►
From YouTube: TGI Kubernetes 136: Open Service Mesh
Description
Come hang out with Josh Rosso as he digs into the Open Service Mesh Project (OSM). OSM is a service mesh built around the SMI (service mesh interface) specification. As usual, we'll hack, break things, and maybe learn some stuff!
00:00:00 - Welcome to TGIK!
00:02:48 - Week in Review
00:31:00 - SMI and OSM Overview
00:39:46 - OSM Deployment
00:57:35 - App Traffic Policy & Config
01:30:14 - Observability
01:54:56 - Goodbye!
github: https://github.com/vmware-tanzu/tgik/tree/master/episodes/136
A
Hey,
what's
going
on
everyone
happy
friday,
welcome
to
tgik
136
open
service
mesh
glad
to
have
you
all
with
us
today
looks
like
we
got
maddie
joining
us
as
always
matty
great
to
see
you
rory
as
well:
hey
rory!
We
got
hussein,
we've
got
hyun
from
israel.
What's
up
steve
how's
it
going
man
eric
good
to
see
you
good
to
see
you
eric
hope,
everything's
doing
well
at
the
new
gig,
pablo,
hey,
pablo
yep,
and
cheers
to
that
steve.
Martin,
hey
martin!
Thanks
for
joining
us.
A
A
We
got
pablo.
We
got
waleed
great
to
see
you
walid
some
path,
pablo
looks
like
we've
got
aristodis
from
miami.
I
may
have
butchered
that,
I'm
so
sorry,
tim
peter,
hey
peter!
I
haven't
seen
your
name
show
up
in
a
little
while
great
to
see
you
peter
thanks
for
joining
today.
We've
got
mona.
Thank
you
for
joining
mona.
This
is
actually
her
suggestion
through
the
tgik
repo.
A
So
we're
trying
to
get
good
at
making
sure
we
knock
out
some
more
of
those
episode
ideas,
so
if
you've
got
something
you
want
to
cover
be
sure
to
call
it
out.
This
should
be.
This
should
be
a
really
really
good
one
choco
hello,
happy
friday
to
you
too
and
you're
enjoying
a
beverage
eric
yes
same
here,
cheers
to
that
caleb
from
columbia,
south
carolina
awesome
all
right
and
ibram
hello.
Nice
to
see
you
all
right.
Everyone
welcome
to
not
that
screen.
A
Welcome
to
this
screen
there
we
go
week,
episode
136,
open
service,
mesh
super
psyched
to
check
this
one
out
with
you.
I've
been
thinking
about
covering
open
service
mesh
for
a
while,
apparently
joe
has
been
as
well.
So
this
will
be
a
good
one
to
dive
into
learn
a
little
bit
about
smi,
osm
and
all
these
other
different
acronyms
in
the
in
the
kubernetes
and
service
mesh
space.
A
A
So
if
you're
playing
around
with
one
two
zero
before
a
beta
release,
comes
out
be
sure
to
check
that
out.
I
haven't
dug
into
one
two
zeros.
Anyone
in
chat
played
around
with
one
120
yet
haven't
gotten
the
chance
to
to
play
around
or
even
really
check
out
the
enhancements
that
are
in
it.
Yeah
sig
release
is
discussing
if
kubernetes
should
move
to
three
releases
per
year
as
a
permanent
cadence.
So
this
would
be
a
pretty
big
deal
and
if
you've
got
some
input
on
this,
it
could
be.
A
It
could
be
really
really
good
to
to
get
your
opinions
and
your
thoughts
here.
This
would
move
us
away
from
what
do
we
do
now
for
a
year
right,
so
this
would
give
us
a
little
bit
a
little
bit
of
a
different
structure
and
how
we
think
about
that,
how
we
try
to
focus
a
bit
more
time
on
stability
efforts,
and
just
you
know,
downtime
with
the
contributors
and
all
that
good
stuff.
A
A
You
should
follow
this
thing
and
I
was
just
gonna
say
I
I
sure
am
hoping
that
I'm
following
it,
because
if
I'm
not
I'd,
be
quite
the
hypocrite
telling
you
all
to
follow
it,
but
there's
so
much
cool
stuff
going
on
with
helping
making
the
contribution,
experience
and
community
better
and
better.
You
know,
thanks
to
folks,
like
george,
in
the
in
the
larger
community
at
hand
with
kubernetes.
A
If
you
haven't
seen
the
kate's
dev
website
for
contributors,
you
know
it's
just
getting
that
much
easier,
hopefully
welcoming
and
and
better
to
to
be
a
kubernetes
contributor.
So
if
this
you
know
you've
been
thinking
this
year
wow,
you
know
I
really
want
to
get
involved
with
open
source
with
kubernetes
the
resources.
Are
there?
Let's,
let's,
let's
get
you
hooked
up,
follow
the
twitter
channel
watch
out
for
news
and
different
ways
to
to
get
on
board
and
learn
how
to
contribute
we'd
love
to
have
you
in
the
project.
A
A
Okay
and
maddie,
you
said
whatever
happened
to
the
proposal
to
create
a
long-term
kubernetes
release.
I
think
you're
talking
about
lts
right,
george,
might
have
a
link
into
into
some
of
that
information,
but
this
could
theoretically
impact,
I
believe,
lts
to
some
extent
making
the
I
don't
want
to
speak
for
sure,
but
the
supportability
of
releases
would
probably
be
like
a
year
or
something
like
that.
So
yeah,
that's
true,
steve,
there's
more
ways
to
contribute
than
just
code
right.
A
I
mean
those
of
you
throwing
out
blog
posts
and
all
that
good
stuff.
I
mean
you're
doing
your
part.
It's
it's
all
about.
You
know
it's
not
all
about
code.
It's
advocacy!
It's
docs!
It's
guidance!
It's
all
that
good
stuff!
It's
sitting
next
to
one
of
your
co-workers
as
they're
learning,
kubernetes
and
helping
them
kind
of
learn
how
cool
this
ecosystem
is
and
be
successful
with
it
right.
So
there's
a
lot
of
ways.
You
can
contribute
to
this
thing,
all
right:
cool
cool,
all
right,
kubernetes
cloud,
ecosystem
we've
got
yet
another
dns
latency
story.
A
It's
interesting.
I
saw
a
twitter
thread
not
too
long
ago.
That
said,
something
of
the
sentiment
of
you
know
what,
when
you
scale
kubernetes
out,
what
is
the
first
thing
that
kind
of
tears
at
the
seams,
and
I
think
dns
is
probably
it
I
mean.
You
know
some
folks
say
it's
ip
tables,
so
you
know
it
just
kind
of
depends.
Really.
You
know
how
you're
set
up.
There's
a
million
factors
I
mean
heck,
it
could
be,
could
be
something
with
your
applications
or
the
platform
services.
A
A
I
haven't
dug
deep
into
it,
but
just
reading
this
little
piece
here,
you
know
I
can
say
for
sure
that
I've
been
in
the
case
where
dns
was
the
first
thing
that
got
hit
a
little
too
hard.
Pods
came
up
and
did
weird
things
and
started
ddosing
the
the
dns
to
some
extent
and
one
of
the
things
that
actually
duffy
and
I
back
at
in
our
core
os
days
when
we
were
working
with
a
customer.
We
had
to
solve
this
problem.
A
A
So
that
was
a
super
interesting
hack
and
it
worked
it
actually
like
solved
the
scaling
issue,
which
was
pretty
cool,
shout
out
duffy
for
for
helping
us
out
with
that
back
in
the
day
years
and
years
ago,
and
yeah
and
now
node
local
dns
is
a
first
class
feature
of
cube.
I
haven't
had
to
turn
it
on
yet
or
really
play
with
it,
but
pretty
cool,
and
you
know,
based
on
this
graph,
that
looks
like
it's
got
a
lot
going
on
and
dropping
to
a
pretty
strong
flat
line
there.
A
It
looks
like
they
might
have
been
pretty
successful
with
introducing
node
local
cache,
so
pretty
pretty
cool
stuff
and
marco,
you
said
it's
always
dns.
I
feel
like
I
as
much
as
I
read
that
sentiment
I
always
forget,
but
it
still
always
ends
up
being
dns,
and
then
I
always
learn
the
lesson
over
and
over
again.
I
think
I
need
to
get
a
neck
tattoo
or
something
that
says
it's
always
dns.
That
way.
I
I
never
forget
all
right
cool.
B
A
George
gave
some
more
details
on
lts
thanks
so
much
george.
So
if
you
are
interested
in
understanding
kind
of
lts
and
and
perhaps
what
the
different
cadence
can
have,
an
impact
on
for
lts
be
sure
to
check
that
out
should
be
pretty
interesting
and
steve
says
expired,
certs
yeah
I
mean
back
in
the
day
too
it
was,
it
was
hard
to
rotate
certs
like,
and
everyone
forgot
about
them,
like,
I
think,
every
initial
setup
and
tutorial
had
you
make
like
a
year-long
cert,
and
it
was
hilarious.
A
A
It
always
would
happen.
It
was
wild
because
people
just
wouldn't
think
about
it.
It's
like
oh
it's
a
year
away
from
now.
Why
would
I
ever
worry
about
that
right?
So
it's
it's
pretty
interesting
stuff,
maddie
says
ssl
cert
check
and
prometheus
black
bog
export,
yeah,
fair,
maddie,
yup.
Absolutely
absolutely
all
right-
and
you
say:
you've
artists,
you've,
seen
kate
certs,
that
expire
in
30
years.
Well,
the
good
news
it
won't
expire,
hopefully
that
private
key
does
not
leak
anywhere
in
30
days
or
30
years.
A
I
should
say
fingers
crossed
otherwise
there
could
be
some
vulnerabilities
inside
of
there
for
for
a
good
30
years,
but
hey
you
know
we
we
do
what
we
can
all
right
so
that
that
was
a
cool
little
little
dns
story
check
it
out.
You
know
if
you're
in
a
group,
that's
like
starting
to
see
your
cluster
scale
over
time.
This
is
again
one
of
those
common
pain
points
check.
It
out,
learn
a
little
bit
about
the
story
and
thanks
so
much
andreas
who
posted
this.
I
love
when
folks
share
their
war
stories.
A
A
Why
people
build
internal
kubernetes
platforms,
and
it
gives
it
gives
a
couple
anecdotes
here
about
why
people
are
are
building
internal
platforms?
On
top
of
cube,
give
some
examples.
I
think
it
was.
I
can't
remember
if
it
was
airbnb
or
who
the
who
the
shops
were,
but
he
went
through
three
examples
and
then
breaks
down
some
of
the
key
reasons
why
you
know
he
has
seen
people
or
believes
people
build
application
platforms.
Some
of
the
anecdotes
are
are
pretty
interesting
that
I
hadn't
really
thought
about.
Oh
spotify
was
one
of
them.
A
Actually,
you
can
see
right
here.
Link
some
good
kubecon
talks
talks
a
bit
about
it.
I
mean,
I
think
a
lot
of
us
are
pretty
familiar
with
the
idea
of
running
an
internal
kubernetes
platform,
and
you
know
some
of
us
are
running
these
on-prem
and
our
own
hardware.
Some
of
us
are
running
them
in
cloud
environments
regardless
in
my
mind
it
can.
It
can
still
be
an
internal
kubernetes
platform.
You
know,
regardless
of
what
your
provider
underlying
is
and
yeah.
A
I
think
I
think,
what's
really
interesting
as
I've
dove
in
and
seen
kind
of
these
talks
happen
and
one
thing
I
I
really
find
interesting
at
cubecon,
especially
hearing
from
shops
like
spotify
and
other
using
others
using
cube,
like
I
think
it
was.
I
think
it
was
airbnb
that
was
talking
about
it
like
the
idea
of
how
much
abstraction
you
add
to
kubernetes
right.
So
what
I'm
getting
at
here
is
like
there's,
there's
so
many
different
philosophies.
A
There's
there's
the
idea
on
one
end
of
the
spectrum
of
let's
self-service
clusters
to
development
teams
and,
let's
just
like
hand
them
their
own
kubernetes
cluster
and
have
them
go
at
it
and
that
can
work.
You
know.
There's
all
these
approaches
have
trade-offs.
