►
From YouTube: Kuma Community Call - December 8, 2021
Description
Kuma hosts official monthly community calls where users and contributors can discuss about any topic and demonstrate use-cases. Interested? You can register for the next Community Call: https://bit.ly/3A46EdD
A
Okay,
I
think
we
can
start
so
hello.
Everyone
welcome
to
the
monthly
kumo
community
call.
Today
we
have
two
topics,
at
least
for
the
edge
band.
First,
we
released.
I
think
it
was
two
weeks
ago
or
kuma
1.4.0.
A
And
we
can
briefly
look
at
the
changelog.
A
lot
of
things
were
done,
and
all
of
them
are
great
a
lot
of
bug
fixes
and
to
highlight
something.
I
think
this
is
user.
Token
support.
So
now
you
can
authenticate
yourself
to
api
with
a
user
token,
and
what's
next,
probably
some
performance
improvement
as
well.
Correct
me
if
I
wrong
poll.
A
Yes,
so
cool
also,
what
personally
I
was
working
on
it's
machinery
for
building
convoys
from
sources.
I
think
it's
really
convenient
now.
So
if
you
want
to
experiment
with
this
using
kuma
service
mesh,
it's
now
really
simple.
There
is
readme
file.
You
can
get
familiar,
I'm
talking
about
this
specific
change.
A
A
There
are
some
comments
and
you
also
feel
free
to
ask
any
questions
or
left
any
comments,
so
why
we
need
sound
ingress.
There
are
at
least
two
reasons
why
you
want
something
zone
egress.
A
This
is
security
reasons,
it's
just
much
easier
to
configure
your
firewall
rules
if
your
traffic
goes
external
from
one
point
in
the
cluster
and
another
reason
is
private
network
support
today.
If
you
want
to
consume
external
service,
we
do
this
right
from
the
envoy
right
from
the
application
on
the
board
and
if
you're
not
doesn't
have
public
public
interface
public
network
interface,
then
it
just
won't
work.
So
eagers
can
solve
this.
And
essentially,
if
you
want
your
traffic
to
go
external
now,
it
will
be
possible
to
make
it
through
egress.
A
A
That
don
ingress
will
affect
is
zone
igress
and
external
services.
So,
like
I
already
said
now,
we
consume
them
from
the
application
underway
and
we
want
to
consume
external
service
from
zone
ingress
and
another
is
how
we
consume
how
multi-zone
traffic
works.
Today
we
have
zone
ingress,
so
traffic
from
the
android
goes
directly
to
another
clusters
in
ingress,
but
we
want
to
add
another
hope
to
this
chain.
A
So
traffic
will
leave
the
cluster
through
this
stone
increase.
There
is
some
some
stuff
how
it
affects
policies,
essentially
a
long
story
short.
It
will
enable
us
to
support
fair
rate
limit
and
fault
injections,
because
today
you
can't
do
fault
injections
for
external
services
and
rate
limit
for
external
services
configured
on
the
outbound,
and
we
will
do
this
on
the
inbound
yeah.
Some
ideas,
how
we
can
provide
migration
and
to
make
it
easier
and
some
implementation
fund
how
we
want
to
split
this.
So
that's
pretty
short,
feel
free
to
read:
ask
any
questions!
A
B
Yeah
yeah,
so
it's
one
thing
for
a
long
time.
Well,
you
probably
all
know
that,
like
most
of
the
contributors
of
kumar
are
actually
part
of
kong,
the
company
and
so
for
historical
reason.
A
law
of
the
work
that
the
engineers
on
kong
was
were
working
on
was
actually
very
opaque
to
the
community
because
they
were
tracked
in
a
internal
black
tracker.
B
We've
now
moved
everything
that
is
related
to
puma
kuma
inside
github
issues
and
as
part
of
that,
we're
also
adding
a
triage
process
to
keep
sure
that
we
clean
that
up.
So,
if
you
go,
can
you
go
to
kumihq.github.
B
Right
in
github,
we
have
a
project
management,
markdown
file,
and
it
explains
a
little
bit
this
this
triage
process.
It
might
like
probably
help
you
like
figure
out
like
if
your
issue
is
being
looked
at
or
not,
and
we
also
have
these
like
needs
information
labels
and
and
cannot
reproduce.
So
if
you
wanna,
you
know,
if
you're
concerned
about
your
issues,
just
don't
hesitate
to
just
ping
one
of
the
one
of
the
reviewers
and
and-
and
let
us
know
that's
a
any
question.
