Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kong / Kuma Community / 8 Jun 2022
Kong / Kuma Community / 8 Jun 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Kuma Community Call - June 8, 2022

Description

In this call, we are discussing Kuma 1.7.0, Kuma 1.6.1, Kuma 1.5.2.

A

uh Yeah, uh hello, everyone welcome to the kuma community call, um please add your name to that and the list and feel free to submit any agenda item you'd like to discuss today. So we will start with the releases. uh Kuma 1.7.0 release is still in progress.

A

We are waiting for unvoice security patch, that's supposed to be released tomorrow and as soon as we got all binaries compiled for envoy, I think we are ready to go and cut release and the same for I think uh before we will have 1.6.1 and after that 1.7.0 it should be at the beginning of the next week. If I'm correct so yes uh charlie, do you have anything to add for releases.

B

uh No there's kumar 152 as well right.

A

Oh yeah, I did.

A

Right so any question about the releases.

A

If not, then next topic, I think charlie, can cover these adrs.

C

Yes,.

B

uh Yeah, so in the past, uh what we've been doing for proposals for like big features or big changes to kuma has been um docs um like marked down files inside puma that didn't really have any kind of format um what we've been and the process wasn't very well defined. um So what we've been working on now is um to have an adr process and to do this, so it's all defined. Well, do you want to show the old proposals? First yeah?

B

Maybe so these are the old proposals so like there's, no real easy way to identify them, um there's no standardized format, um and so there's sometimes a little bit hard to like reread after the fact and understand really what happened now that we have madr.

B

So we have this here, so the very first magr is to actually use um madr. So if you pick this one yeah, um it actually describes what we do. um The cool thing is actually defining what needs an madr so that people can quickly know whether or not they should go for a design um and so to open it. You just you know, create a time like follow this template, and then you do need to get free approvals on the pr um to get the mhr actually um merged in and yeah.

B

That's about it like it's meant to cover like alternatives. That's been used like the positive and negative outcomes of the selection of the solution being chosen um and and all that so.

B

That's about it, I think.

A

Oh, we have questions.

B

Yeah there's already one that's been approved.

A

Yeah cool.

B

Any questions on this.

D

Nope.

A

Yeah, if um there are no questions, then I think we can discuss this now like the topic that or come up recently or maybe we can at first check if people have like questions in general and so are there any questions.

A

Yeah, in this case,.

C

Yeah.

A

We can we can discuss whatever we want so yeah. um I think lukasz started this topic. So can you please introduce us to the yes.

E

So once someone reported that zone, egress and egress does not expose metrics and it was caused that by not configured listeners for them and because the the zoning recyclers are zone specific, not much specific, it's hard to define the promit use back end for them, because we define prominent use backend for the mesh.

E

So there is like problem how to detect to which, which pro materials should take the metrics. uh It might be some there. It looks like the metrics shouldn't be much specific, more like zone specific or something like this, because uh you mostly want one promise for whole a cluster, and that's that's why I thought maybe the merch specific policies, not all they don't have to be like this same. It comes to the external services. They might be also not the mesh specific and maybe some default policies that you want to apply for all the meshes.

B

Yeah yeah, I guess the the core thing is like. Is there value to have like policies that will apply to every single mesh around right and because they're more like specific to a deployment rather than like to a mesh? And if you take a context where mash is a business unit or a team.

A

I, uh in my opinion, it doesn't make sense to take the policies that we're using for setting some stuff from inbound or outbound and have these type of policies to be available uh for all measures. I think that's kind of breaks, uh isolation that we want to achieve with meshes, but at the same time I get the I get the use case with prometheus.

A

So maybe we should allow define some things globally. Maybe I mean draw the line. What is policy and what is some back-end? You define.

A

For all measures, for example,.

E

Yeah.

D

That makes sense.

E

Some specific things that are not the mesh mesh specific like uh the promise, for example the observability, the whole observability. It shouldn't be for just one mesh.

A

Yeah and at the same time, it should be, or is it a scenario when we want this to be for mesh like pair mesh.

A

Or it's always for all meshes.

E

We could probably support this, but I'm not sure if it's like super use case. Probably if we change that is a breaking change, so we would have to support this.

A

Yeah, uh I just want to make sure that when, when we finally finish the proposal for new policy matching, we will take this into.

B

Account mean, I guess one thing is the bit of observability we're talking about it's not really down to configuring data planes. It's like configuring, external stuff right in that case, it's the permission. It's the back ends for logging, tracing and metrics, and the other example we have is external services right.