Then
there's
the
other
side
of
the
equation,
where
kubernetes
is
like
a
a
deep
implementation
detail
right
where
the
developers
have
all
these
kind
of
platform
services
built
on
top
of
it,
that
whether
they're
running
on
cube
or
not,
is
actually
entirely
abstracted
in
some
shops.
A
I
remember
a
a
talk
at
cube
con
from
uber.
I
think
it
was
uber
where
they
were
talking
about
their
abstraction.
I
think
they
call
it
something
like
pelletin
on
top
of
mesosphere
and
cube,
and
if
I
understood
the
talk
correctly,
the
abstraction
basically
enabled
developers
to
work
just
with
that
peloton,
extra
abstraction
right
and
basically
not
worry
so
much
about
the
deltas
between
mesosphere
and
cube
and
the
intricacies
there.
Now
there's
a
bunch
of
trade-offs
there
like
now,
they
have
to
maintain
this
big
abstraction.
A
You
know
the
developers
also
won't
be
coming
in
with
like
knowledge
about
pelleting
right,
because
that's
probably
some
internal
tooling
that
that
uber
uses-
I
would
assume
you
know
so
on
and
so
forth,
but
you
know
they've
abstracted
two
systems,
they've,
probably
reduced
a
lot
of
complexity.
Hopefully
they've
created
a
great
developer
experience
which
I
think
is
really
one
of
the
big
cruxes
of
this
article
towards
the
end
somewhere
in
here.
It
says
something
about
having
a
great
developer
experience.
Yeah
here
it
is.
A
B
A
I'd
love
to
say
all
the
folks
I've
worked
with
have
been
successful,
but
a
lot
of
times
when
they
don't
really
think
about
how
the
developers
want
to
interact
with
it.
What
abstractions
are
appropriate
with
them,
how
to
not
over
abstract
but
how
to
not
under
abstract
it
can
really,
you
know,
kill
adoption.
It
can
really
cause
problems.
So
it's
pretty
pretty
interesting
stuff.
A
A
A
But
that's
that's
what
I
tell
folks
all
the
time
is
like
you
know,
coming
coming
from
like
vmware,
even
when
we
were
heptio
right
like
we
were
helping
people
build
platforms
and
our
customers
were
like
the
platform
teams,
but
really
the
way
we
could
be
really
successful,
and
I
think
this
is
true
for
a
lot
of
us
in
the
like
infrastructure
and
platform.
Realm
is
like
we
need
to
be.
You
know,
from
a
vendor
standpoint,
worrying
about
making
our
customers
customers
successful
and
for
platform
teams.
A
The
customers
are
the
developers
right
and
we
need
to
ship.
Just
remarkable
experiences
for
them
and
all
that
good
stuff,
so
yeah-
and
actually
you
know
what
I
don't
think
we
have
it
in
the
news
this
week,
but
this
is
something
that
is
super
interesting.
What's
hashicorp
calling
their
new
abstraction
everyone
what's
what's
the
name
of
that
thing?
Is
it
the
waypoint
one
I
feel
like
they
came
out
with
like
13
things?
I
think
it's
waypoint
right,
yes,
dave's
using
his
british
grammar,
no
problem,
wavepoint,
waypoint,
yeah,.
A
B
B
A
You
know
folks
cite
groups
like
or
t
or
products
like
heroku
or
companies
like
heroku.
I
guess
I
don't
know
how
you
want
to
frame
it,
but
you
know
heroku
is
a
great
example
of
a
amazing
platform
as
a
service
that
developers
can
be
extremely
successful
with
extremely
quickly
cloud
foundries.
Another
big
example
right.
This
idea
of
I
just
send
my
source
code.
You
know,
send
a
message
about
my
source
code
somewhere
and
all
the
sudden.
The
image
is
created.
A
A
Is
it's
kind
of
taking
the
idea
of
having
that
platform
as
a
service
abstraction
at
a
higher
level,
and
it's
allowing
you
to
kind
of
plug
into
a
variety
of
back-ends,
so
your
deploy
back-end
could
be
kubernetes,
but
it
also
could
be
ecs
and
other
things,
and
you
can
provide
again
this
the
set
of
abstractions
to
hopefully
alleviate
some
of
the
requirements
of
making.
You
know
a
developer,
a
kubernetes
expert,
because
in
some
organizations
that
just
won't
fly
right,
you
need
to
have
better
abstractions
to
make
them.
A
You
know
more
successful,
quicker
and
easier
at
a
shop
here.
Here's
a
here's,
an
anecdote
at
a
shop
shop
that
I
worked
at
not
too
long
ago.
We
rolled
out
kubernetes
and-
and
we
didn't
abstract,
kubernetes
too
much
right.
So
we
kind
of
like
we
kind
of
got
a
lot
of
adoption
from
the
people
who
were
excited
about
cube
from
the
developers
who
were
excited
about.
You
know
pods
and
they
already
had
their
stuff
in
containers
and
they
were.
You
know
going
from
a
ticketing
system
to
this
new,
like
self-service
api.
A
That
was
all
great,
but
then
there
was
another
end
of
the
business.
You
know
longer
term
after
we
got
that
initial
rush.
That
was,
you
know,
a
bunch
of
great
java
developers,
and
you
know
python
developers,
machine
learning,
people
and,
and
while
they
don't
hate
kubernetes
frankly,
a
lot
of
them
really
don't
care,
and
that's
that's
sometimes
something
I
have
to
remind
myself.
Like
I
love
kubernetes
a
lot.
I
care
a
lot
about
it,
but
a
lot
of
people.
You
know
they're,
actually
more
interested
in
shipping,
their
software
quicker.
A
A
I
think
it's
an
interesting
view
on
providing
abstractions
and
plugable
ones
at
that,
and
it
looks
like
george
put
a
link
in
there
about
mitchell
from
hashicorp,
who,
I
believe
is
like
the
founder
and
does
a
lot
of
amazing
stuff
there
having
putting
some
information
about
it
in
in
hacker
news.
It
looks
like
so
do
check
that
out.
Don't
take
my
word
for
it.
I
read
like
an
hour
worth
of
information
about.
I
still
don't
completely
understand,
but
I'm
interested,
I'm
very
very
intrigued.
Maybe
a
future
tgik.
D
A
A
But
tell
me
tell
me
more
about
auto
I'd,
be
I'd,
be
interested
to
check
it
out.
I'm
guessing
it's
not
this,
although
this
looks
a
heck
of
a
lot
cooler
than
whatever
we're
talking
about
oh
dead
project
from
hashicorp,
okay,
interesting
I'll
have
to
check
that
out.
I
had
no
idea,
no
idea,
auto
project
dot,
io
all
right.
What
are
y'all,
what
are
y'all
showing
me
here:
decommissioning.
Oh
hey,
interesting,
unified
application.
Delivery
spectrum
include
did.
C
A
Use
this
I've
never
seen
this
thing.
Did
you
all
use
it
with
like
vagrant
and
the
whole
stack
before
walid
said
it
was
a
brave
move,
so
it
was
a
brave
but
maybe
not
super
super
successful
move.
Perhaps
I
don't
know
it's
interesting.
I
see
I
see
kind
of
overlap
here,
but
I
never
had
anyone
mention
auto
to
me
but
yeah,
whatever
interesting
yeah
eric
says,
remembers
it
being
announced,
but
there's
crickets.
Well,
you
know
what
they
say.
There's
nothing
like
putting
a
new
name
on
something
I'm
just
kidding.
A
I'm
sure,
there's,
I'm
sure,
there's
a
lot
more
nuance
to
waypoint.
We
should
all
check
it
out.
It
looks
it
looks
super
interesting,
I'm
stoked
to
stoke
to
dig
in
and
and
see
what's
going
on,
tumbleweed
waleed
said
mitchell
talk,
oh,
that
would
be
a
really
cool
thing
to
check
out
wally.
If
you
know
the
link
feel
free
to
throw
in
the
show
notes.
I'd
be
super
curious.
I'm
always
psyched
about
a
good,
a
good
failure
story,
all
right.
A
Okay,
I'm
that
was
just
a
kind
of
a
diversion,
but
it's
it's
cool
savvy
says
chilling
with
your
drink
me
too.
Savvy
we're
on
the
same
page,
cool,
let's
talk
about
kubernetes,
not
running
50,
000
jobs
and
then
we'll
get
into
osm,
okay,
hashicorp!
Oh
you
all
are
adding
more
stuff
in
here.
Don't
forget
if
you
oh
cool,
thank
you
for
throwing
that
in.
Let's
we'll
talk
about
that
too,
really
quickly,
but
first
kind
of
cool
I've
never
seen
this
youtube
channel
before.
A
But
I
watched
this
video
and
if
I
understood
correctly,
this
person
makes
videos
about
automation
about
everything
from
ansible
to
cube
infrastructure.
You
know
the
whole
world
we
do
in
tgik
and
it
sounded
like
he
aspired
to
have
5
000
subscribers
in
2002
and
got
50
000.
So
first
off
jeff.
Congratulations!
That's
freaking
cool,
but
what's
more
relevant
to
us,
so
you
should
subscribe
to
jeff
and
and
see
what
cool
kubernetes
stuff
he
talks
about.
A
I'm
gonna
check
his
video
out
or
his
channel
out
probably
this
weekend,
but
he
did
a
cool
thing
about
50k,
kate's
jobs
and
I
think
the
summary
of
the
findings
are
this.
He
went
in
with
an
approach
to
try
to
use,
I
think,
was
ansible
or
something
to
basically
roll
out
buckets
of
jobs
over
time
right.
A
So
basically,
in
doing
so,
I
think
he
found
that
the
scheduler
kind
of
barfed
and
hung
up
on
on
worrying
about
50
000
jobs,
and
I
I
don't
think
I'll
have
to
read
more
into
it,
but
I
don't
think
he
was
like
slamming
the
schedule
with
50
000
jobs
right
away.
I
think
he
was
kind
of
batching,
yeah,
batching
and
and
going
in
and
adding
and
adding
and
waiting
for
them
to
succeed
and
move
on
to
the
next
batch.
So
not
only
is
this
just
a
really
cool
experiment.
A
Not
only
is
it
really
great
that
of
his
success
on
youtube,
but
it's
cool
that
it
ended
up
with
an
upstream
issue
it
just
again
like
we
were
talking
about
this
shows
like
the
90
000
ways
that
you
can
help
out
the
kubernetes
ecosystem
and
make
this
project
and
this
ecosystem
a
better
place
for
all
of
us,
so
really
freaking,
cool
rory,
says
jeff
has
some
really
cool
books
on
ansible
and
including
a
coup?
Oh,
a
cube
and
ansible
specific
book
I'll
have
to
check
that
out.
A
That's
super
super
interesting
thanks
rory,
if
you
have
links
to
his
book
and
want
to
throw
him
in
the
show,
notes
too
feel
free
to
we.
We
do
a
bunch
of
stuff
here
and
there
with
ansible
with
customers,
and
things
like
that.
So
I
would
love
to
see
the
I'd
love
to
read
the
kubernetes
perspective
on
it.
That'd
be
really
cool.
Steve
says
ibm
have
done
that
a
few
times
yeah,
not
too
surprising,
hitting
the
hitting
too
many.
A
Oh,
I
think
I,
I
think
steve
you're,
probably
referring
to
the
the
odo
thing
auto
thing
right.
The
real
question
is
how
come
josh
doesn't
have
a
kk
repo
starred,
that's
a
great
question
peter.
That
is
a
really
really
good
question.
I
need
to
get
a
kk
repo
start,
the
kk
repo
start,
so
problem
solved
live
on
the
channel.
It's
no
longer
an
issue.
What
do
you?
What
do
people
do
with
stars,
though?
A
Like
I'm
not
trying
to
be
a
debbie
downer
but
like
I
guess
it's
just
like
a
like
right
does
does
star
like
do
anything
for
you
with
notifications
or
anything,
I
feel
like.
I
don't
star
repos
for
any
reason
other
than
like
I
just
forget
to
because
it
seems
like
it
doesn't
have
functional
purpose,
but
maybe
I'm
totally
wrong
there.
I
should
be
starring
a
lot
more
asking
to
get
notification.
