►
From YouTube: Optional Sidecar? A Tour of Cilium Service Mesh
Description
Cilium 1.12 reached GA, which introduced Cilium Service Mesh with optional sidecars. In this livestream, Denis, creator of the envoy UI tool, who has been debugging Envoy and Istio across many releases will share his most recent experience in exploring Cilium Service Mesh with live demos!
Check out this blog: https://www.solo.io/blog/cilium-service-mesh-in-action/ for demo steps!
#istio #envoy #cilium
A
Hi
everybody
good
morning
good
afternoon,
wherever
you
are
welcome
to
our
hood
episode,
34,
where
we
are
going
to
discuss
optional
cyca,
a
tour
of
psyllium
surface
mesh,
pseudium
1.12
reached
ga.
So
congratulations
to
the
entire
australian
team.
One
of
the
interesting
feature
introduced
in
this
release
is
psyllium
service
mesh
with
optional
cycas.
A
So
in
this
live
stream
I
am
so
happy
to
have
denis
join
me.
He
is
the
creator
of
the
envoy
ui
tool.
So
if
you
recall,
I
think,
denis
you
were
back
at
24.
I
think
of
hood,
where
you
and
greg
right
were
giving
us
a
presentation
and
demo
about
your
envoy,
ui,
2
and
greg's
ingot
tool,
so
you've
been
debugging
envoy
and
seo
across
many
releases,
so
he's
going
to
show
us
a
live
demo
and
share
his
experience
of
exploring
selling
service
mesh.
B
A
Awesome,
I
am
so
excited
to
have
you
and
paris,
that's
like
a
dream
city
for
many
of
us
to
go
to
to
vacation
or
even
live
there,
so
that's
totally
cool
so
before
we
get
to
the
episode.
I
just
want
to
briefly
share
two
of
the
news
I
heard
recently
so
the
first
one
is
the
team
that
started
cloud.com
cloud
stack
and
rancher.
They
are
back
with
a
new
company
that
produced
kubernetes
tools,
so
this
company
called
aqua
maps
so
check
them
out.
It's
it's
pretty
interesting.
A
The
next
news
I
want
to
share
is
about
my
blog.
So
for
some
of
you
know,
I
had
a
blog
to
compare
layer,
7
policy
between
psyllium
and
the
istio,
so
that
blog
unfortunately
was
taken
down
from
cncf,
so
we
did
publish
that
blog
on
solo.I
o
for
folks
who
are
looking
for
their
blog,
and
I
also
publish
a
follow
on
blog
just
trying
to
explain
which
you
are
how
network
cash-based
identity
could
potentially
be
mistaken.
So
there
are
steps
in
the
blog
if
you're
interested
to
try
them.
A
A
B
So
what
I
did
is
like
I
agree
with
you
like
it's.
You
know
composed
of
many
components
right
like
if
you
look
at
cdm,
for
example,
herbal
provides
observability,
and
you
could
put
that
you
know
in
that
bucket
right.
What
I
did
is
really
focus
on
what
the
cdm
documentation
is
putting
in
the
service
mesh
category
right
and.
A
B
And
what's
new
right?
Basically,
that's
also,
you
know
what's
interesting
here
right.
So
if
you
look
at
the
cdm
documentation-
and
I
will
show
you
that
in
a
minute
basically,
the
service
mesh
is
composed
of
two
main
features
like
the
ingress
and
the
traffic
management
like
l7
traffic
management
right.
So
these
are
the
two
topics
I
focused
on.
A
B
A
B
B
If
you
go
into
getting
started,
you
know
things
are
in
different
and
you
have
an
observability.
You
know
chapter
right
that
could
be
potentially
part
of
the
mesh
right,
but
what
is
called
service
mesh?
You
incident
is
really
these
two
components
right:
the
ingress
support
and
the
l7
traffic
management.
So
that's
that's
where
I
focused
my
okay
experimentation.
A
A
B
A
Yep,
okay,
so
let's
focus
on
psyllium
service
mesh
and
particularly
on
the
connect
feature,
since
that's
the
documentation,
particularly
about
so
I
guess
I
you
know,
I
haven't
personally
played
with
it
myself,
so
I
want
to
ask
you,
you
know
how's,
your
experience.
Can
you
share
with
us
your
learning
journey
if
you're
open
to
share.