B

So maybe.

C

Like.

B

It doesn't fall, sorry finishing just finishing my ideas like maybe it doesn't fall in in the policy matching thing. It's just a thing that is defined.

A

Yeah, it's something that like cluster operator, gives you. uh For example, you have one logging backend in your cluster and you just create and define this, and you can use it from every mesh, so maybe such stuff for logging tracing that you mentioned that exactly should be defined on global class level, not mesh level yeah. I can try to write down what we discussed so backhands for.

A

Yeah, okay,.

A

Anything else to add for this.

B

I guess it might be worth like pointing out external services as well.

A

But then, in this case like, if you create external services, uh it will be added as an outbound to all uh meshes.

B

I guess so yeah, I'm not.

A

Sure.

B

If it's just.

C

Devil's in the gym, I don't know I would do global external service, then like a separate entity.

B

Oh right, yeah yeah, I'm not saying it should be the same thing right. I was just saying like there's a use case for creating an external service and say any mesh in in my kuma. Can access this external service and I don't have to define it end times.

A

Yeah that makes sense to have it as a separate voices and easier from the implementation point of view.

A

The scope is different.

C

Okay, so for matrix horizon egress and ingress, what do we really need to configure.

B

Well, metrics for zoning grasses on ingress is complicated in the context where you have different backends for different meshes right.

C

Okay,.

C

I'm just thinking if we can kind of explicitly configure this on some ingress or some egress object without introducing like more stuff right.

A

Like in the object itself, in some ingress resource,.

C

Yeah, just like we do with a data thing right that you can override the setting of um of matrix in a data plane object if we could follow the same path with some ingress and details.

A

But in this case you have to define uh the backend right, not just.

C

Reference.

A

Backup.

C

Right, you need to define the backend, so that's why I'm thinking? What's this the minimal configuration that you need to have for this right? If this is like three things right sure, maybe it's okay to just define this in the deployment or whatever.

B

I mean the other way is for each backend to be able to scrape zone ingress, and so an egress with like specific filters that will go. Things are outside the mesh right.

B

But it also means that if you have like n meshes, your scrape your zoning rest end times when you could just do it once.

D

Yes,.

C

But.

C

Okay, so also the alternative.

C

Would be to have a global traffic metric.

B

Well, global back-end right and that's what we're talking about.

C

Yeah but global backend would be just the definition of packet right.

C

So then, how do you use this back-end.

B

Well, at the moment for traffic metric, like the definition of the back end, is all there is right.

B

It's like you, define a list of backend and then you have an enabled backend and there's no traffic metric policy.

C

Yes, for now, yes,.

C

But assuming that we have a packet so like would this be a switch on the zomingrass? It's an address.

C

Or would we have like a separate policy that, like livia, said or I don't remember who that that would be like zone scope, essentially.

C

Yeah, but going back to the original question. To be honest, I don't really like an idea of having one object that can be either global, sculpt or mesh scope right like. I hope this will be a separate object. I think we had this discussion about secrets, also yeah.

A

We.

C

Yeah and we have two types of secrets: right, smash secrets in the global school secrets, and I think that was a good decision. I know that there are like more objects now and so on, but at least the scope. Please.

D

This.

C

Copy is kind of clear from this.

A

Yes, so like our sort of conclusion, is that if you need something some logic on global level, just create new resource for this logic, which will work for your global level.

B

Sounds like it.

A

Yeah.

A

Do we have anything else to discuss.

B

Now I mean greg joined, joined us since we passed the q a so like. Do you have anything you want.

F

To chat about.

B

Greg.

F

No, not today I haven't joined in a while, and this time got conflicted a lot, but I was able to jump on today. So, okay.

B

Cool, how like has we've, got to have 10 minutes right like jp and greg like if you want to share a little bit about your experience with kuma like that that'd be great before like, if you just sure.

G

I I'm jp. I work for a broadcasting company we're trying to implement essentially a hybrid. uh You know cloud uh using kong as the api gateway and puma is a service mesh, so we have a diverse amount of uh systems ranging from gms http and some very custom protocols.

G

That's why we want to work at the tcp level, so I'm going to come out right now as a way to leverage some of the you know being at that layer to get you know, connectivity with these different applications.

G

Yeah.

B

Nice uh and so what what's working out with kuma and what? What are the hedge, a bit at the moment.

