►
From YouTube: Workshop Deploy Istio for Production
Description
This workshop series is for those looking to learn more about how Istio works and how to operationalize it for their organization. In this first of a two-part series of workshops on operationalizing Istio service mesh, we dive into Istio foundations with a focus on understanding how it all works and how to roll it out to your organization.
A
A
Cool
all
right.
Well,
why
don't?
We
get
started?
First
of
all,
welcome
to
the
the
istio
day,
two
series
of
workshops.
This
is
the
first
one
and
this
one's
called
deploying
istio
for
production
and
in
this
workshop,
we're
going
to
get
hands-on
with
istio
some
of
its
constituent
pieces
and
understand
how
to
deploy
sdf
production.
Now
you're
going
to
see
differences
in
how
the
community
documentation
presents
istio
and
that's
on
purpose.
A
The
community
is
a
you
know,
sort
of
the
docs
there
are
for
for
everyone
and
any
possible
kind
of
you
know:
there's
reference
documentation,
there's
concept,
documentation,
there's
the
install
documentation,
parts
of
which
you
know
focus
on
user
experience
and
getting
started,
and
that's
slightly
different
than
what
we're
doing
here.
So
you
will
see
some
differences
and
that's
why?
A
Because
what
we're
doing
here
is
we're
taking
our
experience
and
the
expertise
that
we
have
here
at
solo,
supporting
and
working
with
our
customers,
our
prospects,
our
community
users
and,
of
course,
building
products
on
top
of
istio
and
with
istio,
and
what
we're
doing
is
we're
sharing
some
of
that
learning
and
some
of
that
experience
with
you
all
right.
So
there's
a
lot
of,
I
would
say,
blood,
sweat
and
tears
that
have
gone
into
learning
and
understanding
and
debugging
and
otherwise
figuring
out
these.
These
things
that
we're
going
to
dig
into
here.
A
So
you
know
we're
excited
to
have
you
thanks
again
for
joining
at
solo
con
and
for
this
workshop
specifically,
and
so,
let's,
let's,
let's
get
started.
So
we
have
me
and
and
two
two
other
folks
from
from
solo
here
very
esteemed
folks.
My
name
is
christian.
A
I'm
a
field
cto
here
at
solo
been
involved
in
the
istio
community
and
the
service
mesh
community
for
a
while
and
generally
my
passion
is
helping
helping
organizations
modernize
their
application,
architectures
and
infrastructure
to
support
them,
delivering
software
faster
and
not
just
replacing
old
crappy
technology,
with
new
crafting
technology
and
continuing
to
do
the
same
thing,
but
focusing
on
excellence
and
business
outcomes
and
and
so
on,
and
you
know.
A
At
solo,
we're
heavily
invested
in
istio
and
we
have
some
some
relatively
newer
faces
to
istio
but
extremely
well
known
and
well
respected
in
the
istio
community,
with
lim
so
welcome.
Lin.
C
Thank
you,
christian
hi,
everyone.
Yes,
like
christian,
said,
I
joined
solo
about
a
month
ago.
I've
been
contributing
to
istio
since
the
beginning
of
the
project.
My
passion
is
really
helping
istio
successful
and
help
you
guys
adopt
issue
next,
I'd
like
to
turn
into
rom,
who
is
also
recently
new
to
solo.
D
That's
right,
I
joined
solo.
This
is
it's
been
eight
days,
so
this
is
my
second
week
very
excited
to
be
here.
I
also
come
from
ibm
where
I
was
a
technical
product
manager
and
developer
advocate
and
I'm
focused
on
kubernetes
and
istio,
so
I
helped
a
lot
of
users.
You
know
adopt
cloud
native
technology
cloud,
foundry,
kubernetes
and
I've
been
working
on
istio
for
the
last
year
and
a
half
to
two
years
so
really
excited
to
be
here
and
continue
that
work.
A
Yeah
and
welcome
to
solo
lynn
and
rom,
and
I
guess
if
I
planned
this
a
little
bit
better,
I
would
and
will
skip
to
this
slide
real,
quick.
We
are
hiring
so
I
mean
we're
doing
amazing
things
and
very
interesting
things
here,
pushing
the
boundaries
here
here
at
solo
we've
built
an
amazing
team.
A
You
know
some
of
the
folks
on
on
this
call
absolutely
amazing
people
and,
if
you'd
like
to
join
us
and
work
with
us
on
on
this
journey,
we
absolutely
are
hiring
as
quickly
as
we
possibly
can
so
with
that,
let's
jump
right
right
into
it.
A
So
the
first
thing
I
want
to
point
out
is
that
I'm
gonna
the
the
what
you
can
expect
from
this
workshop,
we're
gonna
start
off
with
the
first,
probably
15
minutes
or
so
setting
some
backdrop
setting
some
context,
giving
you
an
overview
of
of
what
we're
doing
here
at
solo
and
what
what
to
expect
from
this
this
workshop.
Another
point
that
I
want
to
make
is
that,
if
you're
familiar
with
this
deal,
if
you're,
if
you're
learning-
you
said
this
is
not
a
steal
101
per
se
type
type
workshop-
this
is
a
you
know.
A
There's
a
lot
of
expertise
on
this
workshop
panel
delivering
this.
Please
please,
please
feel
free
to
ask
questions
to
be
interactive.
You
know
this
is
so
we're
gonna.
We
have
three
hours
set
aside
here,
definitely
make
the
most
of
it
as
we
as
we
would
like
to
as
well.
A
A
Maybe
another
30-35
minutes
take
a
break
and
then
get
to
get
get
to
the
end,
but
before
we
do
that,
if
you're
unfamiliar
with
solo
and
what
we're
doing
we're
heavily
involved
in
the
envoy
community,
everything
that
we're
doing
here
is
based
on
an
envoy
heavily
involved
in
the
service
mesh
ecosystem,
the
istio
communities,
everything
you
know,
the
the
pieces
that
involve
service
mesh
are
based
on
istio
here
at
solo.
A
But
what
we
focus
on,
I
guess
like
I
was
trying
to
allude
to
earlier-
is
helping
organizations
modernize
their
architectures
so
that
they
can
deliver
software
faster,
deploying
kubernetes,
get
ops.
You
know
fancy
telemetry
systems,
whatever
that's
all
good,
but
when
you
deploy
your
applications,
they
need
to
interact
with
each
other.
A
They
need
to
communicate
with
each
other
and
they
do
that
over
the
network,
and
that
involves
opening
up
tcp
connections
and
sending
messages
and
expecting
responses,
and
you
know
figuring
out
how
to
talk
to
various
services,
knowing
full
well
that
the
network
is
not
reliable.
The
network
is
not
secure.
The
network
does
not
guarantee
you
anything
in
terms
of
time
and
we
have
to
build
our
applications
to
be
resilient,
because
if
we
don't,
then
we
end
up
building
this
distributed
system.
