►
From YouTube: Contour Community Meeting - August 4, 2020
Description
August 4, 2020
News
Contour CVE - Ingress data plane (Envoy deployment) is vulnerable to DOS
What have we been working on?
Office Hours this Thursday!
https://github.com/projectcontour/community/wiki/Office-Hours
New distribution lists
Discussion
Renaming master to main once Github adds tooling for that
Move to two reviewers per PR
Endpoints Slice Support
ExtensionService for Auth support
Next week
Move to Envoy go-control-plane: Some discussion around how to handle Endpoints
Finalize discussion around changing the number of reviewers for PRs.
A
B
Yeah
well
all
right.
First
up
is
the
news
so
yeah
we
have.
We
have
had
our
first
cbe.
The
envoy
deployment
had
a
vulnerability.
If
you
could
reach
the
any
of
the
node
networks,
then
you
could
cause
envoy
to
shut
down.
So
theoretically
you
could
take
the
entire.
You
could
take
the
entire
onboard
deployment
offline
and
stop
all
the
english
traffic
to
the
cluster,
which
is
bad
so
thus
we've.
So
we
have
our
first
cve.
Luckily,
this
was
a
relatively
straightforward
fix.
B
Steve
got
the
fix
in
pretty
quickly
and
one
point
just
before
the
1.7
release,
so
we
didn't
even
need
to
issue
a
patch
release,
so
the
timing
worked
out
really
well
yeah.
All
the
details
are
in
the
are
in
the
vulnerability
thing
in
there
and
we
also
got
to
try
out
the
the
vulnerability
process
and
some
of
the
new
stuff
that
we've
had
since
going
to
the
city
going
to
cncf
on
a
relatively,
not
too
ridiculously
scary,
cbe
for
our
first
one.
So
lucky
all
round.
C
C
A
D
A
C
A
C
That's
what
we
set
up,
we
didn't
really
do
the
stuff.
Last
time
we
talked
about
for
the
last
one,
which
is
totally
fine.
We
ended
up
going
down
some
routes
as
to
how
contours
built
and
how
you
know
we
get
from
from
watching
objects
and
kubernetes
to
getting
it
things
into.
You
know
the
the
graph
that
we
build
and
then
out
to
envoy
we
kind
of
went
through
some
of
those
topics.
So
again
we
can.
C
We
can
keep
on
schedule
or
go
back
and
do
whatever,
but
that
was
our
initial
thought
that
we
were
going
to
talk
about.
Should
no
one
else
have
anything
else.
They
want
to
talk
about
awesome.
Thank
you,
yeah,
but
again
the
whole.
The
goal
is
it
to
have
folks
come
chat,
so
those
are
just
filler
items
to
fill
time.
Should
we
need
it?
So
please
come
by
no
means,
that's
that
has
to
be
the
schedule.
So
come
chat
about
whatever
we
can.
We
can
talk
about
it.
B
That's
me,
so
I
think
everyone
should
have
noticed
that
lots
of
people
are
talking
about
renaming
their
mainline
development
branch
from
master
domain.
I
propose
that
we
do
that
as
soon
as
github's
tooling
renders
it
practicable.
Github
have
issued
a
statement,
saying
hey
you
unless
you're
already
doing
something
like
this,
you
probably
should
wait
until
we
we're
going
to
add,
make
this
whole
process
a
lot
easier
right
now.
Renaming
master
domain
is
100
possible
on
any
git
repo.
B
Obviously,
but
when
you
use
github,
it
basically
means
that
all
of
the
open
pls
will
be
closed
and
a
couple
of
other
sort
of
sub-optimal
side
effects.
Github
have
issued
a
statement
that
said
that
they're
gonna
work
on
making
something
that
will
make
this
easier
for
you.
That
should
be
out
in
a
few
months.
So
I
just
wanted
to
register
that.
I
I
think
we
should
do
this.
I
think
it's
pretty
unambiguous.
