►
From YouTube: Kuma Community Call - August 18, 2021
Description
Kuma hosts official monthly community calls where users and contributors can discuss about any topic and demonstrate use-cases. Interested? You can register for the next Community Call: https://bit.ly/3A46EdD
A
Hey
everyone
on
our
biblically
committee
call
and
there's
not
a
lot
of
things
in
our
agenda
today.
But
first,
please
add
you
to
the
attendee
list.
C
C
Yeah
yeah
thanks
jennifer
yeah,
hey.
A
A
I
think
we
will
start
talking
about
this
with
mark
again,
that's
that's
the
good
thing
that
you
mentioned
today,
because
we
can
speak
about
it
more.
So
please
write
these
pr
comments
about
it.
I
will
try
to
make
sure
that
we
will
have
some
answers.
Decisions
about
it.
C
Okay,
yeah,
so
is
this
coming
from
marco
is
that
is
that
why
this
was
introduced.
A
So
I
I'm
not
gonna
say
that
it's
coming
from
somebody
or
somebody
not
it's
like
we
have
to
have
a
discussion
about
it,
so
we
started
the
discussion
but
from
inside
our
team,
and
it's
good
that
we
have
some
communication
from
the
outside
of
the
kind
of
team.
So
we
can
start
talking
about
it
again.
Some
arguments.
C
I've
brought
this
up
in
the
past,
but
it
would
be
really
nice
if
these
kind
of
discussions
happened
in
the
public,
commercial.
E
D
So
I
think
there's
some
new
ones
here,
but
it's
still
like
and
also
like
plus
1000
to
the
discussing
in
sort
of
public
community
channel,
regardless
of
what
is
is
technically
legally
allowed,
like
people
are
more
and
more
aware,
especially
outside
the
us
where
we
tend
to,
I
mean
I
realize
there's
lots
of
non-uwessians
on
this
call,
but
the
u.s
perspective
tends
to
be
well
we'll
do
something
about
it.
D
When
somebody
puts
a
gun
to
our
head,
or
you
know,
we
start
losing
serious
dollars,
because
we
can't
do
business
overseas
anyway,
I'll
stop
but
yeah
that
that
feels
big,
no
matter
what
the
legal
issue
is,
and
I
would
be
really
surprised
to
hear
the
cncf
say:
oh
well
do
whatever.
A
E
E
I
guess
I
have
one
thing:
is
the
pr
for
virtual
outbound
is
open,
which
more
or
less
enables
you
to
define
arbitrary
ports
and
hosts
for
so
I
think,
if
you're
interested
in
it
then
have
a
look
to
check.
It
actually
works.
E
E
E
So
what
virtual
outbound
enables
you
is
to
define
a
template
for
your
host
and
your
port
and
create
dynamically
generate
a
host
name
and
a
port
that
your
service
is
reachable
to
from
the
tags
of
your
service.
So
one
thing
that
this
enables
that
wasn't
it
possible
before
is
to
actually
reach
a
specific
instance
of
a
service,
for
example,
which
is
very
useful
when
you
run
run
anything
stateful
that
needs
to
have
pod
addressability
so
running
kafka,
for
example,
is
one
thing
that
comes
up
quite
often.
F
So
I
have
one
question:
I
think
there
was
one
discussion
which
happened
on
the
community
slack
channel
as
well.
We
we
were
trying
to
use
tracing
feature
and
unfortunately,
the
trace
server
is
serving
https.
F
B
For
the
host
name-
and
we
don't
send
it-
set
transport
socket
to
the
tls,
so
it
seems
it's
probably
http
only.
We
could
add
a
functionality
that
if
the
url
is
https,
we
could
set
the
transport
socket
to
tls.
But
then
you
would
not
have
ca
verification
which
may
be
fine
depending
what
what
you
require.
F
B
Yeah,
absolutely
if
you,
if
you
could
introduce
this,
that
would
be
great.
It
should
be
pretty
simple
right.
F
Just
an
additional
tls
section
right
to
that
yeah
yeah,
als
common
context.