A
That
any
little
piece
starts
to
fault
will
start
to
cascade
and
take
everything
down,
and
that's
we
do
not
want
that.
We
want
to
take
advantage
of
the
cloud
platforms
that
we
have
in
terms
of
the
scaling,
their
dynamicism
being
able
to
be
highly
available
and
react
appropriately
when
things
start
to
fail
and
isolate
those
failures,
identify
those
failures
and
fix
them
as
quickly
as
possible,
and
so
what
we're
doing
at
solo
is
we're
building
the
application
level
networking
pieces
that
allow
services
to
connect
with
each
other
do
that.
A
A
You
know
expectations
around
regulatory
and
compliance
and
and
so
on,
developer
experience,
and
that
involves
a
few
different
pieces
and
at
solo
we
built
a
product
called
glue
mesh
which
basically
an
enterprise
istio
that
with
supporting
tooling,
to
allow
you
and
automation
to
allow
you
to
run
it
successfully
across
multiple
clusters,
maybe
different
versions
of
istio,
different
geographies,
different
clouds
and
and
otherwise
simplify
the
adoption
and
operations
of
istio.
A
Now
we
actually
have
a
glue
mesh
workshop
going
on
right
now
in
parallel,
and
we
will
continue
to
deliver
more
of
these
workshops,
so
you
can
get
a
hands-on
understanding
of
what
it
takes
to
operate.
A
The
steel
in
a
multi-cluster
environment,
another
piece
of
the
puzzle
is
glue
edge,
is
our
edge
gateway
so
connecting
unknown
untrusted
sources,
unknown
clients,
whether
internal
or
external,
to
your
services
and
implementing
things
like
security
things
like
oauth
and
oidc
things
like
ldap,
api
keys,
open
policy
agent,
these
types
of
things
rate
limiting
at
the
edge
web
application
firewalling,
is
another
big
one,
and
then
integrating
that
and
bringing
that
into
the
rest
of
the
mesh
architecture,
setting
up
boundaries
between
lines
of
business,
setting
up
boundaries
between
apis
and
products
and
and
otherwise,
managing
this
in
a
larger,
a
larger
fleet.
A
Now
and
then
here,
why
don't?
We
just
jump
right
to
what
an
architecture
diagram
might
look
like
where
we
have
this
decentralized
infrastructure
based
on
envoy
and
things
like
istio,
which
we'll
see
in
this
workshop,
and
you
know
what
we're
building
is
the
the
management
and
automation
pieces
to
help.
A
You
simplify
and
successfully
deploy
a
platform
like
that,
including,
and
you
know
how
your
developers
express
their
apis,
how
they
consume
those
apis
document
them
and
any
of
the
automation
that
is
involved
in
exposing
those
apis
and
exposing
them
to
only
the
designated
consumers
of
those
those
apis.
So.
A
Take
on
api
management,
it
flips
the
entire
paradigm
on
its
head,
where,
in
the
past
we
had
these
monolithic
hardware,
load,
balancers,
monolithic,
api
management
systems,
everything
was
bundled
in
massive
databases.
Everything
centralized
and
now
we're
decentralizing
some
of
these
enforcement
points,
while
keeping
and
balancing
some
of
the
the
centralization
around
around
the
management.
So
that's
what
we're
doing
here
at
solo
definitely
check
it
out,
like
I
said,
we're
hiring.
A
So
a
service
mesh,
which
is
what
we're
gonna
focus
on
today,
provides
the
following
pieces
to
the
puzzle
in
a
service
to
service
direction,
or
you
know
some
folks
call
this
east-west
sort
of
the
direction
of
the
data
center,
directional,
east-west
and
so
between
services
as
a
service,
a
wants
to
talk
to
service
b,
doing
things
like
binding,
where
or
service
b
lives,
where
all
service
b's
endpoints
live
to
do
service
discovery
to
do
load,
balancing
to
do
traffic
control
and
traffic
shifting
between
maybe
different
versions
of
service,
b
or
maybe
service
b,
is
deployed
on
one
cluster
and
in
a
geographic
distributed
cluster
to
prefer
locality
in
these
types
of
things.
A
You
know,
industry
reasons,
geographical
reasons,
why
cert
by
a
cloud
service
can't
just
decide
to
talk
to
whatever
services
on
on-prem
that
it
wants
to
right
and
we
want
to.
We
want
to
control
and
lock
that
down,
and
then
the
last
and
important
piece
is
that
the
service
mesh
provides
an
api
for
actually
implementing
this
and
controlling.
B
A
At
runtime
dynamically
all
right,
so
we're
not
going
out
and
pushing
configuration
files
and
bouncing
proxies
and
bouncing
servers,
and
we
have.
We
have
an
api
that
the
operator
can
use
to
dynamically
configure
and
and
and
define
what
the
rules
are
for
traffic
in
between
the
the
applications.
Using
this
using
this
api,
and
this.
A
Important
part
and
one
that
we're
that
we're
you
know
particularly
focused
on
at
at
solo,
so
between
the
services,
if
you're
familiar
with
the
service
mesh,
which
ideally
you
would
be.
If
you
came
to
this
workshop,
you
know
we
we
have
these
proxies
that
get
deployed
with
the
workloads.
A
We
use
a
control
plane
to
control
the
individual
workloads
in
a
particular
mesh
in
a
particular
mesh
boundary
and
when
we
get
to
multi-cluster
and
all
this
other
stuff,
that
gets
a
little
bit
more
complicated,
but
for
what
we're
doing
here
in
this
workshop,
this
is,
if
you
understand
this
part
of
what
a
service
mesh
is.
If
you
understand
what
these
features
are,
that
a
service
mesh
provides,
then
you
should
be.
You
should
be
good
to
go
now.
Istio
is
what
we're
going
to
be
covering
today.
A
Istio
is
the
most
popular
most
dominantly
deployed
in
production
service
mesh
in
the
world.
You
know
all
of
us
on
on
the
call
been
following
istio
for
quite
a
long
time
and
watching
the
market
evolve,
and
we
can
say
you
know
I
guess
anecdotally,
but
what
what
we've
seen
over
the
last
eight
months
is
that
service
mesh
is
real.
A
So,
as
I
mentioned
earlier,
glue
meshes
our
service
mesh
product,
and
that
includes
istio,
upstream
support,
and
so
we
we
do
have
builds
of
istio
based
on
upstream
there's.
Some
deviation
when
it
comes
to
building
for
fips
and
arm,
and
some
of
these
specialty
builds,
but
otherwise
it's
upstream
there
might
be
some
deviation.
When
you
run
in
production,
we
have
to
patch
it
for
you.
So
between
the
time
we
patch
it
for
you
and
we
bring
those
patches
upstream.
There
might
be
some
deviation
and
then
we
also
support
long
term.