B
B
You
know
understand:
what's
what
you
can
do
with
it,
so
I
already
created
my
gk
cluster
and
you
have
to
use
this
node
tense
here
when
you
want
to
install
serium
later
and
then
you
have
the
celium
cli.
That
is
quite
nice
because
it
detects
basically
the
environment
and
will
automatically
you
know,
deploy
serium
based
on
this
environment,
so
here
it
will
detect
that
this
is
gke
and
it
needs
to
do
things
in
a
particular
way
and
you
can
see
here.
B
What
I
did
is
that
I
I
set
this
value
the
hand
value
like
ingress
controller,
enabled
right.
So
that
means
that
now
you
know
when
you
I
use
this
command,
I
should
be
able
to
use
this
new
english
functionality
that
is
described
here,
basically
and
and
feel
free
to
interrupt
me.
If
you
have
questions,
but
the
first
thing
I
did
when
I
I
deployed
it
right,
I
was
like
okay.
Let
me
check
what's
happening
there
right.
B
What's
you
know
what's
going
on
and
especially
on
the
serium
components
right,
so
I
can
see
here
I
have
my
serium.
You
know,
demon
set,
that's
create
like
a
serium
pod
on
each
node
right
yeah.
I
have
signals,
and
I
have
the
operator
component,
which
is
having
multiple
holes
in
the
life
cycle
of
cdm
itself.
You
know
watching
some
objects
in
kubernetes
and
you
know
doing
some
maintenance
behind
the
scene
and
so
on
right
and
when
I
did
that
I
was
you
know
when
I
ran
this
command.
B
A
B
B
A
A
B
A
B
It's
really
just
like
a
process
that
is
started
inside
the
container
right,
which
is
kind
of
an
anti-pattern
to
what
you
looking
you
find
in
kubernetes
in
general,
where
you
try
not
to
have
multiple.
You
know,
processes
in
in
the
same
container
right.
So
that's
why
I
I
like
that,
because
it's
not
natural
for
user
to
find
where
envoy
is
running
right.
People
are
looking
for.
Oh
perhaps
there
is
a
pod
or
like
an
envoy,
pod
or
or
at
least
a
container
in
the
cdm
pod.
But
that's
not
the
case
right.
A
B
A
B
Controller,
for
example,
right
yeah,
then
what
will
happen
is
that
you
will
have
a
an
nginx
instance
that
will
run
right
and
you
will
have
a
service
that
will
be
created
and
this
service
will
be
by
default,
like
a
service
type
load
balancer
with
an
external
ip
to
access
it
right
and
even
before
you
start
to
generate
an
english
code.
You
already
have
this
service
created
and
you
can
already
know
how
you
will
be
able
to
access
your
object
later
right,
but
here
there
is
no
such
service.
B
A
A
B
A
B
B
A
lot
of
people
have
heard
about
this
initiative
to
have
like
the
new
gateway
api.
That
is,
you
know
already
there,
but
still
you
know
evolving,
and
basically
the
idea
of
this
ingress
object
is
it's
very
limited
about
what
you
can
do
with
it
and
the
gateway
api
is
supposed
to
or
is
it
is
adding
some
more
functionalities
that
you
generally
find
in
a
api
gateway,
but
still
you
see
most
of
the
api
gateway.
B
A
A
A
B
B
A
B
Now,
if
I
look
at
my
service
again,
you
see
that
I
have
like
this
new
service
that
is
created
for
this
detailed
ingress
right
and
it
was
the
name
of
my
english
right,
detailed
ingress.
So
it's
just
like
a
suffix
to
this
right.
Cdm
ingress,
dash,
detail,
ingress
and
you
can
see
right
it's
by
default,
like
a
load
balancer.
B
I
don't
think
you
can
change
that
in
any
case,
but
so
you
you
need,
like
other
prerequisites,
to
use
it.
You
need
to
have
like
a
load
balancer
integration
like
if
you
are
on
premise,
you
could
use
something
like
metal
lb.
If
you
are
in
the
cloud
you
you
don't
need
to
really
care
about
it
because
it
will
just
like
deploy
your
cloud
load
balancer
for
you,
but
this
is
quite
important
to
understand.
