►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right
everyone-
hopefully
you
can
hear
me
sorry.
I
had
some
bluetooth
issues
but
awesome.
Fantastic,
welcome
to
cloud
native
live
where
we
dive
into
the
code
behind
cloud
native,
I'm
taylor
dillozal
a
senior
developer
advocate
at
hashicorp,
where
I
focus
on
all
things:
infrastructure,
application,
delivery
and
developer
experience.
A
Every
week
we
bring
a
new
set
of
presenters
to
showcase
how
to
work
with
cloud
native
technologies.
They
will
build
things,
they
will
break
things
and
they
will
answer
your
questions
join
us
wednesdays
at
11
a.m.
Eastern
time
this
week
we
have
jason
morgan
here
with
us
to
talk
about
linker
d
2.11
and
walk
through
the
new
policy
features
some
housekeeping.
A
This
is
an
official
live
stream
of
the
cncf
and,
as
such
is
subject
to
the
cncf
code
of
conduct,
please
don't
add
anything
to
the
chat
or
questions
that
would
be
in
violation
of
that
code
of
conduct.
Basically,
please
be
excellent
to
one
another
with
that,
I'm
very
excited
to
hand
it
over
to
jason.
To
start
today's
presentation,
jason.
B
B
All
right,
so
I've
got
a
little
little
whiteboard
going
on
here,
so
I'm
going
to
show
you
a
fictional
app
that
is
very
close
to
the
actual
app
that
we're
going
to
be
working
with
today,
and
I
want
to
talk
about
what
it
is
to
install
and
use
a
service
mesh
with
it
right
so
assume
this
app
is
running
inside
of
our
kubernetes
class
there,
each
one
of
these
components,
each
one
of
these
components-
represents
a
pod
right.
So
the
way
the
way
a
service
mesh
works
and
also
you'll
see
in
the
chat.
B
Sorry
for
the
distraction.
But
if
you
look
in
the
chat,
there's
a
couple
links
coming
out.
First
is
the
link
to
the
linker
d
slack
right.
So
if
you
join
that-
and
you
have
questions
you
can
hit
me
up
directly-
there's
also
a
pretty
large
community
of
folks
that
you
know
understand
and
like
talking
about
linker
d,
and
I
would
love
to
have
you
join
us
beyond
that.
You'll
also
see
a
link
to
our
getting
started
guide
right,
so
that
is.
B
That
is
what
I'm
going
to
start
with
before
I
get
into
policy,
and
it's
this
page
here,
and
this
tells
you
everything
you
need
to
do
to
install
linker
d
and
you're.
Also
you'll
also
see
some
of
it
as
I
as
I
go
through
and
do
it,
but
before
we
install
anything,
let's
talk
about
how
it
works,
so
I
have
an
app.
It's
got
a
front
end
and
two
back
ends
right.
The
front
end
communicates
with
the
back
ends
over
some
sort
of
call
on
the
network.
B
When
we
install
linker
d
or
any
any
service
mesh.
What
we
do
is
we
install
a
control
plane,
which
is
an
interface
between
you,
know,
the
platform
operators
and
the
the
service
mesh
right.
So
it's
got
some
components
that
actually
run
run
our
environment
and
then
what
we
do
is
we
inject
a
number
of
these?
These
proxies
right,
these
little
load
balancers
in
between
your
application,
pods
right.
B
So
we,
you
know,
we
use,
what's
called
the
the
sidecar
model
in
kubernetes
to
connect
connect
the
the
proxies
to
your
application,
and
then
we
change
the
network
traffic
so
that,
instead
of
going,
you
know
directly
from
front
end
to
back
end.
It
goes
through
the
proxy
to
the
proxy
on
the
other
side,
and
that,
like
that,
addition
of
proxies
allows
us
to
take
a
lot
of
things
that
you
might
put
directly
in
your
application
and
instead
give
them
over
to
your
platform
team
to
run
and
manage
right.
B
So
as
a
as
a
quick
example,
imagine
your
environment,
you're,
highly
regulated,
and
it's
important
to
you
that
you
encrypt
the
traffic
between
every
every
pod
inside
your
kubernetes
cluster.
Well,
these
proxies,
among
other
things.
They
can
handle
mutually
authenticating
the
connection
so
adding
tls
and
authenticating
each
side
of
the
conversation.
What
we're
going
to
show
you
today
is
one
how
to
do
this,
where
you
install
and
add
an
application
to
to
a
mesh.
We're
also
going
to
show
you
how
to
use
policy
to
decide
whether
or
not
this
connection
is
allowed
to
happen
right.
B
So
we
can
use
policy
to
say
sorry,
you're
you're
not
going
to
be
able
to
talk
to
that
or
from
that
app
to
that
app
as
an
example-
or
you
know,
add
policy,
though,
so
that
we
are
allowed
to
do
it
and
that's
the
basic
picture,
so
I
hope
that
was
helpful
again
check
out
the
links
join
us
on
slack.
I
would
be
super
grateful
to
hear
from
you
and
any
feedback
that
you
have
and
also
check
out
our
getting
started
guide.
So
this
will.
This
will
walk
you
through
it.
B
One
more
tip
you'll
see,
there's
a
link
to
dashboard.sivo.59s,
I'm
going
to
do
a
little
bit
of
the
demo
on
a
local
cluster,
and
then
I'm
going
to
do
the
rest
live
on
this
active
cluster.
So
you
can
actually
go
to
this
dashboard,
see
what's
happening
and
watch
me
break
and
unbreak.
The
emoji
photo
app
right
here,
so
please
feel
free
to
hit
that
up.
There's
also.
B
B
So
with
all
that
being
said,
let's
install
linker
d
here,
I've
got
I've
got
a
terminal
on
the
left
hand,
side,
I'm
gonna
do
my
actual
work
on
the
right
hand,
side
you
see
all
the
pods
that
are
currently
installed
and
running
in
the
environment.
