►
From YouTube: Istio User Experience Working Group September 15, 2020
Description
- four UX epics for 1.8
A
So
mitch
and
I
have
broken
down
the
work
items
for
one
eight
into
these
four
categories,
and
that
is
how
we
are
viewing
our
roadmap
and
I
wanted
to
take
everyone
through
what
the
roadmap
is
and
who
was
assigned
to
each
item
and
see
if
we
think
everything
on
this
is
correct.
If
anyone
wants
to
volunteer
for
things.
A
A
A
Okay,
so
we've
completed
one
item
so
far.
The
using
tokens
now
works
perfectly.
I
believe
you
don't
have
to
do
any
certificate.
Stuff
anymore
uses
the
secure
endpoint-
and
I
didn't
put
it
on
here,
but
I
should
that
there
is
a
new
work
item
which
I
think
we
should
do
for
this,
which
is
to
make
that
the
default.
C
It
can
you
can
ask
you:
are
the
tokens
also
added
to
regular
commands
that
you've
got
to
go
to
the
debug
endpoint?
There
is
recently
some
discussion
about.
You
know
the
fact
that
debug
endpoint
is
insecure
and
and
we
need
to
either
shut
it
down
or
move
it
to
https
plus
tokens,
because
some
security
people
complained.
C
And
I
think
john
was
trying
was
was
looking
into
into
a
fix
for
one
seven
or.
A
D
A
Could
easily
get
that
it's
got
two
or
three
line
change:
to
make
xds
the
default
for
version
of
proxy
status,
which
are
the
two
commands
that
we
have
working
with
xds
and
that
would
eliminate
version.
Would
let
us
close
down
port
14.
and
proxy
status?
Would
let
us
close
one
of
the
debug
endpoints.
C
And
to
to
clarify
a
bit,
I'm
not
asking
about
using
xds,
I
mean
all
this
stuff
over
xds
that
you
added
I'm
talking
about
a
small
patch
in
one
seven,
and
I
don't
know
how
far
we
need
to
backport
it
where
the
debug
endpoint,
which
is
now
it's
on
slash
on
888
or
50,
whatever,
on
the
same
plaintext
port,
it's
switched
to
the
https
port
and
requires
jot
authentication,
because
the
concern
people
had
was
that
right
now
that
is
exposed
without
authentication.
C
And
you
know
we
could
add
this
job
authentication
and
move
it
to
https
with
relatively
small
effort,
without
changing
everything
else.
A
If
you
put
that
in
172
control
plane,
I
can
probably
put
it
in
172
or
173.
Yes,
you
go
okay,.
C
Let
me
let
me
check
with
john,
because
he
was
looking
at
this
and
and
let's
include
between
us.
A
A
Okay,
so
this
wasn't
on
our
roadmap,
but
I
think
it
should
be
there
we
should
for
one
in
it.
We
should
definitely
stop
using
the
debugging
endpoint,
maybe
for
172.,
and
I
can
easily
own
that,
although
this
particular
one
I
have
marked,
as
I
think,
good
first
issue,
I'm
trying
to
get
more
people
to
join
the
work
group
and
contribute
the
make
file
has
been
marked
at
p0.
A
I
wanted
the
environment's
work
group
to
take
it
over,
since
they
do
the
make
file
for
the
other
stuff.
Stephen
dake
thinks
that
istio
cuddle
should
should
make
these
certificates.
A
No,
you
agree
absolutely
do
you
think
it
should
use
ssh
libraries
or
should
it
invoke
ssh
commands.
C
Open
said
so
just
use
the
exact
same
code
that
is
in
the
make
file.
I
mean
it's,
it's
it's
not
really
easy.
We
already
have
code
in
in
one
of
the
utilities.
C
No,
no
calling
library,
I
mean
reusing
code
that
already
exists
because
the
code
in
the
in
the
make
file
it's
a
reproduction
of
what
we
are
doing
in
the
in
one
of
the
libraries.
A
C
A
Okay,
so
in
theory
I
could
do
this
or
we
can
get
a
volunteer
to
do
it.