A
A
Otherwise,
it's
upstream,
you
can
use
the
same
seo
tooling,
there's
no
extra
clies
or
any
any
other
additional
stuff.
You
need
to
use
it
and
you
have
the
backing
of
of
a
a
company.
That's
built
entirely
around
service
mesh
with
the
expertise,
and
you
know
the
the
ability
to
influence
in
in
the
community
to
to
support
it.
Basically,
we
support
it
with
enterprise
slas
step
one.
A
We,
you
know
things
break,
whether
it's
onboard
proxy
or
the
control
plane
itself
or
anything
in
between
we
support
it
and,
along
with
our
support,
comes
architectural
guidance
and
best
practices,
and
you
know
ability
to
ask
questions
and
bounce
ideas
off
of
our
our
team
of
extremely
experienced
service
mesh
engineers
so
glue
mesh
is
the
product.
As
I
mentioned,
glue
mesh
is
oriented
around
simplifying
istio
operating
it
across
multiple
clusters.
A
Things
like
operating
across
multiple
versions,
doing
global
routing,
global
failover
and
and
routing
enforcing
security
policies,
doing
a
lot
of
automation
and
so
on.
Like
I
said,
there's
there's
a
there's
another
workshop
going
on
right
now
that
digs
deeper
into
glue
mesh,
but
you
know
so
we'll
move
through
that
a
little
bit
and
so
with
glue
mesh.
What
we
have
is
supported,
istio
with
a
management
plane
that
simplifies
the
operations,
simplifies
the
api.
A
I
did
mention
that
you
know.
That's
a
big
part
of
what
we're
doing
here
at
at
solo
is
simplifying
the
apis
so
that
you
can
use
it
and
use
use
a
service
mesh
be
successful
with
it,
deploy
it
across
multiple
different
teams.
A
You
know,
focus
an
api
on
per
specific
personas,
maybe
a
different
platform
team
or
sre
teams
or
developer
teams,
and
and
so
on,
each
with
their
own
unique
desires
for
the
functionality
in
the
service,
mesh
or
designers
for
how
they
want
to
configure
the
service
mesh.
And
so
we've
worked
with
a
lot
of
customers.
A
A
If
you
look
in
your
tabs
on
the
on
this
gold
cast
platform,
there
is
a
tab
for
docs
click
on
docs
and
the
I
think
the
bottom
entry
in
the
docs
tab
here
says
sign
up
for
lab
machine,
and
let
me
see
why
don't
we?
I
just
try
to
do
it
right
here
right.
So
you
click
on
docs
click
sign
up
for
lab
machine
that
should
take
you
to
a
spreadsheet.
A
Now
this
spreadsheet
has
a
long
list
of
ip
addresses,
as
well
as
the
region
in
which
those
ipa
addresses
or
those
those
machines
are
listed,
pick
a
machine
that
most
closely
aligns
with
your
region,
whether
that's
in
you
oop
in
europe,
u.s,
east
u.s
west.
I
guess
just
realize
that
apac
is
not
in
here.
A
You
should
see
a
username
and
password,
so
it's
solo
and
then
workshop
one
pound
with
a
capital
w
that
should
get
you
access
into
the
machine
through
this
through
this
web
browser,
try
to
space
out
and
not
step
on
on
each
other
there,
but
then,
once
you
get
access
to
your
machine,
so
I'll.
Do
it
locally
here,
if
you're
having
trouble
finding
that
spreadsheet
again
go
to
the
docs
tab
in
the
gold
cast
platform
and
click
on
sign
up
for
lab
machine.
B
A
D
D
A
B
B
A
A
Yeah,
if
you're
having
trouble
finding
the
pal
username
and
password
is
in
the
everything
should
be
in
the
spreadsheet
that
I
that
I
linked
to
including
the
url
the
username
password.
Your
the
link
to
your
vm
all
should
be
there
and
then,
once
you
open
up,
workshops.solo.I
o
go
to
go
to
the
istio
day
2
and
deploy
sdf
production
workshop.
A
D
A
A
But
for
those
of
you
that
are
at
this
point,
go
ahead
and
and
follow
this
dot
and
set
up
your
your
lab
machine,
you
can
use
the
copy,
there's
some
easy
copy
command
shortcuts
in
the
lab
docs.
If
paste
doesn't
show
up
on
the
terminal
which
I'm
seeing
on
mine,
then
just
restart
the
terminal.
The
this
is
a
known
issue
for
some
reason
with
with
the
terminal,
but
if
you
restart
the
terminal,
then
you
should
be
able
to
get
paste
working.
A
A
I
noticed
that
too,
I
picked
mine
in
us
west
and
it
shows
europe,
so
I'm
not
sure
exactly
how
the
machines
got,
how
the
ip
addresses
and
everything
that
got
translated
over
into
the
into
the
spreadsheet
or
whether
the
the
tools
that
bootstrap,
so
we
used
ansible,
but
whether
the
tools
that
bootstrapped,
the
the
machines
named
the
machines,
something
that
they
they're.
Not
I'm,
not
not
certain
about
that.
C
A
A
A
1.8.3,
even
though
istio
1.9
is
out,
and
that's
that's
sort
of
on
purpose,
the
idea
with
that
is
we're
going
to
do
it
upgrading
and
in
the
second
part
of
this
lab
or
second
part
of
this
workshop,
and
I
wanted
to.
I
wanted
folks
to
start
on
an
earlier
version
of
istio,
not
the
most
current.
A
B
A
C
D
A
Well
then,
in
that
case,
we're
gonna,
so
there's
a
couple
of
tricks
for
copy
and
paste
one
is
you
know
the
keyboard
shortcut.
Thank
you
sebastian
for
for
adding
that
the
other
is,
if
you
can't
paste
in
the
terminal,
restart
the
terminal
on
the
first
boot
of
the
terminal
for
some
reason
it
it
doesn't
doesn't
seem
to
take.
But
on
the
second
time
you
recycle
the
terminal,
it
should
allow
you
to
paste
okay.
D
D
B
B
B
A
A
A
B
A
All
right
and
okay,
so
it's
still
downloading
on
my
side,
I
guess.
A
D
B
A
A
All
right,
thank
you,
so
in
the
in
the
workshop
docs
in
the
in
the
lab
guides,
the
new
command
is
now
already
is
already
there.
So,
let's,
let's
give
that
a
try.
D
A
And
then
click
on
run
onboard
proxy.
So
the
approach
that
we're
going
to
take
is
you
want
to
you
want
to
deploy
seo.
You
want
to
see
some
of
the
best
practices
for
doing
that
before
you
get
started
with
istio
in
general.
You
got
to
understand
onboard
because
of
the
other
things
that
we're
going
to
see
in
the
rest
of
the
of
the
workshop
here.
A
C
Yeah
sure
so,
basically,
for
this
lab,
we're
gonna
have
a
sleep.
Pod
called
the
http
beam
pod,
and
so
that's
just
without
envoy
without
istio.