Spam
is
what
george
says:
that's
what
I'm
worried
about?
That's
exactly
what
I'm
worried
about.
Oh
man,
I'll
I'll!
A
Take
it
though
you're
you're,
not
wrong.
Stars
are
marketing.
Yogi
says
use
it
as
a
bookmark.
That's
a
good
point.
I
mean
github
has
restructured
quite
a
bit.
You
know
what
I
mean
as
far
as
like
the
social
aspects
and
all
this
stuff.
I
need
to
like
figure
out
what
the
right
github
flow
is
because
I
feel
like
it's
still
just
like
drowning,
my
inbox
with
notifications
and
it's
probably
because
I'm
just
using
the
thing
wrong:
anyways.
A
Okay,
so
that's
really
cool
check
out
the
books
from
jeff
check
out
his
youtube
channel
and
check
out
the
github
issue.
If
you're
interested
it's
it's,
it's
really
cool
all
right,
so
don't
forget.
If
you
use
helm
repo
changes
incoming
is
this
for
the
v2
ending
of
support.
Do
they
literally
say
that
yeah,
okay
read
the
whole
sentence,
josh
helm,
v2
support
is
ending.
A
Why
is
tiller
doing
weird
things
right
so
do
check
that
out
if
you're
using
helm,
v2
hashicorp
waypoint
it
got
thrown
in
here
it?
Maybe
it
was
in
here
the
whole
time.
I
can't
remember
if
so,
I'm
sorry
for
jumping
the
gun,
but
we've
we've
covered
that
one
at
nauseum.
I
think
cool
ansible
for
kubernetes.com
eat.
A
Easy
enough
so
check
it
out
if
you're
using
ansible.
I
recently
read
a
not
recently
I'm
lying.
Like
a
year
ago,
I
read
a
book
on
ansible
and
I
was
thinking
the
whole
time
I
was
reading
it
wow
it'd
be
so
cool.
If
there
was
one
focused
on
kubernetes
and
not
just
host
configuration
and
sure
enough,
it
was
probably
sitting
in
front
of
me
this
whole
time.
All
right,
bridget
says
also
please
use
helm
b3,
because
end
of
support
means
no
more
security
patches
thanks,
bridget
great
point,
you
know
it's
it's
about
time.
A
We
all
get
on
v3.
I
think
what
do
you
say
so,
let's,
let's
do
this
thing,
make
sure
you're
making
an
upgrade
make
sure
you
don't
put
yourself
in
a
bad
spot
in
the
future
and
hey
bridget
thanks
for
joining
us
all
right,
steve,
yes,
and
we've
got
two
well,
so
we've
got
flash
joining
us
as
well.
If
you're
looking
for
new
technology
just
check
the
stars,
that's
why
I
tell
people
all
the
time
when
a
customer
says
should
I
use
this
project
I
always
say:
does
it
have
more
than
a
thousand
stars?
A
We've
got
the
link
in
the
show
notes.
I
think
it's
about
time
that
we
transition
into
osm.
What
do
you
all
say
all
right,
all
right,
first
question
for
everyone
who's
hanging
out
with
us
today
who
here
is
using
a
service
mesh?
Can
I
can
I
get
a
yes
in
the
chat
if
you're
using
a
service
mesh
and
a
no
in
the
chat,
if
you're
not
using
a
service
mesh,
I'm
so
curious.
I'm
always
curious
like
what's
the
data
on
this?
A
B
A
I
think
what's
yeah,
it's
interesting
waleed,
like
the
separation
of
configuration
management,
infrastructure
management,
immutable
images
and
how
that
should
be
set
up.
It's
it's
a
whole
world
of
consideration.
You
know
I
mean
heckle.
Sometimes
we
use
ansible
to
to
bake
an
image
to
then
print
out
a
machine
image,
so
we
don't
have
to
use
ansible.
So
we
can
use
that
machine
image
in
the
future
right
to
kind
of
follow
on
more
of
an
immutable
immutable
style.
So
it's
interesting
all.
A
See
what
do
we
got
here?
I'm
seeing
okay,
I
think
it's
like
50
50
right.
Maybe
it's
leaning
a
little
bit
more
towards
mesh,
though
maybe
maybe
it's
like
60
40.,
a
lot
of
you
are
are
using
mesh.
While
it
says
one
dev
was
dev
was
using
it.
We
removed
it.
Okay,
I'd
be
curious.
Why,
or,
if
there's
anything
specific
you
hit
tim
says
looking
forward
to
things
that
implement
service
mesh
interface
yeah,
we'll
dive
into
that.
A
That's
a
super,
interesting
thing
and
bridget
is
joining
us
today
and
bridget
is
on
the
osm
project.
So
thanks
for
thanks
again
for
joining
us
bridget,
and
maybe
you
can
help
us
steer
clear
of
land
mines
if
we,
if
we
do
hit
one
cool,
yeah,
there's
a
lot
of
folks
there's
more
people
using
a
service
mesh
than
I
thought
to
be
honest
with
you,
I
feel
like
a
lot
of
times.
A
Folks
have
aspirations
for
it
when
I
talk
to
them,
but
they
really
haven't
kind
of
you
know
bit
that
piece
of
the
puzzle
off
yet
and
more.
You
said
we
wrote
a
library
that
has
some
features
of
a
service
mesh.
Yeah.
Great
point
great
point:
yeah,
a
lot
of
folks
are
a
lot.
A
lot
of
people
are
using
service
meshes
or
those
model.
They
just
implement
it
at
a
bit
of
a
different
level,
sometimes
as
a
platform
service.
A
Sometimes
people
bake
it
into
app
libraries,
there's
a
bunch
of
different
approaches
here,
so
we'll
try
to
dig
into
them,
but
let's
start
off
by
talking
a
little
bit
about
smi,
all
right
so
smi.
This
is.
This
is
interesting
right.
We
have
no
question
a
should.
I
say
proliferation
of
service
meshes.
Is
that
fair
or
is
that
overstating,
and
I
feel
like
we
have?
We
have
a
healthy
service
mesh
ecosystem.
Let's
say
that.
Okay,
so
we
have
linker
d,
we
have
got
open
service.
Mesh
we've
got
istio,
we've
got.
A
I
was
hoping
they'd
have
a
list
here.
We
have
console
connect
to
do
certain
aspects
of
it
right.
We've
got
a
bunch
of
a
bunch
of
different
things
here
now
I
think,
what's
really
interesting
about
mash.
Is
it's
clearly
scratching
an
itch
that
we
we
sort
of
created
for
ourself?
I
think
right.
You
know
we
went
into
the
world
of
more.
A
I
was
about
to
say
service
oriented
architecture,
but
that
could
that
could
make
people
have
weird
feels
we
went
into
a
lot
more
distributed
micro
service
type,
architectures,
not
to
say
you
have
to
run
micro
services
on
cube.
You
know,
monoliths
can
be
very
successful
too,
but
you
get
micro
services.
You
put
a
lot
of
complexity
into
the
networking
layer
and
then,
when
you
have
all
of
these
disparate
services
that
talk
to
each
other,
you
start
saying
things
like:
how
do
I
control
traffic
between
them?
How
do
I
make
sure
that
they're
protected?
A
How
do
I
make
sure
they're
communicating
in
an
encrypted
manner?
How
do
I
make
sure
that
service,
a
and
service
b
only
talk
to
each
other
if
they
trust
each
other,
based
on
some
like
identity,
backed
by
cryptographical?
Whatever
right,
all
these
things
arise?
And
then
we
end
up
saying.
I
think
I
need
a
service.
Mesh
right
and
timing
can
be
a
bit
of
everything.
I
feel
like
service
mesh,
a
lot
of
us
we've
kind
of
gotten
there
over
time.
You
know
a
lot
of
times
we
we
say
it
might
not
be.
A
You
know
if
you're
first
introducing
cube
the
best
idea
to
introduce
service
mesh
right
away.
You
know
you
might
want
to
kind
of
get
some
expertise
and
you
know
operational
knowledge
on
cube,
but
service
mesh
is
definitely
scratching
a
niche.
There's.
There's
no
question
so,
let's
see
here,
yeah
yogi
says
I
think
osm
is
timely.
I
agree
with
you,
I'm
pretty
psyched
to
to
dig
into
osm
and
I'm
especially
excited
that
someone
is
doing
something
about
smi,
which
is
what
I
meant
to
meant
to
mention
here
that
service
mesh
interface
right.
A
Let's,
let's,
let's
think
about
interfaces
for
a
moment,
so
everyone
in
chat
what
big
interfaces
do
we
use
in
kubernetes
every
single
day
or
or
maybe
don't
use
as
much
as
like
take
advantage
of.
So
what
are
some
of
the
big
interfaces
in
kubernetes
that
get
used
aside
from
smi?
Can
anyone
think
of
them?
A
Other
interfaces
that
we
use
peter
says:
cri
csi,
cni,
morza,
csi
cni
we've
got
an
ingress
api,
that's
fair!
That's
fair,
yep,
cni
csi!
So
if
these
acronyms
don't
mean
anything
to
you,
we've
got
a
container
networking
interface,
which
what
does
that
enable
us
to
do
right,
cri
container
runtime
interface.
What
does
that
enable
us
to
do?
A
Well,
let's,
like
let's
roll
back
time,
real,
quick
and
talk
about
why
smi
is
so
freaking
cool
right,
go
back
to
cube
one
two
ish
so
back
then
again,
I
feel
like
I'm
talking
a
lot
about
coreos
in
this
episode.
I
think
coreos
just
decommissioned
their
twitter
accounts.
This
will
be
my
my
saying
goodbye
to
to
coreos
as
a
twitter
account
here.
By
talking
about
them
a
lot
we
were
at
coreos,
we
were
making
a
runtime
called
rocket.
A
There
wasn't
that
initially,
so
something
like
the
cri
came
to
light
same
with
cni
right
because
with
cni
we
can
say,
give
me
add
a
network
to
the
workload
delete
a
network
from
the
workload
and
by
just
being
able
to
ask
for
those
things.
What
kinds
of
things
can
we
plug
in?
We
can
plug
in
calico
we
can
plug
in
psyllium
we
can
plug
in
entreya.
We
can
plug
in
a
bunch
of
different
stuff.
A
Now
smi,
I
guess
it's
fair
to
say,
isn't
at
the
same
level
of
those
interfaces
I
just
described
like
csi,
cni
cri,
but
same
principle,
where
there's
a
group
of
folks
setting
up
a
specification
for
how
we
interface
with
these
service
mesh
control
planes.
So
if
we
could
define
an
api
for
how
we
handle
traffic
metrics,
how
we
handle
traffic
control,
how
we
handle
the
splitting
of
traffic,
which
I'm
guessing
is
like
you
know
percentage-based
delegation
and
things
like
that
and
traffic
specs,
which
I'm
not
sure
about,
but
I'm
sure
we'll
learn
about
today.
A
If
we
can
define
those
interfaces
and
agree
on
them,
then
we
have
a
more
aligned
ecosystem
where,
if
we're
plugging
in
istio
or
plugging
in
or
plugging
in
open
service
mesh
or
anything
else,
we
have
that
flexibility
in
our
contracts.
Our
interfaces,
don't
change
significantly,
so
pretty
freaking
cool
right,
steve
says
he's
wearing
his
rocket
t-shirt
from
core
os.
I
still
have
my
rocket
t-shirt
too
steve.
I've
got
to
get
that
out
and
and
show
it
off.
I
don't
I
don't
know
where
it's
at
otherwise
I'd
go
grab
it
eric.
D
A
Get
that
I
get
that
all
right,
so
cool
we've
talked
a
little
bit
about
smi
and
now,
let's
talk
a
little
bit
about
osm,
where
I'm
sure
we'll
we'll
be
interacting
with
some
of
the
apis
built
here.
So
bridget
can
keep
me
honest
here.
If
I,
if
I
misspeak
but
here's,
here's
kind
of
how
I
think
about
osm-
and
this
is
as
somebody
who
has
played
with
it-
to
the
extent
of
this
episode
is
when
we
think
about
container
run
times
right.
