►
From YouTube: Optional Sidecar? A Tour of Cilium Service Mesh
Description
Cilium 1.12 reached GA, which introduced Cilium Service Mesh with optional sidecars. In this livestream, Denis, creator of the envoy UI tool, who has been debugging Envoy and Istio across many releases will share his most recent experience in exploring Cilium Service Mesh with live demos!
Check out this blog: https://www.solo.io/blog/cilium-service-mesh-in-action/ for demo steps!
#istio #envoy #cilium
A
Hi
everybody
good
morning
good
afternoon,
wherever
you
are
welcome
to
our
hood
episode,
34,
where
we
are
going
to
discuss
optional
cyca,
a
tour
of
psyllium
surface
mesh,
pseudium
1.12
reached
ga.
So
congratulations
to
the
entire
australian
team.
One
of
the
interesting
feature
introduced
in
this
release
is
psyllium
service
mesh
with
optional
cycas.
A
So
in
this
live
stream
I
am
so
happy
to
have
denis
join
me.
He
is
the
creator
of
the
envoy
ui
tool.
So
if
you
recall,
I
think,
denis
you
were
back
at
24.
I
think
of
hood,
where
you
and
greg
right
were
giving
us
a
presentation
and
demo
about
your
envoy,
ui,
2
and
greg's
ingot
tool,
so
you've
been
debugging
envoy
and
seo
across
many
releases,
so
he's
going
to
show
us
a
live
demo
and
share
his
experience
of
exploring
selling
service
mesh.
B
So
hi
everyone,
so
I
am
donating.
I
am
based
in
paris
and
I
am
the
director
of
field
engineering
team
in
emea,
at
solo,
dot,
io.
A
Awesome,
I
am
so
excited
to
have
you
and
paris,
that's
like
a
dream
city
for
many
of
us
to
go
to
to
vacation
or
even
live
there,
so
that's
totally
cool
so
before
we
get
to
the
episode.
I
just
want
to
briefly
share
two
of
the
news
I
heard
recently
so
the
first
one
is
the
team
that
started
cloud.com
cloud
stack
and
rancher.
They
are
back
with
a
new
company
that
produced
kubernetes
tools,
so
this
company
called
aqua
maps
so
check
them
out.
It's
it's
pretty
interesting.
A
The
next
news
I
want
to
share
is
about
my
blog.
So
for
some
of
you
know,
I
had
a
blog
to
compare
layer,
7
policy
between
psyllium
and
the
istio,
so
that
blog
unfortunately
was
taken
down
from
cncf,
so
we
did
publish
that
blog
on
solo.I
o
for
folks
who
are
looking
for
their
blog,
and
I
also
publish
a
follow
on
blog
just
trying
to
explain
which
you
are
how
network
cash-based
identity
could
potentially
be
mistaken.
So
there
are
steps
in
the
blog
if
you're
interested
to
try
them.
A
A
So
the
first
thing
I
want
to
ask
you
dini
is
that
you
know,
I
think
you
and
I
both
have
a
very
strong
service
mesh
background
right.
So
to
me,
service
mesh
provides
three
key
functionalities,
connect,
secure
and
observe
right.
So
what
other
functions?
Have
you
tried
with
celium
service
mesh.
B
So
what
I
did
is
like
I
agree
with
you
like
it's.
You
know
composed
of
many
components
right
like
if
you
look
at
cdm,
for
example,
herbal
provides
observability,
and
you
could
put
that
you
know
in
that
bucket
right.
What
I
did
is
really
focus
on
what
the
cdm
documentation
is
putting
in
the
service
mesh
category
right
and.
A
B
And
what's
new
right?
Basically,
that's
also,
you
know
what's
interesting
here
right.
So
if
you
look
at
the
cdm
documentation-
and
I
will
show
you
that
in
a
minute
basically,
the
service
mesh
is
composed
of
two
main
features
like
the
ingress
and
the
traffic
management
like
l7
traffic
management
right.
So
these
are
the
two
topics
I
focused
on.
A
B
A
B
B
If
you
go
into
getting
started,
you
know
things
are
in
different
and
you
have
an
observability.
You
know
chapter
right
that
could
be
potentially
part
of
the
mesh
right,
but
what
is
called
service
mesh?
You
incident
is
really
these
two
components
right:
the
ingress
support
and
the
l7
traffic
management.
So
that's
that's
where
I
focused
my
okay
experimentation.
A
B
You
would
need
in
a
mesh
right,
but
but
there
are
some,
you
know
some
components
there
as
well
right.
A
Yeah
they
have
party
encryption
if
you
enable
wild
guard
or
ipsec.
Certainly,
it's
network
cache
based
identity
right.
So
it's
not
mature
tls,
like
what
istio
has.
B
In
that
case,
it's
leveraging
envoy
behind
the
scene
yeah,
but
there
are,
there
are
some
limitations
in
the
l7
in
the
in
the
rules.
You
can
create.
Let's
say.
