Some points from my recent experience. There is a very big cost management aspect of the set up that you did not cover, which is understandable. 1. When you have multiple, thousands of applications, in the cluster, the cost of data transfer for the envoy configs can be crazy. We used sidecars to limit the amount of data that gets shared. The cost for use was cross zone data transfer. 2. On multi-cluster networks the API Servers talk to each other, and if you have cloudwatch logs enabled, this can also increase the operational cost. I am investigating to move these logs to S3 instead. 3) I recently had an issue in production when using self-signed certificate where the ingress was failing with an error that says I am using certificates self-signed certificates. This error never came up in dev or staging cluster, it only happened in production. I am looking into moving to use Vault or KMS and cert manager. My preference would have been to suppress this error for now and do the cert-manager setup later. 4) I also would like to explore the canary upgrades for the control plan to safer deployments. Istio can cause a big headache when stuff breaks in production.

I am new to opal, i am not able to figure out how to add data of new user after registration in my application . Can you tell me how to do it.

can we use private link to run multi cluster istio ?

Excellent demo, team! This must be the best demonstration of running Istio on EKS. The provided Terraform code works flawlessly, and the tutorials are outstanding. Well done!

Thanks Peter. -- question, is this prod or in beta (ztunnel and waypoint proxy)?

It is possible with ingress in kubernetes to place a rule, rules, so that if the authService service receives a body with name property equal to teste200, send it to the authServiceBeta_1.3 service

Hi Peter, Great deep dive into k8s & cilium networking. I do have a question though with on-prem baremetal deployment, do I still need to use MetalLB or can I use Cilium instead?

What is the need to do a port forward for Kiali as we have istioctl installed, can't we just do istioctl dashboard kiali instead? What is the difference between these two methods of accessing the Kiali dashboard? Is it the same or anything different if we access in one way than the other?

Hi really nice demo! I would like to use envoy without docker , where can i find the envoy.exe?

Is there a CVE for this?

which gloo gateway you installing? link to documentation? why presenting with no link to github.

How is the gloo gateway programmed?

Rate limit headers are not being propagated to upstream. ANy idea on how to get that resolved?

So helpful thanks

Does Istio not support JWT authentication as well?

How about rotating root certificate with cert-manager?

Why nftables were not used instead of iptables during this "transition" period towards ebpf?

Thank you, great overview for newcomers to K8s world.

Amazing content and really clear!

17:00 start after intro

Very usefull Thank you from France Do you have a github to share your yaml files please

Thank you Continue please to enter in details more and more 🤪

Great explanation. Thanks.

how did you swap the pod's ip addresses?

actual shared window size became small and not easy to read even on laptop, may be next time videos it can be fixed EDIT: terminal was clear but the diagrams weren't very clear

LoadBalancer functionality demo

Can you please share the github repo?

Can you answer a question, is it possible to use jaeger + istio, for every request and response event of each microservice? automatic without changing microservice/pod code? How can I look for the configuration I should do?

With istio you can use destination rule to pick pods based on selectors. Is there anyway to achieve that with gateway API since HTTP Route BackendRef only allows pointing to services and no option to choose based on pod selectors

Great show as always keep it up

Hello, I would like to ask you, do you offer Gloo Mesh core as a free alternative to Gloo Mesh Enterprise offering or it is just a test bed?

Wonderful session with so much clarity. thanks for your efforts.

Good book. But too much typo and mistakes in commands and almost no explanation of the YAML files. The reader has to google them and fix typos.

Dude you need to slow down. Give people a chance to look at the screens. I think you should go half this speed.

Thanks everyone for joining! Check out the demos here: github.com/peterj/jwts-for-services Feel free to reach out if you have any more questions!

thank you guys, i was trying 2days ago to use Cilium IPAM and BGP instead of MetalLB

It is not odd to Nigerians based in Nigeria watching Cilium..Remember there are so many Nigeria based in the US working in the devops space. Lol. We are starting to mentor Nigerians who are based in Nigeria about kubernetes. Nigerians banks and companies are some of the biggest in Africa.

They could have edited the part where Lin froze 🤣

I have implemented rate limits of path prefix match and exact match as well. But I’m struggling to match regex patterns in Envoy and how to define wildcard is descriptors in configmap. Can anyone let me know how we can implement rate limit on nested paths eg /api/v1/products/*

Multi-Region Demo Source Code: github.com/bdlilley/multi-region-demo Lambda Redis Promoter Source Code: github.com/bdlilley/aws-global-elasticache-promoter

Is gloo platform fully paid or we can use open source version?

thanks; I love your videos! It would be wonderful to get some videos explaining : 1. Structure of envoyFilters 2. Common patterns (e.g. filtering per service/ svn/path) with plenty of diagrams like this one! love them! Thanks again!!!!

Interesting 🧐 results are promising

Sir, is there a mechanism to intercept the response path?.. For ex, if I need to analyse the response headers and content and then modify the response or status code, how do i get a hook for that.

Love INVITAE. Great company ❤❤❤❤❤

How can i set up the environment to demo follow you. Thanks

This was awesome, thanks a ton !! Can you explain in next video how can we assign a custom Security Identity to a subset of cilium endpoints based on some custom logic. Example - say a pod has multiple IP addresses (say 50) (due to multiple network interfaces on it) and then out of 50 IP addresses, I want to create a network policy to filter just 10 IP addresses from that pod. In that case a pod label based policy won't work. Hence, I was thinking if we can assign a custom security identity to those 10 endpoints and then stick that security identity in the network policy to entertain traffic originating from a subset of endpoints associated with a single pod.

This is super helpful. Thanks a lot. But i have a minor confusion with terminologies. 1. When you say, Envoy, whose server you ran on right, that envoy means the proxy/gateway server which uses envoy rate limiter. Is it correct ? 2. Whenever a request is sent, Does it first go to the gateway/proxy or first go to the rate limit service (whose server you started on left)

world's most useless video.

Thank you, great overview.