We
should
do
it,
there's!
B
B
D
D
B
B
B
So
I
I
in
the
ticket
that
that
steve
currently
added
to
this
discussion
item
you
can
see
you
know
I
did
go
through
and
have
a
look
at
what
would
be
involved,
and
it
is,
you
know
possible,
but
yeah,
but
the
it
closes.
The
fact
that
it
closes
any
outstanding
pr's
is
pretty
tricky
because
we
have
a
lot
of
pr's
in
flight
at
any
one
time.
B
Well,
not
a
lot,
but
eight
is
enough
to
that.
It
would
be
tricky
to
coordinate
so
yeah.
If
no
one
has
any
other
objections,
then
I'm
gonna
sort
of
mark
this
down.
As
we
talked
to,
we
talked
about
it
on
the
community
meeting
and
there
were
no
significant
objections
and
put
that
on
the
issue
and
leave
that
open
for
comment
for
from
now
on.
Like
I
said,
I
don't
think
that
I
think
that
we
need
to
wait
for
that
one.
B
I
think
there
are
other
inclusive
language
stuff
we
can
do
michael
mentions
there
running
the
I'm,
not
sure
if
it's
veil
or
valet
tool
to
yeah
I
can
see,
I
can
see
a
case
for
it
being
either
so
yeah,
either
the
english
word
veil
or
the
latin
word
valley,
so
yeah,
but
yeah
so
yeah.
I
I
think,
there's
probably
a
case
to
have
that
done.
Asap
and
just
update
this
ticket
with
those
details.
A
C
C
So
it
was
just
an
idea
and
a
thought
of
you
know:
should
we
have
more
more
than
one
person
reviewing
just
eliminate
issues
of
you
know,
folks,
reviewing
and
asking
for
changes
and
someone
else
approves
it
and
it
gets
merged
without
fixing
those
other
things
or
not.
You
know,
as
we
work
u.s
australia
distributed
that
sort
of
thing.
You
know.
B
Yeah
I
mean,
I
think,
right
now,
there's
a
there
is
a
risk
like
there's
two
sides,
there's
two
things
here:
one
there
is
a
risk
that
we
that
we
are
not
like
that
we
you
know,
because
we've
got
two
people
in
each
time
zone.
You
know
it's
easy
for
people
in
the
other
timezone
to
miss
things,
because
one
of
us
didn't
review
it,
and
so
that
is
a
good
advantage
of
having
two
reviews
per
pr.
Also,
it's
probably
better.
We've
got
now
that
we've
got
four
four
maintainers.
B
Then
two
two
reviewers
is
kind
of
effectively
quorum.
So
that's
good!
I
yeah
I
mean
the
downside
is
that
it'll
take
longer.
It
means
that
the
fact
that
it
crosses
a
time
zone
means
that
every
pr
will
take
at
least
sort
of
24
hours
to
to
merge.
Probably
so
you
know,
that's
the
downside,
I
think
it's
probably
worth
the
trade-off,
but
you
know
that's.
This
is
not
just
a
made
decision,
james
steve,
for
your
thoughts
and
everyone
else,
of
course,
but
yeah
maintenance.
First,
that's
all.
C
Yeah,
I
see
both
sides
of
it.
I
think
I
think
there
are
some
nice
benefits
to
it
to
having
that
extra
set
of
eyes
on
things
just
I
just
it
came
out
recently,
just
because
there
were
some
things
that
we
got
merged
and
someone
else
came
back
later.
I
was
like,
oh
what
about
this.
We
forgot
this.
Did
this
thing
wrong?
C
You
know,
and
that's
obviously
going
to
happen
just
because
we're
human
and
mistakes
happen,
but
it
was
just
you
know,
thoughts
and
I
guess
steve's-
not
steve
chris-
isn't
here
to
to
throw
his
scents
in
either.
