure it's still open. So I'm not sure if it's the and the the way it looks hasn't changed. So I don't know what the status is on that, but we have to track that down um other cli shoes. Here's what I tagged. Good first issue, which is a is to cuddle command to say the underwear version people have asked about that. What what version of envoy am I on?

A

Let's just just look at the bootstrap and report yeah you're on on my version, whatever trying to get people to start with easy things to join the group- uh and I just mentioned this idea of looking at the envoy- configuration to tell if it's strict permissive and what the root of trust is- maybe maybe I'll put the stuff from certs as well.

A

um Oh, and this I move this to the wrong place. That's why I didn't do.

A

A

And this item, which I still have not designed yet is to cuddle trace to tell if two pods can talk to each other um since it's since this is about writing some documentation and I've taken it over. I think we don't need to talk about it.

A

Okay. The next item is the.

A

Familiar tooling.

A

A

So this one merged this morning, this to your cuddle now takes or the next daily build, will take a optional type assembly. Cube cuddle does so you can say proxy status to elimination you give in, and you won't need to know the exact name of your pod, which I think is super handy.

B

And that's merged now hasn't: oh yeah. You've got the check box nevermind.

A

It merged this morning. um We had previously wanted a command to turn on and off. Injection for namespace lynn had asked for this um john howard had said. No, so I've tentatively crossed it off, but um we can decide if we want to keep this or not. Do we have opinions on this here today, minus.

A

A

It's it's easy to use. You know, cube cuddle label to turn on off injection. I'm not sure people when they are thinking about istio injection are thinking about labels to know to do that. um Maybe more discretion.

B

Is needed, I I think, maybe what's needed. There is more along the lines of an analyzer to make sure that the labels that you've specified make sense.

A

We have a label that says you haven't turned injection on um yeah. What is.

B

Naming a revision that doesn't exist, for instance,.

C

Would be so, what does it mean? Doesn't exist.

A

I originally wrote code to do that, but it only got the inventory from the control plane. So talk about that. You know okay.

A

um So let's move past this right now for for analyze, we have um jason this. uh This is yours. The line numbers is that still good.

D

Yeah, I believe so we have uh the pr merged. uh This is more about the improvements uh I would put it as a p2 uh um for now, because the functionality is there, it's just a different, uh improved developer experience for to add the line number. So it's not like a required excellent.

A

Okay, I have written and it's merged the virtual service match duplicate analyzer, which, which is nice it both reports, duplicate matches and matches that are dead because a previous match took care of them. So that should be interesting and gives us our some informational messages rather than warnings um and jason. We have um this alignment of uh messages how's that, yes,.

D

Yeah, I said think uh so we have the pr and I will I think, right now, it's it needs to be based. I will replace that and uh and work on that. I think the pr is there already excellent.

A

So the next item is to make revision unneeded in the cli.

A

So this item, for example, if you do proxy status, my pod, it doesn't know currently which control plane, if you have more than one to talk to, and this this item is for it to be able to figure that out, um it's sort of stuck right now, because there's two strategies one is: we could try to put metadata, such as a label giving the end point onto the pod that is to cuddle would use. The other is that tree rims future?

A

Pr that lets you talk to the control plane via the sidecar would be an even better way to do this, so this is sort of blocked on that.

A

B

Yeah- and I think that makes sense- and I think that's actually also along the lines of the plan for proxy status, I worked on some design with john howard this last week on ways that we might be able to avoid using that large message, bus that we discussed a few weeks ago uh and and so for proxy status. One of the ways to avoid that is actually to leverage the pods communication channel into the control plane.

A

And yeah, I think that's great. If we, um I should point out that if you look at your pods I mean take, you can just do a you know, get pods get this metadata.

A

You don't want to ask every pod, uh you don't want to talk to the xts and every pod. You want to talk to the unique xdss among your pods, so it would be great if there was something on the metadata. That would let us know um the end point or something unique about the control plane so that we wouldn't make duplicate calls. If we saw there were there was only one control plane, three pods talking to it. I don't want to ask three times and get the same answer.

A

Did you and john talk about that.

B

uh We did not, we were focused mostly on the individual pod scenario.

A

Okay, I just I want to know if two pods share the same control plane so that I can simplify that.

A

um So we have a long-standing item to list the control planes. I know casting often objects, there's two possible strategies. I see for listing the control planes um and I'm willing to do either. One one strategy is um that we put a we put a istio operator, meaningless, read-only istio operator in every cluster, that just sort of says these are the. This is a control plane that this cluster knows about, and then this command is just listing those control planes.