A
C
To
kuma,
although
kind
of
influencing
the
direction
of
like
token
management,
but
I
am
working
with
nicholas
jackson
from
hashicorp,
and
I
think
next
week
we're
going
to
work
on
creating
a
vault
plug-in
to
manage
kumo
tokens
through
vault,
so
that
we
can
then
use
that
to
have
vault
distribute
the
tokens
inside
of
nomad.
C
So
that
is
that
is
kind
of
what
we've
been
working
on,
and
so
with
that
we
were
discussing
with,
and
there
was
another
guy
that
I
was
talking
to.
Who
I
do
not
believe
is
on
this
call:
kristoff,
oh
jacob,
but
then
also
kristoff,
I
think,
was
his
name
because
nick
had
known
him,
yeah
kristoff
worm.
C
A
C
Yeah
so
he
had
kind
of
talked
about
that
and
then
he
had
gone
and
found
out
some
information
about
the
tokens
but
yeah.
C
We
were
asking
some
questions
about
like
lifetime
of
the
the
data
plane
tokens
and
could
you
revoke
them
and
and
if
they
expired,
and
things
like
that,
so
that
we
could
kind
of
manage
the
rotation
of
that
process
through
vault,
I'm
already
excited
with
the
1.4
release,
as
it
got
away
from
me
having
to
leverage
the
certificates
for
for
accessing
the
api
as
a
client
that
already
made
life
really
nice,
where
I
can
actually
take
with
the
vault
plug-in.
I
think
we're
gonna
do
we'll
have
it.
C
Where
not
only
can
we
give
it
an
admin
token,
but
then
we
can
have
it
rotate
its
own
admin
token.
So
then
vault
is
the
only
really
accessor
of
that
that
admin
token
with
its
auto
rotation.
It
should
be
some
it's
very
similar
to
the
way
a
database
provider
works
in
involved
being
able
to
issue
out
those
tokens.
So
I'm
excited
about
that
and
I
think
that'll
make
running
kuma
on
top
of
nomad
a
pretty
nice
experience.
C
C
I,
although
I
have
found
I'm
in
the
process
of
looking
to
implement
a
service
match.
I
looked
heavily
at
console,
but
console
is
very
digging
digging
much
more
into
the
kubernetes
route
right
now
than
they
are
kind
of
servicing
a
more
universal
approach.
So
I
ended
up
getting
connected
up
with
claudio
from
kong,
who
did
push
me
towards
kuma,
so
that's
kind
of
where
I've
been
digging
digging
at
and
we're
looking
at
mocking
up
some
some
stuff,
I've
run
it
on
kubernetes
and
it
works
nice
there.
C
But
I
I
think
kubernetes
could
be
too
complex
for
what
we
need
to
implement,
and
so
I'm
looking
at
running
it
on
top
of
nomad
instead.
So.
B
Okay,
for
you
might
wanna
contact
the
folks
from
koh
yap
because
they
do
run
kumao.
On
top
of,
I.
C
Reached
out
to
them
through,
like
linkedin,
based
on
an
article,
I
read
that
they
they
post,
where
they're
running,
I
think
kumo,
on
top
of
it
and
they're,
even
using
what
fire
starter
they're
running
like
local.
C
Firecracker,
that's
what
it
is:
firecracker
yeah,
which
I
thought
was
really.
I
was
really
intrigued
at
that
leveraging
the
container
d
driver
for
that,
but
yeah
like
if
someone
could
put
me
in
touch
with
them.
I'd
love
to
talk
to
them.
C
A
C
Are
you
guys
all
in
you
guys
are
all
in
the
the
poland
time
zone?
Is
that
correct.
A
Not
really
some
people
in
u.s
some
people
in
europe.
C
A
Night,
if
they're
sleeping
yeah,
but
we
also
have
people
in
australia,
so
we
cover
all
okay.
C
A
So
anything
else
we
wanted
to
discuss
or
we
can
wrap
this
up.
What
do
you
think
guys.
A
Sounds
good
craig
if
you
can.
Please
keep
us
posted
about
this.
B
A
C
Yeah,
definitely
definitely
I
mean
I
think
I
mean
I
like
the
approach
of
having
like
I'm
a
big
fan
of
vault
and
how
it
it
controls.
You
know
tokens
and
secrets,
and
things
like
that,
so
I
mean,
I
think,
that's
worthwhile,
even
if
you
chose
another
way
to
run
it
whether
it
was
on
local
machines
or
you
could.
A
Okay,
cool
in
that
case,
thank
you.
Everyone
have
a
nice
day
and
see
you
see
you
later
bye,
bye,.