►
Description
Speakers: Isan Rivkin and Rotem Shriki
Configuring Custom Helm charts for complex setups is hard.
Specially when using Istio security, networking, and visibility features there is a prerequisite of learning Istio. Assuming you get all your R&D to learn Istio, what happens if you want to change your service mesh provider?
At Similarweb we created a new platform for serving and configuring Helm charts in a simple and intuitive way via UI that requires low maintenance and zero UI skills for infrastructure teams. We present the problem, the idea, and how you can solve it in a similar way for your organization.
A
It
still
is
pretty
complex,
and
actually
what
we
want
to
talk
about
today
is
how
you
can
use
eastern
organization,
which
is
what
we
did
for
to
solve
many
many
problems,
because
it
does
a
lot
of
things
but
at
the
same
time,
keep
it
simple
for
the
r
d.
So
few
words
about
me:
I'm
a
production
engineer
at
similar
web
we're
where
I
really
like
playing
around
with
kubernetes
and
the
writing
rust
and
go
code.
And
basically
I
like
everything
about
distributed
systems
and
cloud.
A
A
A
Many
of
our
workloads
are
on
microservices,
so
kubernetes
is
something
we
adopt
and
we
use
aws
dks.
We
have.
We
run
in
an
active,
active
setup
where
we
are
across
region.
We
handle
about
100k,
rps
and
10
petabyte
of
compute
today,
so
before
we
went
into
istio,
we
wanted
to
use
actually
and
leverage
our
product
to
analyze
and
see
which
so
which
service
meshes
is
popular,
because
adoption
is
very
important
in
this
new
age,
where
things
break
and
support
stops
working.
A
So
we
looked
at
our
platform,
it
seemed
at
the
the
three
biggest
service
meshes
out
there.
So
istio
you
can
see
in
terms
of
traffic
into
the
website
is
winning
by
far,
which
was
very
appealing
to
us.
The
first
blue
arrow
shows
covet,
so
we
can
see
a
spike
and
the
second
arrow
is
actually,
I
guess
it's
related
to
the
awesome
release
1.6,
where
everything
got
merged
into
sdod
and
in
terms
of
geography.
Also,
we
picked
the
five
most
countries
that
use
those
service
meshes
and
istio
wins
everywhere.
A
B
So
configuring,
if
your
workload
is
out
when
you're
going
to
fill
it
on
the
configuration
workload,
you
have
a
lot
of
stuff.
You
need
to
configure
such
as,
and
service
accounts,
deployment,
authorization,
config
maps,
service,
authorization,
policy,
mutual
service,
the
financials.
B
B
A
The
promise
of
only
having
a
yaml
it
worked,
but
the
yaml
was
too
long
and
it
was
too
complex.
So
we
had
to
obstruct
the
problem.
We
had
few
challenges
we
wanted
to
tackle
as
an
infrastructure
team.
We
wanted
to
minimize
the
prerequisite
of
a
learning
curve.
We
didn't
like
that.
It
has
a
huge
learning
curve
for
our
r
d.
We
wanted
to
prevent
the
copy
pasting
everywhere.
People
were
just
copying
pasting
various
files
when
they
were
deploying
the
steel
configuration
and
the
security
is
pretty
complex.
A
So
we
wanted
to
keep
everything
intact
with
mtls
and
authorization
and
stuff
like
this.
Our
ingress
routing
also
gets
pretty
complex,
so
we
wanted
people
to
accidentally
not
to
expose
an.
A
To
an
external
one
and
the
visibility
and
at
the
end
of
the
day,
the
challenge
we
wanted
to.
A
Development
for
for
the
r
d,
so
we
did,
we
built
the
ui.
The
ui
was
an
abstraction,
he
didn't
use
istio
terms
and
you
a
developer
would
go
and
say
like
yeah.
I
want
this
environment
and,
by
the
way,
there's
a
real
demo
at
the
end.
So
I
want
this
environment.
Some
sla,
maybe
I'll
pick
some
environment
variables
I'll
throw
my
config
inside
in
terms
of
availability.
A
So
I
have
these
tooltips
explaining
everything
I'll
pick
the
seconds
the
health
check
and
rolling
upgrade
resources,
we'll
throw
all
this
in.
So
here
you
can
see
in
authorization
we
added
those
stakes
where
it's
like
force
and
pls
and
whatever
everything
we
need
and
at
the
end
of
the
day
there
would
be
a
pop-up
that
says
to
the
to
anyone
of
the
users.