B
What's
going
on
right,
so,
basically,
here
I
get
now
an
external
ip
to
access
this
ingress,
but
this
external
ip
is
not
just
like
an
ip
that
is
allocated
and
send
the
request
to
your
cluster.
It's
a
really
cloud
load,
balancer
that
you
have
to
pay
for
right.
So,
every
time
you
create
a
service
type
load
branch
in
kubernetes,
you
end
up
with
a
new
load.
Balancer
I
mean
like
a
google
code
load
balancer
in
google
cloud
or
you
you
would
have
like
a
you
know
like
an
elb.
B
B
A
Yeah,
so
you
can
now
you,
through
the
external
ip
you
can
access
to
your
detail
service
in
the
cluster,
from
your
laptop,
which
is
outside
of
the
cluster.
So
I
have
a
question
so
when
the
traffic
arrives
on
this
ip
external
ip,
so
how
does
the
route
happens?
That
so
somehow
does
it
go
from
this
dot
100
to
the
envoy
on
that
particular
node
or
running
in
the
ceiling
pod?
And
then
that
always
knows
to
route
the
traffic,
because
this
goes
to
slash
details
and
then
it
knows
to
drop
the
traffic
to
the
detail
service.
B
So
yeah
exactly
basically
the
way
like
this
cardboard
balancer
works
is
that
the
you
know,
service
type
load
balancer
is
is
is,
is
also
a
service
type
node
port
right.
So
that
means
that
there
is
a
port.
You
can
see
here
like
this
part
here,
like
3258,
that
is
open
on
each
kubernetes
node
and
the
load
balancer
that
is
provisioned
in
the
cloud
is
going
to
spread
the
request
across
those
three
nodes
in
my
cuban's
cluster
on
this
port.
B
So
it
will
come
in
any
of
these
nodes
and
then,
when
it's
arrived
there
then
there
is
like
serium
is
like
using
ebpf
to
direct
the
traffic
to
the
envoy
proxy
that
is
running
in
the
syrian
pods,
and
then
this
envoy
proxy
is
sending
the
request
to
the
to
the
pod
at
the
end
right.
So
the
role
of
ebpf
here
is
only
to
direct
traffic
from
that
comes
in
this
port
to
the
android
that
is
running
in
the
serial
port.
Everything
else
is
employed.
A
Okay,
got
it
yeah,
so
especially
this
particular
service
that
doesn't
really
having
like
a
deployment
serving
like
in
the
traditional
kubernetes
sense
right.
Even
when
you
have
a
service,
you
have
a
deployment
corresponding
to
it.
This
service
doesn't
have
any
concrete
deployments,
but
somehow,
through
ebpf,
the
traffic
is
redirect
to
the
envoy
running
in
the
ceiling.
Part.
B
A
B
Then
what
you
can
do
is
that
you
can
also
see
that
there
is
like
a
android
configuration
that
is,
you
know,
generated
it's
what
we
call
a
serium
envoy,
config,
it's
a
new
crd
and
this
basically
is
created
automatically
from
your
ingress.
So
basically
the
what
serium
does
it
takes
your
ingress
yaml
and
it
generates
this
envoy
configuration
from
it
right.
B
So
if
I
look
at
it
and
if
you
are
a
little
bit
familiar
with
android,
then
you'll
see
that
basically
here
right,
I
have
this
cm
android
config
and
you
define
what
are
the
backend
services.
So
you
can
see
here
right
the
details
and
default
and
whatever
right
and
then
you
can.
Basically,
you
know
you
have
some
default
values
there
and
the
most
importantly
here
right,
you
have
this
route
that
says
like
for
any
domain.
B
If
it
start
by
slash
details,
then
I
want
to
send
it
to
this
cluster
here
and
this
cluster
is
defined
just
there
right.
You
see.
This
is
a
cluster
definition
in
envoy
right,
and
this
is
the
name
of
it,
and
you
see
there
is
no
information
about
the
ip
right
now
right.
So,
to
do
that,
what
happened
is
that
there
are
a
few
things
that
are
going
on
there
right.
B
So
if
I
look
at
the
normally,
if
you
are
familiar
with
envoy,
you
have
this
way
to
get
a
config
dump
by
doing
a
port
forward
on
the
port,
where
the
admin
interface
of
android
is
running
yeah.
