►
From YouTube: Istio Ambient Mesh with Gloo Mesh
Description
The first experimental release of the new sidecar-less ambient mode in Istio is out, and we at Solo are eager to support it with Gloo Mesh and explore the value it offers! Join us to watch Nina demo LIVE some of our future directions of Istio ambient mesh with Gloo mesh and bring your questions!
A
Hello,
everybody
Welcome
to
hoot
episode,
39.
istio
ambient
service
match
with
clumash
yeah
we're
back
with
another
Coach
episode
about
nbms.
If
you
remember
about
two
weeks
ago,
we've
done
good
episode,
36
37
38,
it's
all
about
ambient
service
mesh.
We
talk
about
common
questions.
People
ask
about
ambient
service
manager.
We
talk
about
what
ambient
service
match
means
to
your
wallet
today.
I'm
so
excited
to
have
Nina
join
me
to
discuss
some
of
the
integration
work.
She
has
been
doing
with
istio
ambient
service
mesh
with
glue
mesh
Nina.
B
Sure
so,
I'm
Mina
polishikova
I'm,
a
software
engineer
on
the
blue,
mesh
team
and
I've,
been
working
on
the
ambient
integration
with
glumesh.
So
I'm
going
to
talk
about
like
what
you
know,
the
difference
between
sidecar
versus
cyclists
and
ambient
mode.
What
are
some
ux
improvements
like
the
mesh
has
done
to
improve
the
way
you
manage
your
Waypoint
proxy
and
what
policies
like
work
today
and
how
they
like
work
differently
in
sidecar
like
mode
versus
like
psycholus,
so
first
I
guess
to
get
started.
B
B
So
if
you
apply
an
L7
policy
like
fault
injection
or
header,
manipulation,
you'll
see
that
the
you
have
a
virtual
service
that
gets
created
and
that
policy
gets
applied
on
the
client
side.
So
this
sidecar
on
the
product
page
would
be
the
thing
enforcing
like
fall
injection
in
ambient
mode.
However,
we
have
a
slightly
different
setup.
So,
first
of
all,
you
have
your
Z
tunnel,
which
is
The
L4
proxy.
B
Currently,
that
will
enforce
like
mtls
and
like
authorization
policies,
but
if
you
want
to
do
any
L7
routing
or
any
L7
policies,
you
need
to
create
a
waypoint
proxy
that
will
enforce
that
policy.
So
you
can
see
compared
to
like
the
sidecar
mode,
where
the
L7
policy
happens
on
the
product
page
sidecar.
Now
the
L7
policy
is
getting
applied
on
the
server
side
on
the
reviews.
B
Waypoint
proxy,
which
is,
is
a
pretty
big
difference
on
where
the
policy
gets
applied
and
the
way
you
create
this
Waypoint
proxy
in
ambient
istio
today
is
by
using
the
Gateway
resource.
So
I
have
it
pulled
up
here.
So
basically
you
using
the
kubernetes
Gateway
API,
you
define
this
Gateway,
you
specify
the
the
you
know,
namespace
that
you
wanted
in,
and
you
can
optionally
create
annotations
for
specifying
the
service
account.
B
B
B
B
This
like
is
that
the
node
level
and
your
Waypoint
proxy
is
at
the
service
account
level
and
any
L7
policy
you
apply
is
now
going
to
be
enforced
by
this
Waypoint
proxy.
So
before
like
when
we
had
like
fault
injection
being
enforced
on
the
sidecar,
now
it's
being
enforced
by
the
square
Point
proxy
here.
So
this
is
different
right
because,
like
instead
of
the
client-side
product
page
enforcing
it
now
you
have
to
create
this
Waypoint
proxy
to
enforce
your
L7
policies
and.