C
A
I
have
looked
at
the
make
file.
I
could
I
could
do
it.
I
know
how
to
do
it
so
restoring
the
istio
cuddle
off
in
command
is
a
big
deal.
We
marked
it
as
p0
because
we
get
so
much
demand
for
it
and
the
security
work
group
was
working
with
us.
I
believe,
is
that
not
what
you
said
mitch
you
went
there
and
they
wanted
to
restore
it
with
us.
B
A
B
Assume
so,
but
we
did
not
talk
about
individual
ownership,
it
was
meant
to
be
part
of
their
roadmap.
I
was
not
able
to
attend
their
roadmap
review,
so
it's
possible
they've,
already
assigned
an
owner.
A
Okay,
there's
the
istio
cuddle
issue
is
not
linked
to
any
issue
they
have.
So
I
I
put
a
comment
asking
them
to
take
it
over,
but
it's
unclear
if
they
just
do
the
back
end
and
tell
me
how
to
do
the
front
end
or
if
they
do
the
front
end.
A
So
before
we
before,
we
say
that
I
want
to
say
that
several
items
down
is
this
item.
We
marked
as
p2
to
tell
you
what
the
tls
configuration
is
by
looking
at
ongoing
configuration,
so
that
is
one
possibility
as
a
pilot
endpoint
or
recreating
that
logic
ourselves.
A
It
does
not
matter
to
me
where
the
logic
is
in
the
past,
when
I
have
tried
to
write
code
in
istio,
cuddle,
sriram
and
other
toc
people
have
said
it's
better
to
put
it
into
the
control
plane
where
it
gets
maintained
by
the
real
group.
If
you
do
it
on
your
own,
it's
going
to
eventually
diverge.
B
B
Of
istio
cuddle,
so
it's
a
nice
compromise
between
the
two
it's
worth
investigating.
It
may
not
be
viable,
but
it's
worth
looking
into.
B
A
A
They
have
several
pr's
that
have
merged,
but
I'm
not
sure
it's
still
open.
So
I'm
not
sure
if
it's
the
and
the
the
way
it
looks
hasn't
changed.
So
I
don't
know
what
the
status
is
on
that,
but
we
have
to
track
that
down
other
cli
shoes.
Here's
what
I
tagged.
Good
first
issue,
which
is
a
is
to
cuddle
command
to
say
the
underwear
version
people
have
asked
about
that.
What
what
version
of
envoy
am
I
on?
A
Let's
just
just
look
at
the
bootstrap
and
report
yeah
you're
on
on
my
version,
whatever
trying
to
get
people
to
start
with
easy
things
to
join
the
group-
and
I
just
mentioned
this
idea
of
looking
at
the
envoy-
configuration
to
tell
if
it's
strict
permissive
and
what
the
root
of
trust
is-
maybe
maybe
I'll
put
the
stuff
from
certs
as
well.
A
Oh,
and
this
I
move
this
to
the
wrong
place.
That's
why
I
didn't
do.
A
A
And
this
item,
which
I
still
have
not
designed
yet
is
to
cuddle
trace
to
tell
if
two
pods
can
talk
to
each
other
since
it's
since
this
is
about
writing
some
documentation
and
I've
taken
it
over.
I
think
we
don't
need
to
talk
about
it.
A
A
A
It
merged
this
morning.
We
had
previously
wanted
a
command
to
turn
on
and
off.
Injection
for
namespace
lynn
had
asked
for
this
john
howard
had
said.
No,
so
I've
tentatively
crossed
it
off,
but
we
can
decide
if
we
want
to
keep
this
or
not.
Do
we
have
opinions
on
this
here
today,
minus.
A
A
B
A
A
So
let's
move
past
this
right
now
for
for
analyze,
we
have
jason
this.
This
is
yours.
The
line
numbers
is
that
still
good.
D
Yeah,
I
believe
so
we
have
the
pr
merged.
This
is
more
about
the
improvements
I
would
put
it
as
a
p2
for
now,
because
the
functionality
is
there,
it's
just
a
different,
improved
developer
experience
for
to
add
the
line
number.
