►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi
there
welcome
everyone
to
the
webinar.
Today
I
am
chiptan
tucker,
the
founder
at
a
company
called
sars,
and
we
build
the
on
route
in
race
controller.
Api
gateway.
In
this
talk
we'll
go
over
how
to
have
end-to-end
encryption
using
the
on
rooting,
grace
controller
and
the
link
rd
service
mesh.
A
So
this
is
sort
of
a
workshop
you
can
follow
through
it
and
even
go
through
the
steps.
While
you
achieve
the
same
things
that
we
do
in
this
webinar,
if
you
have
questions,
feel
free
to
join
the
slack
channel
or
if
you
want
to
try
out
the
enterprise
features
for
the
on
root
controller,
you
can
drop
us
a
note
using
the
form
on
the
website.
A
This
is
about
me.
You
can
also
follow
us
on
twitter.
We
also
have
an
open
source
version
of
our
software.
Apart
from
a
community
and
enterprise
version
to
check
out
the
open
source,
you
can
use
this
address
on
github
at
the
high
level.
We
are
going
to
talk
about
these
cloud
native
solution,
figure
out
the
different
components
involved
to
take
a
high
level
view
of
where
the
solution
fits.
What
are
the
different
components
so,
at
a
high
level,
the
application,
networking
and
security
involves
the
container
networking
interface.
A
These
are.
These
are
software's
like
celiums,
celium
or
calico
or
flannel,
which
essentially
provides
the
network
plumbing
between
the
pods.
That's
the
container
networking
interface.
Then
there
is.
How
does
your
traffic
enter
the
cluster?
That's
where
the
increased
controller
comes
in.
One
example
of
that
is
the
on
road
one
step,
and
then
we
have
service
meshes
like
linkardi
and
istio,
which
essentially
help
with
not
only
traffic
management
but
mtls
observability
and
a
lot
of
operational
concerns
are
met.
A
So
we'll
quickly
talk
about
all
these
things
and
then
finally,
we'll
go
over
a
demo.
A
So
this
is
a
graphical
representation
of
the
major
components
in
kubernetes
application,
delivery
and
security.
So,
of
course
you
have
the
cluster
and
you
have
the
cni,
the
cni
wires
of
all
the
parts
and
the
services
performs
the
network
plumbing
and
a
lot
of
times.
They
also
do
security
functions
like
network
segmentation
at
layer
3.
A
So
android
one
step
is
an
ingress
controller,
api
gateway.
It
is
built
on
onboard
proxy
and
essentially
helps
out
with
north
south
traffic
security
and
management.
It's
extremely
simple.
Typically,
the
policy
and
connectivity
that
you
want
to
specify
for
a
service
can
be
done
using
one
step.
That's
the
idea
behind
it
and
it's
declarative.
So
you
can
just
declare
the
things
you
want,
execute
one
command
and
it
will
provide
the
necessary
policy
and
android.
One
step
is
completely
kubernetes
native.
A
It
runs
as
a
container
and
it
it
can
be
used
to
run
another
image
controller
service.
How
is
it
different?
It
is
built
on
on
y
proxy,
of
course,
it's
again
on
y
proxy.
The
cncf
graduated
project
it
works
for
both
kubernetes
and
non
kubernetes
on
route
also
can
function
as
a
shim
outside
of
kubernetes
when
you
run
it
in
standalone
mode,
say,
for
instance,
in
a
darker
container.
A
If
you
just
want
it
to
run
on
root
and
envoy,
you
get
simple
rest
or
graphql
based
apis
to
configure
on
root.
It
is
purely
declarative.
There
is
no
yaml
involved
when
you
are
setting
it
up,
you
can
just
select
a
set
of
service
and
l7
policies,
specify
those
policies
run
one
command
and
it's
all
good
to
go.
You
can
then
tweak
it
by
editing,
different
config
objects,
and
then
you
know
tune
it
more
to
your
needs.
A
There
are
three
versions,
of
course
the
os
is
the
community
and
enterprise,
and
you
can
check
out
the
complete
list
of
features
and
get
android
dot.