So
maybe
james,
you
can
give
us
your
thoughts
and
then
we
can
maybe
push
it
to
next
week
or
the
week
after
when
everyone's
here
again
to
discuss
fully
yeah
yeah.
D
I've
had
a
couple
of
cents,
so
normally,
when
I
see
someone's
picked
up
a
review
I'll
back
off
reviewing
because
as
a
as
a
contributor,
it's
it
can
be
frustrating
having
two
reviewers
tell
you
either
the
same
thing
or
two
reviewers.
Tell
you
completely
different
things.
So
having
multiple
reviewers
at
the
same
time
is
is
not
a
great
experience.
D
I
think,
from
the
team
overall
point
of
view,
I
think,
having
two
reviewers.
I
think
that
would
be
a
win
and
I
think
I
think
that's
a
good
idea.
It's.
What
I
would
like
to
think
about,
though,
is
having
a
bit
more
structure
around
like
which
two
reviewers,
so
since
I've
been
on
the
team,
like
the
general
practice,
seems
to
have
been
just
to
tag
everybody
as
a
reviewer,
and
you
kind
of
just
hope
that
someone
will
pick
it
up.
D
Maybe
we
want
to
add.
Maybe
we
want
to
kind
of
experiment
with
a
bit
more
convention
around
that
and
say:
okay.
Well,
if,
if
we're
going
to
have,
if
we
have
a
two
reviewer
policy,
then
maybe
we
just
explicitly
tagged
the
two
reviewers
or
we
have
some
way
to
flag.
We
have
some
kind
of
convention
that
we
use
to
flag
to
say
like
I
want
I'm
looking
for.
I
need
that.
D
C
D
A
So
one
thing
that
actually
came
up
in
the
community
meeting
today
for
valero
is
that
the
the
team
right
now
because
they
they
have
this
set
up
and,
of
course,
you
you
can
always
override
it
right
if
need
be,
but
right
now
they
they
have.
Some
team
members
are
on
pto.
So
that
means
that
if
one
of
the
maintainers
puts
in
a
pr
and
gets
reviewed
by
a
another
maintainer,
they
don't
have
another
maintainer,
a
third
maintainer
to
actually
review
it.
A
So
just
something
to
think
about.
I
know
we
don't
usually
have
pto
during
the
same
time
or
we're
offline
during
the
same
time,
but
it
it
can
be
worthwhile
to
have
some
language
in
there
saying
hey
when
need
be.
We
can
override
this
if
a
cve
comes
out
or
if
something
really
crucial
comes
in,
and
we
need
to
take
care
of
that
absolutely
we
can
override
it,
but
per
like
a
standard
to
have
two
reviewers
just
to
make
sure
it's
reviewed
by
more
than
just
one.
I
think
it's
fine.
B
I
mean
one
way
of
doing
that.
There's
also
another
thing
that
we
absolutely
have
to
do
anyway.
So
yes,
so
it
is
a
good
voicing
function
to
help
us
do
that
too
I
mean
maintainers.
Do
get
special
cow
powers
right
to
to
push
the
you
know
bypass
all
the
checks
button,
but
we
all
try
not
to
use
that
without
a
very
good
reason.
B
B
C
B
That
might
that
is
a
good
point,
since
yeah
integration,
tester
and
ir
to
proxy
currently
pretty
much
have
a
single
maintainer
each
really,
although
everyone
has
permissions,
you
know
james
is
the
only
one
who
really
does
any
integration
tester,
I'm
the
only
one
who
does
any
work
on.
I
had
a
proxy,
so
you
know
yes,
that
is
a
very
good
question
that
I
don't
have
an
answer
to
right
now.
A
B
Yeah,
I
think
so
too,
but
but
let's
have
a
think
episode
of
thing
about
it
and
then,
when
we
talk
about
it
again,
cool,
okay,
so
inputs.
I
support
thank
you
for
for
working
on
on
a
branch
for
this
yeah.
That's
awesome,
yeah!