A
We've
got
things
like
container
d
and
cryo
now,
what's
interesting
about
cryo
is
that
cryo
was
built
around
the
cri
spec
it's
it's
almost
like
it's
probably
not
fair
to
call
it
the
reference
implementation
of
cri.
Maybe
it
is
it's
more
than
a
reference
implementation
like
it's
a
real
run
time
that
people
use
all
the
time,
but
it's,
but
it's
built
natively
around
it
and
it.
A
It
follows
that
model
and
it
extends
features
as
it
needs
to,
and
so
on,
and
osm
is
one
that
is
built
around
the
smi
spec,
which
is
super
compelling.
So
you
know,
as
service
meshes
begin
to
conform
to
smi,
I'm
guessing
there's
going
to
be
two
models:
there's
probably
going
to
be
a
shim
like
model,
let's
see
here
so
istio
via
adapter.
Okay,
so
I
said
shim,
I'm
guessing
adapter
is
a
pretty
similar
concept
here.
A
Where,
where
you
know
things
like
istio
to
conform
to
smi
can
provide
adapters
or
shims
that
basically
think
of
them
like
doing
some
type
of
conversion.
To
then
to
then
you
know,
respect
and
translate
into
their
own
apis
and
so
on,
but
osm
is
built
from
the
ground
up
around
the
smi
spec.
It
follows
a
similar
data
plane
model
to
istio,
in
that
the
data
plane
here
is
envoy.
Okay,
so
you
know
envoy
is
definitely
extremely
popular
nowadays.
A
I
think
envoy
was
on
voice
conference
this
week,
I'm
pretty
sure
I
saw
some
stuff
on
twitter
about
it
right,
so
it's
gaining
a
lot
of
steam.
It's
super!
It's
a
super
interesting
project.
We
use
envoy
in
our
ingress
controller
project,
contour
right.
So
this
is
another
another
service
mesh
built
on
envoy,
but
again
with
a
different
control,
plane
different
implementation
principles
and
built
completely
around
smi.
So,
as
someone
said
in
chat
about
it
being
timely,
I
totally
agree.
A
This
is
a
really
timely
service
mesh
and
I'm
excited
to
check
it
out.
So,
let's,
let's
see
if
we
can
deploy
this
thing
and
play
around
a
little
bit
and
yeah,
I
said
yes,
it
was
to
the
to
the
conference
this
week,
probably
right
so
yeah
envoy
conf
this
week,
probably
saying
what
the
name
is
wrong,
but
close
enough
all
right.
So
what's
this
stuff
about
wasm
in
chat
was
oh
steve,
you
said
we
should
do
a
wasp
that'd
be
cool.
We
should
do
a
wasm
episode.
A
Hey
I
mean
envoy,
supports
doing
stuff
with
wasm
right.
So
maybe
we
do
something
like
that.
All
right,
let's
get
into
it
here,
so
do
I
even
have
a
cluster
I'm
so
less
prepared
today
than
I
usually
am.
It's
been
one
of
those
weeks
where
it's
been
like
a
really
good
week,
but
at
the
same
time
like
I
feel
like
my
brain
is
melting
out
of
my
ears.
At
this
point
it
just
feels
like
so
many
things
have
happened.
Okay,
I
do
have
a
cluster.
Oh,
I
I
tweeted
about
having
a
cluster.
A
A
The
simplest
way
of
installing
open
service
mesh
is
using
the
osm
cli,
okay
cool,
so
rather
than
bringing
down
a
bunch
of
yamls
or
worrying
about
helm,
templating
and
things
like
that,
I'm
guessing
this
will
take
care
of
that
for
me.
So,
let's,
let's
go
ahead
and
grab
the
osm
cli
and
play
around
with
it
a
little
bit.
We'll
obviously
do
the
newest
release
by
the
way.
What's
what's
the
status.
B
A
A
I
won't
make
the
mistake.
I
almost
always
do,
which
is
to
grab
the
arm
64..
It
doesn't
look
like
there's
a
build
for
arm
anyways,
okay.
So
let's
get
that
cli
down
here
all
right
sevi,
you
said
you
know
google's
donation
of
istio
to
this
new
foundation,
open
usage
commons.
Anyone
on
the
chat
who
likes
to
throw
some
ideas
on
why
they
did
that
exactly
yeah.
That's
a
great
question
savvy!
I
don't
know
I.
A
I
know
that
there's
been
like
some
opinions,
I'll
put
it
that
way
on
like
the
foundations
and
all
that
good
stuff
and
just
not
close
enough
to
it,
especially
in
the
service
mesh
space.
But
if
anyone
has
perspectives
talk
about
it,
I
mean
you
know
it's.
It's
definitely
interesting.
I
guess
the
big
again,
the
big
thing
I
think
that
osm
has
going
for
it
is.
It's
lining
around
a
spec,
it's
it's
driving
a
good
community.
I
think
that's
that's!
A
What's
given
in
a
lot
of
promise
here
so
steve
says
no
comment
and
I'm
gonna
say
no
comment
too.
It's
it's
interesting
right.
So
we've
got
it.
Let's
go
ahead
and
unzip
or
untar
the
download,
which
was
called
osm
all
right,
and
we
will
move
this
thing
over
to
my
path.
So
there's
osm
user,
local
bin
sudo.
A
I
never
use
the
install
command.
I
always
use
move.
What
do
you
all
think
about
that?
Should
I
be
using
install?
I
feel
like
that's
the
thing
I
should
be
doing
anyways
all
right,
so
we've
got
the
release
for
two
we'll
go
back
to
the
docs
here
and
then
I
just
type
in
osm
install.
It
looks
like
interesting.
A
So
let's
go
ahead
and
set
ourselves
up
a
little
bit.
First
thing
I'll
do
is
just
see
what
the
heck
the
osm
thing
is:
okay,
osm,
dashboard,
interesting,
open,
a
graphana
dashboard
through
ssh
redirection,
okay,
they've
got
this
thing,
pretty
pretty
freaking
integrated
in
so
it
looks
like
I'll
be
able
to
deploy
a
observability
stack
of
sorts,
probably
prometheus
and
grafana.
A
It
looks
like
I've
got
the
install
command,
of
course
manage
the
osm
installations.
Interesting
yeah.
This
is
really
cool.
It's
a
good
use
case
where,
like
something
as
complicated
as
service
mesh,
could
theoretically
justify
its
own
command
line
tool
to
handle
more
things,
and
we
can
just
do
with
cube
cuddle
or,
frankly,
just
to
provide
a
really
good
dev
experience
too.
So
it's
like
your
control.
L,
yeah
you're,
not
wrong.
I'm
gonna!
I
know
rory's
here
today,
I'm
gonna
use,
I'm
gonna
use
control
l
a
couple
times
today.
A
A
A
A
A
A
We've
got
jager.
We've
got
by
the
way
with
jager
we
got
to
get
back
to
our
open,
telemetry
episode.
We
need
to
do
an
episode
on
putting
metrics
in
we've
got
the
osm
controller
okay.
So
I'm
guessing
that's!
Maybe
the
control
plane
the
thing
that
programs,
the
envoy
proxies
we've
got
prometheus.
We've
got
okay
cool
now.
A
Here's
here's
an
interesting
thing
that
we'll
have
to
figure
out
as
we
dig
in,
is
how
how
does
it
work
with
the
actual
with
the
actual
data
plane
injection,
which
I'm
sure,
I'm
sure
we'll
get
a
bit
into,
but
basically
like
just
to
frame
this
here.
You
know
conceptually
and
make
sure
we're
on
the
same
page.
What
we're
kind
of
going
to
do
here
is
today.
A
A
This
could
be
our
workload,
our
application,
you
know
so
on
and
so
forth,
and
you
know
what
does
what
does
the
data
path
look
like
for
sending
packets
out
of
this
container?
Well,
you
know
without
getting
too
complicated
with
it.
It
has
its
own
little
interface
that
it
sees
here
that
kind
of
goes
out
and
goes
out
to
the
host
interface
and
it
gets
routed
and
so
on
and
so
forth.
So
keeping
that
very
naive
and
high
level
for
now.
A
What
we're
really
trying
to
do
here
is
introduce
a
side
car
container
right,
which
we
know
is
going
to
be
envoy
so
that
when
the
container
sends
traffic
it
can
be
sent
to
this
little
envoy
friend
here
and
then
route
it
out
and
basically
like.
If
you
think
about
what
the
crux
is
of
most
service
meshes,
it's
basically
how
well
we
can
take
this
little
side
car
and
how
well
we
can
basically
make
it
really
smart.
I
mean
that's,
that's
really
what
we're
doing
here.
A
How
can
we
go
in
to
this
little
this
little
friend
here
and
make
it
smart
so
that
it
can
figure
out
traffic
patterns?
How
to
get
tls
certs?
You
know
so
on
and
so
forth
and
really
what
we're
gonna.
I
think
the
problem
we're
gonna
first
look
at
is:
how
do
we
get
this
little
envoy
thing
here?
You
know,
I
know
in
istio
it
uses
mutating
web
hooks
to
inject
them.
It's
probably
the
same
in
osm
and
then
also
what's
the
component
that
actually
makes
these
osms
smart.
A
So
I
don't
actually
know
if
it's
the
controller
we'll
find
out
what
the
heck
that
component
is,
but
basically,
how
do
we
go
in
and
actually
program
these
and
make
them
intelligent,
because
if
we
just
shipped
envoy
next
to
all
of
our
pods,
that's
neat,
but
it
wouldn't
do
anything
right.
It
would
just
be
like
a
rever,
a
transparent,
reverse
proxy.
That,
like
doesn't
mean
anything,
it's
all
about
how
we
get
the
knowledge
into
that
little
envoy,
friend,
right.
So
all
right,
so
oh
bo
jonche.
I
hope
I'm
saying
your
name
right.
A
You
said
I
started
rewriting
hot
rod
and
forgot
about
it
very
cool.
If
you
make
some
progress
on
that,
you
should
send
the
repo
over.
We
will
we'll
take
a
look
on
tgik
at
the
open,
telemetry
implementation
of
hot
rod
for
sure
yeah.
Steve
says
where
there
are
600
crds,
we'll
check
crds
next,
because
I
know
with
istio
there's
a
freaking
lot
of
crds
so
we'll
see
if
it
follows
suit
and
steve
you're
sold
on
mural.
I
know
miro's
great.
I
hear
you
flash
it's
pretty,
it's
pretty
cpu
heavy
for
what
it's
worth.
A
I
don't
use
the
app
and
you
could
do
some
weird
stuff
with
c
groups,
if
you're
on
linux,
to
like
contain
that
and
not
let
it
go
to
insane.
So
it
stays
pretty
pretty
reasonable
on
my
host,
but
I've
heard
people
get.
You
know
a
little
bit
weirded
out
by
how
much
cpu
it
takes
totally
fair.
Okay.
So,
let's
see
to
steve's
point,
let's
see
what
the
crds
are
here,
so
we've
theoretically
installed
osm
and
I'm
actually
really
curious.
Sorry,
my
brain's
all
over
the
place
get
valid,
get
mutating
web
hook.
Configurations.
B
A
This
might
be
answer
number
one,
so
perhaps
I
don't
know
for
sure
what's
doing
the
injection,
but
you
know
to
keep
it
simple.
This
controller
might
be
dual
purpose,
we'll
find
out
as
we
learn,
I'm
just
I'm
just
guessing
here
for
fun.
But
perhaps
this
controller
is
both
the
service
mesh
control,
plane
right
in
one
respect,
and
then
perhaps
it's
also
acting
as
the
mutating
or
let's
call
this
the
envoy
injector
right,
which
could
basically
be
the
mutating
web
hook.
That
will
probably
be
putting
the
envoy
instances
into
into
our
workloads
today.
A
That's
that's
my
best
guess
so
seems
pretty
sensible,
cube
cuddle
and
I,
by
the
way
I
could
totally
be
wrong,
but
we'll
figure
it
out
all
right.
What
crds
do
we
have
for
osm?
Well,
we
probably
could
have
guessed
this
already
right.
The
crds
we
have
are
the
smi
spec
right.
So
we've
got
something
that
looks
like
tcp
routes.
We've
got
traffic
splits
we've
got
traffic
targets.
