►
From YouTube: Contour Community Meeting - July 21, 2020
Description
July 21, 2020
What have we been working on?
[jonas] Contour now has a Passing CII Badge: https://bestpractices.coreinfrastructure.org/projects/4141
[stevek] consistent timeout syntax across HTTPProxy and config file, and internal refactoring
[slokas] go-control-plane: Tests pass!
[youngnick] Adding Conditions to HTTPProxy: https://github.com/projectcontour/contour/blob/master/design/httpproxy-status-conditions.md
[robinfoe] OIDC support for external authorization. Proof of Concept Demo!
[youngnick] Contour’s Landscape, July 2020: https://projectcontour.io/contours-landscape-jul-2020/
A
Hello
and
welcome
everyone
to
another
contour
community
meeting
today
is
july,
21st,
2020
or
july
22nd,
depending
on
your
time
zone.
I
can't
speak
today,
yeah
we're
going
to
go
through
what
we've
been
working
on
and
if
you
have
any
questions
or
anything
like
that
that
you
want
to
add
to
the
meeting
today,
please
do
so
in
the
hackmd
and
with
that
I'm
going
to
share
my
screen,
so
you
all
can
see
and
let's
go
through
things,
so
I
actually
have
an
item
today.
A
So
the
first
item
of
today
is
that
contour
now
has
a
passing
cii
badge.
This
is
a
badge
that
is
kind
of
shows
that
a
an
open
source
project
is
following
best
practices
when
it
comes
to
engineering
processes
and
community
engagement.
A
A
Of
course
we
want
to
go
above
passing
and
look
at
future,
future
silver,
badges
or
maybe
even
gold
badges,
but
that
that
comes
later.
But
right
now
we're
super
super
happy
that
we
actually
have
a
best
practices
badge
here
for
contour,
so
yeah.
A
So
yeah
small
small
little
thing
that
we
now
have
in
our
in
our
repertoire
and
I
think
it's
been
added
to
the
readme
now
as
well
and
yeah.
Next
up,
we
have
steve
chris.
C
Yeah,
just
a
quick
update
following
on
the
I've,
been
working
on
adding
some
additional
configurable
timeouts
to
con
tour
that
exposed
some
of
the
underlying
envoy
timeouts
over
the
last
couple
of
weeks
and
then
going
through
that.
I
just
noticed
that
there
were
a
couple
of
inconsistencies
in
the
the
syntax
that
contour
accepts
between
the
config
file
and
the
http
proxy
crd.
C
So
I've
just
been
doing
some
work
to
kind
of
make
the
syntax
across
those
two
consistent.
So
it's
one
one
kind
of
unified
user
experience
for
specifying
timeouts
and
there's
a
some
kind
of
internal
code
cleanup
to
to
help
make
that
more
clear
throughout
the
code
base.
C
As
things
are
passed
around
yeah,
that's
pretty
much
it
for
me.
D
I
just
wanted
to
say
nice
work
steve.
It's
really
good
to
see
that
stuff,
actually
making
a
name.
C
A
Awesome
next
up,
we
have
steve
sloka.
E
Yeah,
so
I've
been
working
on
swapping
out
our
our
custom,
xds
control
plane
with
the
envoys
go
control,
plane,
package
or
project.
So
it's
been
been
an
interesting
struggle
to
get
this
sort
up
and
working
the
the
control
plane
itself
was
easy
to
get
running
was
getting
all
the
tests
behind
the
scenes
to
pass
so
this
afternoon
I
got
the
model
worked
now.
E
Finally,
so
I
had
sort
of
a
breakthrough
as
to
what
what
was
going
wrong
with
with
everything,
so
everything
works,
as
is
with
some
updates
to
how
the
tests
are
run.
E
The
only
thing
I
had
to
do
just
you
know
refactoring,
is
how
the
how
we
assert
that
you
know
it's
doing
what
it's
supposed
to
do,
but
this
is
cool
because
we
can
rip
out
all
of
our
custom
code
now
now
we're
going
to
run
off
the
open
source,
the
upstream
control
plane
as
well
as
gives
us
a
good
path
to
move
to
ads.
If
we
want
to
do
that,
so
it's
good
news
all
around
that's
all
does
that
impact
being
able
to
go
to
v3
if
the
api.