A
Hey
give
me
your
ripple
I'll,
create
a
pull
request
with
the
various
file
for
for
the
chart
that
we
built
on
top
of
the
like
the
ui
we
built
on
top
of
it
and
it
would
be
ready
to
deploy,
but.
B
B
B
So
we
wanted
to
remove
the
ui
wall
completely
and
keep
the
ui
and
we
wanted
to
provide
a
solution
that
will
support
a
few
charts
on
the
same
times
that
will
be
agnostic
and
it
will
be
easy
to
maintainable
for
our
team.
So
I
want
to
introduce
you
shotify
charitify
is
our
new
solution.
It's
actually
a
change
from
a
one
service
to
a
platform,
and
this
platform
is
gonna,
handle
the
dynamic
ui
rendering
based
on
the
armor.
So
all
you
need
to
do
is
just
to
write
it.
B
D
B
C
B
A
B
A
It's
time
for
the
real
new
version
of
our
chartify,
which
we
used
to
call
health
generator,
so
it
actually
runs
already
in
a
production
and
everything
but
for
the
purpose
of
the
demo,
because
I'm
going
to
tweak
it
a
little
bit,
I'm
running
some
local
host.
So
basically
what
you're
seeing
here
is
a
ui
on
top
of
obstructing
some
chart
and
specifically
a
chart,
that's
called
common
helm
chart
and
we
can
configure
different
things
here.
A
So
as
a
developer,
I
have
this
journey
of
blocks
where
I'd
come
and
say:
okay,
I'm
from
the
web
group.
I
want
production
environment.
I
want
the
infra
cluster.
I
want
to
run
an
east
east
one
in
terms
of
region.
If
I
need
some
advanced
settings,
I
can
add
here
deployment
name.
So
let's
say
my
app
is
called
redis
api.
I
don't
know
we
added
the
deployment
and
on
the
right
side,
everything
is
generated
all
the
time
and
we
I
can
keep
going
so
I'd
say.
A
Oh,
I
need
four
and
a
replica
counts,
and
here
it
explains
what
it
means,
and
maybe
I
need
this
environment
variable
that
is
like
addr
db.
I
don't
know
some
addr
and
I
would
have
this
mounted,
maybe
some
game
with
ports,
so
http
cool
yeah
so
create
the
service.
I
don't
really
need
to
know
what
I'm
doing
just
read
so
expose
your
service
in
the
cluster.
So
actually
maybe
it's
external
service.
So
I'll
pick
everything
adopts
and
changes
here,
and
maybe
I
created
this-
I
don't
know
maybe
some
domain
that
I
created.
A
So
I
want
it
to
be
routed,
so
the
virtual
service
will
actually
route
everything
to
this
domain.
Liveness
probes,
just
I
I'm
not
going
to
go
over
this
because
the
point
is
that
how
it
was
generated
and
which
problem
it's
sold,
but
basically
here
there's
so
many
configuration
and
the
the
defaults
are
already
configured
and
developers
can
just
start
and
tweak
the
things
that
they
need.
So
now
after
we
configure
all
of
this,
I
can
take
my
help.
My
values
file
and
just
deploy
it
to
with
my
with
the
chart.
A
But
the
real
problem
that
we
tried
to
solve
is
not
this
ui
because
the
developers
loved
it,
but
then
we
would
want
to
change
the
field
in
the
ui.
So
let's
say
right
now:
we
have
this
group
environment,
clustering
region,
so
how
this
project
work?
Is
you
have
this?
Actually
we
defined
a
llama,
a
block
kit.
We
call
it.
The
feature
is
blocky
builder.
We
stole
it
from
slack
and
basically
we
describe
the
ui
in
yaml
and
then
at
the
same
time
we
describe
how
it
should
look
in
the
vagus
file.
A
So,
for
example,
if
I
look
here
at
the
value
of
region
which
shows
two
regions,
I'll
look
here
in
the
yaml
and
I'll
see
that
there
is
a
block
input,
type
with
region
and
helm
path,
dot
region,
this
would
be
the
path
in
hell
and
options.
So
I
would
want
to
use
some
data
source
to
display
available
regions.
So
this
is
a
feature
as
well,
then
it
would
go
here
and
show
so,
maybe
just
for,
like
a
very
simple
example,
I'll
add
here,
another
block
right.
A
A
E
A
A
So
suddenly
we
have
this
field
here,
team
istio-
and
maybe
it's
like
pick,
my
favorite
meetup.