Just
so
you
know,
I'm
not
I'm
not
faking
anything
and
we're
gonna
go
we're
gonna
go
five
minutes
from
us,
starting
to
us
having
an
active
service
mesh
with
an
application.
B
I'm
going
to
start
off
with
linker
d
install,
so
I'm
going
to
run
the
liquidity
install
command.
It's
going
to
generate
a
bunch
of
ammo
and
it's
going
to
hand
it
off
to
it's
going
to
hand
it
off
to
the
kubernetes
api
and
entenor
they're
great,
getting
started
guides
actually
just
on
the
kubernetes
docs
themselves
and
there's
a
bunch
of
other
resources
out
there
and
there's
great
videos
on
youtube
that
will
show
you
how
to
get
going.
I
recommend,
like
I'm
running,
docker
desktop.
I
love
it.
B
You
can
use
kubernetes
right
there
to
get
going
so
here
I've
installed
linker
d,
but
we
don't
know
whether
or
not
linkedin
is
working
yet
so
I'm
going
to
use
the
linker
dcli,
I
could
also
use
again
I
could
use
helm
or
a
number
of
other
resources
that
install
liquidy,
but
in
this
case
I'm
doing
the
cli
and
I'm
going
to
I'm
going
to
run
linkery
check
just
to
see
whether
or
not
my
my
linkerity
service
mesh
is
healthy.
B
A
lot
of
text
scrolls
through
with
green
check
marks,
which
fills
me
with
with
confidence.
I
also
see
you
know,
status,
check.
Results
are
green
check
mark.
So
now
I'm
feeling
feeling
great
about
it.
So
that's
linker
d
installed,
that's
our
our
core
control
plane,
but
we
still
want
to
add
some
more
right.
B
I
want
to
see
a
dashboard
like
that
that
ui,
if
you
got
to
that
link,
that's
that's
in
a
separate
extension,
so
we're
going
to
show
you
how
to
install
that
if
I
run
linker
dvis
install
and
do
that
same
k,
apply
dash
f
and
for
those
that
don't
know,
k
is
just
an
alias
for
cube
ctl.
I
can't
reliably
type
it
so
I
use
k
all
the
time
less.
A
B
Yeah,
it's
just
it's
too
many
letters
right,
so
I
run
the
I
run.
The
linkery
vis
install
again
outputs
yaml
applies
it
to
the
kubernetes
api
and
we
see
something
coming
up
and
running.
So
let's
do
once
again
a
check,
but
I'm
just
going
to
check
the
viz
component,
because
I
know
linkery's
healthy
we're
at
we're
at
two
and
a
half
minutes
in
right
now.
So
I
think
we're
gonna.
I
think
we're
gonna
make
it.
But
let's
see
let
me
do.
B
B
A
I
think
one
one
question
I've
got
for
you,
jason,
is:
how
are
what
are
some
of
the
different
ways
in
which
people
can
get
this
onto
their
cluster?
Is
the
cli
tool
the
best
way
helm,
charts
crds?
What
are
were
some
happy
pathways
to
get
that
onto
your
cluster.
B
Yeah,
so
the
cli,
the
the
nice
thing
about
linker
d
is
the
cli
and
the
helm,
charts
share
the
same
base
templates
and
an
argument
that
you
can
use
for.
One
works
for
the
other.
So
there's
like
I'm
not
going
to
tell
you
that
the
cli
is
better
than
the
helm
chart
or
the
home
charts
better
it.
It
depends
on
your
flow.
We
do
see
it's
more
common
for
production
users
to
be
using
the
the
helm
chart
rather
than
the
cli.
B
Also,
if
you,
if
you're
interested
in
doing
it
with
argo,
cd
or
flux,
there's
a
ton
of
there's
a
ton
of
material
out
there
on
running
linker
d,
with
flux
or
linker
d,
with
argo
and
more
stuff
being
generated,
all
the
time
so
happy
to
happy
to
share
some
resources
around
that.
If
you
have
questions,
let.
A
B
Let
me
install
an
application
and
then
I'll
show
you
how
to
add
that
to
the
mesh
oh
femi,
I
feel
like
femi
yousef.
We
spoke
last
time
also
so
femi
uses
femi
youssef
is
asking:
are
the
proxy
pods
by
themselves
or
are
they
running
as
a
container
within
the
application
pod?
Thank
you.
Yes,
that
second
thing
right
so
and
we'll
we'll
see
that
in
a
lot
more
depth
in
a
second
right
now
I
have
the
emoji
photo
app
right.
We're
gonna
add
that
to
the
mesh,
but
it's
not
in
the
mesh.
B
Yet
so
right
now,
I'm
going
to
install
four
individual
individual
containers
where
it's
one
container
to
a
pod.
But
after
I
after
I
add
my
linker
d
annotation
and
add
it
to
the
mesh
right,
there's
now
going
to
be
two
containers
within
these
pots
and
you'll
see
that
happen
right
now.
So
let
me,
let
me
show
you
one
way
to
do
this.
B
Then
I
wanted,
I
want
to
transform
this
yaml
and
add
an
annotation
that
says
please
inject
blinker
d
into
these
pods,
and
so
we've
added
that
into
our
cli
linker
d.
Inject
dash,
we'll
just
add
a
single
line
annotation
to
it,
which
you
can
apply
yourself
or
you
can
apply
the
namespace
level
and
then
we're
just
going
to
send
that
right
back
to
the
cube
api.
B
B
So
now
we've
taken
emoji
photo.
We
installed
it,
it's
a
working
app
on
its
own,
it's
a
working
app
on
its
own
and
then
add
it
to
the
mesh
haven't
made
any
custom
resource
definitions,
haven't,
link
or
deed
fight
it
or
anything
like
that.
I've
just
I've
just
got
it
added
in
a
to
z.
Ice
is
asking
if
there
are
performance
impacts
for
adding
liquor
e.