F
Absolutely
check
okay
and
this
this
one
more
thing
I
want
to
like
get
your
feedback
or
some
kind
of
suggestion
around
it.
I
mean
I
think
I
had
brought
it
up
last
a
couple
of
times,
but
now
I
think
it
is
becoming
a
little
serious
for
us.
So
what
I
eventually
want
to
do
is
to
basically
the
gateway
data
plane
right
now
it
has
only
outbound
interface
right
and
and
what
and
and
that
particular
outboard.
F
We
assume
that
there
is
a
kong
gateway
running
on
it,
so
that
it
can
pass
all
the
traffic
securely
on
localhost,
but
we
may
or
may
not
have
the
kong
running
on
the
same
vm
as
the
gateway
and-
and
there
are
like
two
suggestions
or
there
are
like
two
thoughts
that
we
have
as
in
let's
say:
if,
if
the
gateway
is
running
somewhere
else,
and
then
we
need
to
securely
transfer
all
that
all
the
content
from
the
gateway
to
to
to
kuma
gateway
data
plane,
how
do
we
do
that
securely?
F
That's
one
question:
the
additional
thing
is:
let's
say
if
we
just
do
encryption,
but
we
have
a
jwt
token.
In
that
I
mean
we
would
like
to
do
some
kind
of
verification,
whether
the
jwt
is
correct,
and
third
and
third
is
basically,
if
you
look
at
the
entire
topology,
I
mean
gateway
becomes
an
additional
component,
so
can
gateway
be
removed,
and
can
we
leverage
one
of
the
data
pane
itself
to
do
this
functionality,
and
this
is
when
we
enable
mesh.
F
B
Yeah,
okay,
that
makes
sense
so
so
the
first
thing
you
may
you
may
or
may
not
saw
some
prs
that
we
are
working
on
building
gateway
in
kuma,
so
the
gateway
won't
only
work
in
a
way
as
right.
Now
that
you
need
to
have
some
external
gateway,
but
kuma
will
provide
a
built-in
gateway.
B
This
is
work
in
progress.
So
it's
not.
You
can
only
use
this
right
now
as
experimental
if
you
compile
kuma
with
some
cloud
right,
so
it's
not
bitcoin
ready
yet
yeah.
You.
F
F
That
I
think
you
automatically
take
care
of
all
the
comment
that
I
have
right.
I
mean
at
least
the
first
two
is
done,
and
I
mean
if,
if
it's
a
gateway
functionality
that
you're
trying
to
integrate,
that
would
mean
that
you
will
automatically
do
authentication
and
authorization
on
incoming
rights
so
mtls.
If
you
want
to
authorize,
I
mean
that
we
can
do
if
we
want
to
do
jwt
that
that
is
also
something
that
can
be
done.
This
is
this
is
this
is
actually
a
very
good
update
from
you.
F
F
Okay,
so
I
mean
we
can
compile
it
with
some
flags,
but
it
is
not.
I
mean
it
isn't
master,
but
it
is.
It
should
be
compiled
with
some
flags,
as
I
understand
right.
B
Yes,
yeah,
but
that's
really
like
working
progress.
We
only
have
this
one
master,
so
we
can
kind
of
work
on
this
step
by
step
right,
so
we
don't
have
a
gigantic
branch
or
pr
or
something
like
this.
So
I
would
say
it's
a
little
bit
far
from
from
using
this
on
production
at
this
moment,
but
james
who
is
some
who
is
not
on
this
call,
because
he
is
sleeping
right
now
in
australia
is
working
full-time
on
this.
So.
F
B
Yeah
thing
think
the
plan
is
to
have
just
an
instance
of
a
commodity
right
with
that
with
a
slightly
different
syntax
than
the
gateway
we
have
right
now
and
then
there
will
be
a
gateway
object,
that
you
can
select
this
data
plane
and
add
some
listeners
and
tls
configuration
and
so
on.
