►
From YouTube: Kuma Community Call - May 10, 2023
Description
Demo: how to create a new policy from scratch
Kubernetes probes (particular gRPC)
Please open an issue
A
So
agenda
today
is
not
very
packed,
so
we
have
a
demo
that
I
will
show
how
to
create
new
policy
from
scratch
like.
If
you
want
to
contribute
to
Kuma.
It's
pretty
easy
to
create
new
policy
and
I'll
show
how
then
we
will
have
time
for
Q
a
and
maybe
discuss
princess
probes
yeah,
so
we
have
yeah.
Is
it
correct.
A
Not
sure
everything
so
yeah
if,
for
example,
you
just
it
was
browsing
web
and
you
notice
that
Android
has
a
lot
of
capabilities.
That
Kumar
is
not
supporting
at
that
moment
and
you
want
to
have
something
you
want
to
use
something,
but
you
don't
want
to
use,
maybe
proxy
mesh
proxy
patch
or
proxy
template
or
then
you
can
create
policy.
So,
for
example,
you
notice
that
there
is
a
compressor
in
Envoy,
so
you
can
compress
requests
with
different
algorithms
and
you
want
to
contribute
that
you
can
do
that.
Pretty
simple!
A
You
go
to
the
IDE,
you
search
for
new
policy
file,
that's
in
the
guides,
docs
slash
guides
directory
and
this
guide
tells
you
what
exactly
you
should
do.
So
there
is
a
comment
you
can
copy
that
you
can
open
terminal.
You
paste
this
command,
so
it
says
or
name
of
the
policy.
For
example,
we
will
use
mesh
compressor,
as
you
can
see.
I
already
did
that
compressor
yeah.
Then
you
select
what
type
of
policy
you
want
to
generate.
A
It
can
be
either
outbound
or
inbound
policy,
or
maybe
it
can
be
inbound
and
outbound
policy
at
the
same
time.
So
if
this
is
outbound
policy,
we
will
add
flag
generate
to
section
and
yeah
we
have
forcedures
to
override.
If
we
have
some
garbage
in
this
directory
so
yeah
we
can
run
this
command
and
this
comment
creates
directory
inside.
A
So
let's
take
a
look,
it's
package
and
then
plugins
and
then
policies,
and
then
we
have
our
mesh
compressor
directory
and
we
have
all
these
files.
You
can
open
this
one.
That's
called
mesh
compressor.
The
next
thing
you
should
do
I'm
pretty
sure
we
have
this
here,
yeah.
If
you
want
your
policy
to
be
not
in
demo,
not
as
demo,
but
for
real.
You
should
remove
this
skip
registration
bit.
So
let
us
do
that
and
then
you
can
see
that
there
is
already
Target
draft
and
two
sections
that
we
generated.
A
The
only
thing
you
should
do
is
Define
conf
right
there
and
we
can
Define
new
type,
for
example,
compressor
type
which
is
string,
and
then
we
can
Define
some
constants.
A
A
Yeah
so
we
generated
oh
these
policy
and
we
can
check
now
what
files
do
we
have
so
the
first
one
I
already
explained.
This
is
ghost
truck
that
defines
the
schema
of
your
policy,
but
at
the
same
time
you
also
have
schema
in
yamo
format,
so
you
can
validate
this
yeah
or
if
you
do
make
check
it
will
regenerate.
Actually,
all
everything
yeah,
that's
true
yeah
you
have
schema
and
Kumar
are
real,
validate
resources
that
user
creates
using
this
schema.
A
A
There
is
also
kubernetes
section
where
you
have
customer
Search
definition
and
you
have
yeah.
You
have
plugin,
that's
the
part
where
you
will
put
your
XDS
configuration,
so
you
will
check
the
policies.
That's
coming
into
this
method.
You
will
take
all
the
resources
that
were
already
generated
and
you
can
create
the
actual
compressor
by
looking
at
the
policies
that
were
matched
for
your
proxy.
A
So
this
is
pretty
much
it
that's
what
you
have
or
if
you
call
this
comment
and
I,
think
it's
pretty
simple,
so
feel
free
to
contribute
new
policies
into
Kuma,
and
let
me
do
do
you
have
any
questions
for
this.
C
Right,
just
you
know,
I
don't
know
it's
probably
a
simpler
one
is
mesh
twice.
For
example,.
A
A
Yeah,
so
you
take
policies
from
this
Dynamic
map.
You
take
a
mass
Trace
type
that
you
want
to
implement,
and
then
you
check
the
rules
that
we
matched.
You
also
can
find
them
in
the
policy
structure.
A
I.
Usually,
oh
you
do
something
like
that.
Like
apply
to
inbounds
imply
to
apply
to
outbounds
methods
in
case
of
the
new
policy
compressor,
it
will
be
only
applied
to
outbounds
methods,
yeah
and
then
you
just
take
a
data
plane,
you
iterate
over
the
outbounds
and
you
call
configure
listener
or
something
like
that,
and
in
this
listener
this
is
already
Android
structures.
So
you
take
listener.
You
iterate
over
filter
chains
and
you
configure
each
filter
chain
respectively.
I.
C
A
C
A
A
A
A
And
if
we
go
to
the
browser
and
check
the
will,
we
see
this
and
go
here.
A
A
Yeah
and
exactly
and
if
you
check
mesh
compressor
arrest.tiamo,
there
is
Swagger
that
has
already
method
defined.