A
Yep,
okay,
so
let's
focus
on
psyllium
service
mesh
and
particularly
on
the
connect
feature,
since
that's
the
documentation,
particularly
about
so
I
guess
I
you
know,
I
haven't
personally
played
with
it
myself,
so
I
want
to
ask
you,
you
know
how's,
your
experience.
Can
you
share
with
us
your
learning
journey
if
you're
open
to
share.
B
Yeah
sure
I
mean
I
I
think
I
will
go.
You
know,
step
by
step
so
that
I
think
everyone
kind
of
get
the
same
experience
I
got,
but
without
the
pain
of
you
know,
setting
up
everything,
so
that's
should
be
a
way
for
people
to
very
quickly.
B
You
know
understand:
what's
what
you
can
do
with
it,
so
I
already
created
my
gk
cluster
and
you
have
to
use
this
node
tense
here
when
you
want
to
install
serium
later
and
then
you
have
the
celium
cli.
That
is
quite
nice
because
it
detects
basically
the
environment
and
will
automatically
you
know,
deploy
serium
based
on
this
environment,
so
here
it
will
detect
that
this
is
gke
and
it
needs
to
do
things
in
a
particular
way
and
you
can
see
here.
B
What
I
did
is
that
I
I
set
this
value
the
hand
value
like
ingress
controller,
enabled
right.
So
that
means
that
now
you
know
when
you
I
use
this
command,
I
should
be
able
to
use
this
new
english
functionality
that
is
described
here,
basically
and
and
feel
free
to
interrupt
me.
If
you
have
questions,
but
the
first
thing
I
did
when
I
I
deployed
it
right,
I
was
like
okay.
Let
me
check
what's
happening
there
right.
B
What's
you
know
what's
going
on
and
especially
on
the
serium
components
right,
so
I
can
see
here
I
have
my
serium.
You
know,
demon
set,
that's
create
like
a
serium
pod
on
each
node
right
yeah.
I
have
signals,
and
I
have
the
operator
component,
which
is
having
multiple
holes
in
the
life
cycle
of
cdm
itself.
You
know
watching
some
objects
in
kubernetes
and
you
know
doing
some
maintenance
behind
the
scene
and
so
on
right
and
when
I
did
that
I
was
you
know
when
I
ran
this
command.
B
A
So
can
I
ask
a
quick
question
so
I
know
so:
I've
been
still
selling
myself.
I've
played
with
layer,
7
policy,
so
one
thing
I
noticed
new
is
the
psyllium
node
in
need.
Is
that
related
to
the
ingress?
You
are
enabled
no.
B
You,
and
so
so,
if
now
I
go
to
you
know
tube
system,
and
I
go
to
this.
You
know
one
of
the
part
of
the
one
of
the
psyllium
pod
right,
the
thing
that
you
can
notice
here
that
there
is
this
serium
android
that
is
started
yeah,
because
I
enabled
the
english
controller
option.
B
I
don't
know
if
some
people
have
already
joined
the
cdm
workshop
that
we
are
delivering
regularly,
but
in
this
workshop
we
explained
that
when
you,
when
you
create
like
a
cdm
network
policy
at
the
l7,
it
automatically
start
this
cdma
envoy
to
enforce
it
right
because
everything
l7
in
serium
is
enforced
on
envoy.
B
So
here
what
you
see
is
that
as
soon
as
I
enable
the
ingress
controller
option,
it
starts
envoy
in
all
these
demon
set
pods
right.
So
all
the
all
the
syrian
pods
have
the
envoy
running
from
the
beginning.
It
doesn't
come
yet,
but
it's
there
right.
Okay,.
A
So
I
could
have
two
ways
to
kind
of
activate
this
component
inside
of
the
ceiling
pod.
One
way
is
through
a
layer,
seven
policy
office
land
like
the
lab.
You
were
mentioning.
The
other
way
is
through
that
helm
parameter.
You
just
show
to
enable
the
ingress.
Is
that
correct.
A
B
It
does
is
that
it
will
kind
of
deploy
this
component
because
it
needs
it
right,
but
I
I
like
that
because
I
know
that
for
a
lot
of
people,
it's
a
little
bit
confusing
because
envoy
is
there,
but
you
don't
really
see
it
here.
You
don't
really
see.
A
B
It's
really
just
like
a
process
that
is
started
inside
the
container
right,
which
is
kind
of
an
anti-pattern
to
what
you
looking
you
find
in
kubernetes
in
general,
where
you
try
not
to
have
multiple.
You
know,
processes
in
in
the
same
container
right.
So
that's
why
I
I
like
that,
because
it's
not
natural
for
user
to
find
where
envoy
is
running
right.
People
are
looking
for.
Oh
perhaps
there
is
a
pod
or
like
an
envoy,
pod
or
or
at
least
a
container
in
the
cdm
pod.
But
that's
not
the
case
right.
A
B
Yeah
exactly
and
then
the
other
thing
that
I
was
expecting
a
little
bit
as
well
was
to
find
like
a
cubanity
service
that
represents
my
ingress
rate.