E
I
don't
know
if
it
makes
it
easier
or
not,
but
we
we
use
the
control
plane
anyway
behind
the
scenes.
But
that's
that's
on
our
list
here
soon
as
well.
I
know
some
of
the
work
that
james
is
doing
with
auth,
as
well
as
the
deprecation
coming
up
here
at
the
end
of
the
year,
we're
going
to
have
to
move
the
v3
here
very
soon.
F
Go
control
plane
what
they
did
was
they
copy.
They
copied
the
whole
thing.
So
there's
a
go:
control,
plane,
v2
package
and
go
control,
plane,
v3
package
for
the
v3
api,
so
because
it
doesn't
make
it
easier
it
I
I
don't
know
it
probably
doesn't
make
yeah,
it's
probably
neutral
or
just
more
code
code
churn.
D
Yeah,
I
think
we
absolutely
you
know
we
absolutely
will
be
doing
the
v3
thing
soon.
I
was
hoping
I
was
hopeful
that
the
go
control
plane
would
help
more
than
it
than
it
seemed
to.
But
the
big
thing
that
we've
got
to
do
for
the
v3
migration
is
to
move
all
of
the
stuff
where
we
actually
use
the
envoy
protobufs.
The
onboard
types
are
the
v2
types
to
the
v3
types
and
we
use
it
quite
extensively
throughout
contour.
So
that's
the
thing.
That's
that's
a
bit
bigger!
That's
the
bigger
code.
A
A
Sorry
any
other
questions
comments.
D
Nick
did
you
talk
about
this
already?
No,
no!
So
yeah
this
that's
a
link
to
design
a
design
document
that
I
that
I
mentioned
a
while
ago.
Oh,
I
should
oops.
I
should
update
the
status
but
yeah
this
one
has
been
accepted.
So
basically,
this
is
a
design
doc
about
how
I
am
currently
adding
conditions
to
http
proxy
and
to
the
other
project.
Contour
types,
the
conditions
are
the
communities
api
standard
way
to
communicate
extra
status
information
in
an
extensible
way.
D
So
the
reason
we're
doing
this
is
that
there's
a
bunch
of
tooling
that
lets
you
wait.
The
cube,
client
go
and
cue
control
both
have
both
have
a
weight
for
condition
loop
built
into
them.
So
with
cube
kettle,
you
can
just
be
like
cube
kettle
weight
condition
true,
and
it
will
wait
until
a
condition
has
been
true
right.
F
D
So
this
is
to
add
extensibility
for
later.
Eventually,
what
I
would
like
to
see
us
do
is
have
some
way
for
a
particular
http
proxy
to
reflect
the
st
the
fact
that
envoy
has
been
correctly
programmed
with
the
config
from
the
http
proxy.
That's
a
ways
away,
because
there's
a
bunch
of
other
wiring
we've
got
to
do.
D
The
first
condition
that
we're
going
to
put
in
is
one
called
valid
that
just
that
mimics
the
behavior
of
the
current
current
status
field,
but
has
additional
spaces
places
for
information
so
that
you
can,
if
you've
got
multiple
errors
in
your
http
proxy
you'll,
find
them
all
at
once,
rather
than
having
to
do
multiple
passes.
D
So
this
has
been
a
bit
of
a
journey
just
to
figure
out
what
everyone
else
is
doing,
what
the
what
the
state
of
the
art
is
and
figure
out
what
we
were
going
to
do
so,
but
yeah
I'm
in
the
process
of
putting
and
pulling
in
some
the
actual
cid
changes
now
and
then,
once
we've
done
that
then
I'll
then
I'll
bring
in
the
code
changes
to
actually
populate
the
fields
correctly
yeah.
So
it's
sort
of
this
is
all
sort
of
very
low
down
like
design
work.
D
So
yeah
how
to
have
a
read
of
that
link?
That's
that's
design
that
I'm
that
I
started
implementing
and
yeah.
That's
that's
where
that's
at
thanks
awesome.
A
Thank
you
nick
any
questions.
Comments
on
this.
A
All
right
we
got
robin
robin
you're
new
to
the
community
call
here:
do
you
wanna,
introduce
yourself.