A

The other method is that we could look at the injectors and say we have two injectors and you have four name spaces. These are the name spaces, and these are the injectors for those namespaces. Both of those, I think, would be great.

C

You know I I want to to make to mention that we are planning to add better support for helm again entry, because a lot of customers use health tree and don't want to use this geocatal operator or this joker installed.

C

So I would prefer the second option, and also this works perfectly with externally managed uh control planes, because no matter what you need to have the mutating web hook. So if you're just watching looking at imitating webhook configs, you will get the accurate list of control planes.

A

All right, so I'm gonna I'm gonna cross off. Then the.

A

Iop method of doing this, because um I don't think the helm people are going to want to create a read-only iop. Just as information for things, I can use.

C

And also also, it is possible already to run east on other environments except kubernetes. So, uh for example, I'm only getting cloud run and there are other vms and other things where you can run deploy the study.

C

So I I think, uh yeah again an operator. The operator is particularly uh inconvenient for managed control, planes or operator based like centralized ud, because again it provides user too many too much power over the install. So I think we'll probably need to deprecate it somehow.

A

Okay, so I'm looking for a volunteer on this, who wants to either write or do an rfc for how it should look. So I think it should just sort of list your ejected namespaces and your control planes and tell you what the match is. If no one wants to do it, I can take it over.

C

So, to be careful, you mean you are going to to list mutating weapon configs and from them uh look for the name, whatever name you are using and from there you get the url of the office uh control plane, it's actually order.

C

We should be external.

A

um Yes, so some- and I'm not sure exactly if I have all the pieces together, what I want to do is let the user know which namespace having are injected, which aren't which control plane is set up for each namespace and if there's any control planes any injectors that aren't currently labeled for any name space.

C

Yeah, that's something instability solution, because that will give you all options and don't forget there is also. This is the case uh where we configure injection for everything without label. We still support it, so you can designate an a control plane to be the default and then namespaces do not have to be labeled. They will automatically be picked unless they opt out.

A

I had forgotten that so let me add that as a note right now.

C

How many people.

A

um Remind me, how do I tell that.

C

So you still look at me taking vapor configs and there is some some different filter and we can probably put an annotation or you can put something in the mutating webhook to make it easier for you so part of this design, which I think you volunteered, because so part of this design. We should you you should put some requirements on the installer of what additional metadata or annotations. You want to put there to to make it easy right. Now you get it by looking at the explicit selector, which is a bit tricky to understand.

A

Okay, that sounds great, um so mitch. um Tell me about. um Is this item is to cut a weight for for control, planes and xds, and things.

B

So this, along with the troubleshooting api and the federated view of xds, I think, will be dependent on the work that I did with john howard last week forward and you should expect to see some design docs beginning next week. I don't know if wait will be among the first design docs, but I'm not blocked.

C

Okay, what does weight mean? Really I mean uh normally. I would expect that the mutating wave will be created after the control. Plane is ready. So you why? What is the purpose of weight? Can you just look for the mechanical presence.

B

So weight has nothing to do with the readiness of a control, plane and install time. Remember. Weight allows.

C

B

When a given config has been distributed to all proxies.

C

B

It's sort of a lightweight version of status for those who do not have it enabled.

C

Okay, so what you are using.

B

Today we use the debug api. What we will begin to use is the config maps that underlie the debug api.

A

The last item under this epic is the invoice extension dashboard which we're supposed to be doing together with telemetry, and I have been going to their meetings, but we haven't started work on that yet and by the way I've been getting good at webassembly in assembly script. So if anybody is trying to do assembly script, I'm happy to talk you through it. The first day is tough.

A

So the next epic we have are those issues that we think affect cloud operators and administrators. So hopefully, this first item is the non-controversial promote community.

A

The idea is we needed rfc for a command that rewrites the injector config maps so that they handle the default label and restarts the pods that have a sidecar um that are run by that control, plane certificate say your booking info and your default name. Space are on control, plane, master and consultant canary. Has your http bin quad?

A

If you were to say canary, is the new master.

A

We want to restart the um do a cube, cuddle, roll out type operation uh after rewriting the injector config map, so that uh or the web hook and the config map so that it gets picked up so that it restarts all of your old stuff on the canary canary becomes a new master, we're looking for volunteers and we're hoping that someone who works well with environments, which probably is me, but if anyone wants to do this, let me know.