So
let's
say
you
deploy
like
even
if
it's
not
involved
right.
Let's
say
you
deploy
like
the.
A
B
Controller,
for
example,
right
yeah,
then
what
will
happen
is
that
you
will
have
a
an
nginx
instance
that
will
run
right
and
you
will
have
a
service
that
will
be
created
and
this
service
will
be
by
default,
like
a
service
type
load
balancer
with
an
external
ip
to
access
it
right
and
even
before
you
start
to
generate
an
english
code.
You
already
have
this
service
created
and
you
can
already
know
how
you
will
be
able
to
access
your
object
later
right,
but
here
there
is
no
such
service.
B
B
I
have
no
service
for
the
gk
default
ingress
right
and
if
I
would
create
an
ingress,
it
would
create
a
service
right,
but
you
will
see
later
that
then
there
are
some
issues
with
this
with
this
approach,
but
in
any
case,
what
I'm
going
to
do
right
now
is
just
like
create
an
application
deploy
an
application,
and
after
I
deploy
this
application,
we
can
create
an
ingress
and
we
can
see
what's
going
on
right,
but
I
just
share.
B
Which
is
you
know
this
application
for
people
who
don't
know
right,
which
is
basically
composed
of
like
the
product
page
front-end,
that
calls
the
reviews
back-end
and
the
details
back-end
and
the
reviews
back-end
some
of
the
versions
called
the
ratings
back-ends,
so
you'll
see
it
will
be
good
because
I
will
be
able
to
use
it
to
expose
different
services
and
play
between
the
versions
like
you
will
see
a
little
bit
a
little
bit
later.
A
A
Here
was
highlighting,
is
you
are
deployed
without
sidecar
right?
So
it's
just.
A
B
A
B
So
then
that's
an
ingress
right.
So
an
ingress
is,
like
you
know,
a
standout
cuban
subject.
You
can
see
here.
It's
you
know,
part
of
the
kubernetes
api.
B
A
lot
of
people
have
heard
about
this
initiative
to
have
like
the
new
gateway
api.
That
is,
you
know
already
there,
but
still
you
know
evolving,
and
basically
the
idea
of
this
ingress
object
is
it's
very
limited
about
what
you
can
do
with
it
and
the
gateway
api
is
supposed
to
or
is
it
is
adding
some
more
functionalities
that
you
generally
find
in
a
api
gateway,
but
still
you
see
most
of
the
api
gateway.
B
B
A
B
A
A
Summarize
well
so.
The
ingress
api
is
very
good
for
simple
scenario,
but
users
do
find
out,
there's
a
need
for
the
advanced,
a
more
advanced
api
and
that
covers
different
edge
cases,
which
is
the
the
kubernetes
gateway
api,
which.
B
B
A
B
Now,
if
I
look
at
my
service
again,
you
see
that
I
have
like
this
new
service
that
is
created
for
this
detailed
ingress
right
and
it
was
the
name
of
my
english
right,
detailed
ingress.
So
it's
just
like
a
suffix
to
this
right.
Cdm
ingress,
dash,
detail,
ingress
and
you
can
see
right
it's
by
default,
like
a
load
balancer.
B
I
don't
think
you
can
change
that
in
any
case,
but
so
you
you
need,
like
other
prerequisites,
to
use
it.
You
need
to
have
like
a
load
balancer
integration
like
if
you
are
on
premise,
you
could
use
something
like
metal
lb.
If
you
are
in
the
cloud
you
you
don't
need
to
really
care
about
it
because
it
will
just
like
deploy
your
cloud
load
balancer
for
you,
but
this
is
quite
important
to
understand.
B
What's
going
on
right,
so,
basically,
here
I
get
now
an
external
ip
to
access
this
ingress,
but
this
external
ip
is
not
just
like
an
ip
that
is
allocated
and
send
the
request
to
your
cluster.
It's
a
really
cloud
load,
balancer
that
you
have
to
pay
for
right.
So,
every
time
you
create
a
service
type
load
branch
in
kubernetes,
you
end
up
with
a
new
load.
Balancer
I
mean
like
a
google
code
load
balancer
in
google
cloud
or
you
you
would
have
like
a
you
know
like
an
elb.
B
You
know
in
aws
and
so
on
right.
So
that
means
that
here
I
get
this,
this
load
balancer
created
and
now
I
can
access
my
ingress
through
this
ip.
B
So
if
I
set
this
environment
variable
which
basically
you
will
see,
it's
just
like
this
ipe
all
right
yeah
now
I
can
send
a
curl
and
get
my
details
right.
So
that's
fine!
Okay,.
A
Yeah,
so
you
can
now
you,
through
the
external
ip
you
can
access
to
your
detail
service
in
the
cluster,
from
your
laptop,
which
is
outside
of
the
cluster.
So
I
have
a
question
so
when
the
traffic
arrives
on
this
ip
external
ip,
so
how
does
the
route
happens?
That
so
somehow
does
it
go
from
this
dot
100
to
the
envoy
on
that
particular
node
or
running
in
the
ceiling
pod?