B
Yes,
definitely
and
there's
tons
of
things
that
you
can
do
to
manage
error
to
measure
it,
including
a
really
cool
service,
mesh
benchmarking
tool
from
the
folks
over
at
kinvoke
right.
So
we
use
that
tool.
When
we
compare,
we
use
that
tool
when
we
compare
linguity
versus
another,
very
popular
mesh
in
the
environment.
B
So
it's
a
it's
a
great
testing
harness
and
we'd
recommend
you,
you
check
it
out
and
then,
if
you
have
questions
about
the
overall
performance
impacts
of
adding
a
mesh,
it's
really
great
to
test
it
in
your
environment
and
see
what
happens.
B
So.
This
is
kind
of
the
end
of
the
of
the
getting
started
guide
or
about
all
I'm
going
to
show
you,
although
you
can
see
more
and
go
through
it
in
more
depth.
If
you
go
to
the
getting
started
itself
so
now,
I'd
love
to
we've
got
that
out
of
the
way
taylor
good
time
to
to
get
into
policy
and
and
break
some
stuff,
always.
B
B
All
right,
so
what
we're
going
to
do
is
I'm
just
going
to
change
my
my
cube
contacts
to
a
live
class
there.
So
this
is
a
cluster
running
in
sivo
cloud
and
if
you
haven't
checked
it
out,
tivo
has
a
nice
kubernetes
as
a
service
offering
you
can
check
out,
and
it's
really
very
inexpensive.
If
you
want
to
run
your
own
cluster
and
I
personally
use
it
all
the
time.
B
So
what
we're
gonna
do
is
we're
gonna
set
up.
Another
watch
here
on
the
right:
okay,
get
pods
dash
and
emoji
photo
because
I'm
gonna,
I'm
gonna,
make
life
hard
for
emoji
photo,
and
I
wanna
see
the
pods
in
the
name
space
as
we
do
this
so
now,
once
you
do
that
getting
started
guide
right,
you
have
linkard
installed,
you
have
an
application
in
the
mesh.
So
now
I
want
to
go
back
to.
I
want
to
go
back
to
this
little
diagram
really
quickly
right.
B
So
the
proxy
is
the
tool
that
handles
setting
up
the
mutual
authentication.
It's
what
handles
giving
us
data
like
hey,
you
know,
what's
the
success
rate
or
request
volume
or
latency
for
the
various
components
right.
I
get
all
that
because
my
traffic
is
passing
through
the
proxy,
so
in
order
to
do
policy,
we
have
to
have
a
proxy
on
that
on
that
node
right
on
that
that
component
right,
that
is
going
to
receive
the
traffic,
so
in
linkerid
2.11
we
introduce
we
introduced
server
side
policy
right.
B
B
We
do
not
have
policy
that
says
from
front
end:
where
can
you
go
or
what
can
you
do,
although
that
is
coming
in
the
linkerity
2.12
release
and
love
to
hear
your
thoughts
on
it
and
again
join
us
in
liquidity.
Slack
tell
us
what
you'd
like
and
feel
free
to
participate
in
the
design
discussions
actually
going
on
in
the
lingerie
get
rebound
around
212.,
so
yeah.
So
I'm
going
to
show
you
server-side
policy.
B
B
So
the
the
first
thing
I
want
to
do
is
I
I
need
to
set
the
the
default
policy
for
either
the
cluster,
the
namespace,
the
deployment
or
the
pod
right,
the
workload
or
the
pod
right,
I'm
going
to
set
policy
at
the
namespace
level
right
and
what
I'm
going
to
set
is
an
annotation
that
says
no
matter
what,
if
you
don't
have
an
explicit
rule,
saying
if
you
don't
have
an
explicit
rule,
saying
you
may
do
x,
y
or
z,
it's
gonna
deny
it!
So,
let's,
let's
do
that
so
I'm
gonna
do
k.
B
B
Equals
deny
right,
so
I
want
it
to
deny
traffic
unless
it's
been
explicitly
authorized
that
it
may
may
do
something,
and
the
first
thing
you're
going
to
note
is
nothing
happened
right
and
if
we
go
to
the
emoji
photo
app
right,
which
you
can
go
to
it's
just
emojivoto.sivo.59s.io,
you
can
refresh,
you
can
vote
on
things
and
everything
still
works.
So
what's
happened
right
well,
the
the.
B
B
B
B
You're
you're
wrong,
however,
it's
it's,
it's
yeah,
it's
really
unpleasant.
It's
a
it's
a
total
and
the
reason
I'm
pointing
this
out
right
is
that
is
that
policy
is
tricky
and
policy
is
for
the
first
time
in
linker
d,
we
have
given
you
a
tool
that
will
allow
you
to
thoroughly
shoot
yourself
in
the
foot
right,
so
you've
got
stuff
to
harm
your
environment.
Here
it's
good
and
there's
power.
You
know,
there's
there's
jelly
in
those
donuts,
but
you
know
they're
they're
hard
to
get
so
the
problem.
B
Is
you
see
my
new
version
of
the
app
I'm
getting
restarts
yeah.
Thank
you,
son
of
sono,
singal
that
the
health
checks
don't
work
right,
because
the
first
thing
that's
happening.
I
can
go
look
at
hold
on.
Let
me
show
you.
Let
me
show
you
in
the
actual
traffic
analyzer
thing
that
I
have
here
right
so
now
that
now
that
my
things
are
hitting
a
new
policy
or
darn
it
is
this
the
right
one.
B
I
don't
know
it's
not
shown
here,
but
basically
there
are
health
checks
that
occur
on
the
admin
port
and
none
of
them
are
allowed
right.
So
I
can't
even
restart
my
application,
so
these
these
folks
are
going
to
eventually
end
up
in
crash
loop
back
off
and
they're
not
going
to
get
anywhere.
So
let's
fix
the
admin
port.
So
let
me
do
a
quick,
quick
read
on
something:
yeah
is
just
an
alias
to
a
tool
that
that
reads:
text
in
a
yaml
aware
fashion.