G
Yeah
hi,
I'm
I'm
robin
I'm
part
of
the
global
design,
enablement
team.
So
basically
I
was
actually
asked
to
help
on
one
of
the
project:
contour,
the
the
authentication
and
the
authorization
to
the
to
oidc
collectors.
G
So
basically,
I
think
today
james
invited
me
to
join
the
meeting
to
actually
do
some
showcase
of
or
maybe
a
poc
of
what
we
have
been
doing
so
far.
A
Awesome,
absolutely
I've
stopped
sharing.
So
if
you
want
to
do,
if
you
want
to
share
your
screen,
go.
G
Yep,
I
mean
just
a
brief
overview.
Basically,
this
is
what
we
have
been
doing.
Basically
user
will
call
the
envoy,
then
we
actually
created
a
new
so-called
external
authenticator
for
the
envoy,
which
is
what
called
as
a
ydc.
It
will
talk
through
the
grpc
in
and
instance,
the
the
oidc
connector
will
actually
talk
to
the
dex.
You
can
install
this
again
individually
and
the
reason
why
we
are
using
a
tax
is
because
we
want
to.
G
We
don't
want
to
create
a
multiple
type
of
the
conductors
to
talk
to
the
different
kind
of
provider,
so
we're
thinking
of
using
a
tax
as
using
it
as
a
form
of
the
identity
provider,
identity,
federation
to
actually
filter
it
all
those
kind
of
requests
to
a
different
car
provider,
and
you
return
it
into
a
single
in
the
and
you
return
as
a
jwt
and
pass
back
to
the
envoy
services.
G
Okay,
so
I
there's
no
question
I'll
just
go
ahead
and
show
you
so
basically,
this
is
my.
This
is
a
call
to
my
back-end
services.
It
will
actually
pass
through
the
android
route.
If
you
hit
this
you
can.
G
You
will
see
that
I
have
already
configured
this
actually
to
do
the
call
to
do
the
call
back
to
my
desk
in
my
kubernetes
cluster,
so
inside
here
inside
the
desk,
I
did
configure
whether
you
can
log
in
as
a
static
okay
with
the
example.
If
not,
you
can
do
a
git
locking
with
the
github.
G
G
G
G
Yep
so
basically,
after
the
github
after
the
github,
successfully
verify
your
user
and
basically
route
back
to
the
desk
and
the
dex
will
actually
relock
your
request
back
to
the
android
services
to
enter
my
backend
services
and
it's
the
same
thing.
What
you
can
see
here,
basically
once
you've
got
the
token
ready,
you'll
be
stored
as
a
part
of
the
cookies
in
the
client
request.
F
G
It
can
work
with
the
other
oedc
provider
directly.
There's
no
issue
on
that,
because
it's
still
back
to
those
oedc
protocol
right
but
again,
currently,
the
one
that
you
are
seeing
here
is
basically
it's
a
three-legged
authentication.
That's
what
is
the
actually
that
we
I'm
building
against
I'm
bringing
towards
one
thing.
One
of
the
limitations
that
I
haven't
do
is
basically
on
the
two
lake
authentication.
G
A
Yeah,
this
is
great,
thank
you
so
much
for
for
the
demo.
Any
questions,
comments
for
robin.
H
Yes,
good
job,
but
we
have
robin.
Do
you
have
any
put
up
any
documentation
for
the
steps
how
to
set
up
this.
G
F
Thanks,
I
think
it'd
be
also
really
interesting
to
get
people
who
have
real
applications
to
give
some
feedback
on
this.
I
think
that
you
know
I'd
like
to
get
feedback
on
what
part
where
we
need
different
things
to
be
configured,
so
your
applications
need
to
be
able
to
specify
cookie
names.
F
Do
they
need
to
be
able
to
fish
fields
out
of
the
fish
fields
out
of
the
tokens
to
then
you
know
to
be
able
to
specify
scopes,
and
I
think,
there's
a
lot
of
potential
parameters
in
this
area,
but
I'd
like
to
get
some
real
world
use
case
to
support
which
configuration
people
would
find
useful
in
practice.
A
Awesome
moving
along
here
nick
you
want
to
talk
about
contours
landscape.
Do
you
want
to
share
your
screen
without
the
blog
post
and
can
I
talk
through
it
or
you
want.