And
then
that
always
knows
to
route
the
traffic,
because
this
goes
to
slash
details
and
then
it
knows
to
drop
the
traffic
to
the
detail
service.
B
So
yeah
exactly
basically
the
way
like
this
cardboard
balancer
works
is
that
the
you
know,
service
type
load
balancer
is
is
is,
is
also
a
service
type
node
port
right.
So
that
means
that
there
is
a
port.
You
can
see
here
like
this
part
here,
like
3258,
that
is
open
on
each
kubernetes
node
and
the
load
balancer
that
is
provisioned
in
the
cloud
is
going
to
spread
the
request
across
those
three
nodes
in
my
cuban's
cluster
on
this
port.
B
So
it
will
come
in
any
of
these
nodes
and
then,
when
it's
arrived
there
then
there
is
like
serium
is
like
using
ebpf
to
direct
the
traffic
to
the
envoy
proxy
that
is
running
in
the
syrian
pods,
and
then
this
envoy
proxy
is
sending
the
request
to
the
to
the
pod
at
the
end
right.
So
the
role
of
ebpf
here
is
only
to
direct
traffic
from
that
comes
in
this
port
to
the
android
that
is
running
in
the
serial
port.
Everything
else
is
employed.
A
Okay,
got
it
yeah,
so
especially
this
particular
service
that
doesn't
really
having
like
a
deployment
serving
like
in
the
traditional
kubernetes
sense
right.
Even
when
you
have
a
service,
you
have
a
deployment
corresponding
to
it.
This
service
doesn't
have
any
concrete
deployments,
but
somehow,
through
ebpf,
the
traffic
is
redirect
to
the
envoy
running
in
the
ceiling.
Part.
B
A
B
Then
what
you
can
do
is
that
you
can
also
see
that
there
is
like
a
android
configuration
that
is,
you
know,
generated
it's
what
we
call
a
serium
envoy,
config,
it's
a
new
crd
and
this
basically
is
created
automatically
from
your
ingress.
So
basically
the
what
serium
does
it
takes
your
ingress
yaml
and
it
generates
this
envoy
configuration
from
it
right.
B
So
if
I
look
at
it
and
if
you
are
a
little
bit
familiar
with
android,
then
you'll
see
that
basically
here
right,
I
have
this
cm
android
config
and
you
define
what
are
the
backend
services.
So
you
can
see
here
right
the
details
and
default
and
whatever
right
and
then
you
can.
Basically,
you
know
you
have
some
default
values
there
and
the
most
importantly
here
right,
you
have
this
route
that
says
like
for
any
domain.
B
If
it
start
by
slash
details,
then
I
want
to
send
it
to
this
cluster
here
and
this
cluster
is
defined
just
there
right.
You
see.
This
is
a
cluster
definition
in
envoy
right,
and
this
is
the
name
of
it,
and
you
see
there
is
no
information
about
the
ip
right
now
right.
So,
to
do
that,
what
happened
is
that
there
are
a
few
things
that
are
going
on
there
right.
B
So
the
first
thing
that
you
can
take
a
look
at
is
all
this
configuration
is
basically
then
passed
to
is
then
passed
to
the
envoy
configuration.
B
So
if
I
look
at
the
normally,
if
you
are
familiar
with
envoy,
you
have
this
way
to
get
a
config
dump
by
doing
a
port
forward
on
the
port,
where
the
admin
interface
of
android
is
running
yeah.
But
when
I
started
to
look
at
it
right-
and
I
did
that
for
the
workshop-
you
know
that
we
have
so.
I
just
use
the
same
way,
but
when
I
did
the
workshop,
I
struggled
a
little
bit
to
find
a
way
to
get
this
config
dump
and
by
the
guy.
B
I
found
out
that
it
was
not
listening
to
any
port,
but
is
just
like
a
unique
socket.
So
basically
I
I
I
get.
You
know
this
configure
from
the
unique
socket
here,
and
that
gives
me
the
full
config
dump
of
envoy
right
now,
and
I
can
see
you
know
the
same
things
that's
coming
from
this
serium
crd
right
yeah.
B
The
other
thing
that
I
can
do
is,
as
I
said,
there
is
no.
So
where
did
I
put
that?
I
think
I
put
that
in.
B
You
know
using
jr
picker,
and
what
I
can
see
here
is
that,
because
I
created
this
ingress,
it
created
this
android
config
and
what
it
did
as
well
is
that
it's
basically
provides
through
this
eds.
It
provides
the
information
about
okay,
this
is
the
cluster
I
want
to
use,
and
these
are
like
the
you
know,
end
points
right.
So,
for
example,
here
this
is
the
ip
of
the
pod
right.
So
I
have
only
one
for
the
details
component,
so
this
is
the
ip
of
the
board.
A
B
You
know
I
need
to
you
know
I
I've,
I
kind
of
you
know
found
you
know
what
was
this
grpc
endpoint
you
know,
and
then
you
know,
because
I
know
how
that
works
right.