But
when
I
started
to
look
at
it
right-
and
I
did
that
for
the
workshop-
you
know
that
we
have
so.
I
just
use
the
same
way,
but
when
I
did
the
workshop,
I
struggled
a
little
bit
to
find
a
way
to
get
this
config
dump
and
by
the
guy.
B
I
found
out
that
it
was
not
listening
to
any
port,
but
is
just
like
a
unique
socket.
So
basically
I
I
I
get.
You
know
this
configure
from
the
unique
socket
here,
and
that
gives
me
the
full
config
dump
of
envoy
right
now,
and
I
can
see
you
know
the
same
things
that's
coming
from
this
serium
crd
right
yeah.
B
B
You
know
using
jr
picker,
and
what
I
can
see
here
is
that,
because
I
created
this
ingress,
it
created
this
android
config
and
what
it
did
as
well
is
that
it's
basically
provides
through
this
eds.
It
provides
the
information
about
okay,
this
is
the
cluster
I
want
to
use,
and
these
are
like
the
you
know,
end
points
right.
So,
for
example,
here
this
is
the
ip
of
the
pod
right.
So
I
have
only
one
for
the
details
component,
so
this
is
the
ip
of
the
board.
A
B
You
know
I
need
to
you
know
I
I've,
I
kind
of
you
know
found
you
know
what
was
this
grpc
endpoint
you
know,
and
then
you
know,
because
I
know
how
that
works
right.
This
endpoint,
you
know
I
was
able
to
you,
know,
get
the
nod
information
of
my
envoy
through
the
config
dump
and
then
injecting
that
error.
So
it's
a
little
bit
weird.
I
don't
want
to
go
too
much
in
the
details
there,
because.
B
But
let
me
do
another
thing
right
now.
Let's
say
I
want
to
explore
the
second
service
right
like
the
review
service,
then
I
create
another
ingredient
object
and
I
think
it's
quite
important
because
that's
I
like
what
I
was
explaining
before,
which
is
that
here,
every
time
like
someone
would
use
a
would
create
an
ingress
object
that
would
basically
generate
the
creation
of
another
balancer
in
the
cloud
right.
B
B
What
the
english
controller
do
is
that
they
create
a
default
service
when
you
deploy
them
and
you
have
a
unique
load,
balancer
unique
ip,
then
you
can,
you
know
automate,
you
know
the
configuration
of
your
dns
or
you
just
do
it
yourself,
but
then
all
the
requests
for
your
domain
names.
It
goes
through
this
ip
and
it's
shared
by
everyone
right.
A
A
So
I
find
that
it's
interesting.
It
seems
like
it.
Each
service
has
its
own
dedicated
ip,
but
it
doesn't
have
the
dedicated
envoy
so
because
in
istio
we
recommend
user
to
have
dedicated
ingress
gateway.
If
you
really
need
to
be
like
your
application
is
very
critical,
you
don't
want
to
share
your
ingress
gateway
with
any
other
application,
but
in
here,
even
though
you
have
your
dedicated
ip,
you
still
share
the
envoy
with
other
people.
B
Yeah
exactly
so,
that's
an
interesting
thing
right.
We
can
talk
about
that
later,
but
it's
basically
means
that
you
can
generate
conflicts.
The
chances
to
generate
conflict
by
creating
ingress
object
is
probably
lower
than
the
chances
to
do
that
in
in
writing.
The
serium
and
config
directly
like
we
will
do
a
little
bit
later,
but
still
it
can
be.
B
B
B
You
could
also
argue
that
these
ingress
things
could
be
outside
of
the
service
mesh,
because
it's
an
english
controller
right.
It's
it's
not
like.
You
know
purely
service
mesh
right.
So
you
know
it's
just
a
question
of
the
way
you
you
interpret
things
so
the
second
thing
we
want
to
do
is-
and
let
me
just
like
close
my
whatsapp.
B
So
the
only
thing,
the
other
thing
we
want
to
do
is
like-
and
this
for
me
is
really
more
like
what
I
call
service
meshed
right,
which
is
having
this
layer,
seven
traffic
management
rate,
and
here
what
I
want
to
do
is
like,
when
a
service
send
a
request
to
the
reviews
service
right,
you
remember
here.
We
said
that
there
are
v1,
v2
and
v3.
