►
From YouTube: Contour Community Meeting - May 26, 2020
Description
May 26, 2020
What have we been working on?
(@youngnick) Updating HTTPProxy addresses
(@jpeach) xDS certificate rotation #2143
Contour Release v1.5
Issue Discussion
Image Pull Policy (Examples)
A
One
I'm
rollin
and
welcome
to
this
week's
contour
community
meeting
today
is
May
26th
2020
I'm
gonna
talk
about
what
we've
been
working
on
and
go
through
some
issue
discussions,
and
if
you
have
anything
that
you
would
like
to
add
as
well
to
the
discussions
or
to
the
status
updates,
please
do
so
in
the
hack
and
eat
that
I'm
linking
there
and
yeah.
If
you
have
any
questions,
just
speak
up
throughout
the
thread
and
I'm
gonna
share
my
screen,
so
you
all
can
see.
B
C
Yeah,
so
I
was
just
given
it
a
little
update
on
and
work
that
Nick's
been
doing
cynic,
so
contour
updates
status
in
two
places.
Now
so
one
place
is
in
any
HTTP
proxy.
There's
a
status
stands
at
the
bottom
of
that.
So,
if
you
could
invalid
status
or
valid
status
whatever
that
is
contourable
update
that
what
we're
adding
as
well
is
we
added
in
1.4
ability
to
update
the
ingress
or
the
load
balancer
status,
so
it
information
elite,
a
create
a
service
type
load.
C
Balancer
would
flow
into
the
ingress
object
and
update
that
status
field
there.
What
Nick
is
adding
as
well
to
add
this
to
the
HTTP
proxy
resource
so
again,
the
same
just
like
ingress
you'll
get
that
now
in
the
RC
already.
The
problem
now
is
that
we
have
two
different
places
where
we're
updating
status.
So
one
isn't
you
know
the
valid
invalid
status
of
the
CRT,
as
well
as
the
new
ingress
status
for
the
load
balancer.
So
Nick
is
working
to
kind
of
revamp
that
work.
C
None
of
this
really
be
visible
to
users,
sort
of
all
behind
the
scenes
refactoring,
but
just
one
just
to
know
that.
That's
coming,
which
is
cool
as
well
as
once
we
have
this,
we'll,
be
able
to
send
a
PR
to
the
external
DNS
project,
so
you
be
able
to
use
external
DNS
with
the
HTTP
proxy
resource.
So
just
an
update
on
that
and
in
Excel
has
just
won
these
reviewed.
I
know:
James
security.
C
Take
a
look
at
it
yet,
but
that'll
become
me,
which
is
cool
once
we
have
this
stuff,
this
work
time
and
we'll
be
able
to
add
more
status
information
into
there.
We've
kind
of
wanted
to
do
all
along
some
of
the
information
about
you
know
includes
that
sort
of
thing
with
the
proxy
resource.
Once
we
have
more
information
in
that
status,
stands
that
don't
be
able
to
drive
things
like
maybe
an
octant,
plugin
or
other
kind
of
ways
to
get
information
back
to
the
user
to
make
it
make
it
easier
to
consume
what.
C
C
So
yeah
so
I
think
this
is
adding
the
ingress
status
and
then
the
third
part
is
to
add
the
right
now
when
you,
when
we
build
when
Contra
goes
and
looks
at
all
the
ingress
resources,
it
builds
up
that
diagonal
that
directed
acyclic
graph.
What
happens
is
today
the
output
of
that
is
a
set
of
Status
Messages.
Let
me
set
that,
so
we
want
to
update
that
to
I.
Guess
what
you
get
today.
C
Is
you
only
get
one
status
message
so
like
say,
you
had
three
areas
with
one
resource:
you'd
get
the
first
one
in
the
status.
You'd
fix
that
and
get
the
second
one
need
to
fix
that
you
at
the
third
one
idea
is
that
to
get
back
return,
a
set
of
things,
that's
kind
of
a
bigger,
a
bigger
change
to
make
that
pop
through,
but
yeah
I
think
these
are
all
the
bits
that
James
outlined
for
us,
which
is
great.
A
D
So
Terry
who's
in
the
call
good
morning.
It
did
all
the
groundwork
for
this,
so
we
have
all
the
machinery
in
place
in
envoy
and
contour
to
be
able
to
update
and
rotate
the
XTS
certificate
Els
certificates
online.
So
this
is
the
certificate
that
is
used
to
secure
the
XDS
channel
that
Wade
and
Conti
were
configures
on.
Why
so,
this
series
of
PRS
is
basically
so
that
we
can
operationalize
all
of
Tara's
work,
so
I
think
we
landed
I.