D
D
Okay-
okay,
great
so
yeah
this.
This
is
a
blog
post
that
I
wrote
recently
just
to
sort
of
be
the
sort
of
official
I'm
you
know
taking
over
from
dave
as
the
tech
lead,
we
hadn't
done
any
real
communication,
since
that
happened
so
yeah.
D
This
is
an
official
thank
you
to
dave
for
getting
the
project
off
the
ground
and
for
everything
he's
done,
but
yeah
as
part
of
coming
on
board.
What
I
wanted
to
do
is
to
write
down
some
thoughts
about
where
conquest
been
and
where
it's
going
so,
but
yet
before
we
get
to
that,
we
had
the
this
was.
D
This
was
me
celebrating
that
we
got
into
the
this
ncf
at
the
incubating
level,
yeah,
which,
which
is
a
quite
a
it's
a
substantially
big
deal,
that
we
were
able
to
skip
the
sandbox
level
and
come
straight
in
and
incubating.
So
thanks
to
everybody
who
has
contributed
to
making
the
community
work
well
enough
that
we
were
able
to
do
that,
and
thanks
to
michael
for
all
of
the
hard
work
that
he's
done
to
actually
make
it
happen
so
yeah.
D
So
in
terms
of
the
things
that
that
I
think
that
condo
has
been
doing
well
is
that
you
know
we've
done
you
everybody's
here,
we're
all
here,
we're
you
know
we
got
in.
We
got
accepted
into
incubating,
there's
a
there's,
a
definite
piece
of
software
that
is
regularly
released.
That
people
seem
to
find
useful.
We
created
a
crd,
we
you
had
some
people
use
it.
We
found
some
when
we
went
to
add
some
features.
D
We
found
a
problem,
so
we
created
a
new
one
and
we
fully
deprecated
it
and
removed
that
the
old
crd
now
so
you
we
definitely
had
velocity
along
the
project
for
for
the
entirety
of
its
lifetime,
but
yeah
and
you
that's
yeah.
This
is
one
of
the
things
that
I
think
is
really
good
about
control.
We
have
done
our
best
to
be
responsive
to
to
the
needs
of
our
users
and
to
to
meet
people
where
they're
at
and
one
of
the
things
that
has
come
out.
F
D
Is
http
proxy
and
the
http
proxy
cid
and
it
you
it
is
built
to
help
people
solve
some
of
the
problems
that
you
have
when
you're
trying
to
use
the
ingress
object
in
a
more
multi-tenant
style
environment,
where
it's
very
easy
to
accidentally
have
ingress
objects,
clobber
each
other
and
cause
problems
now.
D
So
one
of
the
one
of
the
other
things,
though,
that
that
we've
done
as
part
of
that
is,
we've
tried
really
hard
to
you
know
making
sure
that
we're
not
exposing
too
much
of
the
fact
that
we're
using
envoy
so
that
this
is
so
you
don't
need
to
know
everything
about
envoy
to
be
able
to
use
contour.
You
know,
I
think,
we've
done
pretty
well
at
that.
D
I
think
that's
one
of
the
things
that
we'll
talk
more
about
in
a
minute
about
the
stuff
we
haven't
done
as
well,
but
we've
also
but
yeah.
I
think
that
in
general,
we've
done
a
pretty
good
job
of
being
able
to
make
it
so
that
you
can
pick
up
and
use
contour
pretty
easily
without
needing
to
know
everything
about
envoy
and
we've
we've
done
a
lot
to
over
the
course.
D
Since
I've
been
working
on
contour
to
fix,
fix
to
make
to
make
it
easier
to
operate,
contour
which
I
know
there
are
people
on
the
call
who
you
have
are
definitely
operating
control
for
reals
and
so
yeah
like
this
is.
This
is
what
we
want
to
do.
We
want
to
make
it
so
contra
is
a
a
real
thing
that
is
really
straightforward
and
you
make
doesn't
make
it
hard
for
you
to
actually
operate
it.
D
So,
let's
get
on
to
stuff
that
I
wasn't
that
I
haven't
been
so
happy
about
when
looking
back.
One
of
the
things
was
deprecating
ingress
throughout
and
replacing
it
with
http
proxy
was
made
a
lot
of
work
for
people.