G

Well, I had a bit of a a bit of a challenge integrating human kong, but I I got around it um and, of course we're using cyber arc conjurer uh for secrets and that's also been a bit of a problem because uh you know the weak kong yeah.

G

uh You know the open api with uh security, sorry uh with uh conjurer, um you know passive secret and so on, but that's more kong than puma so, like I said, I'm just getting my feet wet right now and I joined the community just to see. What's going on.

G

Contribute at one point, I'm assuming it's all gold, relying on using for language.

C

Yeah.

G

Okay,.

B

Cool and greg anything new on your site.

F

uh No um this summer I'm gonna be working on, and I I talked to, I think jacob in the past before this, but I'm going to be working with one of the uh developer advocates of hashicorp and uh developing a vault plug-in that will um manage the token brokering in kuma. um There's some a lot of manual steps to that and a lot of uh pieces that uh we, I think, would be nice to automate, um and I think that those two products would kind of complement each other pretty nicely um so yeah.

F

That's something that I'm going to be working on this summer. I've been digging into kuma a lot lately, because I work in public sector in the u.s and they tend to use kong for their api gateways. um So um I've done some some service measures with console and some other stuff, and there are some. uh Sometimes there can be some challenges to get those to work just quite right because they work slightly different in certain certain areas, so digging into kuma as well.

F

So.

D

Cool thanks.

A

Okay, um if there are no more no more our question, a discussion, hey.

C

I.

A

Have one.

C

Thing if we, if we have a couple of minutes, maybe we can discuss.

D

Six.

C

Okay, but I um yeah okay, so I created a pr that should help us to do a better job with logging in coma and I've written a bunch of conventions that I think we should follow. uh Of course, you are like feel free to argue against them. I'm okay, like just pick one way, uh but I was thinking about this point.

C

So um if you are logging, some action right uh should I log before actually do an action and log again that action is uh done or should I just look before that, or only after that?

C

Do you see what I mean like if I look before and after it's twice as many logs, but at the same time it's kind of nice to see that something has completed right so um right now I've written this, but um because of not producing too many logs, we probably should log only once right and probably it's better to look before an action. So if there is an error, it's kind of clear what was the cause of an error. So um what do you think about this? Can we just.

D

Can't we just like, why isn't the error enough can't we just wrap the air with more information about what went wrong.

C

Sure that is an option, um but sometimes.

C

So we are suggesting that we should only log when we complete something and the error itself should contain information about what is the process that we are running here? Maybe that makes sense.

C

Although then we need to be careful about.

C

Wrapping and like adding this information, but that's kind of like it, has to be done.

D

I think that for like trace or debug level, we could actually log before and after so we know how long the action takes, so you don't have to like hook up any like instrumentation stuff. So you know like performance wise. You know exactly how long the action took, but only for like higher levels or lower levels of vlogging.

C

Yeah, that's why there is a v1 here. So that's the debug level right. So that's intro, that's feedback, but yeah. Maybe this should be the other way around right. So that's that's a new thought. That's a debug! So you have this trace of. How long did it take in both levels.

B

Yeah, I think definitely the double loping should only happen when you once you're in debug, but it can be useful in debug. It's like at least for tracing and getting some telemetry info.

D

Like.

B

Accidental telemetry.

D

Okay,.

A

Are there any like frameworks, no frameworks, but guidelines for big code bases, I don't know like kubernetes, for example, do they have standards, how to work.

C

Yeah, that's a good question. I was writing this by just you know. I went through the code base more or less to just see how we use logging- and I was trying to you- know- write examples of what we are doing right and what we could improve right but yeah. Maybe there are standards with like bigger code bases.

C

Let me check that.

D

Also, another question is: can we enforce that by some sort of a linter? So we don't have to remember.

C

Yeah, so ideally, yes in practice, let's see, I hope so at least some of them.

C

Okay,.

D

Sorry, just one thing: uh maybe you can actually like write custom rules for the goal, link that I don't know if that's possible yeah.

C

Of course, any linking of this should be possible, but I don't know if there is like a built-in south ocean that we can take, or will we like, spend a month implementing this price so uh yeah, let's see okay. uh That was the point that I was the most concerned about. So um thanks for the input and if you have like more suggestions or questions or whatever just um comment, I would love to hear more.

A

Cool thank you and I think we are top of the hour. So thank you. Everyone and have a good day, see you next time. Bye thanks, bye thanks.

G

See ya. Thank you very much. Bye.