Thank
you,
yeah,
I'm
sorry
as
I
I
commented
there
just
so
that
we
would
have
a
com
type
record
of
it.
I
think
that
we've
got
some
there's
some.
You
know
with
the
control,
plane,
work
and
also
the
and
also
the
external
work.
B
B
I
suspect
it
may
actually
need
a
substantial
rewrite
in
the
very
near
future,
because
we're
gonna
we're
probably
gonna
poke
at
some
of
those
internals
for
regular
endpoints
in
one
way
or
another.
So
I
think
we
might
need
you
to
hold
off
on
on
much
more
on
that
for
now,
which
is
a
sucky
answer,
and
I'm
sorry
but
yeah,
the
the
other
thing.
B
The
thing
that
I
would
like
to
see,
though,
is
that
when
we
are
ready
to
do
endpoint
slice
that
we
do
apply
our
dynamic
type
detection
rather
than
rather
than
like
specific
feature
flags
for
contour
andrew
you
are
here.
So
I
can
ask
you
the
what
I
remember
about
endpoint
slice
is
when
you,
when
it's
available
the
details
from
one
are
copied
into
the
other.
Pretty
much
is
that
am
I
right.
E
E
B
B
So
what
that
tells
me,
then,
is
that
we
could
pretty
easily
use
a
similar
sort
of
type
detection
logic
to
what
we've
done
with
the
extension
service
and
other
crds,
where,
if
we
detect
that
that
it's
enabled
in
the
cluster
that
is
present
in
the
cluster,
we
just
use
it
and
we
stop
using
the
old
endpoint
one
I
mean
there
there
is.
That
does
mean
that
there's
a
version
boundary
break.
B
B
I
really
like
us
to
move
towards
that
being
the
pattern
for
supporting
new
kinds
that
that
we
that
basically,
if
the
kind
isn't
available
is
available,
we
use
it
we'll
or
we
inform
on
it.
Maybe
we
have
a
feature
flag,
that
it
doesn't
that
we
don't
that
we
use
it
or
not,
but
we
should
always.
If
it's
present,
we
should
always
be
running
the
informer
for
it
and
and
soaking
in
the
data,
but
then
maybe
the
actual
informants
for
it.
B
Don't
do
anything
so
that
pattern
is
then
useful
for
endpoint
slice
for
the
service
api
university
ids
that
the
project
contour
wants
to
add
and
all
those
sort
of
things,
and
then
we
don't
have
to
have
a
bunch
of
feature
flags
we'll
just
you
know
enable
whether
this
kind
is
available
or
not,
and
it
also
lets
old
types
sort
of
fall
away
as
as
they
fall
out
of
support.
Pretty
naturally
so
example,
there
is
like
extensions
extensions
v1b1
ingress
would
be
would
have
been
if
we
had
this
earlier.
B
C
C
Set
up
quickly,
so
it
wasn't
like
here's
a
bunch
of
work
and
then
we
go
hey
change
all
these
things.
You
know,
so
that
was
that
yeah
just
getting
those
bits.
Those
bits
worked
out
in
terms
of
integration
yeah.
I
don't
know
when
I
know
some
folks
will
disable
beta
features
in
their
clusters
because
until
they
hit
ga,
but
I
think
that,
given
your
the
idea
of
using
the
detection,
that
should
still
work
if
someone's
disabled,
because
it
just
won't
be
there,
so
I
think
that
that
still
holds
true.
E
Yeah,
I
also
agree
that
yeah,
it
probably
doesn't
hurt
to
like
watch
endpoint
slice,
but
there
I
definitely
think
there's
there
should
be
a
gate
for
like
yeah,
like
switching
the
actual
endpoint
slight
endpoint
like
what
which
resource
you
read
yeah.
I
think
there
needs
to
be
a
gate
for
that,
because
if
you
just
watch
endpoint
slice
first
and
there's
gonna
be
big
changes
in
118
and
119
on
that
right.