This
endpoint,
you
know
I
was
able
to
you,
know,
get
the
nod
information
of
my
envoy
through
the
config
dump
and
then
injecting
that
error.
So
it's
a
little
bit
weird.
I
don't
want
to
go
too
much
in
the
details
there,
because.
B
But
let
me
do
another
thing
right
now.
Let's
say
I
want
to
explore
the
second
service
right
like
the
review
service,
then
I
create
another
ingredient
object
and
I
think
it's
quite
important
because
that's
I
like
what
I
was
explaining
before,
which
is
that
here,
every
time
like
someone
would
use
a
would
create
an
ingress
object
that
would
basically
generate
the
creation
of
another
balancer
in
the
cloud
right.
B
B
What
the
english
controller
do
is
that
they
create
a
default
service
when
you
deploy
them
and
you
have
a
unique
load,
balancer
unique
ip,
then
you
can,
you
know
automate,
you
know
the
configuration
of
your
dns
or
you
just
do
it
yourself,
but
then
all
the
requests
for
your
domain
names.
It
goes
through
this
ip
and
it's
shared
by
everyone
right.
A
A
So
I
find
that
it's
interesting.
It
seems
like
it.
Each
service
has
its
own
dedicated
ip,
but
it
doesn't
have
the
dedicated
envoy
so
because
in
istio
we
recommend
user
to
have
dedicated
ingress
gateway.
If
you
really
need
to
be
like
your
application
is
very
critical,
you
don't
want
to
share
your
ingress
gateway
with
any
other
application,
but
in
here,
even
though
you
have
your
dedicated
ip,
you
still
share
the
envoy
with
other
people.
B
Yeah
exactly
so,
that's
an
interesting
thing
right.
We
can
talk
about
that
later,
but
it's
basically
means
that
you
can
generate
conflicts.
The
chances
to
generate
conflict
by
creating
ingress
object
is
probably
lower
than
the
chances
to
do
that
in
in
writing.
The
serium
and
config
directly
like
we
will
do
a
little
bit
later,
but
still
it
can
be.
B
It
can
be
a
little
bit
complicated
right
and
the
only
way
you
can
share
a
service
here
would
be
that
you
create
only
one
large.
You
know
ingress
object
with
everything
in
it.
The
basically.
B
So
that's
the
ingress,
but
let's
jump
into
the
traffic
management,
because
it's
just
an
ingress
controller
right
as
we
discussed
before
right.
There
are
a
lot
of
things
that,
in
the
documentation
you
could
put
in
the
service
mesh
that
are
in
other
places.
B
You
could
also
argue
that
these
ingress
things
could
be
outside
of
the
service
mesh,
because
it's
an
english
controller
right.
It's
it's
not
like.
You
know
purely
service
mesh
right.
So
you
know
it's
just
a
question
of
the
way
you
you
interpret
things
so
the
second
thing
we
want
to
do
is-
and
let
me
just
like
close
my
whatsapp.
B
So
the
only
thing,
the
other
thing
we
want
to
do
is
like-
and
this
for
me
is
really
more
like
what
I
call
service
meshed
right,
which
is
having
this
layer,
seven
traffic
management
rate,
and
here
what
I
want
to
do
is
like,
when
a
service
send
a
request
to
the
reviews
service
right,
you
remember
here.
We
said
that
there
are
v1,
v2
and
v3.
B
Then
I
want
to
define
to
this
to
send
90
to
v1
and
10
to
v2
right
this
kind
of
a
typical
use
case.
You
have
in
service
mesh,
you
you
want
to
go,
for.
You
have
a
current
v1
in
pollution.
B
You
want
to,
you
know,
have
some
requests
now
going
to
v2,
but
only
like
a
small
percentage
of
it
just
checking.
If
everything
is
going
well
and
then
you
can
start
to
send
more
traffic
right,
you
could
even
have
like
you
know,
use
you
know
some
nice
projects
like
flagger
to
even
automate
you
know,
and
if
the
latency
is
good
and
there
are
rate
is
low,
then
I
want
to
automatically
increase
the
number
of
requests
going
to
v2
and
and
so
on,
right
yeah.
So
that's
kind
of
a
difficulty.
B
One
thing:
perhaps
some
people
could
say
hey
why
you
put
details
here
on
that
product
page
right,
because
this
is
normally
the
product
page.
The
only
reason
why
I
did
that
that
way
is
because
details
is
the
the
container,
the
image
that
has
the
curl
installed,
which
is
not
the
case
of
the
product
page
and
these
services.
You
cannot
add
new
packages
on
it
and
I
didn't
want
to
rebuild
the
images
just
to
have
curl.
So
I
said:
okay,
let's
do
it
in
a
in
a
simpler
way.
B
A
client
trying
to
send
a
request
to
reviews
right
yeah,
so
I
looked
at
the
example
that
is
in
the
documentation
which
basically
deploys
two-service
echo
service
one
and
echo
service
two
and
does
a
50-50
on
this
two
one
right.