You
know,
I
think,
we've
done
everything
we
can
to
make
that
easier
by
providing
a
tool
to
convert
from
ingress
out
to
http
proxy.
D
But
ideally
we
wouldn't
do
that
again,
and
I
don't
think
there's
any
good
reason
now
for
us
to
do
that
again
to
deprecate
http
proxy
http
proxy
is
built
with
the
standard
api
guarantees
around
ga.
It's
now
a
ga
crd,
and
so
we
won't
be
removing
or
deprecating
it.
We
will
carry
we'll
carry
hp
proxy
for
for
good.
The
only
thing
that
we
will
do
is
add
things
to
it.
D
D
I
really
wanted
to
make
that
statement
to
make
to
give
people
confidence
that
we're
not
going
to
pull
the
fuller
rug
out
from
under
you
again
and
yeah.
So,
although
we've
you
know,
we've
made
some
strides
in
increasing
the
operability
of
contour.
D
Historically,
we've
had
a
lot
of
organic
growth
in
how
contour
works,
and
so
you,
one
of
the
things
that
I
wanted
to
do,
is
I
want
to
move
from
away
from
having
a
million
command
line
flags
to
having
a
config
file
that
where
all
of
those
options
live
I
over
time
I
would
like
to
deprecate
and
remove
as
many
command
line
flags
as
possible,
so
that
we
end
up
with
basically
only
the
stuff
that
you
really
need
for
local
development
and
that's
it
and
everything
else
is
configured
by
the
config
file.
D
The
reason
for
that
is
that
is
a
purely
practical
operability,
one.
If
we
deprecate
and
remove
a
command
line
flag,
then
people's
deployments
will
break
when
you,
when
you
upgrade
your
version,
you,
if
you
have
the
command
line
flag
there
and
contour
doesn't
support
it
anymore.
Then
your
deployments
will
go
down
and
not
come
up
when
you
change
the
when
you
pull
change
the
image
version,
it's
as
simple
as
that,
whereas
if
we
have
a
config
file
and
we've,
you
know
deprecated
a
setting
in
there
and
then
removed
it.
D
Your
config
file
will
be
fine.
Your
program
will
start
up
and
but
and
you'll
get
warning
and
logs
and
stuff,
but
you
may
have
a
partial,
a
partially
working
solution
rather
than
a
zero
working
solution.
So
that's
that's
sort
of
the
reasoning
why
I
really
want
to
move
away
from
command
line
flags
and
emphasize
emphasize
the
config
file.
D
I
think,
lastly,
the
thing
that
the
thing
that
I
think
we
haven't
done
so
well
is
that
you
know:
we've
had
a
we've
had
a
pretty
strong
stance
on
simplicity.
We've
had
a
pretty
strong
stance
that
we
didn't
want
to
add
features
without
really
understanding
what
they
were
being
used
for
and
if
the
thing
that
we
were
adding
was
the
best
way
to
to
use
that
now.
D
D
You
know
a
a
proxy
is
a
great
middleware
place
for
if
something,
if
an
app
is
broken
in
some
way,
and
it
can't
be
changed
because
it's
a
legacy
thing
or
that
someone's
relying
on
the
you
know
and
that
you
know
people
can't
make
the
change
for
whatever
reason.
Then,
then,
the
proxy
is
the
place
where
that
stuff
gets
fixed
up
in
the
past.
I
think
we
were
like
well,
you
know,
if
you're,
if
your
app
can't
do
the
right
thing,
then
you
should
fix
your
app.
D
But
you
know
that's
a
bit
naive
and
it's
a
bit.
You
know
it
doesn't
really
make
allowances
for
the
real
world.
Where
sometimes
you
can't
do
that,
and
so
one
of
the
things
there
was
the
the
sort
of
the
net
effect
there
is
that
you
we've
really
wanted
to
make
it
so
that
to
to
be
more
open
there
to
talking
to
people
about
what
you
know,
what
what
are
you
needing?
D
What
are
you
trying
to
get
out
of
adding
this
feature,
and
you
know
to
say
to
to
make
people
feel
like
we're,
not
saying
no,
but
we're
saying
like
yes,
but
we
just.