A
That's
a
great
point,
I
feel
like
this
is
something
when
we
first
launched
SEO
ambient
service
match
in
the
launch,
blog
that
we
didn't
highlight,
particularly,
but
it's
a
important
caveat
for
our
user-
that
the
Waypoint
proxy
has
to
be
there
has
to
be
deployed,
has
to
be
running
for
your
layer,
7
policy
to
work
right.
It's
just
not
going
to
work
magically
as
the
psycha
case.
Well,
all
you
need
to
do
is
just
inject
the
site
car,
which
you
always
have
it
in
reject
it.
B
Yeah
exactly
so,
if
you
install
istio
like
you'll,
see
the
Z
tunnels
come
up
per
node
automatically,
but
in
order
to
create
this
Waypoint
proxy
you
have
to
manually
like
before,
you
can
apply
any
L7
policies.
Like
Lin
said
you
have
to
create
this
Waypoint
proxy,
using
the
kubernetes
Gateway
API,
and
then
this
is
what
I
was
showing
before.
B
You
can
do
so
it's
hard
to
like
scale
the
Waypoint
proxy
up,
so
you
can't
have
like
multiple
replicas
of
it.
You
can't
really
determine
where
it's
going
to
land
either.
So
if
I
had
like
another
reviews
in
in
like
node
one,
it's
a
you
can't
guarantee
that
the
Waypoint
proxy
for
reviews,
if
they
share
a
service
account,
is
going
to
be
in
Node,
1
or
node.
Two.
A
Yeah
I
do
feel
the
istio
Gateway
resource
to
deploy.
Waypoint
proxy
is
pretty
preliminary
like
you
highlight
here
and
in
that
way,
there's
very
animated
configuration
and
I
do
think
this
is
going
to
be
involving
in
Upstream,
but
you
still
have
to
kind
of
create
the
Gateway
ratios
and
deploy
it
when
the
options
become
available,
such
as
wrap
number
of
replicas
such
as,
like
placement
information
that
Nina
just
talked
about.
B
Yeah
another
I
think
interesting
point
is
so
before.
When
you
had
your
sidecar,
you
would
scale
because
the
sidecar
was
injected
to
the
pond
right
you'd
scale,
the
sidecar,
with
the
Pod
versus
now
the
Waypoint
proxies
associated
with
a
service
account.
So
it
scales
separately
from
the
Pod,
which
is,
is
also
like
a
big
difference
between
the
two
models.
A
Yeah,
which
brings
a
lot
of
benefits.
Actually
these
are
some
of
the
benefits
we
just
talk
about
in
our
previous
episode.
I
believe
is
38.
Well,
we
talk
about
what
ambient
means
to
your
wallet
right,
because
if
you
have
10
replicas,
you
don't
necessarily
need
10
replica
of
Waypoint
procs.
If
your
Waypoint
proxy
two
also
a
replica
handle
the
layer
7
proxy,
then
you
save
yourself
from
running
10
replica
of
of
your
of
your
past,
because
you
didn't
have
such
a
choice
in
the
sidecar
world.
B
A
Yeah,
that's
another
great
point.
So
that
means,
if
your
Waypoint
proxy
has
a
cve
which
we
know
there's
a
lot
of
cve
with
Envoy,
then
you
actually
could
potentially
update
your
Waypoint
proxy
without
touching
any
of
your
services
that
Waypoint
proxy
is
serving
right,
because
if
your
reviews
or
ratings
doesn't
have
any
coaching,
you
don't
need
to
restart
the
Pod.
All
you
need
to
do
is
update
the
rip
Waypoint
proxy
in
the
sun
card
world.
That
would
not
be
option
because
they
are
bundled
together
right.
B
A
A
B
So
one
example
that
is
like
currently
Limited
in
ambient
for
deploying
your
Waypoint
proxies
like
where
it
actually
goes
so
there's
no
way
of
specifying
like
pod,
Affinity
or
like
which
node
your
Waypoint
proxy
will
end
up
on
and
like
this.