So
in
my
case,
I
just
want
like
reviews
here
right
and
reviews
v1
and
reviews
v2
right.
So
what
I
did
at
the
first
attempt
right
because
you'll
see
I
will
do
different
items
so
that
you
can
see.
B
You
know
how
I
I
got
it
working
at
the
end
is
that
I
you
know
created
this
cdm
envoy
config
here,
where
I
just
say
I
want
to
you
know
when
a
request
goes
to
reviews
right,
then
I
want
to
send
to
default
previous
v1
90
percent
and
default
usb
to
10
percent,
and
I
you
know
I
define
these
services
there
right.
A
B
Yeah
in
istio
you
have
this
abstraction.
That
is
a
virtual
service
right
and
then
it's
yes
to
android
configuration
here.
It's
really
raw
and
void
configuration,
so
obviously
android
is
not
for
human
right
is
for
like
being
programmed
by
a
machine
right,
and
basically
that
means
that
yeah.
Definitely
it's
you
know
you.
You
will
create
conflicts
very
quickly,
right
like,
for
example,
even
this
root
name
here
you
see,
the
lb
roots
has
to
be
unique.
This
listener
as
well
right.
B
B
Then
there
will
be
a
conflict,
because
there
will
be
my
road
created
twice
right
and
then
you
will
start
to
inject
the
traffic
in
the
wrong
place,
right
and
and
even
like,
when
you
have
an
abstraction
layer
on
top
of
it
like
istio,
is
you
know,
having
the
virtual
service
and
then
is
translated
by
istio
control
plane
into
anybody
configuration
the
most
difficult
part
is
not
to
translate.
The
most
difficult
part
is
to
enter.
B
A
B
Exactly
so,
if
I
try
to
curl
now
from
ratings
to
to
reviews-
and
in
fact
I
think
I
put
details
here-
I
need
to
update
it.
I
don't
know
why
I
said
details,
it's
writing.
That
has
the
curl
command
and
if
I
do
that,
I
get
this
no
lc
upstream
right.
So
I
could
obviously
you
know
before
I've
shown
you
like
the
config
dump
right.
So
I
could
I
could
write
this
config
dump
in
a
file
and
you
you
mentioned
you
know
the
android
ui
that
you
can
yeah
config
dump.
B
A
B
Version
on
my
laptop
and
in
this
patch
version
you
can
see
here
right
a
little
bit.
What's
going
on
now
in
my
invoice
configuration
I
have
these
details
for
the
ingress
details
right.
I
have
the
reviews
for
the
ingress
reviews
and
I
have
these
lb
roots
and,
as
I
said,
you
know
you
it
has
to
be
unique
right
and
for
any
request
here.
Then
I
will
send
the
request.
You
know
90
to
v1
and
10
to
v2,
but
then
what
we
don't
in
show
here
is
the
endpoint
information
right.
A
B
B
Cluster
name
review
star
right,
but
I
have
nothing
for
reviews,
v1
right
and
that's
the
problem.
I
have
right
now
and
you
can
see
that
as
well.
If
I
would
just
go
to
instead
of
like
looking
at
the
config
dump,
you
have
something
called
clusters
in.
B
Envoy
and
if
I
would
do
a
graph
reviews,
I
can
see
that
the
the
default
reviews
here
as
like
end
points
because
you
see
I
have
like
one
ip
of
the
v1
or
v2
v3.
I
don't
know
right
one
ear
and
one
ear
right,
but
the
reviews
v1,
I
don't
have
any
end
points
and
delivers
v2.
I
don't
have
any
endpoint
either
right
and.
B
A
B
So
what
I
found
out
in
fact,
is
that
there
is
like
in
the
documentation
it
says
somewhere
when
I
was
looking
in
now
it
was
in
the
troubleshooting
guides.
So
where
do
I
have
it
here?
I
have
it
somewhere.
I
think.
B
B
That
to
be
able
to
make
my
scenario
working,
I
need
to
create
some
extra
kubernetes
services
right
so
now
is
just
like
creating
this
reviews:
v1
service
and
reviews,
v2
service,
right
and
now,
if
I
do
this
that
way,
I
can,
I
won't
be
able
to
see
more
here
right.
I
still
have
no
endpoint
configure,
but
what
I
found
out
is
that
you
need
to
basically
add
these
services
there
before
they
can.
You
know
be
reached
with
this
endpoint
discovery
service
right
so
before
the
endpoint
discovery
service
can
configure
them
right.
B
But
while
we
were
discussing
about
the
ingress
before,
I
think
I
perhaps
have
an
idea
about
another
way
to
do
it.
So
let's
try.
It
live
right,
I'm
curious
about
it,
so
I
want
to
check
with
with
you
guys
right
now
all
right.
So
you
remember
here.
B
This
is
the
serium
and
void
config
that
has
been
created
by
the
ingress
right,
and
there
is
this
services
here
right.
A
B
B
B
B
And
basically,
you
can
also
so
the
fun
is
that,
because
I
put
this
in
by
configuration,
you
can
have
some
wrong
syntax
or
whatever
right.