We
want
to
make
sure
that
we
build
this
everybody
who
uses
contour,
not
just
for
the
person
who's
asking
for
it
so
and
yeah.
D
You
know
I
framed
this
in
the
good,
the
bad
and
the
ugly.
I
think
the
ugliest
part
about
what's
happened.
The
history
of
contour
is
that
you,
although
we've
made
a
great
product
yeah
and
a
great
software
project,
the
a
bunch
of
people
have
felt
the
need
that
they
needed
to
fork
it
and
and
main,
and
carry
a
fork
of
contour
to
be
able
to
use
it.
D
That
to
me,
says
that
you
know
the
people
have
significant
use
cases
that
we
have
just
not
met,
and
you
know,
carrying
a
fork
is
a
significant
engineering
effort
and,
if
more
than
you
know
more
than
a
few
people
are
doing
that.
Then
that
means
that
we
have
missed
something,
and
that's
and
this
the
thing
that
I
have
realized
there
is
part
of
part
of
that
is
about
the
fact
that
the
proxy
can
be
used
as
a
fix-up
point.
D
But
it
also
means
that
you
know
we
need
to
be
more
more
accepting
of
changes
that
people
want
to
make
and
have
a
better
framework
for
people
being
able
to
make
changes
without
us
needing
to
ask
a
million
questions
about
why
they're
doing
it
and
how
that
and
how
the
change
should
be
added.
And
so
that's
one
of
the
reasons.
Another
reason
for
why
I
really
want
to
push
towards
a
config
file,
because
that
makes
it
easier
to
add
tweakable,
knobs
and
stuff
like
that,
without
us
having
to
have
a
million
command
line
options.
D
So
the,
and
so
before,
like
one
of
the
things
that
we
that
I
want
to
do
without
doing.
All
of
this
is
to
allow
to
make
it
so
that
people
want
to
don't
want
to
carry
forks
anymore
for
one
thing,
but
also
to
make
it
so
that
it's
easier
to
add
features
to
contour
without
having
to
back
and
forth
with
us
a
lot.
So
some
of
the
ways
we
can
do,
that
is
the
you
know.
D
I
need
to
update
it
but
to
have
a
philosophy
document
that
explains
what
contra
is
about
and
how
and
how
we
do
things
and
to
have
more
standard
ways
to
add
extra
configurability
for
people
who
want
to
add
it,
but
the
converse
of
that
is,
we
don't
want
to
add
features
into
contour
that
make
it
harder
to
use
one
of
the
things
that
I
think
is
great
about
contour.
Is
that
the
initial
hey?
I
want
to
kick
the
tires
on
this
thing.
D
Experience
is
pretty
straightforward
like
there's
not
you
don't
need
to
do
a
lot
of
config
just
to
get
started
and
you
what
I
want
is
to
have
to
have
contour
be
in
a
place
where
there's
you
know
that
contour
is
useful
in
all
as
defaults,
and
then
there
is
a
large,
a
large
swath
of
connect
of
extra
configurability
that
you
can
touch
if
you
need
to,
but
you
shouldn't
need
to
touch
it
unless
you
need
that
extra
feature
or
that
extra
you
know
bit
of
configurability
or
you've
got
some
reason
to
so,
and
so
yeah
one
of
the
things
one
of
the
big
things
themes
that
when
I
talk
to
people
who
have
been
doing
forks,
is
this
issue
of
configurability
and
making
it
so
that
you
can
tweak
more
things.
D
D
You
know
if
sometimes
sometimes,
because
if
the
cluster
admin
may
want
to
limit
the
time
out,
that
you
can
apply
one
of
the
people
who
made
a
fork
said
that
one
of
the
problems
that
they
had
was
that
we
added
in
a
request,
timeout
and
allowed
you
to
set
an
infinite
request,
timeout
and
then
that
immediately
messed
up
their
centralized
proxy.
Because
all
of
a
sudden,
all
these
application
developers
were
like
well.
D
If
I
can
have
a
infinite
request,
timeout
I'm
going
to
do
that,
and
so
then
their
connection
pools
for
their
proxies
filled
up
and
their
proxies
fell
over
because
because
there
were
too
many
connections,
because
the
requests
were
not
never
timing
out,
and
so
some
people
need
to
be
able
to
put
limits
on
the
timeouts
in
if
they're
running
it
as
a
if
they're
running
contour
as
a
centralized
proxy.