A
Let
me
just
grab
for
there's
this
back
pressure,
one
which
is.
Oh,
that's,
that's
pretty
s!
That's
pretty
interesting!
So,
let's
I'll
just
start
by
grabbing
for
grepping
for
the
split
here
for
smi
there
we
go
close
enough,
so
http
groups,
tcp
routes,
traffic,
splits
traffic
targets-
doesn't
look
too
bad
to
me.
What
do
you
all
think
seems
seems
pretty
reasonable,
but
you
know
who
knows
as
the
project
grows.
Maybe
maybe
there'll
be
an
influx
of
crds,
but
this
seems
pretty
sensible
all
right.
A
So
we've
got
a
service
mesh,
let's
go
back
to
their
repo
and
we
we
had
messaged
michelle
from
microsoft
a
little
bit
earlier
before
this
episode,
and
I
think
she
said
to
look
at
the
bookstore
example
or
it
was
one
of
these
demos,
so
we'll
we'll
check
out
the
manual
demo
and
see
if
we
can.
We
can
play
around
with
this
a
little
bit
so
we've
done
osm
install
that
seems
pretty
good
and
then
it
looks
like
there
is
a
bookstore
book.
Buyer
book
thief
book
warehouse
demo
applications
that
we're
going
to
apply
here.
A
A
I'm
learning
my
lesson
slowly,
but
surely
don't
put
a
forward
slash
at
the
end
of
the
urls
all
right,
so
we've
got
that.
Let's
go
into
osm
for
those
of
you
who
didn't
see
the
episode.
There
was
an
episode
where
I
probably
spent
like
60
seconds
to
three
minutes
figuring
out
like
why
the
heck
won't
it
clone
and
sure
enough.
It
was
the
the
forward
slash
at
the
end.
Okay,
so
osm
we're
inside
of
that
I'm
going
to
remove
its
git
repo,
because
I
might
commit
this
later
into
tgik
and
we
should
be
good.
A
So,
let's
go
ahead
and
run
the
cube.
Cuddle
apply
to
deploy
these
okay,
so
this
says
create
the
bookstore
application.
Namespaces
onboard
the
namespaces
to
the
osm,
oh
enable
sidecar
injection
on
the
namespaces
okay.
This
is
interesting.
Let's
start
by
making
the
name
spaces
because
that's
kind
of
trivial
we'll
do
a
quick
cube,
cuddle,
get
cube,
cuddle,
get
pods
inside
or
sorry
get
ns.
A
We'll
watch
that
all
right!
So
there's
our
namespaces
today
we'll
grab
these
the
lovely
little
shell
for
loop
all
right.
So
we
got
a
book
buy
or
a
bookstore
a
book
thief
and
a
book
warehouse
interesting,
so
someone's
going
to
be
stealing
books
from
us.
I
guess
okay,
so
we've
got
those
now.
This
is
an
interesting
concept.
A
Enable
sidecar
injection-
oh
it's
doing
it
through
the
command
line.
I
was
like
what
the
heck
is
this
flag
doing?
Okay,
so
this
so
apparently
there's
a
way
to
opt
in
to
the
service
mesh.
It
looks
like-
and
this
is
actually
a
really
good
thing,
because
you
know
perhaps
you're
running
you're
going
to
be
putting
osm
in
a
cluster
that
doesn't
have
a
service
mesh
already
you're,
not
just
going
to
rebuild
the
whole
cluster
and
make
every
app
contribute
to
the
service
mesh
or,
I
should
say,
be
part
of
the
service
mesh.
A
But
you
want
to
kind
of
enable
certain
workloads
to
be
part
of
the
mesh
I'm
guessing.
This
is
what
that's
doing
we'll
check
it
out
in
a
second.
So
let's
copy
this:
let's
do
one
of
these
and
I'll.
Tell
you
what
let's
grab
we're
going
to
be
doing
it
to
the
bookstore
namespace.
Let's
grab
that
as
an
example
and
let's
go
ahead
and
watch
we'll
do
this
cube
cuddle,
get
get
namespace,
bookstore,
right,
okay,
bookstore
and
we'll
get
the
yaml
output
and
we'll
put
it
in
before.yaml.
A
That
looks
good
great
okay.
Now,
let's
do
this
osm
namespace
ad,
this
command
line's,
pretty
cool
namespace,
bookstore
added
book,
buyer
goodgood?
Okay!
Now,
let's
do
after
okay,
and
I
have
no
idea
if
it
did
anything
to
the
name,
space
yellow,
but
let's
see
so
if
we
did
a
quick
diff
of
before
and
after
what
do
we
got
here?
D
C
A
Good
enough,
so
we'll
just
go
into
after
and
look
at
it.
We've
got
an
annotation
here,
and
this
is
probably
what
it's
looking
at
to
figure
out
whether
it
wants
to
inject
side
cars
and
we
can
validate
that
pretty
easily.
It
looks
like
there's
also
a
label
put
on
it,
monitored
by
osm.
So
I
think
these
are
the
the
key
changes
that
we
saw
all
right.
A
So
let's
go
ahead
and
deploy
the
applications
and
see
if
these
all
get
get
set
up.
Okay,
oh,
they
got
a
graphic
right,
we'll
see
if
these
get
set
up.
So
we
will
get
out
of
here
we'll
clear
this
out,
we'll
do
a
watch
for
cube
cuddle
get
pods
in
the
namespace
bookstore
just
to
have
one
a
little
sanity
check
here:
okay,
great
and
then
we
will
apply
that.
A
D
A
So,
let's
apply
one
more
time
there
we
go
all
right,
theoretically,
we're
creating
a
bunch
of
stuff.
Let's
see
if
there's
a
bookstore,
app
good
good,
all
right
now,
you'll
notice
in
this
field,
we've
got
two:
what
what
are
these?
What
are
these
numbers
for?
They're,
not
pods
right.
This
pod
has
two
and
I'm
guessing.
A
A
A
D
A
So
looks
like
we've
got.
A
sidecar
container
looks
pretty
good
all
right,
not
too
bad.
So,
let's
see
if
we
can
get
this
thing
working
with
some
of
these
some
of
these
policies.
So,
following
the
key
components,
we've
got
the
deployment
the
service,
the
service
account
the
root
service
called
bookstore,
which
okay
good
good,
all
right,
an
smi
traffic
split
resource
which
specifies
how
much
traffic
should
go
to
east's
resource.
Okay.
We
should
check
that
out
then.
So
if
we
deployed
one
of
those,
let's
check
it
out,
cube
cuddle,
get
traffic
split.
B
A
A
A
So
we've
got
a
traffic
split
here.
You
know
what
I
should
do.
Sorry,
everyone,
let's
get
a
let's
get
the
specific
split,
bookstore
split.
That
way.
I
don't
have
that
list
object
all
right,
cool,
lovely
ts,
cmo,
good,
good,
all
right
annotations,
let's
get
rid
of
all
this
stuff
here.
We
don't
really
need
that.
Okay,
so
interesting.
Okay,
so
back
ends.
Weight
is
100
service,
bookstore
bookstore,
so
I'm
guessing.
This
is
the
place
that
we
can
do.
A
The
the
common
trend
of
like
wanting
to
you
know,
say
it's
a
canary
deployment
of
sorts
shift
traffic
over
slightly
to
a
different
service,
so
we
can
kind
of
see
those
going
in
in
different
directions.
But
overall
the
spec
looks
pretty
pretty
straightforward.
You
got
a
service
that
you're
pointed
at
right
and
then
you've
got
the
the
weight
for
that
service
as
well
makes
sense.
Okay,.
B
A
A
A
A
Just
follow
the
examples
josh
all
right,
so
we'll
do
that
real,
quick!
Let's
go
ahead
and
just
cp
that
and
let's
see
what's
inside,
of
env
here,
okay,
this
is
interesting
registry
password,
kubernetes,
namespace
book,
buyer,
okay,
we'll
see
what
this
relates
to
in
a
moment.
So
we've
got
that
let's
do
the
port
forward
inside
of
scripts.
Here
all
right,
cool
cool
looks
like
we've
got
the
port
forwarding
set
up.
B
A
A
Okay,
I
don't
think
I
missed
anything
too
big.
Yet
how
can
I
deploy
flush?
You
ask:
how
can
I
deploy
osm
with
terraform?
That's
a
great
question.
I
would
assume
that
you
can
absolutely
grab
the
yaml
files,
I'm
not
I'm
not
sure
all
the
abstractions,
the
osm
cli
provides
for
you,
but
I'm
sure
if
you
wanted
to
do
this
with
ansible
with
terraform
with
you
know
whatever
it
might
be,
it
would
be
it'd,
be
totally
possible.
A
Morsel
says
all
hail
to
arch,
yes,
usually
true,
but
today
I
can't
find
where
the
vim
dif
package
is
so
and
yes,
steve
brings
up
a
good
point.
Actually
you
could
always
do
it
with
good
ops.
You
could
put
the
manifests
in
somewhere
and
use
flux
or
argo
to
to
get
those
deployed,
all
right,
cool,
cool.
Okay.
I
don't
think
I
missed
anything
else,
sorry
about
that.
I
somehow
accidentally
scrolled
up
in
the
in
the
chat
all
right,
so
we've
got
some
things
deployed.
A
A
That
basically
say
when
the
container,
when
the
traffic
leaves
here
go
to
envoy
when
traffic
enters
go
to
envoy,
not
guaranteeing
that
that's
how
osm
does
it,
but
it's
it's
quite
likely
that
that's
the
that's
the
approach
so,
okay,
so
to
view
all
the
resources
we've
got
services,
traffic,
split
bookstore.
Let's.
A
Real
quick
before
we
start
testing
stuff
out
all
right,
open
up
a
new
window.
Here:
okay
cool,
so
we've
got
book
thief:
we've
got
bookstore,
we've
got
book.
Buyer!
I
set
up
a
bunch
of
port
forwarding.
It
looks
like
jaeger's
here,
controller
prometheus
cool,
so
hopefully
we
can
do
some
stuff
with
metrics.
A
D
A
Override
the
default
ports,
interesting,
okay,
so
these
are
to
override
the
default
ports.
Okay,
I
don't
think
I
need
to
do
that.
Hopefully,
these
will
just
open
up.
Let's
see,
hey
great
book,
buyer,
okay,
so
we've
got
a
couple
things
here:
we've
got
the
book.
Buyer
we've
got
bookstore
v1,
okay,
total
book
spots.
This
is
maybe
like
an
aggregate
total
book
spot
we've
got
books
sold
in
bookstore
v1.
You
can
see
that
they're
refreshing
on
some
interval
up
there
do.
I
don't
think
I
have
v2
deployed
yet
right.
A
Okay,
so
v2
is
not
available
at
this
time
in
the
demo
will
be
available
during
traffic
split,
that's
good
and
then
book
thief,
which
I
have
no
idea
what
that
is,
but
it
seems
to
be
working,
probably
people,
stealing
books,
okay,
lovely,
let's
get
into
this,
then
all
right.
So
we
want
to
make
the
book
thief
application
access
the
mesh
here.
So
we've
got
this
idea
of
a
traffic
target.
The
current
traffic
target's
back
with
commented
book,
thief
kind,
so
traffic
target
the
destination
is
looking
at
the
book
store.
A
It
looks
like
and
then
traffic
target
for
here
interesting.
We
should
look
at
what
the
traffic
target
spec
is
exactly
traffic
target.
Let's
see
here
oops,
currently
the
book
thief.
Application
is
not
authorized
to
participate
in
service
mesh
communication.
We
will
uncomment
out
the
lines
in
the
docs
to
allow
the
book
thief
to
communicate
with
bookstore,
then
reapply
the
manifest
and
watch
the
change
propagate.
So
the
current
change
here
and
then
the
updated
change.
Okay.
A
So
we
should
just
take
a
quick
look
at
let's
see,
what's
our
what's
our
big
diff
here,
what
do
you
all
see
the
bookstore
v1
http
group?
Do
I
have
a
traffic
target?
Is
that
what
I
was
looking
at
earlier?
Let's
see
here,
cube
cuddle,
get
traffic
target
a
no.
I
don't
have
a
traffic
target.