B
B
If
you
do
go
in
here
and
check
out
the
lingerie
dashboard
you're
gonna
see,
it
looks
really
unhappy
right
because
it
sees
there
are
new
things
spinning
up,
but
it's
it's
not
it's
not
seeing
any
traffic
for
them
right,
but
it's
still
seeing
requests
because
the
old
version,
the
app
still
works
and
things
are
flowing
right
so
yet
is
an
alias
to
the
bat
command
and
bat's
a
cli
tool
that
does
a
better
reading
of
of
files
or
better
a
different
different
version
of
cat,
and
it
does
it
in
a
language
specific
fashion.
B
So
sometimes
it
looks
good.
So,
let's
look
at
this
policy,
so
what
I'm
going
to
do
is
I'm
creating
a
custom
object
so
now
we're
getting
our
first
custom
resource
definitions
in
linkerie
that
you're
going
to
have
to
use
if
you
want
policy.
B
So
first
thing
I
create
is
a
server
and
a
server
is
a
tool
very
similar
to
a
service
that
will
match
on
some
number
of
pods
right
and
it
gives
it
a
name.
So
I
need
a
pod
and
a
port
to
match
on
right,
so
I'm
going
to
match
on
the
on
any
pod
in
the
namespace
and
I'm
looking
for
the
linker
d,
admin,
port
right
and
and
then
I'm
going
to
apply
a
server
authorization
policy,
which
is
an
allow
rule
on
that
on
that
on
that
server
right.
B
So
I
I
decide
on
the
server
that
I
defined
above
and
then
I'm
just
going
to
say:
hey,
listen,
allow
all
unauthenticated
connections
to
that
to
that
port
right,
because
the
kubernetes,
when
it
talks
to
my
pods,
it's
not
using
the
service
mesh.
So
it's
an
unauthenticated
connection,
so
we're
going
to
go
ahead
and
apply
that
okay
apply.
B
What's
going
to
happen
is
eventually
these
things
are
going
to
come
out
of
crash
loop
back
off
right
and
then
the
actual
health
check
will
start
applying.
So
policies
apply
like
server
server
authorizations
apply
live
as
you
make
changes
right.
I
don't
need
to
restart
anything.
Oh
thank
you
femi.
I
totally
missed
that,
so
it
turns
out
nothing's
going
to
happen.
B
Thank
you
so
much
so
now.
Now
I've
got
policies.
Things
are
going
to
start
running
great
great
catch,
so
these
things
are
gonna.
So
no,
I
don't
need
to
restart
the
sidecar
great
question.
Sono
single.
I
don't
need
to
restart
it.
They
will.
They
will
take
effect
automatically.
You
know,
however,
if
they're
in
crash
loop
back
off,
like
that's
the
that's
the
kubernetes
api,
saying
yo
hold
up
for
a
minute.
This
there's
something
there's
something
bad
wrong
here.
Right.
B
Yeah,
great
okay,
so
we'll
see
the
old
pods
going
away
and
the
new
pods
coming
up
now
we
have
broken
emoji
photo
right.
So,
even
though
the
pods
are
working,
it's
busted
uh-oh
right.
We
have
all
kinds
of
problems,
including
the
problem
that
my
my
ingress,
which
is
talking
to
emoji
bono,
is
no
longer
allowed
right.
No
one's
allowed
to
do
anything
here
right
and
I
can
look
at
linker
d
and
I
can
see
oh
look
at
this.
B
My
requests
per
second
have
dropped
precipitously,
because
the
only
requests
that
are
getting
through
are
those
linkery
health
checks.
That's
that's
all
or
sorry,
the
kubernetes
health
checks.
Nothing
else
is
nothing
else
is
passing,
including
the
calls
from
prometheus
that
scrape
data
about
about.
What's
going
on
in
the
environment
right,
so
we're
gonna.
The
next
thing
we're
gonna
fix,
is
prometheus
talks
to
our
pods
and
get
some
data
from
the
from
the
liquidity
sidecar
and
we're
going
to
allow
that.
B
So
let's
do
that
with
allow
prom.
So
this
is
very
similar
to
the
to
the
file
you
saw
before
I
have
a
server
which
is
the
is
the
prometheus
query,
the
prometheus
port
on
the
proxies,
and
then
I
have
a
server
authorization
which
allows
that
to
come
from
the
prometheus
application.
B
So
with
this
policy,
it's
not
really
exciting
to
show
anything,
we
can
just
start
getting
getting
more
data
about
the
fact
that
nothing
is
talking
to
anything
because
because
we
don't
have
any
app
traffic
right,
but
we're
now
in
a
place
where
we
can
actually
fix
the
app
traffic.
So
let's
do
that.
So
let
me
do
one
more
get.
Policy
manifests
emoji
policy
or
something
there.
We
go.
B
Let's
take
a
look
at
this
and
thankfully
the
folks
on
the
team
who
do
useful
things
instead
of
just
talk
to
folks,
have
done
a
lot
of
a
lot
of
time
spent
a
lot
of
time,
giving
good
annotations
about
what's
going
on
in
this
environment,
but
essentially
we're
setting
we're
setting
a
server
that
looks
for
the
apps
in
the
emoji
service
and
authorizes
the
grpc
protocol
from
or
it's
just
it
just
selects
it
right.
And
now
we
have
an
authorization
that
says
who
may
talk
to
it
right.
B
B
B
I
create
a
server
for
the
web
front,
end
right
and
I
allow
all
traffic
to
the
web
server
right
from
anywhere.
So,
let's,
let's
do
this
and
god
willing.
I'm
gonna
have
something
that
works.
So
this
is
the
fingers
crossed
moment.
Folks,
emoji
voter
policy,
great
we've
created
some
things.
B
This
isn't
promising.
Did
I
add
the
prom
stuff?
Sorry
did
I
apply
the
prom
manifest
it
did?