Can
you
know
result
in
like
configurations
where,
if
you
go
from,
you
know
product
page
to
reviews,
the
Waypoint
proxy
could
be
on
a
separate
node.
B
So,
like
fall
injection,
you
know
mirroring
stuff
like
that,
and
that
happens
on
the
server
side.
But
some
like
policies
also
have
to
happen
on
the
client
side.
So
anything
that
is
on
a
destination
rule
like
that
requires
a
traffic
policy.
So
failover,
like
outlier
detection,
would
still
happen
on
the
client
side.
So
you
need
to
create
a
waypoint
like
client-side
Waypoint
proxy
for
that
and
glumash
kind
of
knows
which
policy
you're
playing
and
what
kind
of
waypoints
you
have
to
create.
A
That's
very
cool,
hey
I,
want
to
say
hi
to
one
of
our
audience.
Thank
you.
So
much
for
joining
us,
Nina
I
want
to
ask
you
about.
What's
the
logic,
to
determine
whether
you
deploy
a
server-side
waypoint
proxy
automatically,
with
whether
you
deploy
a
client-side,
waypoint
proxy
I,
think
you
touch
some
of
the
policies.
What's
the
What's
a
clear
guideline
from
your
perspective,
yeah.
B
B
Everything
that
happens
on
the
traffic
policy
destination
rule
would
require
a
client-side
proxy
So,
like
the
I.
Think.
A
good
example
is
failover.
Failover
would
happen
on
is
a
traffic
policy
that
you
define
on
your
destination
Rule
and
that
would
need
a
client-side
waypoint
proxy
to
be
able
to
like
correctly
enforce
it.
A
B
A
Perfect
yeah
thanks
so
much
for
that
clarification.
I
appreciate
that
okay,
so
the
other
question
before
you
get
to
the
demo,
I
want
to
quickly
repeat
on
your
brain
is
what
about
the
existing
key
features
of
glow
mesh.
So
correct
me:
if
I'm
right,
I'm
thinking
about
glue
mesh,
the
key
features
of
glow
mesh
are
workspaces
right,
so
I
as
a
owner
of
my
particular
service
I
got
to
config.
You
know
what
are
my
workspaces:
what
are
the
isolation?
A
You
know,
instead
of
me,
worry
about
which
cluster
has
which
Services
I
can
just
deploy,
abstracted
resources
based
on
Google,
mesh,
API
and
then
Google
mesh
automatically
figure
out
for
me,
the
generated
industrial
resources
and
where
to
deploy
those
HCL
resources
based
on
how
we
have
my
services
are
running.
Yes,.
B
So
you
have
like
all
of
your
authorization
policies
and
and
peer
authentication
policies
automatically
created
for
you
for
your
workspace,
so
bluemash
kind
of
handles.
All
of
that
like
isolation
for
you,
which
is
a
really
key
feature
that
we
have
and
it
still
works
in
in
ambient
mode,
because
the
only
thing
you
have
to
do
is
you
know,
set
up
your
workspace
based
on
the
namespaces
and
clusters.
B
If
you
do
happen
to
have
a
waypoint
proxy
because,
like
you've
created
a
blue
mesh
policy,
then
it'll
be
enforced
at
the
L7
level
and
you
can
see
the
the
logs
there
as
well.
So
in
terms
of
multi
cluster
capabilities.
There's
some
limitations
that
ambient
currently
has
with
service
entries,
which
doesn't
like
fully
enable
all
of
the
multi-cluster
support.
B
That
glumash
has
so
one
key
feature
that
the
mesh
has
is
like
virtual
destinations,
where
you
can
define
a
virtual
destination
for,
like
you,
know,
reviews
Global
across
multiple
clusters
and
then
route
to
all
the
Clusters
seamlessly.
That
currently
is
a
limitation
of
ambient
that
it's
still
like
an
experimental
mode.
So
like
there's
still
like
some
development
to
be
done.