So
it's
not
like
a
required
excellent.
A
Okay,
I
have
written
and
it's
merged
the
virtual
service
match
duplicate
analyzer,
which,
which
is
nice
it
both
reports,
duplicate
matches
and
matches
that
are
dead
because
a
previous
match
took
care
of
them.
So
that
should
be
interesting
and
gives
us
our
some
informational
messages
rather
than
warnings
and
jason.
We
have
this
alignment
of
messages
how's
that,
yes,.
D
Yeah,
I
said
think
so
we
have
the
pr
and
I
will
I
think,
right
now,
it's
it
needs
to
be
based.
I
will
replace
that
and
and
work
on
that.
I
think
the
pr
is
there
already
excellent.
A
So
this
item,
for
example,
if
you
do
proxy
status,
my
pod,
it
doesn't
know
currently
which
control
plane,
if
you
have
more
than
one
to
talk
to,
and
this
this
item
is
for
it
to
be
able
to
figure
that
out,
it's
sort
of
stuck
right
now,
because
there's
two
strategies
one
is:
we
could
try
to
put
metadata,
such
as
a
label
giving
the
end
point
onto
the
pod
that
is
to
cuddle
would
use.
The
other
is
that
tree
rims
future?
B
Yeah-
and
I
think
that
makes
sense-
and
I
think
that's
actually
also
along
the
lines
of
the
plan
for
proxy
status,
I
worked
on
some
design
with
john
howard
this
last
week
on
ways
that
we
might
be
able
to
avoid
using
that
large
message,
bus
that
we
discussed
a
few
weeks
ago
and
and
so
for
proxy
status.
One
of
the
ways
to
avoid
that
is
actually
to
leverage
the
pods
communication
channel
into
the
control
plane.
A
And
yeah,
I
think
that's
great.
If
we,
I
should
point
out
that
if
you
look
at
your
pods
I
mean
take,
you
can
just
do
a
you
know,
get
pods
get
this
metadata.
A
You
don't
want
to
ask
every
pod,
you
don't
want
to
talk
to
the
xts
and
every
pod.
You
want
to
talk
to
the
unique
xdss
among
your
pods,
so
it
would
be
great
if
there
was
something
on
the
metadata.
That
would
let
us
know
the
end
point
or
something
unique
about
the
control
plane
so
that
we
wouldn't
make
duplicate
calls.
If
we
saw
there
were
there
was
only
one
control
plane,
three
pods
talking
to
it.
I
don't
want
to
ask
three
times
and
get
the
same
answer.
A
So
we
have
a
long-standing
item
to
list
the
control
planes.
I
know
casting
often
objects,
there's
two
possible
strategies.
I
see
for
listing
the
control
planes
and
I'm
willing
to
do
either.
One
one
strategy
is
that
we
put
a
we
put
a
istio
operator,
meaningless,
read-only
istio
operator
in
every
cluster,
that
just
sort
of
says
these
are
the.
This
is
a
control
plane
that
this
cluster
knows
about,
and
then
this
command
is
just
listing
those
control
planes.
A
C
So
I
would
prefer
the
second
option,
and
also
this
works
perfectly
with
externally
managed
control
planes,
because
no
matter
what
you
need
to
have
the
mutating
web
hook.
So
if
you're
just
watching
looking
at
imitating
webhook
configs,
you
will
get
the
accurate
list
of
control
planes.
A
Iop
method
of
doing
this,
because
I
don't
think
the
helm
people
are
going
to
want
to
create
a
read-only
iop.
Just
as
information
for
things,
I
can
use.
C
And
also
also,
it
is
possible
already
to
run
east
on
other
environments
except
kubernetes.
So,
for
example,
I'm
only
getting
cloud
run
and
there
are
other
vms
and
other
things
where
you
can
run
deploy
the
study.
C
So
I
I
think,
yeah
again
an
operator.
The
operator
is
particularly
inconvenient
for
managed
control,
planes
or
operator
based
like
centralized
ud,
because
again
it
provides
user
too
many
too
much
power
over
the
install.