Yet
apparently
the
book
thief
application
has
not
been
authorized.
A
Ahead-
and
I
guess,
deploy
this
thing
so
traffic
target
all
right,
we'll
try
this
out
so
we'll
go
into
raw
see
if
we
can
get
this
deployed.
Okay,
so
traffic
target.yaml
we'll
throw
this
in
okay.
So
what
do
we
got
going
on
here?
It
looks
like
the
traffic
target
is
telling
it
to
take
part
in
the
mesh,
so
http
route
group
matches
buy
a
book
books
bought
service
accounts,
interesting
yeah.
I
wonder
what
we
got
going
on
here:
the
destination?
A
A
So
is
this
perhaps
enabling
the
book
buyer
to
reach
the
bookstore
itself?
And
then
perhaps
the
book
thief
not
going
to
the
bookstore
is
kind
of
the
crux
of
this
demo,
I'm
guessing
because
we
can
show
how
we
can
enable
and
disable
certain
paths
to
happen.
Let's,
let's
see
we'll
apply
this
and
see
if
we
can,
if
we
can
prove
this
out,
okay,
cool,
let's
give
it
a
shot,
so
cube
cuddle
apply.
A
A
Okay,
we've
got
those
two
things
created,
which
means
we
should
now
have
a
traffic
target.
Looks
pretty
good
can't
complain
all
right,
bookstore
good,
good,
all
right,
let's
see
if
it
gives
us
a
oh
hey
check
that
out,
so
we've
got
books
being
bought
and
I'm
guessing
that
this
is
happening
from
the
bookstore
itself.
So
we've
got
the
okay,
I
think
I'm
starting
to
get
where
this
is
going,
so
the
book
buyer
is
going
out
to
the
bookstore
right
that
is
going
in
and
actually
hitting
this
and
we're
selling
books
over
time.
A
Now
before
these
were
refreshing
pulling.
However,
the
little
demo
is
set
up,
but
obviously
we
weren't
hitting
anything
and
effectively
what
we've
got
here.
That's
kind
of
interesting
is:
we've
got
this
new.
This
new
spec
called
traffic
target
where
we
can
actually
define
what
right
what
is
able
to
access
what
now
this
is.
This
is
kind
of
interesting
right
like
what
what
levels
do
we
do
this
on
today,
in
like
a
current
kubernetes
cluster
that
might
not
have
a
service
mesh
involved?
Well,
a
lot
of
times.
A
A
A
B
A
A
If
you
will,
of
what
service
it's
going
to
attach
this
to
so
kind
of
like
an
identity
thing
and
that's
basically
how
we're
kind
of
looking
up
the
correlated
correlated
application
itself
right,
oh
wow!
Now
I
can
see
you
all
chatting
so
much,
I'm
so
sorry
it
wasn't
working
yeah.
I
know
we
need
a
tgik
slack.
This
youtube
thing:
ain't,
cutting
it
anymore,
discord's,
the
new
cool
thing,
eh.
A
A
Seven
type
concerns
so
http
routes
where
we
can
yeah
where
we
can
allow
for
certain
rules,
like
you
know,
path
and
header
values,
and
things
like
that
so
feel
free
to
mess
with
this,
and
you
can
probably
get
even
more
hyper
specific
because
you
know
one
of
the
big
things
with
a
lot
of
cni
network
policy.
Implementations
is
you're
not
operating
at
that
higher
layer
right.
So
in
that
case
you
know
you
don't
have
that
same
level
of
functionality
and
feature
set
now.
A
Some
cni's
do
do
stuff
like
that,
like
psyllium
and
things,
but
this
is
something
we
can
do
at
the
mesh
level
so
and
now
we're
in
a
debate
about
whether
we
should
use
anything
from
irc
to
discord
so
I'll.
Let
you
all
figure
that
out
and
then
let's,
let's
use
something
else,
we'll
blame
me
not
being
able
to
refresh
chat
on
it
all
right,
cool,
looking
good
wow,
I
missed
so
much
chat.
What
the
heck
happened
to
my
firefox
window,
I'm
so
confused.
D
A
Okay,
I'm
guessing
we'll
start
to
see
the
book
thief
come
in
too
so
the
book
thief's
probably
going
after
it,
but
it's
not
getting
anywhere
because
it
doesn't
have
the
actual
traffic
target.
That's
allowing
the
traffic
to
go
to
and
from
the
thing,
so
we'll
do
that
with
a
service
account
book
thief,
we'll
save
that
up
and
we'll
break
the
flow
for
a
second
and
apply
it
and
then
see.
If
our
book
thief
starts
gaining
books.
A
A
Right
so
a
thief
still
isn't:
oh
no,
there's
thief!
There
we
go.
I
don't
know
what
the
delay
was.
Maybe
that
was
just
the
the
controller
programming,
the
programming
taking
some
time
to
program
the
envoys.
So,
okay,
we're
learning
some
good
stuff
here.
So
it's
so
far
it
seems
like
we've
got
this
acting
as
an
injector.
Putting
the
envoy
in
place
seems
like
we've
got
the
controller.
That's
actually.
I
should
point
this
at
the
brain
shouldn't.
A
A
They
have
an
internal
package
first
time
installation.
So
I'm
guessing.
This
is
just
like
a
really
simple,
like
let's
get
you
next
509,
let's
wire
things
up,
let's
make
sure
you
can
do
mutual
tls
without
external
dependencies,
which
is
a
great
call,
and
then
they
have
integration
where
we
can
hook
into
vault,
azure,
key
vault,
cert
manager
and
then
there's
probably
ways
to
plug
in
more.
If
you
wanted
to
build
more
from
there,
so
I'm
not
sure
about
the
rotation
thing.
That's
a
great
question,
rotate
certs!
D
A
A
Sure,
if
there's
anything
in
the
cli,
I
guess
you
probably
need
to
orchestrate
more
with
your
cert
manager
or
your
vault
or
your
azure
key
vault.
I
don't
know
if
osm
would
take
on
the
concerns
of
triggering
the
rotation
for
you,
but
maybe
that
makes
sense.
I
don't
really
know
I'd
have
to
think
about.
I'd
have
to
think
it
through
more.
That's
a
great
question,
though:
oscar
okay
cool,
so
we've
got
traffic
going
through
these
different
folks.
A
Let's
go
ahead
and
see
if
I
can
get
us
back
here
to
our
demo,
see
if
we
can
get
some
of
these
bits
wrapped
up,
so
we've
got
the
buyer.
We've
got
the
book
thief
coming
in
to
bookstore
v1
and
we
know
that
everything
is
hitting
v1
at
this
point
all
right.
So
that's
that's
good
to
know
that
we're
directing
traffic
that
way
allowing
the
book
thief
to
access
the
mesh,
I'm
guessing,
that's
what
we
just
did
yep.
A
So
we
uncommented
that
which
enabled
book
thief
one
step
ahead
of
you:
docs,
okay,
control,
pause,
naming
permissive
traffic
mode
when
installing
the
control
plane,
osm
install
enable
permissive
traffic
policy.
Okay.
This
is
something
this
is
interesting
bypass,
setting
up
and
using
access
control
policies
entirely
by
enabling
permissive
traffic
mode.
A
B
A
If
we
can
get
more
more
details
on
that
as
we
as
we
dive
in,
but
remember
that
permissive
traffic
policy
flag
that
we
can
maybe
change
here,
all
traffic
is
encrypted
via
mtls,
regardless
of
whether
you're
using
the
access
control
policies
or
have
enabled
okay.
This
is
great,
so
theoretically,
our
setup
here
from
pods
right.
A
So
if
we
kind
of
you
know
sort
of
redraw
the
architecture
here
between
what
we
have-
let's,
let's
just
let's
keep
it
simple
for
now,
let's
focus
on
our
book
buyer
right
and
then
we'll
focus
over
here
on
our
bookstore
all
right.
So
if
I'm
understanding
everything
correctly
here,
basically
we've
got
these
two
envoy
instances.
A
So
pretty
cool
shawshank,
you
says,
oh,
you
said:
osm
configures,
a
certificate
provider
to
rotate
certs
upon
expiration,
updated
certificates
are
pushed
as
oh
great.
So
it's
handled
by
default
thanks
for
telling
us
makes
sense,
and
is
that
true
for
all
the
providers,
I
don't
know
if
you
know
offhand
like,
regardless
of
whether
I'm
using
vault
or
as
your
key
store,
it'll
it'll,
handle
the
you
know,
making
sure
the
rotations
that
are
in
place
and
all
that
good
stuff.
A
What
I'm
thinking,
I'm
thinking
permissive
mode
would
have
meant
that
if
we
had
dropped
book
thief
and
bookstore
in
they
just
would
have
started
communicating
because
there
wouldn't
need
to
be
this
kind
of
opt-in.
So
you
know-
maybe
maybe
what
this
comes
down
to
is
like.
What's
your
philosophy
on
like
micro
segmentation
right?
A
B
A
A
You
would
just
need
to
make
sure
you
conform
to
whatever
interface
it
gives
and
then
it'll
be
able
to
tell
it
through
whatever
plug-in
you
know,
hey
we're
going
to
do
rotation
it'll,
give
it
what
it
needs
to
do
and
it
will
trigger
it
and
the
provider
can
handle
rotation
under
the
hood,
which
is
pretty
cool.
So
all
right,
oh
you
literally
said
adding
more
would
be
great.
A
Yes,
thanks
for
saying
that
I
need
to
read
your
full
sentences
before
I
before
I
talk
flesh,
says:
istio
is
default,
permissive,
okay,
good
to
know
so
by
default
it's
open
and
you'd
have
to
intervene
beyond
that,
and
you
said,
arista's
does
osm
have
the
same
issue
as
linker
d
when
you
have
a
reverse
proxy
injected
in
the
service
mesh
and
you
can't
forward
the
real
source
ip
unless
you
skip
the
proxy.
For
that's
that's
a
great
question.
A
If
anyone
from
the
osm
group
knows
offhand,
I
would
think
you
would
be
able
to
to
keep
the
source
ip.
Perhaps
I
don't
know
if
I'm
not
I'm,
not
an
envoy
expert,
though
cool
all
right.
Let's
dig
a
little
bit
more
in
so
we've
got
these
updating.
They
look
pretty
good,
let's
see
in
our
in
our
little
demo.
Here
it's
a
great
demo
by
the
way,
configure
traffic
split
between
the
two
services.
Okay,
great!
So
now
be
it
book,
buyer
or
book
thief,
I'm
guessing!
A
A
A
D
A
Looks
better
okay,
so
we've
got
traffic
target
configured
that
looks
good.
We've
got
service
account
service
deployment.
All
that
looks
good
as
well,
so
I'm
guessing
traffic
target
is
just
allowing
things
to
hit
v2.
But
the
question
is:
what
exactly
is
the
traffic
split
by
default?
So
I
think
we
knew
this
because
we
saw
it
before
right
if
we
do
a
cube
cuddle,
get
traffic
split
for
the
namespace
book
store
right,
okay,
there's.
A
A
C
A
C
C
C
A
Let's
see
what
you
all
are
saying
here:
studio's
default
permissive
does
osm
ymo
said:
where
can
you
watch
for
who
is
connecting
to
who
in
envoy?
Is
there
a
central
location
that
that's
published,
yeah
good
question,
I'm
curious
what
information
that
we
grab
out
of
envoy.
Like
I
know
in
contour,
we
pull
some
of
the
the
data
out
of
the
envoy
api
and
expose
it.
I'm
sure
osm
probably
leverages
some
of
that
data
as
well
make
sure
you
go
to
bookstore
v2
before
you
update
the
split
good
good
point:
phil.
A
Let's
try
that
out.
So
we've
got
cube
cuddle
we've
got
the
pods
for
the
bookstore
v2.
So
let's
check
that
out
now
is
there
logs
for
bookstore.
I
hope
there
is
because
that
would
be
kind
of
cool
if
we
could
cube
cuddle
logs
bookstore
pod,
it's
going
to
yell
at
me
because
I'm
going
to
need
to
choose
the
container,
but
that
should
be
about.
B
A
A
Soon,
logs,
okay
and
then
we'll
do
this
and
check
out
bookstore
v1,
lovely!