Okay,
so
I
allowed
prom.
I
allowed
this.
B
I
was
sweating
there
for
a
second
and,
let's
go
to
emoji,
photo
see
if
we
can,
we
can
get
to
it.
What's
this
emoji
vote
working
with
with
traffic
with
policy
right,
we
can
view
our
leaderboard
okay,
great.
We
can
vote
on
our
favorites
and
that's
that's
the
story
of
policy
and
in
linker
d.
So
it's
dangerous,
but
it
can.
B
It
can
get
a
lot
of
value
and
once
it
works,
it
just
works
right
and
then,
if
you
want
to
use,
if
you
want
to
use
the
folks
that
make
linker
d,
that's
company
point
who
I
work
for
we
make
a
product
that
allows
you
to
get
a
little
bit
more
information
about
your
liquidity
environment
and
turn
it
into
a
bit
more
of
a
managed
service.
B
If
you
go
to
point
cloud,
you
can
add
your
your
cluster
up
to
two
clusters
for
free
and
just
check
it
out,
see
how
it
works
with
policy
you'll,
be
able
to
see
policy
violations
in
progress
and
some
other
other
neat
stuff
like
that.
But
yeah.
That's
the
that's!
Really
the
the
heart
of
the
story.
I
didn't
mean
to
go
through
it
quite
so
quickly.
Yeah,
I
don't
know.
Does
anyone
say
anyone
have
any
questions
or
anything
I
can
dive
into?
B
I
know
sorry,
I
know
a
to
z,
asked
about
performance
impacts
thing
I
tell
you
is
adding
a
proxy.
B
B
Now
the
question
is:
what
does
it
do
for
you
overall
right
and
as
an
example,
we
have
some
folks
in
pain
yeah.
So
these
these
folks
at
npain,
published
the
case
study
with
the
cncf
where
they
talked
about
how
adding
a
service
mesh
allowed
them
to
not
only
get
better
performance
out
of
their
application
than
they
were
able
to
see
before,
but
allowed
them
to
to
realize
a
10x
increase
in
throughput
right.
B
So
not
only
did
they
get
faster
by
adding
a
service
mesh,
they
also
were
able
to
scale
higher
than
they
were
able
to
previously
and
all
sorts
of
other
gains,
and
you
can
check
this
out
I'll,
send
the
link
to
the
the
cncf
folks
and
they
can
post
in
the
chat,
but
they
were
able
to
see
they
were
able
to
see
huge,
huge
benefits
right
in
the
end,
there's
plenty
of
stuff
about
performance,
sono,
single
they'll.
Oh
thank
you!
So
much
cncf
folks,
oh
great
question
a
to
z
ice,
so
they
ask.
B
Is
it
possible
to
write
authorization
for
specific
users
rather
than
pods?
No
right?
That
is
absolutely
not
in
linkerity
2.11
right!
This
is
entirely
server-side
and
it
is,
it
is
fairly.
Coarse-Grained
right,
it
is
fairly,
is
fairly
coarse-grained,
where
you
know
I
am
saying
what
kubernetes
objects,
what
kubernetes,
specifically
what
kubernetes
service
counts,
will
a
given
server
support
right,
linkerity
2.12
will
allow
you
to
make
that
more
fine-grained,
where
you
can
say
what
server
is
allowed
to
hit,
what
path
on
what
server,
but
it
it
has
no
particular
support
for.
B
Yeah,
that's
the
that's
the
big
story
there
did
that
answer
your
question
as
the
ice.
I
hope
so.
B
How
about
traffic
egress
yeah
great
question
stay
tuned
for
that
on
linkery,
2.12
and
I'll.
Let
me
actually
show
you
the
roadmap
dock,
which
just
got
updated
so
github,
linker
d,
linker
d2,
so
one
this
is
the
place
to
go.
If
you,
if
you
are
curious
about
what
lingerie
is
doing
or
you
like
liquidity,
you
want
to
give
it
a
github
star.
It's
always
nice
to
have
or
you
want
to,
or
you
want
to
get
involved
in
the
project
check
this
out.
B
It's
also
where
we
have
our
roadmap,
which
we're
going
to
find
right
here.
If
you're
trying
to
know
more
about,
what's
planned
in
linker
d,
come
check.
This
out
ask
questions,
raise
issues
if
you're
looking
for
a
specific
bit
of
functionality
and
yeah,
we
we'd
appreciate
that,
but
sorry,
son
of
a
single,
I
I
blew
past
your
question,
stay
tuned
for
lingerie
2.12,
for
what
we
do:
vis-a-vis
ingress,
the
or
egress.
B
But
all
all
things
like
this
are
all
things
like
egress
are
the
provenance
of
client-side
policy.
So
let
me
let
me
go
to
this
diagram
real,
quick
right
now.
The
decision
happens
here
as
to
whether
or
not
to
accept
the
request.
B
Client-Side
policy
will
shift
that
the
the
decision
occurs
here
as
to
whether
or
how
to
make
a
request
right.
So
egress
is
essentially.
Should
I
go
from
in
cluster
to
something
off
cluster
right,
third
service.
You
know
whatever
out
here
and
that
would
be
an
egress
decision.
So
I
can't.
B
I
can't
tell
you
exactly
what's
going
on
because
I
don't
know-
and
things
are
still
in
development,
but
linker
d
2.12
is
the
release
that
will
support
things
like
egress
or
allow
you
to
build
things
like
egress,
and
I
hope
that
was
useful
enter
nor
ask
if
they're
good
first
issues
and
they
absolutely
have
issues
that
are
marked
good
first
issues.
So
would
love
would
love
to
see
involved
if
you're
thinking
about
contributing
and
and
you
don't
know
where
to
start
or
what
to
do
come,
join
us
on
slack
right.
B
That's
that
we
released
an
article
today-
oh
not
this
one,
so
I
released
an
article
today
where
one
of
our
engineers
talks
through
everything
step
by
step.