F
Absolutely
I
mean
my
my
only
suggestion
would
be
like,
because
you're
still
doing
work
in
progress,
I
mean,
if
you
can
get
rid
of
this
extra
component,
I
mean
if,
if
I'm
not
sure
I
mean
you
might
have
to
cater
to
both,
I
mean
kubernetes,
as
well
as
as
as
universal
mode,
both
the
modes,
but
I
mean,
if
you
can,
if
you
can
somehow
get
this
functionality
out
without
adding
an
additional
component
or
additional
onboard,
it
will
be
like
amazing,
I
mean
you
already
support
english
inbound
artwork
I
mean,
maybe
you
can
support
gateway
as
a
third
interview.
B
Yeah,
you
know
that,
like
the
whole
point
of
a
gateway
is
to
have
a
centralized
way
to
receive
requests
and
then
pass
it
to
the
mesh
right.
So
the
extra
component,
meaning
an
extra
puma
dp
instance-
is,
I
think,
required
because
otherwise,
how
would
you
know
which
data
plane
to
hit
to
us
to
support
to
to
get
the
traffic
to
a
proper
service
right?
The
whole
point
is
to
have
just
one
data
plane
to
accept
the
traffic
from
outside
of
the
mesh.
F
F
What
you're
suggesting
is
have
four,
as
in
one
should
receive
it,
and
then
you
should
pass
it
to
front
end
and
and
middle
and
middleware,
and
then
again,
let's
say
back
it,
but
instead
of
that,
the
same
functionality
can
be
tied
up
to
the
front
end
data
plane
all
together
right,
doesn't
then
the
front
end
can
receive
the
the
data
and
then,
depending
on
headers
or
depending
on
path
or
or
some
kind
of
condition.
B
Okay,
that's
interesting!
Technically,
it
could
be
possible,
but
we
adopted
the
same
approach
for
egress
right.
So
if
you,
for
example,
want
to,
if
you,
if
you
have
external
service
right
it,
the
configuration
is
applied
on
the
sidecar
data
plane.
B
And
then
you
don't
have
like
a
separate
egress
component
and
as
far
as
I
know,
the
result
of
this
was
that
many
users
and
customers
said
that
they
would
very
much
prefer
to
have
a
separate
component
that
would
handle
such
requests,
because
it's
much
easier
to
control
this.
F
Yeah,
I'm
with
you
I
mean
I
I
understand
I
mean
what
we
just
explained
does
make
a
lot
of
sense,
but
there
are.
There
are
also
like
cases
where
the
entire
kuma
now
needs
one
additional
component
right.
I
mean
two
additional
component
and
to
justify
the
cost
of
maintaining
that
on
a
separate
infrastructure.
F
That
also
needs
to
be
like
something
that
that
that
that
we
can
that
will
have
to
weigh
in
and-
and
that
is
why
I
basically
suggested
I
mean
if,
if
it
can
be
a
software
instance
which
can
be
applied
on
on
an
existing
data
plane
or
if,
if
somebody
wish
to
like,
have
a
separate
infrastructure
to
host
the
gateway
or
the
egress,
I
mean
they
can
as
well.
Do
that.
So
I
mean.
F
B
F
B
B
I
see
but
then
but
then
okay,
but
then
you
need
to
put
a
load
balancer
in
front
of
those
gateways
right
so
that.
F
I
have
to
do
anyway
now
that
you're
funneling
everything
from
one
gateway.
I
mean
you
can't
have
one
single
point
of
failure
right,
so
you
will
have.
B
B
Yeah
yeah,
okay,
I
think
I
understand
this.
Would
you
be
willing
to
describe
this
on
the
kumas
slack
on
the,
for
example,
community
channel
and
king
james.
F
F
The
gateway
functionality
that
you
are
adding
jacob
are
you
considering
jwd
verification.
B
Yeah
sure,
eventually,
yes,
I'm
not
sure
if
this
will
happen
in
the
very
first
version,
because
of
course,
the
the
most
important
thing
is
to
have
a
routing
and
tls
support
right.
But
even
if
this
will
not
ship
in
the
initial
version,
we
will
eventually
add
this,
because
that's
very
common
use
case
right.