So
the
demo
I
have
is
to
be
in
a
single
cluster
environment,
but
all
the
policies
still
work
for
Coop
services,
and
you
know
on
a
single
cluster.
A
B
That
was
my,
so
the
Ingress
Gateway
features
still
work
as
well.
So
if
you
like
currently,
there's
also
limitations
on
like
Envoy
filters,
so
a
lot
of
like
xed
off
and,
like
rate
limiting
features,
don't
work
East-West,
because
there's
no
support
for
applying
like
an
Envoy
filter
to
a
waypoint
proxy,
but
everything
on
the
Ingress
Gateway
still
works.
A
That's
great
and
I
assume
all
you
said
about
that
function.
Is
there
that
function
is
not
there.
It's
just
a
Time
statement
right
because
Ambience
so
new
we're
constantly
work
with
Upstream
to
improve
ambient
array.
Along
with,
like
the
service
entry
issue,
you
just
mentioned
with
multi-cluster
support
yeah
all
right
I
want
to
hi
to
a
second
attendee
hi
princeu.
Thank
you
so
much
for
joining
us.
By
the
way
we
love
Nina
and
I
love
to
hear
from
you
guys.
A
A
B
B
Using
the
the
regular
Upstream
so
you'll
notice
that
this
you
have
to
manage
your
your
gateway
resource.
So
if
you
go
click
to
L4
authorization
policy,
you'll
see
that
when
you
do
the
layer
7,
you
actually
have
to
create
a
Gateway
resource
manually
and
you'll
notice
that,
in
in
my
demo,
like
I,
don't
create
any
Gateway
resources
just
because
glue
mesh
is
doing
that
for
me.
B
But
this
is
still
like
a
great
guide
to
try
out
ambient,
so
cool,
okay.
Well,
so
I
have
the
glue.
Mesh
I
have
two
clusters:
one
management
cluster,
where
I
have
the
glue
mesh
management
server
installed
and
one
cluster
cluster,
one
which
is
my
remote
cluster,
which
has
istio
ambient
installed,
along
with
the
glue
mesh
agent
and
book
info.
So
in
this
example,
I'm
gonna
have
two
workspaces.
B
One
book
info
workspace,
which
will
have
it
currently
doesn't
have
any
policies
so
you'll
see
that
there's
no
Waypoint
proxies
there
and
in
my
Gateway
I
just
have
the
the
virtual
Gateway
and
all
the
Ingress
gateways
defined
in
a
separate
workspace
just
to
clean
it
up
there
and
then
I
also
have
my
on
my
remote
cluster.
I
have
the
product
page
example
here
and
I
have
a
pod.
B
That's
like
constantly
curling
this
every
couple
of
seconds,
so
I
can
generate
some
data
to
view
in
the
graph.
So
here's
our
little
graph
of
the
book
info
example.
So
this
is
the
you
can
see
that
we
actually
have
the
TCP
metrics
of
for
a
number
of
byte
sent
and
everything's
enforced
by
mtls,
which
is
what
the
little
icon
means
here.
B
So
in
this
example,
we're
going
to
have
reviews,
V1
reviews,
V2
and
reviews
V3,
which
all
share
a
service
account
and
they're
going
to
be
on
separate
nodes.
So
we,
but
product
page,
is
going
to
hit
or
reuse
you,
one
which
doesn't
hit
ratings
and
reviews
V2
which
do
hit
ratings,
but
then
have
different
star
colors
so
like.
If
you
look
at
the
the
result
here
like
based
on
the
the
star,
colors
are
what
you're
seeing
from
readings
getting
hit
cool?
B
Okay,
let's
actually
take
a
look
at
the
cluster,
so
here
I
have
all
my
pods
up.
So
one
thing
you
might
notice
is
that
there's
no
sidecars
because
we're
in
ambient
mode.
So
if
I
I
look
at
a
product
page
this
one's
kind
of
weird,
because
I
have
a
curl
container
here,
just
to
be
able
to
test
some
some
stuff.