So
you
can
see
you
know
it's
just
a
simple
rest
api
call
and
then
we're
going
to
teach
you
having
running
envoy
as
a
pod
and
we're
going
to
teach
you.
How
do
you
configure
envoy
to
mediate
the
traffic,
so
the
sleep
card
with
the
car
envoy
and
onward
would
be
intelligent
to
know
to
forward
the
traffic
to
the
http
being
so
it's
kind
of
teach
you.
C
You
know
what
it
still
does
for
you
automatically
with
it's
your
customer
resources,
but
how
you
actually
do
it
yourself
with
onward
configurations,
you
have
you're
going
to
be
able
to
explore
like
admin
stats,
and
how
do
you
do
retries
with
our
way
and
my
take
way
for
this
lab?
Is
it's
actually
pretty
complicated
and
you'll
find
out?
It's
not
easy
to
do
it
with
envoy
configuration.
C
We
also
have
a
bonus
section
for
this
lab
christian.
If
you
can
flip
to
the
next
one.
So
in
the
bonus
section,
if
you
have
actual
time
or
which
you
may
be
able
to
do
it
offline
on
your
own,
is
you
can
do
configurations
such
as
circuit
breaking
outlier
detection
and
how
to
do
traffic
routing
and
splitting,
and
you
know,
try
the
xds
api
from
envoy.
So
it's
additional
commands
to
help.
You
learn
these
configurations
of
envoy.
A
A
A
I
just
want
to
point
out
to
any
of
the
folks
that
may
have
joined
since
we
started
that
if
you
click
on
the
docs
tab
in
the
gold
cast
platform,
you
should
see
an
entry
for
the
for
signing
up
for
the
lab
machine,
so
that
will
give
you
access
to
that
will
give
you
access
to
this
document
right
here.
That
shows
the
list
of
ip
addresses
and
how
to
access
the
lab
machines
so
that
you
can
follow
along
as
well.
A
A
A
A
A
A
We
walk
you
through
what
a
configuration
looks
like
for
envoy,
and
actually
this
can
be
pretty
handy
outside
of
the
lab
when
things
may
not
be
working
the
way
or
they're
not
configured
the
way
you're
expecting
to
from
from
seo,
and
you
just
want
to
isolate
it
and
hand,
configure
envoy
yourself
and
see
how
it
behaves.
This
is
a
this
is
a
great
vehicle
for
doing
that.
A
We
also
saw
how
android
can
control
what
happens
on
the
network
when
you
call
through
it,
as
well
as
the
the
great
amount
of
telemetry
signals
that
onward
captures
about
what's
happening
on
the
network
as
applications
are
making
calls
through
it
and
you'll
see
in
further
labs
how
we
start
to
harvest
that
and
and
aggregate
that
and
bring
that
into
a
observability
system.
B
C
Yeah,
so
in
this
lab
we
are
going
to
install
is
still
a
little
bit
different
than
what
istio
io
teaches
you.
So
you're
going
to
install
istio
d
as
a
service.
First
and
then
you
are
going
to
install
stod
with
the
minimum
profile
and
the
revision
with
1
a3,
and
then
we're
going
to
show
you.
How
do
you
view
the
debug
endpoint
of
the
control
plane?
C
So
you
do
some
commands
just
to
learn
that
api
and
then
we're
going
to
teach
you
you're
also
going
to
install
like
a
bunch
of
deployments
and
services,
which
is
our
app.
We
use
in
the
lab
so
you're
going
to
install
those
in
istio
in
action,
namespace,
so
you're
going
to
have
like
web
recommendation
purchase
and
sleep
and
then
in
the
default
namespace
you're
going
to
install
http
being,
which
is
same
as
the
previous
lab.
But
then
we're
going
to
show
you.
A
Just
real
quick
in
general,
we
will
skip
the
bonus
sections
just
for
time
allotment
here
and
we
can
move
things
along
but
definitely
feel
free
to
to
check
those
out
after.
C
Yeah,
definitely
the
bonuses
just
show
you:
how
do
you
explore
iptable
rules
on
that
proxy
so
that
you
can
see
how
it
works
if
you're
interested
in
that
level
of
detail,
I
would
say
you
know
it's
really
interesting,
that
we
break
the
service
and
the
deployments
into
two
steps.
The
main
reason
is
we're
going
to
teach
you.
How
do
you
upgrade
istio
in
the
next
workshop
so
that
you
can
upgrade
without
down
time
from
183,
maybe
to
a
newer
version
like
one
nine
but
you're
using
the
same
istio
service?
D
A
A
A
As
they're
not
going
to
be
exactly
as
they
are
in
the
sdo
website,
but
again
again,
that's
that's
fine!
That's
on
purpose!.
C
A
A
Also,
I
see
some
folks
are
getting
to
the
bonus.
The
bonus
content
in
lab
two
will
walk
through,
as
lynn
mentioned,
digging
into
the
details
of
the
the
routing
between
the
app
and
the
sidecar
a
little
bit
more
by
digging
into
some
of
the
ip
tables
stuff
there.
A
So
it's
two
minutes
past
the
hour
where
I
am:
let's,
let's
pause
and
and
take
a
ten
minute
break
if
you're
so
inclined
or
have
taken
a
break
already.
You
can
continue
check
out
lab
three
ask
questions
in
the
chat
please
or
if
you're
still
working
on
lab,
two
feel
free
to
continue
with
lab
two,
but
we'll.
C
C
Okay,
great,
unfortunately,
christian
had
a
little
bit
network
issue,
so
we
rahm
and
I
are
going
to
try
to
carry
on
so
obviously
you
know
christian
does
the
best,
but
we
will
try
to
do
our
best.
Let
me
go
ahead
share
my
screen.
C
Okay,
so
let
me
bring
my
windows
over.
C
So
for
lab
three,
which
is
sorry
meant
to
hit
the
present
button
so
for
this
lab,
what
we're
going
to
do
is
we're
going
to
install
permissus
okay.
So
the
reason
we're
teaching
you
this
right
with
observability
is
because,
what's
shipped
in
istio
the
sample
add-on,
we
don't
recommend
you
use
for
production
because
it's
just
like
a
toy
really
for
you
know
demo
purpose.
C
So
what
we
recommend
you
to
do
is
step
one
you
install
in
the
permissive
namespace
we
want
to
using
the
cube
permissive
stack,
the
helm
chart
to
install
promises
to
install
grifana.
So
we'll
teach
you
how
to
do
that.
Then
we're
going
to
also
teach
you.
You
know
you
have
these
building
blocks,
but
you're
not
going
to
get
any
dashboard
without
bringing
it
to
your
dashboard.
So
we're
going
to
teach
you.
How
do
you
lay
our
istio
dashboard
onto
the
permission?
Stack
you
just
installed
and
then
we're
also
going
to
teach
you.