You
would
need
to
lock
down
traffic
inside
of
a
namespace,
so
you
can
go
a
little
bit
a
little
bit
further
with
it.
If
you
like
and
I'll.
Let
me
share
this.
B
So
you
can
learn
about
namespace
dale
and
how
to
make
that
how
to
make
that
happen
and
yeah
it'll
talk
a
lot
more
in
depth
about
the
service
authorization,
the
server,
sorry
server,
authorization,
servers
and
policies
all
right
and
our
docs.
B
Sorry,
one
more
if
you're
looking
at
this
and
you're
like
geez,
I
wish
someone
could
explain
this
but
like
way
more
slowly
go
into
our
docs
you'll,
see
authorization
policy
right
which
talks
about
everything
that
we
we
showed
you
today
right
and
has
a
link
to
some
more
in-depth
stuff
in
the
policy
reference.
B
So
these
should
pop
up
in
the
chat
in
a
second.
It's
not
super
fun
to
read
on
stream,
but
essentially,
you've
got
you've
got
a
couple
different
options
right
on
your
cluster
on
a
namespace
you
say:
do
I
want
to
allow
things
that
are
unauthenticated
only
authenticated
things
which,
if
you
do
that
remember
your
pods,
won't
start
if
they
have
health
checks,
unless
you
add
an
authorization
policy
that
lets
that
admin
port
come
through
in
cluster
authenticated
or
in
cluster
unauthenticated,
and
that
is
if
it
if
the
traffic
originates
in
your
cluster.
B
Fine,
if
it
doesn't
sorry
we're
tossing
it
or
deny,
which
is
what
I
would
generally
use
just
deny
all
traffic
all
the
time
and
only
allow
what
you
want
to
do
right,
because
the
best
way
to
do
something
like
policy
is
be
explicit
about
what
you
allow.
Don't
worry
about
individual
denials,
because
it's
way
it's
way
harder
right,
it's
less
secure,
and
I
guess
it's
just
those
two,
it's
harder
and
worse,
so
don't
don't
do
it
yeah!
So
those
are.
Those
are
the
docs.
A
And
one
one
question
I
have
for
jason
is
I
I
know
that
linkery's
kind
of
in
the
business
of
routing
things
around
right.
So
my
guess
is
that
I
I've
used
linkrd
a
little
bit,
but
not
enough
to
know
kind
of
if
that
store's
state
of
each
request
or
kind
of
like
how
to
go
about
debugging
or
building
policy.
A
So
do
you
know
if
there's
anything
upcoming
like
a
tool
that
would
help
like
let's
say
I'm,
I'm
taking
an
application
and
trying
to
add
service
mesh
to
it
and
want
to
go
about
it
solely
I'm,
not
able
to
start
with
deny.
You
know
if
there's
anything
coming
where
I
could
actually
take
a
look
at
a
potential
policy
and
see
like
okay,
this
is
going
to
block
16
of
100
requests
that
it
gets
are
kind
of
like
any
iterative
approach
to
adding
on
policy
on
that
front.
A
Or
do
you
have
any
recommendations
on
some
good
things
to
be
noteful
of
mindful
of
as
you
write
that
policy.
B
Yeah
so
tons
of
stuff
one,
if
you're,
if
you're
gonna
start
doing
policy
like
at
least
consider
setting
up
point
cloud
like
it's
been
like
we're
actively
building
features
to
make
policy
a
lot
more
simple
and
straightforward
in
general.
Right,
like
one
of
the
nice
things
about
linkedin,
and
now
that
we've
got
traffic
again,
we
can
see
our
map.
B
Is
it
gives
you
a
lot
of
tools
to
debug
your
application
right
like
so,
I've
got
emoji
photo
and
even
though
it's
working
now,
it's
actually
secretly
broken
right,
and
we
can
see
that
because
when
we
go
look
at
the
namespace
or
if
we
look
at
all
our
namespaces,
we
see
that
the
success
rate
of
emoji
photo
is
down
here
at
95
percent
and
there's
no
reason
that
we
should
be
seeing
failures.
So
we
can
go
in.
B
B
I
know
that
it
takes
call
or
it
makes
calls
to
emoji
right
and
what
but
pass,
and
I
it
takes
calls
from
votebot
and
it
takes
calls
from
the
ambassador
service
and
again
or
the
ambassador
edge
stack
theory
ingress,
so
it
those
are
the
components
that
talk
to
it
right
and
if
you
go
slam
this
url
a
little
bit
you'll
see
that
pop
up
live
yeah,
so
you've
got
you've,
got
some
insight
there.
B
So
there's
there's
all
the
tooling
that
you
need
to
track
it,
and
then
we
also
had
a
webinar
that
we
just
did
yesterday,
which
is
recorded,
which
talks
about
running
linkedin
production
and
how
do
we?
How
do
we
debug
things
and
I'm
grabbing
the
link
right
now
and
I
will
I
will
send
that
into
the
chat.
B
B
Web
interfaces
I
hate
using
a
gui
right.
I
used
to
hate
gooeys
all
the
time.
You
can
also
get
all
this
data.
You
can
also
get
all
this
data.
B
And
catherine
tried
to
send
it
but
she's
unable
to
so
I'm
trying
to
grab
the
link
here
there
we
go
got
it
folks,
if
you
all
don't
mind
posting
it.
So
this
is
just
a
webinar
that
dives
deep
into
that
deep
into
debugging
right
and
how
you
would
how
you
would
do
some
of
this
live.
You
know,
but
again,
if
you
are
using
boycloud,
it's
really
easy
to
see
when
you
have
a
policy
violation,
error
right
and
you'll
get
alerted
to
that
fact.