B

Yeah and I've been looking, I've been talking with martin about stuff along these lines. I think I can put my name down on this one. um I I don't know that we necessarily want to restart the pods on behalf of the user that that's usually a dangerous operation, but rather report to the user, which pause need to be restarted and maybe even give them an example command on how to do that.

A

I was thinking along the lines of a roll out minus true, like we need an optional flag to restart them, but you're right. It may be that this thing just says um it: maybe it outputs the yaml to restart something or the bash, to restart something, and um you just paste it in you just pipe it into your cubecode or something.

B

In particular, promoting a canary is not an atomic operation right. There's, multiple steps to it, so I think, what's valuable is providing visibility to the user of okay. Here are the steps and here's where you are in the process.

A

And maybe here's the pods that aren't yet on the canary, so we have this. We have these great proxy status that lists all the pods that are on a canary, but there's no way to list all the positive namespace and say which control plan is doing them right. I mean it'd be great if there was a way to add that as a column to get um get pods um and in theory you could edit with a custom column, but there's no metadata. That tells you which, which control pin you have okay.

A

The next item is um the control plan health check. um We have a work item for the uh control plan. Health check um I own it. I haven't yet synced with john, um but that's the plan.

A

um This item admin can non-destructively upgrade control planes. um This item is, is not about the stuff that lin was talking about last week, where a user wants to make some changes to some things, but not deploy a new control plane. This is for administrators, who want to pick up any customizations from their current cluster and use that as their is to operator. So this option is just to add this profile from cluster boolean.

A

That sort of says go out and get my current configuration and try to use that it should just be a few lines of code, but it's not going to be the default because um many people hate it.

A

Many people feel you should always create from a well-known checked and diversion control.

A

And we have one small item which is to set the log level on the control plane. uh Nobody has it, it looks pretty simple people are saying it's just um some sort of uh some sort of put. I don't know if anyone wants to take this over. I would love for a volunteer to step forward.

A

And if not, I will take it over.

B

That is the idea there to restart the con to restart the control plane with a new log level.

A

You know, I think, control z already does this right, so I think it's, this command line version of setting the log level without restarting the control plane.

B

And that's not going to be removed with the removal of the debug api costing.

A

So it's on the control z on point right, I mean, isn't, um isn't uh 9876 that controls the endpoint.

C

uh Control z is the same situation with debug. We can preserve it, we can keep using it if you put the jot in in the http command.

A

Will the job be in the seo cuddle for control z and when will it be coming.

C

uh So there is your catalog, I mean there are two sides: one is on the server side. What's the joke right so on this end, right so on the server side yeah, let me check with john.

C

But at this point I think the thinking of this in environments, or at least between me and john, I don't know, get to generalize, but uh is that for one eight we still have the debug. We cannot remove it because too many people depend, but we are going to require jordan tls for it or is your or cube proxy if you, because it will also be bound on port uh localhost on the old port.

C

Okay- and I think ctrl z can follow the same as the same pattern.

A

Okay, that's good to know and when, if there is an issue for it on the control plane, I will link that issue to this item. Okay, but I think people will like that.

A

Okay, the last epic we have today.

A

Is the troubleshooting features which are mostly owned by mitch, so we made the only must-have to make this approved document, and this item is old enough that it was owned by the gang of three you mitch messenthalam.

A

Do do we still think this is the right group to make this document mitch. Do you want to make one first and have us review it or how do we want to proceed on this item?.

B

Yeah, I can take ownership of that.

A

A

And do we have an eta on when we might review that at one of these meetings.

B

uh It will probably encompass a few documents because, like I said these things are tied together between the troubleshooting api, some of the commands. We want to write that sort of thing, but I expect you should begin to see the first, uh the first of the documents next week.

A

Excellent, so put it on our calendar to review as soon as we can.

A

We have made just to the p2 if we can get it done implementing that uh api.

A

I think we have two work items for that, so we have this one, um just sort of create this api and this one to make a mvp of it. I'm not sure one or both of these are needed so mitch you could. You could clean up this particular issue. If these are the same thing or if they're different, you could put more words about it.

B

A

And the last item on this epic is distribution status.

A

Which we made a p1 is that still a p1 and the the link that I have for this links to the perf test of it not to anything about distribution itself.

B

Okay, yeah. Excuse me, that's probably a mistake on my part. I will try to get an uh overall issue tracking work on distribution status.

A

A

So we have completed everything on the agenda.

A

um I believe we are done. um Does anyone have any other items they want to schedule for next week or the rest of the month.

A

Okay, well, thank you. Everyone.

B

A

B