Io,
slash
features,
linker
d
is
again
a
cncf
graduated
project,
it's
a
service
mesh
ultra
lightweight
and
it's
an
extremely
popular
service
mesh
which
has
over
200
contributors,
and
I
think,
if
I'm
not
wrong
about
10k
stars,
why
do
we
need
a
service
mesh
and
why
end-to-end
encryption
so
with
microservices?
A
A
So
you
essentially
verify
every
single
request
coming
inside
your
cluster
and
when
the
services
talk
to
each
other,
they
also
verify
every
request
and
the
verification
comes
in
forms
of
authentication
and
authorization.
So,
of
course
you
need
your
identity
set
up
for
each
of
the
workloads
that
you
can
use
to
perform
the
enforcement,
so
the
zero
trust
principles
for
traffic
entering
the
cluster
can
be.
Can
be
essentially
done
at
the
ingress.
A
A
A
So
now
that
was
just
a
quick
overview,
we'll
go
over
a
quick
demo,
and
this
involves
installing
the
linker
d
service
mesh.
We
have
a
kubernetes
cluster.
A
There
is
linkard
installed
on
top
of
it.
There
is
an
example,
workload
in
form
of
emojio2,
that's
an
example
workload
and
then
we'll
mesh
that
example
workload
in
the
link
rd
mesh
so
essentially
insert
a
proxy
with
the
workload
so
and
then
the
other
aspect
is
we'll.
Install
onroot,
we'll
mesh
on
group
with
link
rd,
will
externally
expose
the
application
to
the
client
and
then
we'll
secure
that
communication
using
a
certificate
and
acne
certificate
that
will
generate
sign
and
install
in
one
step
again.
A
So
that's
a
high
level
introduction
about
android
one
step
and
linker
d
and
what
we'll
be
covering
in
the
demo.
So
so
the
demo
steps
are
also
present
on
the
website.
There
is
a
high
level
article
that
talks
about
it,
so
you
can
just
navigate
to
the
website
and.
A
In
the
blog
section,
you
can
go
to
end
to
end
encryption
using
our
root
and
linker
d
and
that
will
essentially
walk
you
through
the
same
things.
So
we
have
a
cluster
right
now,
so
let's
just
quickly
check
that
right.
So
we
have
a
cluster
and
we
also
have
link
already
installed.
A
So
that's
link
card
installation,
so
we
have
also
connected
to
the
beyond
cloud.
Bouillon
is
the
company
that
created
linkerd,
so
we
are
also
connected
to
the
cloud
just
to
verify
the
mtls
so
right
now
here
is
the
connection,
and
we
can
see
that
there's
one
active
cluster
with
a
couple
of
nodes.
There's
a
few
workloads
right.
A
So
moving
ahead,
let's
go
ahead
and
install
the
emoji
workload,
so
that's
the
command
that
installs
the
workload
and
then,
of
course
we
have.
I
think
we
have
these.
So
we
have.
We
have
the
jet
stack
sort
manager
which
we'll
be
using
to
install
the
eight
mesa.
We
also
have
the
on
route:
api
gateway,
health
charts,
which
we'll
be
using
to
install
android
and
the
service
policy,
essentially
how
to
expose
the
service.
How
to
secure
the
service,
so,
let's
just
go
ahead
and
install.
A
Quickly,
look
at
that,
so
it's
still
getting
an
external
ip
in
the
meanwhile,
let's
go
ahead
and
set
on
root
up
for
running
with
linker
d.
So
when
you
are
integrating
an
ingress
controller
with
linkard,
there
are
a
couple
of
suggested
practices.
One
is
around
adding
a
header
to
provide
hints
to
linkardi.
The
other
one
is
around
delegating
the
the
endpoint
selection
for
routing
to
link
rd.
A
So
there
is
one
flag
setting
in
android
which
takes
care
of
all
of
this
and
it
can
be
further
customized
if
you
like,
but
essentially
there
are
a
couple
of
requirements
when
you're
trying
to
run
an
ingress
controller
with
linkardi
and
with
our
root
one
step.
We
have
made
it
extremely
simple
where
you
just
set
one
flag
and
everything
just
works.
So
let's
just
set
this
one
global
config
and
that's
it.