A
And
reload,
maybe
like
again
in
the
values
file,
let's
call
it
istio
we
render
so
we
get
this
like
everything
is
re-rendered,
so
in
production
you
would
redeploy
this
and
everything
changes.
So
basically
what
this
means
that
now
the
onboarding
for
developers
is
really
easy
because
they
can
decide
what
they
want
to
do
without
writing
all
the
values
and
all
the
errors
that
you
saw
just
happened
to
me
right
now
and
yeah.
Basically,
that's
it.
A
So
this
is
the
demo
and
the
idea
is
that
we
can
load
any
ui
configuration
into
it
and
everything
is
gets
reloaded
reloaded
immediately,
so
it
can
support
multi,
charts
and
version
of
different
charts,
and
that's
it
so
rotten.
You
want
to
update.
What's
next.
B
A
Yeah,
so
thank
you,
everybody.
Thank
you
for
your
time.
We
hope
you
enjoyed
it
by
the
way
we're
releasing
this
this
month.
We
hope,
maybe
next
month,
but
we
will
be
releasing
this
fully
to
open
stores.
So
you
can
check
out
similar
web
github
gitabripo.
We
also
have
other
projects
but
yeah.
So
thank
you
and
if
you
have
any
questions.
C
Hey
sean:
this
is
shakti.
How
couple
of
questions
so
first
question
about
the
certified
things
demo,
you
showed
so
the
environment
specific
vms.
Why
do
we
need
to
generate
it?
So
why
can't
we
use
the
helm,
chart
based
overrating
options
because
henshaw
provides
the
override
options
right.
So
what
is
the
difference
between
the
certified
version
of
creating
a
neuron
based?
What
was
overriding
so
what
we
are
trying
to
achieve
here
so
basically.
A
What
would
happen?
It's
a
great
question,
I'll
show
you
our
values.
Files
gets
very,
very
big,
so
it's
not
about
the
override.
So
if
you
see
here,
you
have
this
kind
of
you
can
do.
Actually,
let's
see
if
the
ui,
I'm
still
sharing
code,
so
I
can
add
here
app
one
right
and
boom.
I
have
this
one
deployment,
but
then
I
would
like
to
add
another
one
so
app
two
and
it's
like
an
umbrella
chart
that
can
do
many
things
and
suddenly
this
chart
has
many
stuff,
and
so
this
is
just
an
example.
A
Now
the
the
defaults
will
change
every
time,
because
the
the
values
are
very
complex,
it
depends
on
the
environment
and
on
the
field
that
you
need.
So
basically
the
override
is
perfect,
but
what
we
really
needed
is
for
people
to
understand
the
values
of
what
they're
putting
in
and
when
they
were
just
using
helm,
charts.
So,
first
of
all,
a
lot
of
errors
with
like
indentations,
but
mainly
bad
configuration
and
lack
of
knowledge.
A
So
people
wouldn't
do
what
fields
do
and
using
this
way
of
kind
of
explaining
everything
in
tooltips
help
them
on
easily
on
board
and
also
the
child
uses
very
specific
istio
language.
For
example,
a
child
could
say
like
give
me
the
virtual
service,
blah
blah
blah
blah,
but
in
the
ui
we
would
abstract
this
and
say
just
like
give
me
the
end
points
that
you
want
to
be
routed
to.
So,
just
like.
It's
like
a
gamification
of
using
helm,
charts
and
configuring
easter
stuff.
C
Okay
got
you,
I
have
another
question,
it's
it's
a
general
when
rotum
was
explaining
about,
I
mean
I
have
been
using
stu
for
a
long
time.
I
mean
I'm
using
gateways,
which
is
sorry.
I
mean
most
of
the
components
I'm
using
like
what
he
is
explaining.
So
sometimes
we
miss
to
add.
If
you
are
adding
a
gateway
and
virtual
service,
we
missed
our
service
entry
kind
of
it.
C
Then
we
come
up
with
some
templated
version
and
if
we
are
following
it
that
pattern
is
there
any
simplified
way
of
adding
those
component
work?
Okay,
for
example,
if
I
want
to
add
one
ingress
entry
into
an
istio,
so
these
are
all
the
components
will
get
added
by
default
so
like
that,
will
that
be
happen
with
the
chatify
or
it's
not
included
here.
B
A
Question
so,
for
example,
in
the
security
policy
you
can
say
like
okay,
I
want
to
make
like
an
allow
policy,
enabled
weather
creator,
not
authorization
policy,
so,
for
example,
whether
it's
gateway
or
virtual
service
doesn't
matter
like.