C
The
configuration
using
service
monitor
customer
ratios
to
config
permisses,
to
scrape
the
control,
plane,
metrics
and
also
using
the
pod,
monitor
customer
resource
to
script
the
data
plane
matrix
so
so
that
you
are
going
to
see
control
plane
and
data
plane
metrics
at
the
end
of
step
three
and
then
we
are
going
to
also
teach
you
another
observability
tool.
Is
your
community
use
which
some
of
us
call?
It
is
your
dashboard,
it's
the
kayalys,
so
we're
going
to
teach
you.
C
How
do
you
install
kayali
using
the
kayali
operator
so
you're,
going
to
install
kayali
operator
first
into
the
kayali
operator,
namespace
and
then
you're
going
to
deploy
the
kayali
customer
resource,
which
essentially
tells
the
kayali
operator
to
go
ahead
and
install
kayali
and
in
the
it's
your
system,
namespace
and
finally,
we're
going
to
also
teach
you?
How
do
you
log
in
into
kayali?
C
C
How
do
you
view
premises,
rule
config
map
and
also,
how
do
you
do
matrix
merging
if
your
application
has
metric
how
the
metrics
merging
works
from
from
istio
service
mesh?
How
is
your
actually
merges
your
metric
from
your
application
part
and
your
pilot
agent,
and
also
the
proxy
metrics?
So
that's
pretty
interesting.
A
I
made
it
back,
you
can
hear
me:
yes,
all
right,
yeah
having
internet
difficulties
here,
but
it
should
be
good,
hopefully
now
cross
fingers.
So
yeah.
C
A
On
with
lab
three
we'll
give,
what
do
you
think
ten
minutes
or
so
for
lab
three.
D
Lynn,
there
was
a
question
on
chat:
is
there
a
way
to
test
the
certificates
using
aspire
server.
C
Oh,
I
see
it
now.
I
don't
think
the
israel
community
supports
that
at
the
moment.
D
A
I
would
say
the
other
way
I
would
say
the
spire
community
doesn't
so
like
istio
1.8
can
integrate
with
external
cas
through
the
kubernetes
csr
api
and
through
the
istio.
You
know
that
I
forgot
what
it's
called
but
istio's
api
for
doing
csrs.
I
don't
think
this.
I
don't
think
spire
supports
that
yeah.
C
C
C
C
Yeah
rob
made
a
really
good
comment.
The
steps
are
super
complicated,
much
more
than
issue,
but
this
is
also
why
the
israel
community
actually
removes
support
for
add-on
and
move
to
samples,
because
they
are
beyond
what
the
israel
community
can
support,
especially
for
more
realistic.
A
A
B
A
B
C
A
C
Then
so,
for
this
lab
we're
going
to
teach
you
a
little
bit
more
about
istio
ingress
gateway.
So
what
you're
going
to
have
is
on
the
istio
system,
you're
going
to
still
have
what
you
have
before
with
so
you,
which
is
the
sdod
as
a
service.
You
also
have
sdod
deployment
that
you
installed
from
the
minimum
profile
with
revision1a3.
C
I
think
you
did
that
in
lab
two
and
then
for
this
lab
we're
going
to
teach
you
install
ingress
gateway
using
the
empty
profile,
so
you're
going
to
install
that
also
with
revision
183,
because
we
want
to
make
sure
the
version
matches
the
control,
plane
version
and
then
you're
going
to
expose
the
web
api
service
on
the
istio
ingress
gateway.
This
is
important
so
that
the
users
who
are
using
your
web
api
service,
you
know,
can
can
access
it
through
istio
ingress
gateway
and
the
ingress
gateway
can
provide.
C
Like
trs
connection,
you
know
search
termination
and
all
that
east
west
gateway
feature
provided
by
the
ingress
gateway,
so
you're
going
to
to
expose
that
you're
going
to
need
to
create
a
gateway
resource
and
virtual
service
resource,
so
the
gateway
resource
basically
allows
you
to
config.
You
know
I'm
exposed
this
particular
port
number
onto,
and
this
is
http
for
for
the
web
api
and
then
the
virtual
service
resources
actually
config
for
this.
C
For
this
port
number,
how
you're
going
to
route
it
for
this
trs
configuration
how
you're
going
to
route
it
so
you're
going
to
do
that
with
plain
plane
traffic
first
in
step,
two
and
in
step
three
we're
going
to
teach
you.
How
do
you
do
tls
communication
to
your
ingress
gateway,
so
you're
going
to
config
a
secret
in
your
gateway
resource
and
you're,
going
to
create
that
secret
in
the
istio
system
namespace.
C
This
is
important,
because
the
currently
is
your
only
supports.
The
secret
resides
in
the
same
namespace
as
the
namespace,
where
you
deploy
is
your
ingress
gateway.
So,
given
your
ingress
gateway
is
in,
is
your
system
namespace
your
secret
masteries
idea,
at
least
on
the
current
version
of
istio
number
four
we're
going
to
play
a
little
bit
with
certification
manager
using
certificate
manager
to
manage
the
secrets
for
the
seo
ingress
gateway,
so
you're
going
to
see
how
that
works.
C
You
have
to
kind
of
rotate
that
yourself
too,
so
certificate
manager
will
help
you
make
it
easy
and
then
we're
going
to
go
through
to
how
do
you
reduce
gateway
configuration,
so
it
is
still
automatically
today
by
default,
all
the
configurations
are
visible
to
the
gateway
so
in,
for
instance,
in
this
diagram,
the
recommend
and
the
the
purchase
service,
even
though
they're
not
directly
connected
to
the
web,
to
the
israel,
ingress
gateway
but
instant,
ingress
gateway
knows
all
those
services,
so
it's
best
practice
to
reduce
the
gateway
config
to
only
the
ones,
that's
necessary
for
the
gateway
which
in
this
case,
is
only
the
web
api
service.
C
So
we're
going
to
teach
you
how
to
do
that
notice,
the
configuration
there
is
only
an
environment
variable,
but
the
community
does
intend
to
stabilize
the
configuration
and
even
make
it
default
and
then
we're
going
to
teach
you
how
to
enable
access
logging
for
it's,
your
ingress
gateway,
because
not
everything
goes
smoothly
all
the
time.
So,
if
there's
any
problem,
you
can
look
at
the
logs.
C
C
So
there
was
a
good
question:
what
features
are
lost
when
citing
pilot
field
gateway
cluster
configured
to
true?
So
actually,
no,
the
reason
why
it's
not
default
is
the
seo
upstream.
Community
are
introducing
features
from
experimental
to
alpha
to
beta
to
stable.
C
We
don't
want
to
introduce
new
features
and
set
it
as
default
in
case
there
are,
you
know,
unpleasant
surprises
due
to
box.
I
mean
software
always
have
bugs,
so
it
could
take
a
little
bit
time
to
mature.
This
is
why
I
said
we
do
intention
to
enable
it
as
default.