A
So
that's
all
you
need,
and
now
on
root
is
ready
to
work
with
link
rd.
Now
you
can
take
a
look
at
this
more
on
the
website
to
see
what
are
the
other
cast
customizations
available,
but
essentially,
you've
already
enabled
the
link
enabled
setting
to
set
up
the
controller,
and
if
you
want
you
can
disable
the
header
addition
and
the
endpoint
delegation
endpoint
selection
delegation.
A
You
could
disable
any
of
these
if
you
like,
but
by
default.
It's
all
enabled.
Now
we
earlier
created
the
emoji
auto
workload.
Now
we
are
just
going
to
mesh
it.
So
just
going
back
to
this,
what
we
are
talking
about
now
is
we
got
a
workload,
setup,
say:
emoji,
auto
workload.
Now
we
are
going
to
mesh
it
as
as
then
we
are
going
to
add
the
link
kerdi
proxy
to
it
and
that's
the
command
to
do
that.
So
what
it
does
is.
A
It
adds
an
annotation
to
the
deployment
and
that
inserts
the
linkard
proxy
and
then
we
do
the
same
thing
for
on
route.
So
so
what
we
are
doing
here
is
we
are
in
injecting
the
linkard
proxy
for
both
the
workloads,
the
emoji
voter
workload
or
test
workload
and
the
on
route
workload.
A
Right
so
we
see
that
emoji
auto
is
now
seen
by
the
cloud,
and
then
here
it's
here
we
can
see
emoji,
auto
emoji,
auto
is
meshed,
and
we
also
see
that
on
root
is
meshed.
The
dark
circle
here
with
our
solid
dot
in
there
shows
that
it
is
meshed.
A
We
have
the
on
root
pod,
which
is
running
the
on
root
image
and
redis
and,
of
course,
on
y
proxy.
But
at
the
same
time
it
is
running
the
linker
d
proxy
as
well
in
the
same
part.
So
what
it
is
showing
is
that
we
have
successfully
meshed
the
on
root
bond.
A
Yeah
we
now
have
an
external
ip,
so
what
I'm
going
to
do
for
this
demo
is
create
a
dns
entry
for
this
external
ip
and,
let's
call
it
link
already
image
to
demo
and
then
we're
just
going
to
set
it
to
the
external
id.
A
A
Just
use
one
command
from
the
chart
and
what
we
are
doing
here
is
we
are
saying
program
the
ingress
in
such
a
way
that
I
can
talk
to
the
emoji
voter
service
over
that
dns
name,
and
we
are
specifying
a
couple
of
properties
about
the
service.
What's
the
name
of
the
service,
what
prefix
to
reach
it
on
what
port
the
service
is
accessible
on,
so
let's
just
go
ahead
and
run
that
command.
A
The
service
the
ingress
is
getting
programmed
and
it
right
now
installed
a
couple
of
filters
which
I
can
quickly
look
at
if
I
like.
So
that
tells
me
that
oh
I
have
a
lua
filter
setup
which
is
going
to
add
a
lua
filter,
says
hello,
header,
and
then
there
is
also
the
rate
limit
layer.
Seven
rate
limits
are
set
up
which,
which
again
you
can
take
a
look
at
over
here,
so
you're
saying
for
the
http
protocol
limited
to
five
requests
per
second.
So
this
all
got
set
up
automatically.
A
A
A
We
have
the
on
root
setup
and
let's
just
install
the
certificate
on
it.
So.
A
A
A
And
there
you
are
the
application
tier
that
showed
up.
That's
the
linker
dtls,
so
going
back
to
this,
the
cert
that
we
installed
that
covered
the
tls
from
the
user
to
android
and
we
were
able
to
mesh
on
root
and
the
emoji
water
workload,
which
was
the
mesh
mtrs
aspect.
So
that's
how
we
achieved
the
end-to-end
encryption,
using
the
liquidity
service
mesh
and
on
root.
A
So
that
concludes
the
demo.
If
you
have
questions,
feel
free
to
drop
us
a
note
through
the
website
and
thank
you
for
joining
us
have
a
great
day.
Bye.