So
the
only
way
you
would
be
able
to
see
it.
Let
me
check
again
here
it
looks
really
bad,
but
the
only
the
only
way
you
can
see
it
is
that
you
have
to
basically
go
into
the
the
the
the
logs
of
the
serium
operator.
B
And
when
something
it
doesn't
like,
it
will
tell
you
yeah
right,
it
will
tell
you,
like
you
know,
rejected
by
envoy
or
whatever,
like
you
have
like
a
little
bit
of
details
there
right,
but
in
any
case,
unfortunately,
I
think
it
didn't
fix
my
problem
right.
No,
if
I
return
again.
B
B
Try
to
open
this
one.
Perhaps
we
will
have
a
better
idea,
but
how
it
has
configured
this
thing.
So
here
it's
just
yeah.
It's
still
sent
to
this
default
reviews,
v1
and
v2,
but
these
clusters
have
no
endpoint.
So
basically,
I
think
it
just
bypasses,
probably
just
like
android
that
refuses
it,
but
it
doesn't
tell
me
anything
about
it.
So,
basically
it
just
doesn't
go
through
and
void
right.
It's
just
the
bypassing.
A
Yeah
round
robin
so
basically
the
fact
that
it
went
to
the
red
review,
which
is
version
three.
That
means
our
traffic
rules
are
not
in
effect
right
exactly.
B
So
the
way
I
was
walk
around
it
last
time,
so
now,
let's
go
back
to
sorry.
Let's
go
back
to
my
initial
way
was
like
to
list
those
three
services
directly
there
right
yeah
and
when
I
was
doing
that,
then
I
was
able
to
get
the
end
point
correctly
set
for
v1
and
v2,
but
and
then
and
then
I'm
able
to
make
it
work
correctly
here
right.
So
if
I
go
there
now
I
have
the
either
okay,
no.
B
A
B
B
A
B
A
B
A
B
But
there
is
a
side
effect
of
this,
which
is
that
if
now
I
want
to
call
explicitly
the
version
v2
right
I
want
to.
Let's
say
I
have
this
preview,
that
is
for
production,
and
I
want
to
shift
my
traffic
right,
but
before
I
do
that,
probably
I
want
to
send
a
request
to
v2
directly
or
first
I
want
to
do
some
other
testing.
B
B
B
When
you
know
I
go
to
reviews,
I
was.
I
was
hoping
that
if
I
do
that,
then
it
will
not
impact
the
other
ones,
but
the
thing
is
that
it's
still
attached
my
route
to
the
it's
still
redirect
traffic
for
these
guys
as
well,
and
then
there
is
no
listener
or
there
is
no
matcher
right
for
this
domain
and
then
you
know
you
just
reject
it.
B
B
I
mean
the
obviously
you
can
make
it
work
for
some
cases,
but
even
if
it
works
right,
we
discussed
about
the
the
main
issue
right,
which
is
like
users,
cannot
really
write
this
code
right,
and
I
think
you
know
I
I
watched
like
a
webinar
from
either
valentine
recently
and,
and
they
were
saying
the
same
that
basically,
this
is
not
like
meant
for
users
right,
it's
more
mean
from
being
the
foundation
to
be
used
by
an
iron
abstraction
layer
like
it's
the
case
for
the
ingress
right
now,.
A
B
So
I
think
the
idea
is
to
have
in
the
future
like
either
using
the
gateway
api
or
whatever
using
you
know,
having
like
a
layer
that
allows
the
user
to
express
what
they
want
and
having
that
you
know
higher
level
abstraction
translated
into
the
cd
or
main
voice
configuration.
B
The
challenge
is
that
on
on
the
ingress
side,
right
on
the
north
south,
it
it
took
years
for
api
gateway
communities
or
vendors.
You
know
to
to
expose
all
these
features
and
being
able
to
generate
the
right
configuration
and
to
manage.
You
know
the
all
the
potential
issues
and
conflicts-
and
you
know
all
this
stuff
right.
So
that's
a
lot
of
work
right
to
just
even
ourselves
and
then
on
the
east
west.
It's
another
set
of
challenges
right.
B
It
took
again
years,
for
you
know,
istio
or
other
communities,
to
build
this
abstraction
right
in
the
scalable
way
being
able
to
manage.
You
know
all
the
multi-tenancy
and
conflicts
and
manage
you
know
telling
you
which
envoy
is
in
sync
and
not
and
plus
the
fact
that
there
is
only
one
invoice
right.
That
means
that
the
consequence
of
a
bad
configuration
will
impact
bad
configuration
will
impact
everyone
basically
right.
B
A
So
that's
a
recap:
what
we
just
learned!
So
essentially
you
did
a
demo
of
using
kubernetes
ingress
resource
to
expose
two
of
your
services
out
to
outside
of
the
cluster,
and
you
were
able
to
gather
work,
but
each
were
assigned
their
own
load
balancer
ip,
challenging
with
host
name
resolution
to
these
eyepiece
and
they
both
were
sharing
the
same
envoy
from
the
syrian
pods.