This
is
just
an
example.
So
yeah
create
one
I'll
mark
it
mark
it's
http
service
and
here
comes
the
obstruction
example,
so
allow
core
and
stack,
and
it
says,
will
allow
all
services
deployed
in
the
release
to
communicate.
A
Basically,
if
I'm
deploying
five
services,
this
my
the
chart
internally,
will
configure
the
authorization
policies,
each
one
service
account
and
configure
them
to
talk
to
each
other
by
default,
because
this
is
what
I
would
like
to
do,
because
I
don't
know
some
service
that
contains
out
of
five
micro
services
and
just
marking.
This
will
configure
all
the
authorization
policies
to
allow
each
other
maybe
accept
traffic
from
outside
the
mesh.
Who
can
access
my
service.
So
I
would
say
it's
a
another
service.
F
Yeah
hi:
this
is
lynn,
I
like
the
demo,
so
it's
so
just
making
sure
we
understand
this
thing.
You
are
open
source.
That's
about!
That's,
not
really
related
to
istio,
it's
more
about
enabling
users
to
build
helm
contents
and
generate
the
contents
and
yaml
visualize
more
effectively.
Is
that
right.
A
Yes,
definitely,
I
would
say,
though,
that
the
problem
really
started
once
we
adopted
istio
for
many
many
many
problems
we
had
and
then
the
configuration
just
became
very
so
it's
just
solved
all
of
the
problems
we
needed
in
one
platform,
but
the
configuration
became
really
hard,
but
yeah.
It's
definitely
for
any
chart.
Basically,
it's
a
platform
that
generates
value
files
and
ui
blocks
and
can
bring
them
together.
F
Yeah
makes
total
sense
to
me.
I
think
it's
very
valuable.
Now
I
was
wondering:
is
it
possible
for
us
to
get
like
the
contents
of
the
yamaha,
because
we're
interested
to
see
how
you
customize
istio
to
your
business,
needs
just
the
yaml
piece?
Would
that
be
something
you
would
be
interested
to
share
with
the
audience
here.
A
A
So
this
is
not
the
hand
chart.
Of
course,
if
I
understand
you
correctly,
but
this
is
literally
a
real
values
file
that
people
would
use
like
it's
based.
The
ui
that
is
rendered
here
is
based
on
a
real
help
chart
that
we
deploy
it's
called
common
helm
chart,
because
it's
common
to
many
many
services
and
many
many
people
use
this
in
the
rnd.
F
Yeah,
so
basically
everything
you
allow
user
to
customize,
which
you
are
showing
us
here,
is
in
the
values
box
that
you
are
showing
on
the
right
side.
Yeah.
Is
that
something
you
could
share
with
us?
Because
it's
interesting
to
see
you
know
what
other
things
you
are
customizing.
Obviously
you
know
we
can
envision.
You
know
what
you
are
generating
like
virtual
services
destination
rule.
You
know
using
its
configuration.
F
F
E
A
If
I
understood
you
correctly,
but
first
of
all,
this
is
something
that
we
plan
to
open
source.
We
are
now
in
the
stage
of
just
refining
this
and
taking
out
like
similar
web
specific,
like
just
keywords
out
of
the
readme
and
just
refining
this
a
little
bit
adding
a
new
logo
with
the
design
team,
and
we
plan
to
open
source
this
this
or
the
following
month,
and
then
you
can
see
in
the
internals
of
how
it
works.
But
basically
the
idea
is
that
you
will
not
need
to
be
able.
A
F
D
F
A
Okay,
so
in
terms
of,
for
example,
security-
and
I
let
maybe
I'm
missing
the
questions
but
like
let
you're
asking
how
are
we
abstracting
and
how
are
we
kind
of
providing
the
r
d
ways
to
interact
with
these
two
right,
yeah,
okay.
So,
for
example,
this
security
policy
is
nothing
but
an
authorization
policy
in
istio.
C
She
is
trying
to
ask
is,
for
example,
in
istio
right,
so
you
are
saying
that
is
http
allowed.
This
is
your
base.
If
you
are
enabling
you
are
generating
the
deployment
yaml
for
the
istio
right.
Is
your
resources
how
you
are
coming
up
with
those
resources?
So
that's
what
she
is
trying
to
understand.
That's
what
is
my
understanding
yeah.
F
A
I'm
improvising
a
little
bit
here,
but
so
basically
we're
generating
a
health
chart,
and
if
we
look
here
our
hail
chart
like
with
some
logic
would
con
would
cure,
would
create
different
resources
so
again
with
security.