B
B
You
want
to,
you
know,
have
some
requests
now
going
to
v2,
but
only
like
a
small
percentage
of
it
just
checking.
If
everything
is
going
well
and
then
you
can
start
to
send
more
traffic
right,
you
could
even
have
like
you
know,
use
you
know
some
nice
projects
like
flagger
to
even
automate
you
know,
and
if
the
latency
is
good
and
there
are
rate
is
low,
then
I
want
to
automatically
increase
the
number
of
requests
going
to
v2
and
and
so
on,
right
yeah.
So
that's
kind
of
a
difficulty.
B
One
thing:
perhaps
some
people
could
say
hey
why
you
put
details
here
on
that
product
page
right,
because
this
is
normally
the
product
page.
The
only
reason
why
I
did
that
that
way
is
because
details
is
the
the
container,
the
image
that
has
the
curl
installed,
which
is
not
the
case
of
the
product
page
and
these
services.
You
cannot
add
new
packages
on
it
and
I
didn't
want
to
rebuild
the
images
just
to
have
curl.
So
I
said:
okay,
let's
do
it
in
a
in
a
simpler
way.
B
A
client
trying
to
send
a
request
to
reviews
right
yeah,
so
I
looked
at
the
example
that
is
in
the
documentation
which
basically
deploys
two-service
echo
service
one
and
echo
service
two
and
does
a
50-50
on
this
two
one
right.
So
in
my
case,
I
just
want
like
reviews
here
right
and
reviews
v1
and
reviews
v2
right.
So
what
I
did
at
the
first
attempt
right
because
you'll
see
I
will
do
different
items
so
that
you
can
see.
A
B
Yeah
in
istio
you
have
this
abstraction.
That
is
a
virtual
service
right
and
then
it's
yes
to
android
configuration
here.
It's
really
raw
and
void
configuration,
so
obviously
android
is
not
for
human
right
is
for
like
being
programmed
by
a
machine
right,
and
basically
that
means
that
yeah.
Definitely
it's
you
know
you.
You
will
create
conflicts
very
quickly,
right
like,
for
example,
even
this
root
name
here
you
see,
the
lb
roots
has
to
be
unique.
This
listener
as
well
right.
B
B
Then
there
will
be
a
conflict,
because
there
will
be
my
road
created
twice
right
and
then
you
will
start
to
inject
the
traffic
in
the
wrong
place,
right
and
and
even
like,
when
you
have
an
abstraction
layer
on
top
of
it
like
istio,
is
you
know,
having
the
virtual
service
and
then
is
translated
by
istio
control
plane
into
anybody
configuration
the
most
difficult
part
is
not
to
translate.
The
most
difficult
part
is
to
enter.
B
A
B
Exactly
so,
if
I
try
to
curl
now
from
ratings
to
to
reviews-
and
in
fact
I
think
I
put
details
here-
I
need
to
update
it.
I
don't
know
why
I
said
details,
it's
writing.
That
has
the
curl
command
and
if
I
do
that,
I
get
this
no
lc
upstream
right.
So
I
could
obviously
you
know
before
I've
shown
you
like
the
config
dump
right.
So
I
could
I
could
write
this
config
dump
in
a
file
and
you
you
mentioned
you
know
the
android
ui
that
you
can
yeah
config
dump.
B
A
B
Version
on
my
laptop
and
in
this
patch
version
you
can
see
here
right
a
little
bit.
What's
going
on
now
in
my
invoice
configuration
I
have
these
details
for
the
ingress
details
right.
I
have
the
reviews
for
the
ingress
reviews
and
I
have
these
lb
roots
and,
as
I
said,
you
know
you
it
has
to
be
unique
right
and
for
any
request
here.
Then
I
will
send
the
request.
You
know
90
to
v1
and
10
to
v2,
but
then
what
we
don't
in
show
here
is
the
endpoint
information
right.
A
B
B
B
Envoy
and
if
I
would
do
a
graph
reviews,
I
can
see
that
the
the
default
reviews
here
as
like
end
points
because
you
see
I
have
like
one
ip
of
the
v1
or
v2
v3.
I
don't
know
right
one
ear
and
one
ear
right,
but
the
reviews
v1,
I
don't
have
any
end
points
and
delivers
v2.