Look
at
that
I
have
to
check
off
a
couple
of
hours.
D
So,
what's
going
to
happen,
is
that,
though
we
did
condor
1.5
there'll,
be
a
new
version
of
the
certificate
generation
job
and
in
basically,
everything
is
gonna
flip
over
to
reload
all
certificates
as
a
side
effect
or
kind
of
part
of
operationalizing.
This
change
is
that
the
format
of
those
certificates
secrets
is
going
to
change
and
they're
going
to
be
compatible
with
certain
manager,
so
it'll
be
a
drop-in
replacement
to
change
from
using
the
search
in
generated
certificates
to
using
your
own
set
manager,
generated
certificates.
D
C
Yeah
so
I
linked
in
the
the
close
PRS,
so
this
week
we're
looking
to
release
contort,
1.5
and
there's
a
whole
bunch
of
stuff
in
here.
I
think
is
a
good
mix
of
features
as
well.
I
was
just
internal
restructuring
that
we've
done
so
the
big
ones,
I
think,
are
the
the
fallback
certificate
work.
So
this
is
the
case
of
Todd.
Talk.
I
talked
about
this
on
a
few
different
meetings
now,
but
I
think
all
the
bits
are
now
merged
into
there.
C
So
the
idea
is
that
if
you
have
a
request,
some
one
client
doesn't
support
SNI,
which
is
what
we
used
to
do:
the
routing
for
multiple
host
headers.
If
you
have
client
is
in
past
sni,
then
you
can
enable
this
fallback
certificate
which
lets
us
still
handle
the
requests,
even
if
you
didn't
have
SNI.
So
all
the
details
are
in
there
there's,
you
know
the
PRS
all
in
there.
The
docks
and
everything
should
be
should
be
all
merged.
By
now,
that's
one
of
the
big
ones.
C
C
Got
a
bunch
of
internal
stuff,
the
the
certain
rotation
stuff
which
James
just
talked
about,
which
is
great,
so
Thank,
You
Tara
again
for
all
that
work,
that's
fantastic!
To
have
that!
You
know
coming
into
the
project.
I,
don't
know
it's
all
in
here.
I
feel
like
we'll
get
this
all
put
together
and
a
better
set
of
release
notes
this
week.
E
D
D
D
C
E
C
E
C
D
A
A
A
A
B
Before
we
land
on
the
issues,
it's
actually
it
might
happen
any
minute
now
I
know
the
person
is
working
on
it.
Contour
is
gonna,
go
up
for
voting
by
the
TOC
literally
in
the
next
couple
of
minutes.
It's
been
a
long
journey
for
us
five
months
so
start
at
the
end
of
December,
beginning
of
January,
Michael
I
know
you're
you're
you're
very
involved
in
the
open
source
upstream,
big
community.
B
From
from
your
work
with
the,
since
you
have
in
the
board,
love
to
hear
you
know,
+1
non-binding
from
you
as
well,
and
everybody
else
is
using
and
contributing
on
on
contours.
So
is
big
news
for
us.
It's
gonna,
be
a
tremendous
I,
think
to
donate,
to
scene
CF
and
have
open
governance
and
encourage
more
contributors
to
come
and
join
our
community
and
and
take
contoured
to
to
bigger
height.
So
love
to
see
your
support.
A
C
Yeah,
so
the
background
of
this
is
so
today
we
have
this
examples
directory
in
contour,
right
and
in
the
general
idea
behind
it
was
that
using
that
we
would
have
this.
This,
like
everyone's
network
and
deployment,
is
sort
of
different,
so
the
ideas
that
we
had
this
examples,
things
that
you
could
take
that
and
and
modify
and
make
it
work
for
your
your
environment.
That
said,
because
it
lives
on
master,
there's,
not
a
version
on
it
right,
so
it
uses
the
the
master
tag.
C
We
had
the
image
pool
policy
of
always
so
that
anytime,
you
deleted
the
contour
pod.
It
would
always
grab
the
latest
version,
but
James
is
proposing
that
we
remove
that
to
make
it,
if
not
present.
So
the
issue
is
on
a
kind
cluster.
If
you
side
load
that
image
in
this
functional
test
kind
of
scenario,
you
don't
want
to
go
out
to
the
internet
and
pull
an
image,
because
you're
gonna
provide
the
image
locally
through
the
through
the
the
testing
infrastructure.
D
D
Issue,
which
is
we
actually
we
in
the
QuickStart
which
we
ship
as
his
project,
contour
io
/,
getting
started
QuickStart.
You
know
something
like
that.
We
actually
in
this.
We
have
a
script
which
generates
that
yellow
and
for
the
last,
maybe
two
or
three
releases.