B
But
everything
else
is
is
just
the
there's
no
side
car
injected
here.
So
another
thing
you
might
notice
is
I.
Have
the
Z
camel
up
so
I
have
three
Z
tunnels,
because
I
have
three
nodes.
So
if
I
look
at
the
nodes
in
in
canine
and
see
what's
on
each
node,
I
can
see
that
reviews
the
three
and
details
on
this
node
and
they
have
a
z
tunnel.
B
B
So
there's
no
API
changes
really
for
the
the
routing
and
traffic
policies,
and
you
know
L7
policies
that
you
might
want
to
apply
so
in
this
example,
I'm
going
to
apply
a
route
table
that
has
a
simple
East
West
route
table
for
East-West
traffic.
So
it's
not
selecting
a
virtual
Gateway.
It's
just
like
doing
routing
between
two
pods
in
the
mesh.
B
So
the
two
routes
I
have
route.
One
doesn't
have
any
header
match,
but
Route
2
has
this
header
match
where,
if
I
specify
user
and
istio
custom
user,
then
I'm
going
to
route
to
V2,
which
is
the
the
destination
that
has
the
the
stars
because
it
hits
ratings
and
this
one
we'll
see
that
it
doesn't
have
any
ratings
associated
with
it.
So
the
first
thing
I'm
going
to
do
is
apply
the
route
table
and,
let's.
B
A
B
Like
here,
oh
I
think
it
went
down,
but
the
the
Gateway
settings
here
just
also
important
export
book
info,
so
they're,
both
important
exported
and
service
isolation
is
disabled.
So,
like
you
can
actually
access
all
the
services
there.
So
let's
go
back
and
look
at
the
pods
we
have
so
you
can
see
before
where
we
didn't
have
any
waypoints.
Now
we
have
a
new
book
info
reviews
Waypoint.
B
B
I,
don't
save
it
so
if
I
add
the
header,
I
should
be
hitting
now
the
one
with
the
Stars,
so
you
can
see
that
I
get
the
the
black
stars
back
from
that
response
and
that's
consistently
happening.
So
if
we
go
back
and
look
at
what's
happening
on
the
Waypoint,
you
can
see
that
we
actually
got
some
traffic
here.
So
it's
hitting
like
the
the
thing
that
does
the
routing
goes
through
the
Waypoint
to
determine
where
which
reviews
the
service
is
going
to
hit
cool.
Okay.
B
So
another
thing
we
can
do
in
addition,
so
that
was
just
a
simple
route
table
again
like
this
is
the
same
API
as
any
sidecar
mode
that
we
mesh
supports.
The
only
difference
is
like
what
happens
with
this
Waypoint
proxy
like
it
gets
brought
up
and
it
does
applies
the
the
L7
like
routing
on
on
the
server
side,
instead
of
it
happening
on
the
Sidecar
cool.
B
So
the
next
thing
I'm
going
to
do
is
apply
a
let's
I,
a
L7
policy,
so
I
have
a
simple
fault:
injection
policy
that
I'm
going
to
test.
So
again,
this
is
the
same
API
for
resilience.
Policies
in
in
glumesh
there's
no,
no
difference
we're
just
going
to
apply
it
to
Route
One.
So
like
you're,
going
to
see
that
when
we
curl
the
route,
one
was
like
the
the
basic
reviews
example
that
we
had.
B
A
B
Yeah
so
I
think
the
next
thing
is
the
custom
deployment.
So
this
is
one
Improvement
that
Gloom
rash
has
over
the
regular
kubernetes
Gateway
is.
We
can
actually
have
a
deployment
override
that
we
specify
so
I
have
two
examples
for
that.
One
is
just
incrementing
the
replica
Set,
a
number
of
replicas,
so
I'm,
going
to
currently
I
only
have
one
Waypoint
proxy,
but
if
I
apply
this
ambient
life
cycle
manager,
I
can
increase.