The
other
reason
we
didn't
enable
it
as
default
is
also
because
what
customer
sees
today
right.
So
this
is
a
behavior
changes
potentially
could
break
people.
C
If
you
know,
if
they're
not
convict
this
correctly,
so
for
these
type
of
semantic
behavior
change,
the
community
always
wants
to
be
a
little
bit
cautious
when
we
introduce
them.
That's
why
you
know
it's
kind
of
experimental
at
the
moment,
but
it's
hugely
recommended
by
you
know
by
the
upstream,
because
this
is
the
right
way
to
configure
the
gateway
to
have
the
right
resources,
and
only
you
know
have
the
resources
they
need.
C
C
C
C
So
for
the
folks
who
finish
the
lab,
I
would
say
for
the
bonus
section
to
do
it
offline,
it's
interesting
that
it
shows
you.
You
know
instead
of
having
the
secret
in
the
istio
system,
namespace.
What?
If
you
want
the
secret
to
be
in
the
istio
in
action
or
whichever
name
space
your
application
resides.
There
is
a
utility
to
help
you.
You
know,
sync,
the
secrets
from
one
name
space
to
the
other,
so
that
utility,
I
would
actually
teach
you
that
so
that's
interesting.
C
The
other
thing
that's
interesting
in
this
in
this
bonus
section
is
what,
if
you
want
to
run
your
own
customer
gateway
right?
What
if
you
want
to
run
your
ingress
gateway
in
the
issue
in
action?
Name
space?
In
that
case,
you
could
deploy
your
own
customer
ingress
gateway
in
the
application
namespace
and
then,
in
that
case,
your
secret
for
the
gateway
ratios
would
also
resides
in
the
issue
in
action
namespace.
So
these
are
interesting
scenarios.
We
often
hear
from
our
users
as.
C
C
C
D
Oh,
it's
okay.
I
just
said
that.
Yes,
usually
customers
use
the
gateway
to
terminate
their
tls
connections
and
that's
usually
because
you
know
they
can
provide
the
search
to
the
gateway
and
then
have
the
gateway
use,
those
search
for
termination,
and
then
you
let
istio
handle
the
mutual
tls
between
the
gateway
and
your
user
application
ponds.
C
Yeah
that
that
that
that's
very
good
it's,
it's
probably
the
most
common
configuration
at
the
gateway.
I
guess
it
depends
on
you
know
if
your
traffic
is
coming
from
within
the
mesh
or
you
know
from
outside
of
the
mesh
right.
If
it's
outside
of
the
mesh,
like
ron
mentioned
it's
commonly
terminate
and
then
the
gateway
reestablish.
But
if
it's
within
the
mesh
like
in
the
multi-cluster
scenario,
a
lot
of
time,
we
would
actually
just
config
the
gateway
to
pass
through.
So
that's
also
very
common
as
well.
C
Oh
good,
all
right
looks
like
we
have
a
few
more
user
finish.
That's
excellent!
I
think
we're
going
to
carry
on.
I
think
we
are
going
to
so.
We
have
lab
four
now.
I
think
we
have
three
more
laps.
We
are
probably
planning
a
break
right
after
lab
five,
so
that
you
guys
can
you
know,
take
a
short
break
as
well.
C
All
right,
so,
let's
get
to
here,
okay,
so
you
guys
just
did
all
the
work
about
istio
ingress
gateway
and
now
we're
going
to
teach
you.
How
do
you
roll
out
your
application
to
the
mesh?
What's
the
best
practice,
we
would
recommend
you
to
do
right.
So
remember
in
this
diagram,
you
have
none
of
your
pods
have
the
envoy
proxy,
because
you're
just
connecting
to
the
istio
ingress
gateway.
C
Now
we're
going
to
have
you
run
each
of
your
deployment
you're
going
to
run
envoy
proxy
next
to
it
and
you're
going
to
have
a
canary
version
dash
c
in
the
diagram,
because
I
don't
have
enough
space
is
really
to
run
a
canary
version
side
by
side,
so
you're
going
to
have
like
web
canary
recommendation
canary
purchase
canary
and
then
you
just
basically
deploy
them
and
the
automatic
psychiat
injector
is
going
to
come
in
because
you
label
the
namespace
to
say
you
know
I
want
automatic
injection
to
be
enabled
for
this
namespace.
C
So
the
moment
you
deploy
will
still
magically
inject
the
cycle
configuration
and
the
sidecar
for
you.
So
you're
going
to
end
up
with
a
diagram
like
this.
So
this
continues
to
allow
your
application
function,
even
though
you
bring
up
the
additional
canary
version
with
onward
proxy
on
the
side.
So
we
definitely
recommend
you
to
do
that
and
the
next
step
we're
going
to
teach
you
is.
How
do
you
add
saika
to
the
original
deployments
you
have
so
you're
going
to
do
a
rolling
restart,
so
this
is
a
kubernetes
command.
C
Allow
you
to
rolling
restart
paths
within
your
deployment.
So
if
you
have
multiple
ones,
I
think
in
the
lab.
We
may
only
have
one,
but
if
you
have
multiple
ones,
kubernetes
knows
to
do
it
one
at
a
time
and
then
once
you
test
all
the
traffic
still
good,
your
applications
still
function.
We're
going
to
have
you
remove
the
canary
deployments
because
they
were
there
just
to
help.
C
You
make
sure
you
have
high
availability
without
downtime
as
you
transition
your
application
to
be
added
to
the
mesh
and
then
we're
going
to
have
you
explore
proxy
configurations
using
is
your
cuddle
command
so
that
you
can
understanding
you
know?
What's
the
configuration
looks
like
for
your
envoy
psycho?
I
think
we
explore.
Maybe
the
web
web
api
pod.
So
you
can
look
at
what
is
the
listener?
What
is
the
cluster?
What
is
the
configuration
specific
to
maybe
the
recommendations,
civil
services
so
you're
going
to
explore?
You
know
the
magic
of
istio.
C
Basically,
is
you
did
all
that
work?
You
know
kind
of
for
you,
so
you
don't
have
to
discovery.
You
know
your
cluster,
your
endpoint,
it's
your
actually
think
out
for
you
and
then
we're
going
to
explore
an
interesting
configuration
called
hold
application
until
your
proxy
is
ready.
This
is
a
super
important
configuration
because
today
the
the
psycho
container
and
your
application
container,
you
know
they
could
there's
no
guarantee
that
one
would
finish
and
then
the
other
one
you
know
would
hold,
and
here
the
other
and
the
app
is
ready.
So
sometimes
you
have.
C
You
may
have
a
strong
requirement
that
your
proxy
has
to
be
ready.
First,
before
your
application
runs,
because
you
want
to
make
sure
your
proxy
is
there
to
ensure
mutual
ts
traffic
is
enforced.
Maybe
you
want
to
make
sure
you
know
your
connectivity
to
the
outside
is
established
because
your
application
depends
on
that.