That's
why,
if
so,
should
work?
I,
think
if
you
do
just
this
so
yeah
you'll
see
that
these
endpoints
already
defined
in
coma.
C
A
Yeah,
so
everything
out
of
the
box
yeah
and
you
just
have
to
implement
validation
and
XDS
configuration
right.
So
pretty
simple.
A
Yes,
so
we've
no
more
questions
for
this
and
then
oh
thanks,
so
yeah
I
think
we
can
move
forward.
I,
think
q
a
can
be
the
last
part,
so
yeah,
let's
discuss
our
comprehensive,
prompts.
A
So
am
I
saying
the
name
correctly.
Is
it
Yan.
D
Oh
hello,
hello,
hello,
sorry,
yes,
that's
correct!
My
name
is
and
I
have
joined.
I
have
joined
this.
This
meeting
as
currently
we
are
working
more
and
more
with
Kumar,
and
we
are
applications
also
need
to
be
more
reliable.
So
we
are
kinda
struggling
a
bit
with
the
kubernetes
probes,
most
particular
the
grpc
one.
D
So
basically
I
just
wanted
to
ask
that
if
there
is
any
roadmap
for
such
topic,
as
it's
currently
I'm,
not
sure
if
it's
correct
but
looks
like
it's
not
covered
by
Kuma
I
mean
by
the
Sidecar.
So
we
are
looking
for
workarounds
how
to
Simply
keep
our
applications
on
that
level
as
we
need
I
mean
the
availability
level
so
yeah,
basically,
that's
it.
So
how
you
deal
with
the
grpc
applications
for
now
guys
that
that's
that's
the
main
point.
B
Yeah
I
guess
I
can
I
cannot
answer
this
a
little
bit
because
we
we
have
grpc
applications
in
our
Cloud
offering
and
we
also
use
command
or
Cloud
offering
well
yeah,
and
usually
the
pattern
that
I
saw
is
that
there
is
a
separate
HTTP
server
that
is
used
for
you
know
serving
Readiness
probe
and
Matrix
and
diagnostic
stuff
like
that
right
and
so
basically,
then
you
use
HTTP
probe,
which
we,
which
we
support,
and
you
in
a
way
that
you
probably
looked
into
right,
that
we
we
have
this,
this
virtual
probe
concept
that
we
override,
where
it
is
probes,
so
kubernetes
can
contact
only
this
one
endpoint
without
ntls
right.
B
B
Yeah,
okay,
so
yeah
we
definitely.
We
definitely
don't
do
anything
about
this
right
so
like.
If
we
don't
override
those
kind
of
probes,
then
then
we
have
basically
this
problem,
that
application
is
secured
by
ntls,
right
and
kubernetes
is
trying
to
like
contact
the
application,
Enterprise
and
TLS,
and
it
cannot
do
pro
right.
This
is
yeah.
This
is
probably
what
you
saw.
B
Yeah
I
think
we
haven't
discussed
this.
Probably
we
could
do
a
similar
thing
like
we
do
with
HTTP
probe
that
we
kind
of
override
this,
but
I'm
not
sure
how
that
would
work
with
grpc.
So
we
can
only
expose
like
one
methods.
Let's
say
how:
how
does
it
work
like
with
a
grpc?
Can
you
specify
like
a
method
or
just
parting?
That's
it.
D
It's
actually
specified
by
by
that
Health
house
configuration
actually
on
on
there.
It
is
Health
checking
Health
checking
interface.
It
should
have
it's
kind
of
it's
specified
by
grpc
Community
itself.
Actually
you
can
you
have
a
link
in
front
of
you.
It's
on
the
top
of
the
page
here,
I
think
so
so
maybe
you
can
yeah.
This
is
this.
A
A
A
D
Basically,
the
yeah,
as
you
said
before,
the
Puma
is
just
blocking
this
communication
right
now,
so
we
are
not
able
to
reach
peace.
Endpoint.
C
B
Yeah
yeah,
we
yeah,
we
definitely
can
right
because
with
HTTP
we
are
exposing
only
like
specific
paths
right.
We
could
do
the
same
here,
because
this
service
is
exposed
like
under
the
hoods
in
HTTP
to
under
some
specific
path.
So
we
can
only
like.
We
could
only
pull
out
this
path
for
health
checking
and
that
would
work
yep,
it's
just
it's
it.
It
requires
an
implementation
on
the
on
our
side,.
D
Sure
do
it
sure
I'm
I'm
definitely
up
to
it,
and
we
can
also
test
it
in
our
environment
if
it
works
well
and
give
you
the
feedback
afterwards,
okay
and
then
it
will
be
like
plenty-filled
used
in
our
environment,
because
we
really
rely
on
grpc
applications
and
yeah.
It's
traffic,
also
oh
kinda,
it's
growing
day
by
day.
So
definitely
something
what
we
should
going
to
utilize.
And
you
know
the
containers
are
dying
or
not
really
helpful
all
the
time.
So
this
probe
will
be
very
helpful.
C
C
And
then
we'll
make
sure
we
will
catch
it
and
you
know
add
the
code
pointers
to
help
you
like
figure
out
where,
where
this
needs
to
be
added
and
add
a
bit
of
context
and
then
we'll
we'll
like
feel
free
to
ask
more
questions
on
the
slack
and
stuff
and
and
someone
from
the
team
can
can
help
you
get
your
contribution
home.
If
that
sounds
good.