That
script
has
just
used
said
to
change
the
image
full
policy
to,
if
not
present,
but
because
it
doesn't
know
about
yellow
objects,
it
does
it
unconditionally
to
everything.
B
D
Yeah
yep,
so
it
is
for
as
part
of
shipping
the
as
far
as
shipping,
the
certificate
rotation,
the
certain
job.
What
I
would
like
to
do
is
to
figure
out
how
to
generate
a
unique
job
name
for
every
contour
release,
so
that
search
in
always
runs
when
you
install
contour.
That
way,
every
time
you
install
you'll
get
a
certificate
rotation,
which
is
a
nice
side
effect,
and
it's
also
a
point
where
we
can
leverage
search
in
to
update
things
in
the
installation.
D
So
yeah,
so
the
issue
here
is
about
I.
Think
the
question
here
is:
we
have
sort
of
two.
We
have
two
to
two
workflows.
One
is
installing
things
through
the
Quick
Start
channel,
which
we
ship
and
the
other
one
is
installing
things
through
the
raw
examples
from
the
master
checking
out
master,
and
these
two
workflows
have
slightly
conflicting
requirements.
I.
D
I
can
fix
kind,
I
can
I
can
manage
kind
with
our
scripts
and
kind
of
make
that
work.
That's
cool
I,
don't
know
how
to
fix
the
this
generate
deployment,
see.
There's
that
said
down
the
bottom
Thanks.
Is
this
your
screen,
Jonas
thinking
that
said
down
at
bottom
I
didn't
have
a
way
to
get
that
right
without
using
something
like
customized
wait.
D
C
Of
the
things
but
not
for,
but
not
for
others,
sure
sure
yeah
I
mean
my
fear
on
changing
this
to
be,
if
not
president,
just
across
the
board
and
examples
is
that
it
uses
the
master
tag,
and
it
feels
that
you
know
they
could
folks
would
deploy
that
and
they
would
just
be
stuck
on
whatever
version
that
is.
That
said,
I
mean
you
probably
shouldn't
use
master
anyway
in
a
real
environment.
It's
because
it's
just
you
know
not
a
released
version,
so
yeah
I
think.
D
Your
nightly
like
like
when
I'm
using
these
when
I'm
you
my
workflow
for
this
is
I,
would
always
use
this
on
the
fresh
cluster.
So
normally,
when
I'm
pulling
master,
it's
because
I
have
created
a
new
cluster
and
I
mean
still
in
contour,
so
I'm
getting
I'm
getting
a
master
anyways,
which
is
fine,
but
I
can
understand.
The
people
might
have
different
workflows.
C
To
say
I
locally,
I
would
deploy
the
examples
and
then
I
edit
the
image
to
be
my
my
custom
version
that
I
build
locally,
but
that's
one
place
I
edit
I
can
edit
two
places
too.
If
that's
something
in
the
world
but
and
the
other
thing
is
that
we
use
I,
think
we
tagged
the
latest
I'm
tagged
as
always
the
the
most
recent
release,
which
might
be
better
for
examples
anyway.
C
D
C
D
I
think
I'm,
hoping
we'll
talk
about
we'll
have
some
time
next
release
to
kind
of
talk
a
bit
more
about
the
customized
thing
and
move
this
new
tool,
this
yellow
into
something
that
we
can
all
agree
is
like
supported.
Well
an
example,
and
then
you
know
these
kinds
of
questions
would
naturally
resolve.
As
part
of
that
you.
A
D
A
D
C
C
D
C
D
A
A
D
F
D
D
F
D
F
D
I
think
because
it's
an
in
because
it's
just
an
internal
change,
yeah
they're
thinking,
is
that
you
know
when
there
is
a
if
and
when
there
is
an
on
little
way
to
do
that.
You
know
switch
over
to
that,
adopt
that
yeah,
okay,
yeah
so
I'm,
looking
at
the
private
PR
that
you
pointed
me
to
up
here
just
to
look,
it's.
D
D
A
You
yeah
I
just
want
to
echo
the
comment
earlier
by
Michael
Michael.
Regarding
the
voting
that's
happening
today,
the
announcement
should
go
out
any
minute.
We've
seen
two
other
announcements
already
go
out.
Four
four:
two
other
projects,
spiff
aspire
and
harbor,
so
yeah
keep
a
look
at
on
the
CSUF
toc
mailing
list,
and
if
you
want
to
add
in
your
non-binding
or
binding
boats
there,
please
do
so
and
yeah
with
that
we're
gonna
end
the
meeting
have
a
fantastic
rest
of
the
week.
Everyone
take
care
and
I'll
also
I'll
see
you
next
week.