So
there
are
certain
apps
we're
seeing
a
lot
more
apps
have
that
requirements,
so
we're
going
to
teach
you
how
to
do
that
and
how
to
view
kubernetes
events
to
you
know
make
sure
you
actually
configure
it
correctly.
C
So
this
should
be
very
interesting.
I
I
think
that's
it.
Let's
go
ahead,
get
started
with
with
this
lab.
C
C
D
C
C
B
B
A
C
A
I
just
want
to
say
so
we're
we're
getting
on
the
last
few
labs.
Thank
you
all
for
those
who
have
that
have
used.
The
chat
continue
to
do
that
and
we'll
try
to
leave
time
at
the
end
for
for
questions,
there's
also
a
poll
tab
right
next
to
docs.
A
If
you
could
there's
only
three
questions
or
three
polls.
Rather,
if
you
could,
if
you
could
fill
those
out
these
those
types
of
surveys,
those
types
of
things
are
extremely
valuable
for
helping
to
guide
how
we
deliver
these
workshops,
what
material
we
focus
on
and
so
on.
So
if
you
could
spend
a
few
minutes
at
some
point
and
and
do
that,
but
yeah
continue
to
use
the
chat.
Oh,
your
pull.
Tab
is
empty.
A
B
C
C
A
C
No,
no
already
it's
not
good
okay,
so
you
guys
should
have
you
know
this
diagram.
Now,
at
the
end
of
lab
five
lab
six,
we're
going
to
teach
you,
how
do
you
do
mutual
trs
rollouts
right?
A
lot
of
our
users
adopt
istio
is
because
they
want
mutual
trs
among
all
the
traffic
within
the
mesh,
all
the
way
from
istio
ingress
gateway
to
web
api
to
all
the
microservices,
so
the
first
we're
going
to
config
mesh
wide
permissive
but
match
wide.
C
What
I
mean
is
you
make
that
configuration
into
istio
system,
which
is
the
root
name
space
by
default,
so
you're
going
to
config
that
first
and
then
we're
going
to
enable
strict
mutual
trs
just
for
one
service
in
the
lab
you're
going
to
enable
it
for
the
purchase
service?
First.
The
reason
we
do
that
is.
C
We
recommend
one
service
at
a
time
so
that
you
want
to
minimize
the
impact
of
that
configuration
as
you
test
things
out
so
once
you
enable
that
we're
going
to
have
you
to
check
whether
it's
safe
to
convert
the
whole
namespace
of
all
the
services
in
issue
in
action
to
strict
mutual
tis.
So
we're
going
to
teach
you
some
tips
to
do
that.
This
is
actually
a
very
common
question
in
the
istio
community,
because
a
lot
of
users
were
asking.
You
know.
C
I
really
want
me
to
ask:
how
do
I
know
my
traffic
is
mutual
tls?
How
do
I
enforce
that?
How
do
I
even
know
it's?
When
is
the
right
time
to
enforce
that?
So
definitely
go
through
that
it
will
teach
you
all
the
tips
and
then
we're
going
to
also
teach
you.
How
do
you
enable
strict
mutual
tls
for
the
issuing
action
namespace
so
that
you
can
rest
assured
that
all
the
traffic
within
this
namespace
is
always
mutually
eos
traffic?
C
A
C
Hey
christian,
do
you
want
to
explain
the
tos
not
found
incremented
by
two.
A
There's
that
excuse
me
there's
actually
a
lot
a
lot
of
listeners,
but
the
listener
that's
attached
to
the
the
port
that
actually
takes
the
traffic
ends
up
doing
some
matching
and
setting
it
to
a
different
listener.
One!
That's
not
listening
on
a
port,
so
the
the
traffic's
actually
going
through
two
different
listeners.
Both
of
them
are
doing
s
and
I
sniffing
or
tls
sniffing,
and
that's
why
we
see
the
the
you
know
the
the
metric
increase
by
two
for
that
particular
those
particular
calls.
C
C
If
you
guys
finish
with
the
lab,
please
let
us
know
through
the
chat.
We
also
appreciate
many
of
you
feel
out
the
the
poll
for
us.
So
if
you
haven't
done
that,
please
fill
out
the
poll
because
we're
going
to
publish
another
poll.
C
B
C
Okay,
given
we
only
have
15
minutes
left
I'd
like
to
move
to
the
next
lab,
if
we
can
so
elena,
why
don't
you
publish
another
poll,
as
I
speaking
so,
people
can.
C
Well,
okay,
so
we
just
did
mutual
tris
roll
out
and
in
the
next
lab
we
will
teach
you.
How
do
you
controlling
configuration
scope
for
isro?
This
is
extremely
important
as
you
grow
from
one
or
two
or
three
micro
services
in
the
mesh,
because
by
default
seo
envoy
cycle
within
the
mesh
sees
everything.
C
So
by
everything
I
mean
every
single
name:
space
within
the
mesh,
all
the
services,
all
the
deployments,
all
the
virtual
service
destination
rule.
All
the
issue
related
networking
configuration
it's
all
visible
by
default.
So
you
don't
really
want
that
because,
as
you
have
more
services,
it's
going
to
impact
the
performance
of
the
cycle
proxy.
C
So
what
you're
going
to
do
in
this
lab
is
you're
going
to
use
cycle
resource
to
config
egress
configuration
in
the
issuing
action
namespace,
so
you're
going
to
allow
traffic
from
anywhere
from
the
to
anywhere
to
the
istio
system,
namespace
and
also
some
of
the
services
or
all
the
services
in
the
issue
in
action,
namespace,
so
you're
going
to
export
that
configuration
and
then
check
out
how
that's
impact
your
envoy
cycle
configuration,
and
so
that's
on
the
service
consumer
side
as
service
producer
side
who
produce
a
service
for
other
people
to
consume.
C
You
are
going
to
explore
next
the
export
to
configuration,
so
you
can
apply
this
configuration
as
an
annotation
to
your
service
as
a
service
producer.
You
can
also
apply
this
configuration
to
your
networking
resources,
such
as
virtual
service
destination,
rule
and
service
entry.
So
in
the
lab
you
will
explore
doing
that
the
service
and
also
the
virtual
service.
C
Next,
you
will
explore
virtual
service
merging,
so
you
could
have
multiple
virtual
services
like
in
the
lab,
we're
going
to
have
slash
hello,
config
to
a
hello
service,
and
then
everything
else
config
to
the
default
route
goes
back
to
the
web
api
service.
So
you
can
do
that
through
multiple
virtual
servers
and
it
still
is
intelligent
enough
to
merge
it
for
you
as
long
as
there's
no
conflict.
C
A
And
I
just
want
to
jump
in
super
quick.
The
lab
material
on
workshops.solo.I
o
will
be
available
after
this,
the
lab
machines.