A
A
F
Yeah,
so
so
remember
you
are
talking
to
your
is
your
audience
here,
so
I
think
most
people
probably
are
interested
in
your
common
services
like
the
values
that
yamaha
and
what
other
resources
you
are
generating,
which
is
what
exactly
you
are
showing
to
us.
So
would
you
be
open
to
share
that
with
the
audience
here,
like,
maybe
maybe
in
a
repo
or
whatever,
that?
That's
what
I
would
say,
yeah.
A
The
open
source
of
the
ui
we
will
release
this
chart
also
because
we
are
targeting
still
community
like
we
think
it
would
be.
D
A
Adoption
there
so
we
would
need
like
the
chart,
is
very
opinionated.
Obviously,
so
you
wouldn't
have
a
lot
to
do
with
this,
so
we
would
need
to
make
it
a
little
bit
more
general
unless
it's
just
unless
similar
web
specific,
because,
for
example,
in
the
hosts
file
right.
So
when
we're
using
a
virtual
service,
a
developer
would
just
say:
give
me
like
a
dns
with
some
endpoints.
A
He
doesn't
know
like
they
don't
need
to
know
anything,
but
at
the
end
of
the
day
we
need
to
configure
this
virtual
service
to
a
gateway
and
the
gateway
is
routed
with
some
ingress
gateway.
So
doing
this
is
pretty
annoying.
So
we
have
this
like
helper
methods
in
helm
that
are
generating
all
the
configuration
based
on
common
patterns.
We
have
of
names.
A
Okay,
so
I
believe
we
will
release
this.
This
chart,
like
maybe
a
very
a
little
bit
simplified
and
less
opinionated
version
with
the
helm
ui
to
demonstrate
how
it
can
solve
complexity.
So,
just
to
summarize-
and
I
hope
it
helps-
ingress
gateways
and
gateways-
are
configured
on
the
on
with
terraform
on
the
infrastructure
level.
A
F
A
By
the
way,
how
can
I
share
them.
D
You
can
email
them
to
me
and
would
it
make
sense,
lynn
and
isaan
if
I
put
them
in
the
meeting
agenda,
you
know
how
we
have
that
google
doc
with
the
agenda.
I
could
just
link
it
there
would
that
be.
F
D
So
if
anyone
else
has
any
questions
or
comments,
I
would
like
to
continue
to
engage
with
issan
and
wrote
them.
I
think
oh
yeah
wrote
them
still
here.
We
still
have
time
and
I
would
like
to
call
everyone's
attention
to
this
survey
that
I
have
launched.
Your
feedback
is
really
important
to
us
for
these
meetups.
So
if
you
could
just
take
a
couple
of
moments
to
provide
feedback
on
that
survey,
it
would
be
really
helpful
and
I
don't.
I
would
like
to
draw
the
speaker's
attention
to
the
chat.
D
You
have
some
feedback
from
some
of
the
participants
which
I
think
would
be
of
interest
to
you.
So
we
have
amazing
job.
Guys,
can't
wait
for
it
to
be
released
on
github
wow.
It
is
so
cool
waiting
waiting
to
get
my
hands
on
charitify
and
amazing.
So
that's
really
positive.
A
Yeah
so
I'll
be
honest
with
you,
it
has
to
come
with
the
company's
priority,
so
it's
not
the
main
concern
for
us,
but
but
because
it
is
already
done,
it
is
already
general
and
the
only
work
we
literally
consider
doing
this
before
the
meetup,
but
it
was
just
too
stretched.
The
only
work
we
need
to
do
is
just
add
more
config,
there
sorry
add
more
documentation
and
make
it
a
little
bit
more
general
in
terms
of
like
removing
places
where
documentation
or
files
maybe
have
the
similar
web
name.
A
So
I
believe
that
we
can.
We
are
planning
to
release
this
in
the
following
months
or
maybe
top
the
next
one.
C
D
Yeah,
if
we
don't
have
any
more
funding
items
or
questions
comments
for
our
speakers,
we
can
end
the
meetup,
but
I
just
want
to
make
sure
that
everybody
feels
that
they
have
the
time
to
ask
their
questions
and
in
the
general
istio
community.
If
there's
anything
that
you
would
like
to
bring
up
in
regards
to
the
agenda,
I
didn't
see
any
items
on
the
agenda,
but
I
do
want
to
give
people
the
opportunity,
if
that
all
right,
yeah.