Okay,.
B
Okay,
okay,
so
yeah,
so
so
it's
probably
so
probably
better
for
this
particular
one,
it's
probably
better
to
to
use
the
kind
detection
to
detect
whether
or
not
we
add
an
info
for
it,
but
then
have
our
feature
gate
in
contour
that
detects
whether
or
not
we
use
endpoint
or
endpoints
slice
for
actually
generating
the
endpoints,
and
that
is,
but
that
is
a
an
endpoint,
an
endpoint
spy
specific
thing,
not
a
general
thing.
So
the
general
thing
should
be.
B
D
E
Sorry
yeah
in
future
releases
they
actually
made
divert
diverge
a
bit
in
terms
of
functionality,
so
there's
a
pr
open
right
now
that
actually
includes
endpoints.
So
endpoint
slice
is
gonna
start,
including
the
set
of
terminating
pods
right
now
like
if
a
pod
is
terminating.
The
end
point
like
endpoints
doesn't
include
at
all,
but
endpoint
slices
gonna
start,
including
a
terminating
condition
in
that.
So
things.
B
Like
that,
that's
actually
that's
actually
might
also
be
useful
for
us
in
terms
of
being
able
to
do
separate
stuff
with
endpoints
that
are
terminating.
So
if
we
want
envoy
to
do
different
thing
to
drain
connections
to
specific
endpoints
or
something
like
that,
I
can't
remember
the
exact
mechanisms
that
are
in
vds
and
cds
and
stuff
like
that
in
envoys
api.
But
having
that
extra
bit
of
data
available
of
these
endpoints
are
should
not
be
accepting
traffic
anymore
is
you
know
they
might
still
be
healthy,
but
we
should
actually
start
draining
them.
B
That's
that
would
be
useful
to
be
able
to
tell
envoy
that
at
some
point,
so
that
would
be
another
good
reason
for
us
to
move
to
endpoint
slices
as
we
can
to
be
able
to
do
that.
So
hope.
That's
another
way
that
we
could
address
some
of
the
problems
that
say
the
canadian
folks
have
seen
about
you
know
about
503s
and
stuff,
like
that,
where
the
endpoints
are
new,
they
might
be
healthy
in
one
way,
but
they're
not
healthy
enough
to
actually
serve
the
traffic
or
vice
versa.
D
B
And
you
know,
there's
a
as
dave
always
used
to
say,
there's
a
there's
a
bit
of
a
slider
between
how
fast
you
respond
to
endpoints
going
and
the
risk
of
the
endpoint
not
being
valid,
because
you
haven't
finished,
checking
that
it's
valid
yet
and
we've
tended
to
to
slide
towards
the
responding
as
fast
as
possible
in
the
past.
But
the
indications
are
that
some
people
are
running
big
enough
deployments.
B
That's
a
problem
so
anyway,
that's
that
is
a
thing
that
yeah
I
and
the
other
maintainers
would
like
to
have
a
bit
of
a
chat
about
to
to
sort
of
talk
about
some
directional
stuff
there
and
come
back
to
the
community
in
the
community
meeting
about
that
next
week.
Yeah
so,
and
I
think
that
probably
slides
actually
into
some
of
the
stuff
that
we're
talking
about
with
the
extension
service
for
all
support,
doesn't
change.
B
So
I
think,
I
think,
sorry
so,
basically,
I
think
we're
just
you
know.
I
think
this
is
just.
This
is
a
bit
of
a
heads
up,
that
the
way
that
we're
thinking
about
doing
external
auth
is
by
adding
a
new
crd,
which
is
extension
service,
to
allow
you
to
configure
an
extra
envoy
service
in
an
extensible
way.
That's
useful,
not
only
for
external
auth,
but
for
other
things,
like
logging,
red,
limiting
and
so
on.
We,
this
is
a
thing
that
we're
going
to
need
to
look
for
a
lot
of
different
onboard.