Oh,
hey,
something's
happening.
Okay,
that's
good!
So
we've
got
about
50,
50.
yeah,
that's
true!
That's
true!
Steve
we've
got
we've
got
so
much
observability.
I've
got
a
freaking
ui
in
the
demo.
I've
got
a
lot
of
stuff
and
hey
phil.
Are
you
phil?
Did
you
give?
I
might
be
getting
you
confused,
but
did
you
give
a
talk
on
tsm
or
tsm
on
osm
to
the
kubernetes
meetup
in
colorado?
A
By
chance
I
feel,
like
your
name
looks
familiar,
and
I
might
have
seen
that
presentation.
If
that
was
you,
I
can't
remember,
though,
and
if
it's
not
you,
I'm
getting
you
confused.
Okay,
so
this
is
going
through.
We've
also
got
the
ui,
which
I've
got
up
here
so
to
your
point
about
v2,
exactly,
let's
pull
up
the
ui.
A
Oh
it
was
you
awesome,
great
presentation,
I'm
probably
reiterating
a
lot
of
what
you
showed,
but
yeah
it
was.
It
was
really
cool
to
get
an
idea.
That's
what
got
me
so
stoked
to
do
an
episode
on
this,
so
bookstore
v2.
What's
our
port
for
bookstore
v2?
What's
our
port
and
set
it
up
here
right,
it
is
there
it
is
82.
I
should
have
guessed
okay,
so
we've
got
8082
here.
C
A
B
A
A
lot
of
them
are
already
in
use.
That
makes
sense,
but
hey
look
at
it,
okay,
cool,
so
I
still
don't
know
if
I
figured
out
what
would
happen
if
a
traffic
split
wasn't
there
yet,
but
we
know
a
traffic
split
is
there
we
know
it's
giving
100
to
bookstore
v1,
so
let's
go
ahead
and
up
it
to
bookstore
to
having
bookstore
v2
as
well.
So
we'll
go
back
here.
A
A
A
We
will
vim
into
here
into
traffic,
split
and
okay,
cool,
hey,
here's,
here's
a
question
for
the
osm
team,
because
we
did
an
episode
on
flagger,
which
was
pretty
interesting
for
like
slowly
dialing
up
the
traffic
based
on
conditions
and
things
like
that
does
osm
plug
into
flagger
by
chance,
or
is
that
something
you
all
are
thinking
about?
I'm
just
curious!
So
all
right,
this
looks
like
it's
going
to
completely
shift
us
from
v1
to
v2.
So,
let's
see,
if
we
can
do
that,
so
this
will
not
be
a
canary
deployment.
B
A
B
A
Oh
bridget
said
the
flagger
team
is
active
in
the
smi
community.
I
think
I
saw
flagger
on
on
the
smi
thing
I
mean
it's
smi
is
such
a
win
for
flagger,
because
if
they
can
focus
on
a
unified
api
that
we
all
agree
on,
they
don't
have
to
worry
about
implementing
it
for
contour
and
for
the
90
other
thousand
options
of
how
you
would
balance.
You
know
ingress
traffic
or
service
mesh
traffic.
So
I'm
glad
to
hear
that
they're
involved,
because
this
seems
like
a
huge,
huge
benefit
for
them,
providing
a
consistent
api.
A
A
If
we
came
into
the
traffic
split
here
and
we
just
set
it
to
oh
heck-
let's,
let's
be
where
actually
no
I've
got
it
right
here,
we're
good
I'll,
just
edit
it
and
then
we'll
bring
this
up
to
a
50,
50
split,
okay
and
then
apply
just
like
that,
and
I
would
guess
in
a
moment
that
we
should
have
these
two
go
in
and
firing
off.
It'll,
probably
just
take
a
second,
so
all
right.
A
What
else
you
all
talking
about
here
does
ism
use
spiffy,
let's
see
here,
that's
from
martin,
let's
see
dude,
I'm
seeing
if
anyone
answered
you,
martin,
martin
smith
is
about
service
identity,
so
I
guess
at
the
envoy
level
itself
yeah,
that's
that's
a
great
question
like
as
far
as
identity
providers
go
yeah
is
so
we've
obviously
got
mutual
tls
and
we
can
hook
into
vault
and
all
those
different
kinds
of
things,
and
I
guess
in
a
way
we
can
get
some
amount
of
identity
done.
That
way.
A
I
don't
know
if,
if
osm
has
plans
to
look
at
like
projects
that
align
with
spiffy
like
what's
the
reference
implementation
called,
is
it
spire
things
like
that
to
integrate
with
with
from
an
identity
provider
standpoint,
I
guess
console
connect's,
probably
a
massive
identity
provider
too
right
steve
says
shout
out
stefan
yeah,
stefan
from
flagger
he
joined
us
and
and
gave
us
some
good
insight,
as
we
were
playing
around
too
bookstore
v1
bookstore,
v2
yeah
looks
like
they're,
both
incrementing.
Now
pretty
cool,
pretty
sweet
api
and
yeah
I
mean
this
is
this?
A
Is
great
news
for
the
service
mesh
community
and
things
like
flagger?
It's
it's
so
simple!
If,
if
the
api
stays
consistent,
it
just
speaks
to
the
value.
Add
of
of
of
having
this
smi
spec
and
phil
says
yep
they're
looking
into
spiffy
integration
for
identity,
so
martin,
it
looks
like
maybe
not
today,
but
looking
to
to
plug
that
in
this
is
it's.
I
think
what
I
like
of
so
much
about
this.
Is
it's
so
simple.
A
It's
it's
doing
like
the
90
case,
and
it's
doing
it
really
well
in
a
really
clean
way,
which
is
which
is
neat.
I
guess
the
one.
The
one
thing
I'd
love
to
wrap
up
on.
If
we
could
figure
it
out,
I
don't
know
if
it's
part
of
the
demo
is
a
little
bit
on
the
observability
stack.
I
wonder
how
hard
it
would
be
to
look
at
that
jaeger,
output
and
stuff,
like
that.
Let's
see
if
we
can
know
I'm
on
the
smi
spec
page,
so,
okay
inspect,
oh
okay,
they
it's
on!
A
A
A
I
don't
want
to
say
confused
because
they're
overlapping
concerns
in
a
way,
but
by
identity
we
basically
just
mean
providing
the
mechanism
to
to
prove
the
authenticity
of
the
thing,
if
that
makes
sense,
so
think
of
it
like
authen,
when
you
think
about
and
off
the
z.
So
if
I
go
in
is
there
some
means?
Where
I
can
tell
you
like?
I
am
josh
like
I
swear,
I'm
josh,
I'm
not
choco.
I
am
josh
and,
like
here's,
how
I
can
identify
myself
in
a
way
that
choco
cannot
impersonate
right
now.
A
That's
as
you
can
imagine,
a
bit
of
a
different
concern
than
whether
choco
and
josh
are
talking
to
each
other
over
a
fully
encrypted.
You
know
protocol
or
through
a
protocol
that
offers
some
level
of
encryption
right
so
with
identity
and
a
lot
of
times
how
how
some
of
these
models
can
work
and
why
sometimes
they
get.
You
know
kind
of
thought
together
is
when
you
go
out,
you
can
provide
certificates
to
individual
people
and
that
can
act
as
their
identity
right,
because,
theoretically
they
only
have
that
private
key
and
then
using
those
certificates.
A
They
can
then
facilitate
encrypted
communication
to
and
from
so
what
I'm
basically
we're
talking
about
with
identity
is
you
know
calling
out
that
it's
a
little
bit
different
than
encryption,
but
a
lot
of
times
when
you
establish
identity.
Those
mechanisms
enable
you
to
encrypt
traffic
as
well,
if
that
kind
of
makes
some
sense
so
that
that's
kind
of
how
I
think
about
it,
they're
a
bit
different
concerns,
but
they
totally
play
in
the
same
ballpark
and
more
so
you
said:
maybe
they
run
grafana
locally.
You
might
be
right.
Oh
it
looks
richard.
B
A
A
A
Oh
it
was
running
yet
duh,
okay,
kill
it
twice
and
then
let's
do
osm
dashboard
and
see
if
this
works
for
us
and
then
navigate
to
localhost,
3000,
okay,
starting
the
dashboard
failed
to
start
osm
grafana
is
not
see
richard.
I
think
you
may
have
just
saved
us
a
bunch
of
time,
so
you
said
I
need
to
do
osm
install
and
let's
do
a
quick
help.
I
think
you
said
it
was
enable
grafana
right
enable
grafana
all
right.
How
item
potent
is
the
osm
install
command?
A
Do
okay
feature
request,
I'd
love
to
be
able
to
add
grafana.
If
there's
not
an
easy
way
to
do
that
already,
you
need
to
add
the
mesh
name.
I
think
what
it
was
saying,
though
steve
is,
I
think
it
was
telling
me
you
need
to
put
in
a
new
mesh
name,
because
you
already
installed
see
what
I
mean
mesh
osm
already
exists,
yeah
specify
a
new
mesh
name
using
dash
dash
mesh
name.
Does
that
work,
mesh
name,
osm
yeah,
whatever
might
as
well
try
meshname
osm
osm
already
exists.
Okay,.
A
A
A
It
should
I
install
two
osms
to
the
same
cluster.
You
think
that'll
work,
it
might
be
faster.
I
guess
this
speaks
to
the
benefit
of
like
having
a
really
good,
get
ops
flow
in
place
or
something
like
as
cool
as
the
command
line
tool.
Is
it's
pretty
nice
to
have
like
you
know
those
types
of
abstractions
kind
of
can
fall
apart
in
some
of
these
use
cases?
Okay,
so
it
said,
oh
did.
A
B
A
Oh
because
the
name
is
a
flag
right,
that's
probably
what
it
is
all
right
here.
We
go.
Let's
see
if
uninstall
works,
so
we
will
do
a
watch,
cube
cuddle,
get
pods
and
only
all
the
namespaces
are
we
terminating
great.
We
terminated
the
mesh
and
the
bookstore
is
still
there,
so
that
might
work
out
okay,
what
else
we
got
here?
So
if
we
do
this
one
more
time
and
do
osm
install
what's
what?
What
can
we
install
by
the
way?
A
So
we
can
deploy
jaeger?
That
was
funny
because
we
had
jager
got
up
deployed
right,
oh
default,
says
true:
gotta
learn
to
read:
enagle
debug
server
enable
egress
in
the
mesh
interesting
enable
grafana.
Okay,
I
think
we
have
no.
We
didn't
have
graphon.
I
was
thinking
prometheus
permissive
track.
Okay,
permissive
traffic
policy.
We
learned
about
that
a
bit
enable
prometheus,
that's
true
by
okay.
Let's
just
turn
on.
Let's
just
turn
it
on
so
enable
all
the
flags
yes
well.
If
there
was
an
enable
all
command
choco.
I'd
probably
do.
D
A
A
A
C
A
A
Yeah,
I
agree
steve.
I
think
I
think
the
crux
I
mean
you
know
realistically,
though,
like
this
is
a
great
tool
for
getting
things
bootstrapped
like
over
time,
and
you
know
more,
how
should
I
say
it?
More
production,
oriented
deployments
you're,
probably
going
to
manage
this
a
different
way
than
some
cli,
but
nonetheless
I
hear
you
it
would
be
kind
of
a
cool
user
experience
to
add
them
in
right.
Okay,
so.
C
A
A
B
A
Admin
and
we're
in
grafana,
so
we've
got
the
dashboards.
We've
got
we'll
go
to
home,
real,
quick
and
then
I
haven't
been
in
griffon
in
a
while.
Let
me
turn
off
this
dark
mode
thing:
okay,
osm
control,
plane,
osm
data,
plane,
interesting
control,
plane
metrics.
What
do
we
got
here?
Success
count.
Failure,
count,
connections,
control,
plane,
looks
good
hacker
man,
admin,
admin,
yep,
you're,
not
wrong.
Okay,
so
control
plane
looks
pretty
simple.
A
This
is
just
when
I
guess
I
add
an
api
object.
Maybe
we're
probably
way
more
interested
in
the
data
plane
pod
to
services
metric
service
to
service
metric
workload.