I
believe
they
will
be
up
for
a
bit
longer.
So
if
you
want
to
go
over
the
allotted
time,
there's
you
still
have
access
to
the
machines
and
I
do
want
to
leave.
A
So
why
don't
you?
Why
don't
you
go
through
lab
seven
for
the
next
few
minutes,
two
three
minutes
or
so,
and
then
we're
going
to
leave
some
time
for
our
questions
at
the
end
about
about
nine
minutes,
I
guess
and
yeah
somebody's
asking,
but
we're
leaving
the
machines
for
a
little
bit
longer,
maybe
until
tomorrow,
probably
not
a
few
more
days.
But
let
me
just
check.
Let
me
just
check
to.
B
A
So
how
about
this?
How
about?
If
you
are
still
working
on
the
labs,
and
you
would
like
to
leave
a
machine,
your
machine
available.
Please
tell
us
in
the
in
the
chat
and
we'll
try
to
keep
those
machines
available,
but
it
sounds
like
the
we're
gonna
try
to
take
down
the
lab.
A
Machines
somebody's
asking
about
when
my
book
istion
action
will
be
completed.
A
I
would
say
that
we're
back
at
riding
it
right
now
and
we
are
making
a
really
strong
push
to
finish
up
the
the
manuscripts
and
get
them
to
the
publisher.
Our
goal,
probably
over
the
last
few
few
months,
has
always
been
to
get
to
istio
1.9.
A
B
A
A
Okay,
let's
you
know
you
all
can
continue
with
the
with
the
lab
seven
and
get
to
lab
eight
as
you
as
you'd,
like
after
time,
we'll
leave
the
lab
machines
up
for
a
little
bit
longer
for
those
of
you
that
have
asked
specifically
your
machines,
we'll
try
to
keep
them
up
as
long
as
we
as
long
as
we
can,
but
yeah
with
that.
I
definitely
want
to
say:
take
the
polls,
please.
A
Okay,
so
we'll
get
the
last
poll.
If
you
please
could
just
just
fill
those
out
real,
quick
and
then
you
know
use
the
last
remaining
time.
I
definitely
want
to
thank
you
for.
B
A
A
All
right,
so
that's
thank
you,
please
thank
you.
A
So
on
the
docs
tab,
there's
a
workshop
test
doc
and
you
can
click
on
that
and
actually
take
a
a
small
test
or
exam
that
you
know.
If
you
answer
the
questions
correctly
then
can
actually-
maybe
maybe
you
can
say
say,
but
we
get
a
badge
that
shows
you've
completed
this
particular
workshop
and
learned
something
from
this
workshop
and
then
we'll
continue
on
to
the
next.
Like
I
said
this
is
a
series
of
workshops.
C
Yeah,
this
is
something
we
are
exploring.
Thank
you
so
much
for
being
here.
We
want
to
give
you
the
badge
after
you
complete
eighty
percent
of
the
test
correctly,
I'm
sure
many
of
you
will
do
beyond
eighty
percent,
so
you
will
get
a
badge.
We
still
evaluate
the
batch
process,
but
if
you
record
your
completion
and
your
test
results,
we
will
follow
up
with
the
badge
process
with
you
once
we
have
the
process
finger
out,
so
you'll
get
a
badge
from
solo
and
completely
the
deploy.
A
A
We
work
with
with
folks
all
over
the
world
and
help
them
operate
operationalize
and
successfully
adopt
istio
and
and
this
this
type
of
technology,
so
definitely
don't
hesitate
to
reach
out,
and
you
know,
get
the
opportunity
to
to
interact
and
work
potentially
with
you
know
me
and
and
rahm
and
lynn,
and
the
many
others
extremely
expert,
istio
and
envoy
engineers
on
our
team.
So
think
think
about
think
about
that
as
you
as
you
go
down
the
path
of
this
deal.
D
A
So,
okay,
somebody
asked
a
good
question
which
bottle
behind
me.
Do
I
recommend?
A
Oh
man,
there's
there's
a
there's
a
lot
of
them
that
I
would
that
I
would
recommend
I'm
a
big
fan
of
mcters
victor's
is
a
bourbon
distillery
in
kentucky
and
there's
a
few
bottles
of
mixtures
back
there
that
I
really
like,
but
hey.
If
anybody's
ever
in
phoenix
hit
me
up,
I'm
on
twitter
at
christian
posted
hit
me
up.
A
Let
me
know
happy
to
have
you
for
a
drink
and
there's
another
question
about
being
new
to
istio
came
from
a
data
background,
and
could
you
explain
what
is
the
difference
of
or
were
the
advantage
of
history
over
classical
ipa
gateways?
Oh
awesome
ron,
thank
you
for
posting
that
and
in
in
general.
I
guess
just
a
quick
one-minute
answer
is
that
there's
there's
there's
api
gateways
and
service
mesh,
it's
not
necessarily
one
or
the
other.
It's
just.
A
What
is
the
use
case
that
you're
trying
to
problem
you're
trying
to
solve
the
api
gateway?
The
traditional
classic
api
gateway
in
terms
of
api
management
had
some
drawbacks
in
terms
of
using
a
centralized
and
a
highly
centralized
piece
of
technology
that
wasn't
built
to
be
very
dynamic,
to
be
able
to
react
like
so.
For
example,
you
look
at
kubernetes,
you
got
pods
spinning
up
coming
coming
and
going
scaling,
probably
across
multiple
clusters.
A
You
know
constantly
changing,
ips
and
and
so
on.
Those
api
management
ven,
you
know
pieces.
You
know
those
systems
built
ten
years
ago.
Didn't
take
that
into
account
this
dynamicism,
as
well
as
a
centralization
and
the
processes
that
built
up
around
the
centralization
where
traffic
was
forced
through
these
centralized
gateways
and
then
off
to
the
the
back
end
service
in
the
service
mesh
case,
you
have
services
communicating
directly
with
each
other,
not
through
some
centralized
system
which
reduces
bottlenecks.
A
A
A
Referenced
a
discovery,
selector
feature
that's
coming
in
istio
1.10
upstream,
and
this
helps
with
multi-tenant
discovery
service
discovery.
I
do
want
to
point
out.
This
is
available
in
previous
versions
as
well
from
the
solo
builds,
so
upstream
1.10
will
have
it,
but
we
do
have
users
on
1.7
that
are
using
this.
So
it's
a
really
important
feature.
We
are
going
to
write
a
blog
about
it
and
discuss
it.
A
All
right:
well,
we've
reached
the
time
11
a.m,
pacific
2
p.m.
Eastern.
I
definitely
want
to
again
extend
thank
you
for
spending
your
time.
Hopefully
it
was
worth
worth
your
time.
Thank
you
for
lynn
and
rom,
for
you
know
helping
helping
along
with
with
me
and
yes,
as
someone
wrote
here,
we
hopefully
we'll
see
people
in
person
in
2022.