So
I
think
we'll
probably
need
to
deprecate
it
somehow.
A
C
So,
to
be
careful,
you
mean
you
are
going
to
to
list
mutating
weapon
configs
and
from
them
look
for
the
name,
whatever
name
you
are
using
and
from
there
you
get
the
url
of
the
office
control
plane,
it's
actually
order.
A
Yes,
so
some-
and
I'm
not
sure
exactly
if
I
have
all
the
pieces
together,
what
I
want
to
do
is
let
the
user
know
which
namespace
having
are
injected,
which
aren't
which
control
plane
is
set
up
for
each
namespace
and
if
there's
any
control
planes
any
injectors
that
aren't
currently
labeled
for
any
name
space.
C
Yeah,
that's
something
instability
solution,
because
that
will
give
you
all
options
and
don't
forget
there
is
also.
This
is
the
case
where
we
configure
injection
for
everything
without
label.
We
still
support
it,
so
you
can
designate
an
a
control
plane
to
be
the
default
and
then
namespaces
do
not
have
to
be
labeled.
They
will
automatically
be
picked
unless
they
opt
out.
C
So
you
still
look
at
me
taking
vapor
configs
and
there
is
some
some
different
filter
and
we
can
probably
put
an
annotation
or
you
can
put
something
in
the
mutating
webhook
to
make
it
easier
for
you
so
part
of
this
design,
which
I
think
you
volunteered,
because
so
part
of
this
design.
We
should
you
you
should
put
some
requirements
on
the
installer
of
what
additional
metadata
or
annotations.
You
want
to
put
there
to
to
make
it
easy
right.
Now
you
get
it
by
looking
at
the
explicit
selector,
which
is
a
bit
tricky
to
understand.
A
Okay,
that
sounds
great,
so
mitch.
Tell
me
about.
Is
this
item
is
to
cut
a
weight
for
for
control,
planes
and
xds,
and
things.
B
So
this,
along
with
the
troubleshooting
api
and
the
federated
view
of
xds,
I
think,
will
be
dependent
on
the
work
that
I
did
with
john
howard
last
week
forward
and
you
should
expect
to
see
some
design
docs
beginning
next
week.
I
don't
know
if
wait
will
be
among
the
first
design
docs,
but
I'm
not
blocked.
C
B
C
B
A
The
last
item
under
this
epic
is
the
invoice
extension
dashboard
which
we're
supposed
to
be
doing
together
with
telemetry,
and
I
have
been
going
to
their
meetings,
but
we
haven't
started
work
on
that
yet
and
by
the
way
I've
been
getting
good
at
webassembly
in
assembly
script.
So
if
anybody
is
trying
to
do
assembly
script,
I'm
happy
to
talk
you
through
it.
The
first
day
is
tough.
A
A
The
idea
is
we
needed
rfc
for
a
command
that
rewrites
the
injector
config
maps
so
that
they
handle
the
default
label
and
restarts
the
pods
that
have
a
sidecar
that
are
run
by
that
control,
plane
certificate
say
your
booking
info
and
your
default
name.
Space
are
on
control,
plane,
master
and
consultant
canary.
Has
your
http
bin
quad?
A
We
want
to
restart
the
do
a
cube,
cuddle,
roll
out
type
operation
after
rewriting
the
injector
config
map,
so
that
or
the
web
hook
and
the
config
map
so
that
it
gets
picked
up
so
that
it
restarts
all
of
your
old
stuff
on
the
canary
canary
becomes
a
new
master,
we're
looking
for
volunteers
and
we're
hoping
that
someone
who
works
well
with
environments,
which
probably
is
me,
but
if
anyone
wants
to
do
this,
let
me
know.
B
Yeah
and
I've
been
looking,
I've
been
talking
with
martin
about
stuff
along
these
lines.
I
think
I
can
put
my
name
down
on
this
one.
I
I
don't
know
that
we
necessarily
want
to
restart
the
pods
on
behalf
of
the
user
that
that's
usually
a
dangerous
operation,
but
rather
report
to
the
user,
which
pause
need
to
be
restarted
and
maybe
even
give
them
an
example
command
on
how
to
do
that.