B
B
B
A
B
B
This
is
also
like
I
mentioned
useful
for
the
the
pot
affinity,
for
example.
So,
right
now,
if
I
look
at
the
the
nodes,
I
have
you'll
notice
that
the
both
Waypoint
properties
are
both
being
deployed
in
one
node
and
that's
because
the
default
we're
using
is
we're
using
because
we
know
that
it
needs
the
Waypoint
proxy
is
for
reviews
we're
using
the
oldest
deployment
to
determine,
which
node
to
add
the
waypoints
by
default.
B
A
Yeah,
very
nice,
yeah
I
guess
the
other
thing
is
I
guess
it
will
be
a
good
practice
to
kind
of.
If
you
have
a
particular
ambient
life
cycle
configuration
you
want
to
use
it's
good
to
have
that
deploy
before
you
deploy
like
a
seven
policy
right.
So
when
you
level
seven
policy
is
there,
you
would
have
the
right
Waypoint
proxy,
automatically
provisioned
by
glumash.
Yes,.
B
Exactly
yeah
the
order
doesn't
matter
so
this,
like
you,
can
have
this
in
place
before
you
create
the
L7
policy
or
after,
but
when
when
so
like.
If
we
delete
the
route
table
for
example,
then
the
weapon
Proctor
should
get
cleaned
up.
So
if
we
go
back,
you'll
see
that
it's
getting
cleaned
up
because
there's
nothing
the
default
injection
that
we
have
is
tied
to
a
route.
So
there's
no
route
table
anymore.
So
there's
no
L7
policy
to
enforce.
A
Okay,
so
the
only
saving,
if
you
do
deploy
the
life
cycle
management.
First,
it's
to
save
your
Waypoint
proxy
form,
I,
guess,
redeployed
right
when
you
later
attach
lifecycle
management-
maybe
it's
different.
So
it's
going
to
be
like
it's
probably
just
do
a
restart
or
actually
scale
out
more
yeah,
exactly
yeah,
okay,
cool,
very
nice
yeah!
That's
a
great
simplification,
because
I
do
know.
A
B
Yeah-
and
this
provides
like
you,
know,
flexibility
of
like
how
many
you
want
like
where
you
want
to
deployed
what
image
you
want
to
use.
So
all
of
that
is
is
pretty
nice
and
also
like
one
thing.
I've
noticed
is
that
in
the
so
the
Waypoint
controller
is,
if
you
are
looking
at
the
the
studio
code,
that
to
see
like
what
actually
controls
how
the
the
Waypoint
proxy
gets
created.
B
It's
this
file
here
called
the
Waypoint
controller
and
in
the
like,
the
last
couple
updates
to
it
have
been
all
like
just
improvements
on
like
making
the
image
policy
configurable.
So
I
can
imagine,
there's
going
to
be
a
lot
more
improvements
there
on
like
what
we
like
how
to
actually
control
like
where
the
Waypoint
gets
deployed
and
and
stuff
like
that.
A
B
A
B
Here
and
that's
what
we're
using
to
determine
that,
like,
yes,
reviews
needs
a
waypoint.
If
it
didn't
have
this
label,
then
glue
mesh
would
assume
you're
like
inside
car
mode
for
that
like
because
you
can
have
hybrid
modes
where
not
everything
in
your
mesh
is
in
ambient
mode.
So
in
that
case,
like
you
would
have
a
sidecar
that
would
be
enforcing
the
the
policy.
B
A
B
And
that's
based
on
the
type
of
policy
you're
applying
so
I
think
I've
pulled
up
somewhere
supported
policies,
so
a
glue
match
supports
a
bunch
of
different
policies
and
all
of
these
have
different.
So
some
of
them
are
tied
to
like
the
virtual
Service
that
istio
has
and
some
are
tied
to
like
the
traffic
policies.