I
don't
have
any
endpoint
either
right
and.
B
A
B
B
B
That
to
be
able
to
make
my
scenario
working,
I
need
to
create
some
extra
kubernetes
services
right
so
now
is
just
like
creating
this
reviews:
v1
service
and
reviews,
v2
service,
right
and
now,
if
I
do
this
that
way,
I
can,
I
won't
be
able
to
see
more
here
right.
I
still
have
no
endpoint
configure,
but
what
I
found
out
is
that
you
need
to
basically
add
these
services
there
before
they
can.
You
know
be
reached
with
this
endpoint
discovery
service
right
so
before
the
endpoint
discovery
service
can
configure
them
right.
B
A
B
B
B
B
And
basically,
you
can
also
so
the
fun
is
that,
because
I
put
this
in
by
configuration,
you
can
have
some
wrong
syntax
or
whatever
right.
So
the
only
way
you
would
be
able
to
see
it.
Let
me
check
again
here
it
looks
really
bad,
but
the
only
the
only
way
you
can
see
it
is
that
you
have
to
basically
go
into
the
the
the
the
logs
of
the
serium
operator.
B
B
B
Try
to
open
this
one.
Perhaps
we
will
have
a
better
idea,
but
how
it
has
configured
this
thing.
So
here
it's
just
yeah.
It's
still
sent
to
this
default
reviews,
v1
and
v2,
but
these
clusters
have
no
endpoint.
So
basically,
I
think
it
just
bypasses,
probably
just
like
android
that
refuses
it,
but
it
doesn't
tell
me
anything
about
it.
So,
basically
it
just
doesn't
go
through
and
void
right.
It's
just
the
bypassing.
A
B
So
the
way
I
was
walk
around
it
last
time,
so
now,
let's
go
back
to
sorry.
Let's
go
back
to
my
initial
way
was
like
to
list
those
three
services
directly
there
right
yeah
and
when
I
was
doing
that,
then
I
was
able
to
get
the
end
point
correctly
set
for
v1
and
v2,
but
and
then
and
then
I'm
able
to
make
it
work
correctly
here
right.
So
if
I
go
there
now
I
have
the
either
okay,
no.
B
A
B
B
A
B
A
B
A
B
But
there
is
a
side
effect
of
this,
which
is
that
if
now
I
want
to
call
explicitly
the
version
v2
right
I
want
to.
Let's
say
I
have
this
preview,
that
is
for
production,
and
I
want
to
shift
my
traffic
right,
but
before
I
do
that,
probably
I
want
to
send
a
request
to
v2
directly
or
first
I
want
to
do
some
other
testing.
B
B
B
When
you
know
I
go
to
reviews,
I
was.
I
was
hoping
that
if
I
do
that,
then
it
will
not
impact
the
other
ones,
but
the
thing
is
that
it's
still
attached
my
route
to
the
it's
still
redirect
traffic
for
these
guys
as
well,
and
then
there
is
no
listener
or
there
is
no
matcher
right
for
this
domain
and
then
you
know
you
just
reject
it.
B
A
B
The
challenge
is
that
on
on
the
ingress
side,
right
on
the
north
south,
it
it
took
years
for
api
gateway
communities
or
vendors.
You
know
to
to
expose
all
these
features
and
being
able
to
generate
the
right
configuration
and
to
manage.
You
know
the
all
the
potential
issues
and
conflicts-
and
you
know
all
this
stuff
right.
So
that's
a
lot
of
work
right
to
just
even
ourselves
and
then
on
the
east
west.
It's
another
set
of
challenges
right.
B
It
took
again
years,
for
you
know,
istio
or
other
communities,
to
build
this
abstraction
right
in
the
scalable
way
being
able
to
manage.
You
know
all
the
multi-tenancy
and
conflicts
and
manage
you
know
telling
you
which
envoy
is
in
sync
and
not
and
plus
the
fact
that
there
is
only
one
invoice
right.
That
means
that
the
consequence
of
a
bad
configuration
will
impact
bad
configuration
will
impact
everyone
basically
right.
B
A
So
that's
a
recap:
what
we
just
learned!