A
You
also
showed
a
demo
of
trying
to
get
a
real
basic
scenario.
I
guess
that
I
would
say
in
the
industrial
world
right
to
do
90
on
version
1
and
10
on
version
2.,
that's
a
very
common
scenario
and
to
the
end,
I
think
you
try
different
things
and
you
get
it
partially
working,
but
it's
not
fully
working
because
you
can't
fully
test
in
review
version
two
now,
when
you
go
there,
one
hundred
percent,
if
it
gets
to
ten
percent.
So
it's
it's.
A
You
know,
I
guess,
and
you
with
a
lot
of
your
expertise
with
amboy.
You
know
you
you
still
haven't
been
able
to
get
it
fully
working.
I
guess.
B
Yeah-
and
I
mean
it's-
I
would
say
it's
not
even
the
main
point,
because
you
know
I've
just
found
this
back
end
service
perhaps
could
help
and
I'm
pretty
sure
that
there
is
a
way
to
find
a
way
to
make
it
work
right.
If
I
would
look
at
the
code
of
the
way
you
know
eds
works
in
psyllium,
probably
I
will
find
a
way
you
know
a
walk
around.
I
would
make
it
work
right,
but,
but
even
if
I
could
right
the
it
would
be
really
challenging
anyway
right
so
yeah.
A
The
complexity
of
the
configuration
for
something-
I
guess
it
still-
it
would
be
like
five
out
of
ten
lines
yeah.
This
is
very,
very
hard
to
digest
and
create
this
configuration.
Unless
you
really
know
our
boy
and
been
working
with
angry,
probably
for
over
a
year
or
so.
A
B
Like
we've
seen,
also
people
who
started
with
building
their
own
mesh
before
histo
was
really
mature
right
and
invested
a
lot
of
time
and
energy
to
learn
enjoy
and
to
build
their
own
control
plane
on
top
of
envoy
and
investing
a
lot
of
money
in
that
right
and
at
the
end,
these
guys
most
of
them
decided
to
go
to
istio
right.
Even
if
you're.
B
Of
you
know
the
complexity
of
maintaining
all
these
different
configurations
for
because
we
speak
about
like
just
basic
routing,
but
then
you
have
like
to
implement
all
the
retries
and
time
out
and
circuit
breaking
and-
and
you
know
like
a
lot
of
other
features
and
and
the
problem
is
always
the
same
is
like.
If
you
will
have
only
one
team,
doing
everything
you
could
still
make
it
work
right,
but
the
problem
that
you
want
to
have
different
users
having
their
configuration.
B
You
know
that
provide
their
configuration
and
then
managing
conflicts
is
is
very
complicated.
You
you
really
need
a
lot
of
experience
to
to
make
it
properly
having
a
right
convention
for
all
the
roots
and
all
the
listener
and
all
those
things-
and
you
know
keeping
the
the
previous
configuration
that
worked
in
case.
A
new
configuration
comes
and
is
not
good
so
that
at
least
the
all
configuration
is
still
enforced
and
not
break
broke
by
the
new
configuration.
B
Then
you
need
to
report
why
the
new
computer
is
not
working
and
then
the
user
needs
to
figure
out.
You
know.
So
it's
like
it's
it's
it's
it's
a
full
project
on
its
own
right
and
but
but
yeah
I
mean
like
I
started,
you
know
I
was
playing
with
the
cdm
service
mesh
beta
in
december,
so
I
was
really
curious
about
it.
When
I
I
heard
about
this
project
and
the
reason
why
I
was
really
interested
by
it,
because
I
thought
okay,
let's
see,
how
is
it
different
right
like?
B
B
The
value
is
like
a
lot
lower,
because
there
is
already
there
are
already
a
lot
of
invest
controllers
that
are
really
good.
There
are
already
a
lot
of
service
mesh
options
based
on
android
that
are
mature
right.
So
yeah
I
mean
it's.
I
think
it
will
be
a
very,
very
long
journey
if
you
you
want
to
reinvent
or
recreate
all
these
things
in
serium
itself,.
A
Yeah
that's
wrap
up.
We
are
almost
out
of
the
time,
so
I
want
to
take
a
minute
to
thank
you,
denis
for
sharing
your
journey
and
put
out
a
interesting
demo
and
show
your
struggle
to
get
things
working.
So
I'm
sure
our
audience
would
really
appreciate
your
experience
with
that.
So
thank
you.
A
So
much
and
folks,
if
you
guys
find
this
episode
interesting,
please
give
us
a
thumbs
up
and
also
subscribe
to
our
channel,
so
you
don't
miss
any
of
our
future
educations
psyllium
on
ebpf
on
istio
envoy
and
all
the
other
clown
native
technologies.
So
you
can
be
educated
at
your
job.
Thank
you
so
much
everyone
for
joining
us,
happy
learning
and
see
you
at
our
next
episode.
Thank
you.
So
much
deeney
bye.