Oh,
the
distinction
here
is
interesting
right,
pod
to
service
metrics
service
to
service
metrics.
So
the
use
of
service
here
is
interesting.
Does
pod
to
service
mean
a
workload?
That's
not
taking
part
in
the
mesh
calling
a
workload
that
is
taking
part
in
the
mesh.
A
I'm
curious.
What
the
distinction
is
there
service
to
service?
Okay,
all
right
services
service
has
nothing
yet
no
data.
Yet
any
of
these
have
data,
yet
so
data
plane
pod
to
service
okay,
nothing!
Yet
all
right!
I
guess
I
should
be
checking
if
my
bookstores
are
working
right.
Oh
select,
a
namespace
good
call,
I'd
be
here
for
hours
all
right.
So,
let's
start
with
where
the
heck
is
my
namespace
selector
at
jeez,
okay,
so
home
dashboards
and
service,
it's
gonna
be
in
here
right
and
then
source
namespace.
A
None.
What
do
you
mean?
None
bookstore.
Does
that
work
is
dark
mode.
Screwing
me
up
again
here
uh-oh.
I
think
you
have
to
generate
data
again.
It
may
have
nuked
your
stuff.
You
need
to
redeploy.
What
do
I
need
to
redeploy?
The
book
app
is
that
is
that
what
you
all
are
saying?
I
need
to
redeploy
the
the
book
stack
or
whatever.
A
C
A
A
I
wonder
why
it
wouldn't
be
polling,
cube,
cuddle,
get
namespaces,
so
we've
got
book.
Buyer
we've
got
bookstore,
we've
got
book
thief.
I
think
you're,
probably
right,
it's
probably
not
generating
data.
Let's,
let's
do
this
real,
quick,
let's
go
back
and
do
the
port
forward
command,
even
though
it
might
screw
with.
A
A
Good
question,
good
question:
we
should
check
that
because
right,
one
thing
we
learned
is
that
it
does
annotate
the
name
space,
although
I
thought
that
was
just
for
the
sidecar
injector.
Let's
see
so
cube,
cuddle
get
namespace,
bookstore,
oh
yaml,
and
I'm
sure
we
still
got
it
annotated
right.
Oh,
we
don't!
A
A
Service
mesh
sidecar
enabled
monitored
by
osm,
okay,
here,
let's,
let's:
let's
do
this
real
quick!
This
will
tell
us
the
answer
without
running
in
too
many
circles.
So
if
I
just
go
back
to
the
proxy
command
and
do
that
now,
okay,
so
let's
just
reproxy
and
it
might
get
upset
with
me-
wait
not
what
I
wanted
to
do.
A
A
A
Disconnect
with
prometheus
and
stuff
so
should
you
run
the
web
page
to
generate
traffic?
Well,
that's
what
I
checked
it's
it's
clearly,
it's
clearly
collecting
it's
clearly
sending
requests
right.
Steve
said
is
prometheus
there
good
question:
let's
check,
cube
cuddle,
get
pods
all
and
we'll
just
we'll
be
lazy
prometheus.
A
C
A
C
A
A
A
A
A
D
A
Oh,
is
it
an
r
back
problem
if
desired,
use
prometheus
service
definition
to
scrape
itself
keep
scrolling
further
down
metric?
Scraping?
Oh
hey!
Look
at
it
there
we
go
good,
because
I
wasn't
really
looking
forward
to
figuring
out
the
r
back
and
stuff
right
now,
it's
too
late
on
friday
to
figure
all
that
out.
Let's,
let's
use
the
command
line
tool,
so
I
guess
we'll
just
enable
scraping
on
all
these
right.
Osm
metrics
enable
all
right,
let's
see
if
this
works,
so
this
would.
This
would
explain
why
we
weren't
getting
data.
A
C
A
A
Wrong
enable
all
the
flags
we
should
have
known,
we
should
have
known,
I
guess
the
one
thing
we
should
put
a
little
pull
request
in
for
or
it's
somewhere
in
this
guide,
and
I
just
didn't
realize
it.
We
should
put
a
pr
in
to
the
book
service
demo
that
you
probably
need
to
be
aware
of
turning
on
the
metrics,
and
you
probably
need
to
be
aware
of
turning
on
the
enable
grafana.
If
you
want
that
to
work
right,
I
think
so
at
least
unless
it
was
in
here-
and
I
just
missed
it,
but
that.
A
A
Oh,
I
didn't
include
it
at
all.
What
the
heck,
okay,
warehouse
book
warehouse
seems
good,
yeah.
Okay,
all
right
is
that
all
we
needed
fingers
crossed
I'm
guessing
that
this
maybe
set
up
our
back
and
then
maybe
put
the
annotations
or
labels.
However,
it
works
in
prometheus
to
do
the
automatic
scrape
discovery.
That's
my
best
guess
so
home
we
will
do.
A
A
What
is
it
called
traffic
splitting
is
that
the
api
we'll
tune
it
up
to
50
50
and
see
if
we
see
or
sorry
we'll
if
it's
at
50
50,
we'll
change
it
to
a
different
percentage
and
hopefully
we'll
see
the
the
metrics
flow
accordingly,
but
pretty
cool.
So
I'm
looking
at
book,
buyer
right
now
is
does
bookstore
show
me
anything.
A
I
guess
it
doesn't
look
like
it
right,
v1
v2!
So
maybe
there's
no
metrics
coming
off
of
receiving
requests,
but
maybe
they're
coming
off
of
sending
requests.
So
I
think
okay,
here
we
go
so
book
thief
is
sending
requests
about
one
request,
a
minute
it
looks
like,
and
let's
see
if
this
number
is
pretty
close,
so
about
one
request:
wait
what
what
is
even
my
x
and
y
access
time
per
minute
success
count
we're.
A
B
A
Let's
make
it
a
little
bit
more
reasonable,
perhaps
okay,
wow
there's
a
bunch
of
junk
okay,
I'm
gonna!
Do
something
really
bad!
Don't
tell
anyone
cube
cuddle
edit
traffic
split
for
the
namespace
book.
It
would
be
in
bookstore
right
because
that's
what
we
control
it
bookstore
there.
It
is!
Okay,
again,
don't
tell
me
when
I
did
this.
So
we've
got
50
50.
looks
pretty
good
yeah,
it
wouldn't
be
an
episode
without
edit
steve,
okay,
weight
is
50.
Weight
is
50.,
so.
C
A
We
do
80
20
right,
so
we'll
we'll
get
we'll
say
things
aren't
going
as
well
as
we'd
expected
with
v2.
We
want
to
roll
back
to
be
80
20
on
v1,
and
the
hope
is
that
we'll
see
these
numbers
drop
in
a
way
that
kind
of
represents
that
change.
So
here
we
go
boom
now
this
could
take
some
time
because
you
might
remember
last
time
we
noticed
that
you
know
the
controller
took
a
little
little
while
to
up
update
here
so
and
richard.
B
A
A
The
docs-
I
wouldn't
have
seen
that
if
you
hadn't
looked
in
there,
so
I'm
glad
you
found
it
all
right,
bookstore
v2,
I
think
it's
slowing
down
now
seems
like
it
or
maybe
my
brain
just
wants
to
tell
me
it
is:
let's
see
big
store.
V1.
Are
you
going
faster?
Okay,
bookstore
v1
is
definitely
going
faster.
It
would
appear
right,
so
let's
go
to
grafana
and
then
this
could
have
a
delay
in
another.
Oh.
A
It's
just
a
small
amount,
it
looks
like.
Oh,
maybe
I
don't
know
we'll
see,
success
count
v2,
we
should
see.
There's
v2's
drop,
okay
cool,
so
v2
is
taking
a
bit
of
a
nosedive
as
we've
done
the
split
here
and
we
can
see
the
success
count.
I
mean
this
is
beautiful.
Right,
like
this
just
speaks
to
the
power
of
these
kind
of
models
like
think
about
before
all
this
kind
of
stuff.
What
were
we
doing?
A
We
were
deploying
a
replica
and
putting
a
service
or
a
replica
set
and
putting
a
service
in
front
of
it,
and
then
we
would
just
like
bounce
up
the
potential
replicas
behind
the
scenes
and
like
we
were
limited
to
round
robin
and
it
just
like
it
really
wasn't
elegant.
This
is
elegant.
This
is
really
cool
right
and
with
things
like
flagger,
we
can
dive
in
and
we
can
say.
A
Oh,
you
know
I
I'm
slowly
rolling
out
the
canary
and
over
time,
based
on
the
amount
of
success
I'm
reading
from
metrics
like
this,
I
want
to
tune
up
and
tune
up
and
tune
up
the
traffic.
That's
going,
and
this
is
awesome-
we're
seeing
the
dashboard
we're
seeing
the
failure
counts.
We
can
make
an
assessment
of
like
oh
boy,
we're
starting
to
see
spikes
and
failure
accounts
with
v2
dial
it
back
with
that
traffic
split
api.
It
gives
us
and
there's
here's
our
jump
for
v1
right.
A
B
A
We
go
that's
the
kind
of
graph
we're
looking
for
okay,
so
success
count
over
the
last
five
minutes.
You
can
see
where
our
bump
happened
right
here
and
if
we
go
back
to
v2,
there's
our
big
dip,
seeing
latencies
on
the
p90
and
p50
and
the
p99,
of
course,
all
really
really
cool
so
yeah.
This
is
pretty
freaking
awesome.
A
I
think
this
is
maybe
a
good
place
to
end
it
honestly,
if
you
all
feel
good
about
that,
I
mean
in
an
hour
and
a
half
without
even
touching
the
repo
before
and
genuinely
like.
I
opened
the
repo
to
read
about
a
little
bit
and
reached
out
to
michelle
to
get
some
information
on
osm,
but
we
deployed
a
mesh
we've
seen
some
of
the
power
I
think.
A
What's
you
know,
just
kind
of
a
amazing
thing
to
be
excited
about
is
how
freaking
cool
smi
is
and
how
it
enables
us
to
do
these
kind
of
things
and
plug
the
right
bits
in
we
saw
envoy
injections.
We
got
to
screw
around
with
the
permissive
models,
learn
a
bit
about
the
plugable
back
ends
they
have
for,
for
you
know
the
certificate
bits
and
that
they're
working
with
thinking
about
plugging
into
spiffy
and
all
that
good
stuff,
so
yeah.
This
is.
A
This
is
really
cool
and
and
thanks
so
much
from
those
who
joined
from
the
osm
team,
we
had
bridget
and
phil
and
one
more
I'm
trying
to
scroll
up
to
find
your
name.
I
don't
want
to
forget:
you
shoot
the
name
in
there
bridget
or
phil,
if
you're
still
on,
for
who
who
I
might
have
forgotten,
but
thanks
so
much
for
joining
us
from
the
osm
team
and
giving
insight
as
well.
It
was
super
cool
to
have
you
all
here
and
yeah.
A
I
mean,
I
know
it's
still
early
days
for
osm,
but
can't
wait
to
see
how
you
all
continue,
building
this
up
and
continue
building
a
really
good
community
around
service
mesh
as
well.
This
is
this
is
really
exciting
stuff.
It's
kind
of
like
a
a
bit
of
a
next
frontier
for
us
in
the
in
the
cloud
native
space
right.
So.
A
Shawshank
as
well
yes-
and
I
hope
I'm
saying
your
name
right,
I'm
so
sorry,
if
I'm
not
thanks
so
much
for
joining
us
today
as
well.
We
appreciate
you
all
giving
your
insight
and
all
that
good
stuff,
so
have
an
awesome
weekend.
Everyone
we'll
be
back
hopefully
next
week
with
some
cool
topic
bring
joe
or
you
know
paul
in
or
or
cora
in
someone
in
to
do
another
episode
on
something
good
and
again.
A
Just
to
reiterate
this
was
an
episode
that
was
submitted
inside
of
our
our
slack,
our
our
github
issue,
tracker
by
mona.
So
if,
if
you
have
ideas
for
episodes,
please
feel
free
to
submit
them
in
github,
we'd
love
to
take
them
and
that's
about
it.
So
until
next
time
everyone
have
an
awesome
weekend
and
we'll
catch
you.
Hopefully,
next
friday
later
y'all
see.