So
like
failover
and
LR
detection
are
applied
to
the
destination,
so
they
would
be
applied
on
the
client
side,
but
everything
that's
applied
on
the
route.
B
B
A
I
know
just
making
sure
we're
on
the
same
page,
I
think
the
apply
to
that
concept,
whether
it's
on
the
route
and
destination
matches
to
the
labels.
You
were
showing
earlier
right,
because
I
think
earlier
you
showed
a
40
injection
policy
where
you
should
on
a
particular
route
or
which
you
had
a
label
for
that
router.
So
that's
what
that
applied
to
Maps
too
yeah.
B
A
Okay,
God
yeah,
I
guess
the
robbed
configuration
tends
to
be
a
little
bit
more
flexible
because
you
could
have
multiple
routes
to
a
given
destination:
yeah,
yeah,
yeah,
okay,
very
cool
I,
actually
really
like
the
fact
that
you
can
just
you
know,
apply
a
label
and
then
be
able
to
apply
a
particular
policy
on
this
particular
destination
or
route.
Yeah
yeah.
A
B
B
B
B
B
If
I
go
if
so
I,
if
I
think
I
also
have
to
bring
the
the
right
table
back,
but
basically
the
limit
policy.
We
have
a
rate
limit
server
in
the
Pod
in
the
the
and
on
the
remote
cluster.
So
where
is
it
on?
So,
if
I
apply
like
an
Ingress
rate
limit
policy,
everything
still
works
because
the
policy
is
getting
enforced
at
the
Ingrid
ingress
level.
B
A
A
All
right,
I,
don't
see
any
further
questions.
Mina
I
think
we've
kind
of
talked
quite
a
lot
today.
So
we
talk
about.
Let's
do
a
quick
recap
on
what
we
talk
about.
We
talk
about
in
ambient
when
comparing
with
psycha
to
ambient
a
lot
of
policies
enforced
on
the
destination
side
with
ambient
right
and
then
we
talk
about
the
key
features
of
glue
mesh
and
we
discuss
these
features.
A
We
expect
to
continue
to
work
in
glue
match
with
ambience
such
as
multi-class
multi-clustered
down
the
road,
such
as
workspace
with
multi-tenancy,
which
is
already
in
place,
and
on
top
of
the
existing
feature.
We
talk
about
how
glutamus
is
automatically
manage,
Waypoint
proxy
for
you
and
how
you
can
potentially
customize
your
Waypoint
proxy
deployments
through,
like
yaml
override
with
the
life
cycle
manager.
A
We
talk
about
the
UI,
the
layer
for
Telemetry
right
with
symmetric,
Diaz
icon.
That's
all
provided
with
just
see
tunnel
without
Waypoint
proxy,
and
then
we
talk
about
apply
some
of
the
layer,
7
policy,
and
then
you
showed
how
these
layers
have
been
policy
in
action
was
just
the
destinations.
I
would
have
Waypoint
proxy.
A
Okay,
great
well
I
guess
I
want
to
thank
you
Nina.
Thank
you.
So
much
for
joining
me
on
the
hood.
I
feel
like
I
got,
educate
you
quite
a
lot
blue
mesh
and
mdn
integration
too.
So
thank
you
for
preparing
the
wonderful
demo
live
to
everybody
and
folks.
If
you
guys
find
this
interesting,
what
other
topics
you
would
like
to
see
we're
trying
to
roll
out
quite
a
lot
of
topic
about
Ambience,
because
their
solo
we're
very
excited
about
ambient.
A
We're
also
excited
about
some
of
the
evpf
work,
we're
going
to
do
as
solo,
so
we
we
plan
to
have
more
education
session
around
it's
still
around
ambient
around
evpf,
so
definitely
reach
out
to
us
either
on
the
hood.
Github.
Oh
just
comment
in
this
in
this
YouTube
video
and
we'll
get
back
to
you.
Thank
you
so
much
for
joining
us
today.
Thank
you.
Nina
bye,
everybody.