So
essentially
you
did
a
demo
of
using
kubernetes
ingress
resource
to
expose
two
of
your
services
out
to
outside
of
the
cluster,
and
you
were
able
to
gather
work,
but
each
were
assigned
their
own
load
balancer
ip,
challenging
with
host
name
resolution
to
these
eyepiece
and
they
both
were
sharing
the
same
envoy
from
the
syrian
pods.
A
You
also
showed
a
demo
of
trying
to
get
a
real
basic
scenario.
I
guess
that
I
would
say
in
the
industrial
world
right
to
do
90
on
version
1
and
10
on
version
2.,
that's
a
very
common
scenario
and
to
the
end,
I
think
you
try
different
things
and
you
get
it
partially
working,
but
it's
not
fully
working
because
you
can't
fully
test
in
review
version
two
now,
when
you
go
there,
one
hundred
percent,
if
it
gets
to
ten
percent.
So
it's
it's.
A
B
Yeah-
and
I
mean
it's-
I
would
say
it's
not
even
the
main
point,
because
you
know
I've
just
found
this
back
end
service
perhaps
could
help
and
I'm
pretty
sure
that
there
is
a
way
to
find
a
way
to
make
it
work
right.
If
I
would
look
at
the
code
of
the
way
you
know
eds
works
in
psyllium,
probably
I
will
find
a
way
you
know
a
walk
around.
I
would
make
it
work
right,
but,
but
even
if
I
could
right
the
it
would
be
really
challenging
anyway
right
so
yeah.
A
A
B
Like
we've
seen,
also
people
who
started
with
building
their
own
mesh
before
histo
was
really
mature
right
and
invested
a
lot
of
time
and
energy
to
learn
enjoy
and
to
build
their
own
control
plane
on
top
of
envoy
and
investing
a
lot
of
money
in
that
right
and
at
the
end,
these
guys
most
of
them
decided
to
go
to
istio
right.
Even
if
you're.
B
Of
you
know
the
complexity
of
maintaining
all
these
different
configurations
for
because
we
speak
about
like
just
basic
routing,
but
then
you
have
like
to
implement
all
the
retries
and
time
out
and
circuit
breaking
and-
and
you
know
like
a
lot
of
other
features
and
and
the
problem
is
always
the
same
is
like.
If
you
will
have
only
one
team,
doing
everything
you
could
still
make
it
work
right,
but
the
problem
that
you
want
to
have
different
users
having
their
configuration.
B
You
know
that
provide
their
configuration
and
then
managing
conflicts
is
is
very
complicated.
You
you
really
need
a
lot
of
experience
to
to
make
it
properly
having
a
right
convention
for
all
the
roots
and
all
the
listener
and
all
those
things-
and
you
know
keeping
the
the
previous
configuration
that
worked
in
case.
A
new
configuration
comes
and
is
not
good
so
that
at
least
the
all
configuration
is
still
enforced
and
not
break
broke
by
the
new
configuration.
B
Then
you
need
to
report
why
the
new
computer
is
not
working
and
then
the
user
needs
to
figure
out.
You
know.
So
it's
like
it's
it's
it's
it's
a
full
project
on
its
own
right
and
but
but
yeah
I
mean
like
I
started,
you
know
I
was
playing
with
the
cdm
service
mesh
beta
in
december,
so
I
was
really
curious
about
it.
When
I
I
heard
about
this
project
and
the
reason
why
I
was
really
interested
by
it,
because
I
thought
okay,
let's
see,
how
is
it
different
right
like?
B
The
value
is
like
a
lot
lower,
because
there
is
already
there
are
already
a
lot
of
invest
controllers
that
are
really
good.
There
are
already
a
lot
of
service
mesh
options
based
on
android
that
are
mature
right.
So
yeah
I
mean
it's.
I
think
it
will
be
a
very,
very
long
journey
if
you
you
want
to
reinvent
or
recreate
all
these
things
in
serium
itself,.
A
A
So
much
and
folks,
if
you
guys
find
this
episode
interesting,
please
give
us
a
thumbs
up
and
also
subscribe
to
our
channel,
so
you
don't
miss
any
of
our
future
educations
psyllium
on
ebpf
on
istio
envoy
and
all
the
other
clown
native
technologies.
So
you
can
be
educated
at
your
job.
Thank
you
so
much
everyone
for
joining
us,
happy
learning
and
see
you
at
our
next
episode.
Thank
you.
So
much
deeney
bye.