And
so
that's
one
of
the
things
that
makes
this
whole
thing
a
little
bit
more
complicated.
Is
that
we've
got
two
personas.
D
We've
got
the
application
developers
who
want
to
be
able
to
create
http
proxies
and
have
those
things
exposed
in
a
reasonably
straightforward
fashion.
But
we've
also
got
people
who
are
running
a
centralized
proxy
and
need
to
be
able
to
put
limits
around
what
people
can
do
and
so
part
of
what
we're
trying
to
do
here
is
to
make
it
so
that
we've
got
patterns
for
for
adding
these
features
so
that
we
know
how
to
do
it
and
we're
not
sort
of
needing
to
spend
ages
going
backwards
and
forwards
on
design
documents.
D
Another
thing
we
want
to
do
is
to
expose.
We
do
want
to
expose
more
on
voice
specific
configuration,
the
the
or
stuff
that
james
is
working
on
is
a
great
example
of
that.
There's.
This
really
amazing
feature
being
able
to
delegate
your
external
auth
that
lots
of
other
proxies
support
that
envoy
has
native
support
for
that.
We
don't
support,
because
we
don't
have
a
way
to
configure
it,
and
so
again
this
is
a.
D
This
is
a
case
where
we
want
to
make
sure
that
we're
exposing
this
feature
in
a
way
that
that
makes
it
so
that
it's
very
usable
for
somebody
who
only
knows
contour
and
doesn't
know
everything
about
envoy,
and
we
have
ways
for
you
to
use
the
feature
in
simple
ways.
Like
you
know,
hey,
I
just
want
to
have
a
basic
auth,
username
and
password
on
my
on
the
services
behind
my
thing.
D
That
should
be
easy,
but
we
need
to
have
the
on-ramp
to
be
able
to
bring
that
up
into
things
like
things
like
rob
and
demonstrator,
today,
being
able
to
use
oedc
and
dex
to
to
be
able
to
you
know
to
plug
into
whatever
earth
we've
got
available.
D
Yeah
yeah
we're
running
out
of
time.
The
you
know,
the
other
two
big
things
here
are
being
able
to
configure
third-party
services,
of
which
auth
is
one,
but
we've
also
got
requests
for
logging
and
rate
limiting
and
some
other
ones.
So
we
definitely
really
want
to
get
all
that
stuff
in
as
soon
as
we
can
and
we
want
to.
D
We
want
to
make
sure
that
we're
heavily
involved,
which
we
are
with
the
service
apis
project
for
kubernetes
and
the
future
of
ingress,
so
that
we
can
be
driving
that
and
then
we
want
to
be
one
of
the
first
people
to
implement
it,
if
not
the
first,
so
sorry
to
have
talked
for
a
long
time.
If
anybody
wants
to
ask
questions,
I
can
stay
around
for
a
bit
afterwards,
but
yeah.
D
I
just
wanted
to
quickly
run
through
that,
so
that,
for
those
of
you
who
haven't
read
it,
if
you
want
to
read
the
exact
words
I've
written,
please
do,
please
feel
free
to
hit
me
up
on
on
twitter
or
or
the
kubernetes
slack.
I'm
young
nick
there.
If
you
have
any
comments.
B
And-
and
I
know
that
some
of
you
are
wondering
when
our
next
release
is
coming-
1.7-
that's
you
know
in
a
few
days,
so
I
know
if
we
can
provide
a
little
more
clarity,
maybe
early
next
week,
but
we're
working
on
that
and
we
should
be
able.
I
know,
michael
you
asked
for
that
in
the
past,
so
we'll
give
you
a
little
bit
more
clarity
when
we're
a
few
days
away.
A
Thank
you
so
much
for
for
running
through
that
nick
really
appreciate
it.
It's
a
it's
an
important
piece
here
and
yeah,
as
nick
said.
Please
reach
out
on
slack.
If
you
have
any
questions
with
that,
I'm
gonna
end
the
the
meeting.
Now
I
hope
you
all
have
a
fantastic
rest
of
the
week
and
we'll
see
you
soon
have
a
good.