B
B
Okay,
so
oh
thank
you
cloud,
nate
foundation
for
posting
that
that
link
in
the
chat,
so
that's
a
recording
of
our
production,
webinar
and
there's
a
whole
webinar
series,
if
you're
interested
in
learning
more
about
but
service
mesh
in
general
and
linkedin
in
particular,
because,
obviously
that's
what
we
so
we
talk
about
with
with
a
lincoln
d
folks,
yeah,
it's
a
great
place
to
dive
in
anyway.
We
can
just
because
we've
got
a
few.
Let's
go.
Let's
go
see
what's
wrong
with
with
emoji
photo
how's
that
sound.
B
B
It
has
a
zero
percent
success
rate,
so
it's
tried
to
do
it
34
times
since
we've
been
watching
and
it
never
works
right.
We
can
go
look
at
voting.
You
know
if,
if
you're
wondering
how
I
do
this
so
fast
like
I've
debugged
this
app
like
500
times
at
this
point
still
haven't
fixed
it
though.
So
what
does
that
say?
So
we
can
go.
Look
at.
We
can
go
look
at
voting.
It
sees
all
calls
coming
from
web
and
again
it
sees
nothing
succeed.
When
we
call
to
vote
donut
we
can.
B
We
can
get
a
little
further.
We
could
tap
the
traffic
right
so
more
specifically,
I'm
just
going
to
change
this
path
here.
What
I'm
going
to
do
is
I'm
going
to
look
for
in
the
emoji
voter
name
space
from
web
right,
I'm
going
to
check
anything
that
hits
the
voting
service
on
voting
and
see
what
what
live
calls.
I
can
capture
right,
so
it's
just
linkery
tab,
so
we
got
a
couple
calls
coming
through.
So
let's
stop
it
here.
B
This
is
kind
of
neat,
so
you'll
notice
that
that
the
calls
to
vote
donut
are
failing
right.
Yet
the
http
status
code
is
200
right.
That's
because
web
is
talking
to
voting
as
a
grpc
call
right.
So
the
connection
works
from
an
http
perspective,
but
grpc
is
throwing
up
an
error
code,
so
this
isn't
an
unknown
status.
It
is
an
error
called
unknown.
It
says
unfortunate
nomenclature,
but
that's
what
it
is
so
we're
seeing
a
grpc
error
of
unknown
pop
up
from
this
from
this
service.
B
When
we
call
this
path
right,
so
I've
got.
I've
got
more
than
enough
information
to
say,
hey
person
that
makes
the
voting
service.
I
can't
vote
on
the
darn
donut.
I
can
go
confirm
it
and
y'all
can
do
it
as
well
and
hit
this
hit.
Our
very
misleading
error,
because
it's
not
a
404,
it's
just
actually
a
generic
failure,
but
you
can
try
and
vote
for
donut
and
in
spite
of
it
being
you
know
the
best,
the
best
emoji
option.
B
It
is
sadly
underrepresented
in
the
voting,
so
we've
got
a
problem
and
we
can
fix
it
and
we
know
essentially
where
to
go
to
fix
it.
If
we,
if
we
go
explore
the
emoji
vote,
voting
service,
we're
gonna
find
the
problem
pretty
quickly
yeah
donut
gate.
Indeed,
thank
you,
taylor,
yeah.
So
that's
a
little
bit
of
a
little
bit
of
debugging.
You
know
again
when
it's
a
policy
problem.
B
You're,
just
gonna
not
see
you're
gonna,
see
traffic
drop
precipitously
for
that
service,
because
no
one's
going
to
be
allowed
to
talk
to
it
right
and
that's
going
to
be
the
heart
of
it,
and
that
that
debugging
and
production
section
session
will
give
you
a
lot
of
tools
that
you
need
to
to
dive
a
bit
deeper
and
there's
lots
of
material.
If
you
like,
linker
d,
one
try
it.
I
think
you
will
like
it
right.
It's
extraordinarily
easy
to
use.
B
It
doesn't
require
you
to
transform
your
app
and
it
gives
you
a
ton
of
benefits
right
at
the
gate,
but
if
you
do
like
it
and
you're
looking
to
go
to
production,
there's
a
lot
of
tooling
out
there
to
help
you,
including
a
buoyant
production
runbook
hold
on.
I
know
I've
got
that
one
so
where
we
talk
about,
we
talk
about
what
you
need
to
do
or
what
you
need
to
think
of
before
you
take
lingerie
to
production
right,
including
things
like
answer
the
question
of.
B
Do
I
really
want
to
run
an
in-memory,
prometheus
and
grafana,
or
do
I
want
to
externalize
that,
and,
and
how
am
I
gonna
handle
that
writer?
What
am
I
gonna
do
about
things
like
my
prometheus
data
and
some
other
some
other
interesting
tidbits,
so
I'd
recommend
that
highly
and
that's
oh,
thank
you
for
already
sharing
that
hello,
great.
B
Okay,
yeah,
that's
that's
the
bulk
of
it
right.
You
can
see
our
policies
taking
effect
now.
So,
if
you
want
to
see
it
in
in
point
cloud
right
now,
I
get
you
know
the
tls
status
by
port
right,
so
are
we
using
mtls
are
using
plain
text
they're
using
application,
tls
what
identities
involved
and
what
policy
is
taking
effect
right
so
that
we
can
see
why
it's
working
at
any
given
time?
I
really
don't
want
to
hammer
on
that,
though.
If
you
have
questions,
I've
got,
I've
got
whiteboard.
A
Are
there
I,
I
really
do
like
how
you
know
straightforward,
that
link
rd
is
to
both
get
installed
and,
to
kind
of
you
know,
turn
all
the
knobs
so
to
speak
within
some
of
the
configuration.
A
Are
there
add-ons
or
is
it
really
just
kind
of
a
service
mesh,
and
then
it's
you
can
kind
of
batteries
not
included.
You
can
bring
in
other
things
at
a
later
point
in
time
or
what
does
that
look
like.
B
Yeah
great
great
question
so
check.
If
you
get
the
chance
check
out
this,
this
dashboard
link
right
so
I'll,
send
it
I'll
send
it
again
check
out
the
dashboard
link.