A
I
was
thinking
along
the
lines
of
a
roll
out
minus
true,
like
we
need
an
optional
flag
to
restart
them,
but
you're
right.
It
may
be
that
this
thing
just
says
it:
maybe
it
outputs
the
yaml
to
restart
something
or
the
bash,
to
restart
something,
and
you
just
paste
it
in
you
just
pipe
it
into
your
cubecode
or
something.
B
A
And
maybe
here's
the
pods
that
aren't
yet
on
the
canary,
so
we
have
this.
We
have
these
great
proxy
status
that
lists
all
the
pods
that
are
on
a
canary,
but
there's
no
way
to
list
all
the
positive
namespace
and
say
which
control
plan
is
doing
them
right.
I
mean
it'd
be
great
if
there
was
a
way
to
add
that
as
a
column
to
get
get
pods
and
in
theory
you
could
edit
with
a
custom
column,
but
there's
no
metadata.
That
tells
you
which,
which
control
pin
you
have
okay.
A
The
next
item
is
the
control
plan
health
check.
We
have
a
work
item
for
the
control
plan.
Health
check
I
own
it.
I
haven't
yet
synced
with
john,
but
that's
the
plan.
A
This
item
admin
can
non-destructively
upgrade
control
planes.
This
item
is,
is
not
about
the
stuff
that
lin
was
talking
about
last
week,
where
a
user
wants
to
make
some
changes
to
some
things,
but
not
deploy
a
new
control
plane.
This
is
for
administrators,
who
want
to
pick
up
any
customizations
from
their
current
cluster
and
use
that
as
their
is
to
operator.
So
this
option
is
just
to
add
this
profile
from
cluster
boolean.
A
A
And
we
have
one
small
item
which
is
to
set
the
log
level
on
the
control
plane.
Nobody
has
it,
it
looks
pretty
simple
people
are
saying
it's
just
some
sort
of
some
sort
of
put.
I
don't
know
if
anyone
wants
to
take
this
over.
I
would
love
for
a
volunteer
to
step
forward.
A
So
it's
on
the
control
z
on
point
right,
I
mean,
isn't,
isn't
9876
that
controls
the
endpoint.
C
Control
z
is
the
same
situation
with
debug.
We
can
preserve
it,
we
can
keep
using
it
if
you
put
the
jot
in
in
the
http
command.
C
So
there
is
your
catalog,
I
mean
there
are
two
sides:
one
is
on
the
server
side.
What's
the
joke
right
so
on
this
end,
right
so
on
the
server
side
yeah,
let
me
check
with
john.
C
But
at
this
point
I
think
the
thinking
of
this
in
environments,
or
at
least
between
me
and
john,
I
don't
know,
get
to
generalize,
but
is
that
for
one
eight
we
still
have
the
debug.
We
cannot
remove
it
because
too
many
people
depend,
but
we
are
going
to
require
jordan
tls
for
it
or
is
your
or
cube
proxy
if
you,
because
it
will
also
be
bound
on
port
localhost
on
the
old
port.
A
A
B
It
will
probably
encompass
a
few
documents
because,
like
I
said
these
things
are
tied
together
between
the
troubleshooting
api,
some
of
the
commands.
We
want
to
write
that
sort
of
thing,
but
I
expect
you
should
begin
to
see
the
first,
the
first
of
the
documents
next
week.
A
I
think
we
have
two
work
items
for
that,
so
we
have
this
one,
just
sort
of
create
this
api
and
this
one
to
make
a
mvp
of
it.
I'm
not
sure
one
or
both
of
these
are
needed
so
mitch
you
could.
You
could
clean
up
this
particular
issue.
If
these
are
the
same
thing
or
if
they're
different,
you
could
put
more
words
about
it.
B
B
Okay,
yeah.
Excuse
me,
that's
probably
a
mistake
on
my
part.
I
will
try
to
get
an
overall
issue
tracking
work
on
distribution
status.