B
And
so
we
need
to
build
out
a
way
to
do
it
in
a
reusable
and
sustainable
way.
That
means
that
you
don't
need
to
learn
seven
different
ways
to
specify
the
thing
you
need
to
connect
to
for
some
third
party
for
some
extra
third
service
between
contour
and
envoy,
and
something
else
does
that
summarize
it
james.
D
Yeah
yeah
pretty
much
so
I
think
steve
was
trying
to
explain
something
to
me
and
I
was
being
a
bit
dense,
but
I
read
this:
I
read
the.
I
just
realized
that
the
issue,
one
one,
nine-
that
he
references-
covers
some
of
the
issues
that
I've
run
into
here.
So
this
is
one.
This
is
something
where
the
way
we
deal
with
endpoints
needs
to
be
a
lot
more
sophisticated.
D
D
D
D
B
B
The
way
contour
does
things,
some
of
which
are
for
good
reasons,
and
some
of
which
are
just
historical
and
so
we've
got.
We've
got
a
bit
of
work
to
do,
to
identify
some
of
that
stuff
and
and
do
that,
and
I
think
we
want-
we
need
to
do
this
in
a
higher
bandwidth
way
than
github
tickets
at
the
moment.
B
B
D
I
was
going
to
editorialize
a
little
bit
about,
I
guess,
contour
history.
I
think
it
occurred
to
me
the
other
day
that
you
know
configurability,
there's
this
there's
a
slider
between
configurability
being
configurable
and
being
opinionated
right,
and
I
think
the
slider
changes
where,
as
you
go
up
and
down
the
stack,
so
if
you're
further
down,
if
you're
down
low
in
the
stack,
you
need
to
be
configurable,
you
can't
afford
to
be
opinionated
and,
as
you
go
up
to
higher
and
higher
levels
of
abstraction,
you're,
more
and
more
opinionated
right.
D
So,
as
you
go
up
to
like
my
custom,
my
businesses
custom
platform
as
a
service
which
is
uniquely
bespokely
tailored
to
my
business
you're
like
really
opinionated,
but
you
need
to
build
that
thing
on
things
that
are
configurable,
so
I
think
ingress
over
time
is
changing
its
position
in
the
stack
right
so
ingress
three
years
ago,
probably
would
have
felt
felt
like
it
was
really
high
up
in
the
stack.
It's
like
an
opinionated
thing.
D
Today,
people
are
building
that
people
are
assuming
ingress
and
people
are
saying.
Well,
ingress,
isn't
what
I
want
to
use.
I
want
to
use
something
that
consumes
ingress,
so
ingress
is
like
kind
of
getting
pushed
down
in
the
stack
and
that
change
in
your
location
in
in
people's
development.
Stacks
kind
of
forces
changes.
It
changes
everyone's
expectations
of
of
your
project
right,
so,
whereas
before
were
opinionated-
and
it
was
like-
that's
a
really
good
opinion.
We
really
like
that
opinion
now
they're
like
well.
D
I
need
you
to
be
configurable
because
now,
instead
of
the
top
of
my
stack
you're
like
three
levels
down-
and
I
need
like
16
16
different
knobs
from
you-
and
so
I
wonder
how
much
that
change
in
that
kind
of
ecos.
That
kind
of
movement
in
the
ecosystem
has
changed
the
way
people
think
about
projects
like
contour.
B
E
B
F
B
F
B
Excellent,
so
yeah,
so,
given
that
you've
already
done
some
work,
doing
that
I
would
love
for
you.
I
would
love
for
contour
to
really
get
ahead
of
the
game
here
and
and
get
get
the
actual
behavior
implemented.
Yeah.
I
haven't
been
able
to
be
as
involved
as
I
would
have
liked
in
doing
that,
but
yeah
thanks
daniel.
I
we
should
definitely
add
that
to
next
next.
The
next
meeting
agenda.