What
you're
gonna
see
here
is
a
bunch
of
things
going
on
right,
so
I've
got
flux.
So
if
you're,
if
you
know
git
ops,
flux
is
a
tool
and
they
get
up
space.
So
I'm
using
flux
to
install
this,
I'm
using
the
ambassador
edge
edge
stack
to
route
traffic
to
it.
B
You
know
I've
I
can
do
telepresence
or
a
number
of
other
great
toolings,
and
the
nice
thing
is
link
rd
is
a
well-behaved
cncf
project.
You
know
we
hit
graduated
status
back
in
july,
which
means
we
hit
the
the
highest
tier
of
maturity
for
it,
for
a
open
source
project
on
par
with
kubernetes
prometheus,
all
sorts
of
other
things,
but
we
behave
in
a
way
that
allows
us
to
natively
integrate
right.
So
I
did
a
demo
for
the
folks
at
ambassador
on
how
do
you
integrate
with
telepresence?
Well,
I
install
telepresence.
B
I
add
it
to
the
mesh
and
everything
just
works,
because
the
integration
point
is
at
that
native
kubernetes
service
object
right.
We
don't
expect
you
to
do
something
special
to
talk
to
to
talk
to
apps
right.
You
know
same
thing
with
ambassador
right,
like
the
integration
with
ambassador
just
works.
I
add
ambassador
the
mesh,
my
traffic
rights
around
you
know,
I'm
using.
B
If
you
see
I've
got
you
know,
I've
got
tls
on
on
all
the
all
the
websites
that
you're
you're
visiting
and
that's
because
the
ambassador
edge
stack
generated
a
certificate
for
me
with
let's
encrypt
right
and
again
I'm
using
their
native
objects
and
letting
their
flow
happen.
I've
got
flagger
in
here,
so
I
could
do
a
progressive
delivery
rollout
against
one
of
my
applications,
and
I
could
do
it
at
the
service
mesh
level
or
I
could
do
it
at
the
ingress
level
right.
B
I
I
have
options
because
no
one's
no
one's
constraining
me
to
behave
a
certain
way
and
we
don't
have
expectations
for
the
projects
that
we
work
with.
We
do
one
thing
which
is
the
service
mesh.
We
do
it
well.
Linguity
is
not
an
ingress.
It
is
not
an
api
gateway,
it
is
just
a
service
mesh
right
and
that's
that's.
What
we
do
sono
single
asked
is.
Is
it
a
good
idea
to
inject
lingerie
into
our
ingress
controllers?
Yes,
it
is
it's
harder
right.
You
need
to.
B
You
need
to
pay
attention
and
there's
documentation
on
every
ingress
in
the
linker
docs
page.
You
know
I'll
tell
you
that
I
know
for
sure
emissary
works.
Great
nginx
has
a
really
easy
way
to
do
it.
B
There's
there's
one
thing:
you'll
see
when
you
read
our
docs,
which
is
we
talk
about
ingress
mode
versus
regular
mode
as
of
211,
we
are
hoping
to
move
away
from
ingress
mode,
so
we
want
you
using
an
ingress
in
its
native
mode
and
not
try
and
not
try
and
have
link
rd
do
anything
special,
but
please
check
the
documentations
for
your
specific
ingress.
That
would
be
my
my
recommendation.
A
None
that
I
can
think
up.
If
you
have
any
other
questions,
please
feel
free
to
throw
them
into
chat.
Otherwise
we
can
can
get
things
closed
out.
Thank
you,
so
much
jason.
This
has
been
kind
of
fun
to
find
out
all
about
this
and
really
to
dig
in
and
see.
You
know
what
was
going
on
with
that
donut
vote
too.
That's
good
to
know
and
I'll
keep
that
in
the
back
of
my
mind,
as
I
spin
this
up
for
demos
myself,
it's.
B
A
it's
a
great
it's
a
great
broken
application
that
you
can
use.
It's
a
it's
a
lot
of
fun.
If
you
go
speaking
of
telepresence,
if
you
go
check
out
the
the
telepresence
folks
getting
start
guide,
they'll
show
you
how
to
fix
it,
so
you
can
actually
learn
how
to
resolve
the
problem.
If
you
like
using
telepresence
and
yeah,
that's
that's
all!
That's
all
I've
got
at
long
story,
short,
add
the
proxy
and
get
all
the
value
of
being
in
the
mesh.
A
Perfect
wonderful!
Well
with
that,
I
guess
we
can
close
out.
Thank
you
so
much
jason.
Thank
you!
Everyone
for
joining
the
latest
episode
of
cloud
native
live.
It
was
great
to
hear
from
jason
today
about
linker
d2.11
and
all
of
the
new
policy
features
as
well
as
well
as
the
the
broken
application
donutgate
and,
what's
upcoming
for
212
as
well,
really
enjoyed
all
of
your
interaction
as
well
and
all
of
your
questions
today.
A
Next
week
we
will
be
off
due
to
the
winter
holidays
and
we'll
be
kicking
off
again
in
the
new
year.
So
thank
you
so
much
for
joining
us
today.
We'll
see
you
soon
jason.
Do
you
have
any
parting
wisdom
to
share
with
anyone
or
any
closing
remarks.
B
No,
I
don't
I'd
I'd
love
to
see
you
in
the
linkage
slack.
Please
feel
free
to
reach
out
to
me
I'd
love
to
make
you
successful
with
linkrd
and
I'd
love
to
help
you
on
your
journey
to
production
with
liquor
d.
A
Awesome
awesome.
Thank
you
so
much
again,
jason.
The
only
thing
I
have
for
y'all
is:
let's
keep
production
boring.
Let's,
let's
figure
things
out
wishing
you
all
wishing
you
all
a
wonderful
rest
of
your
days
weeks
and
and
months
as
well.
Thank
you
all
so
much
for
joining
us
we'll
see
you
later.