Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kong / Kuma Community / 9 Nov 2022
Kong / Kuma Community / 9 Nov 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Kuma Community Call - November 9, 2022

Description

In this week's call, we discussed:
- Kuma 2.0
- eBPF
-Understanding new policies https://kuma.io/docs/2.0.x/policies/targetref/

A

Hello, everyone welcome to the Kumo Community call. So please add your name to the attendee list and also please are there any topics you'd like to discuss: hey Philip uh yeah. So today we will speak shortly about Kumo 2.0 that we released last week. I think yeah I think the most important features are ebpf and from the new policies and also many more improvements. Maybe Bart can can give us some update on the BPF or Lucas.

B

Yeah now or yeah.

A

Yeah now please yeah go ahead.

B

Yeah yeah, so we have like a two modes of EPF. uh Currently you can install evpf on kubernetes uh using cni, which is a or you can use the containers with um your program installed. Both are um at this point. Experimental still so feel free to play with like find some bugs send like issues if they are happening or send comments to us.

A

Yeah, thank you and I wanted to chat quickly about new policies.

A

uh Here's a new page in Kumar 2.0 and new page understanding, Target track policies so, which is new policies which are new policies.

A

um New policies uh have a new Target draft object that you can use to select proxies and uh other stuff. We can look through this documentation right now, so new policies they have metadata and the spec and metadata is something that we already had in policies before you have type name and mesh and then kubernetes. It looks slightly different, but the idea is the same new policies.

A

It was mentioning that new policies, they are namespace scope crds on kubernetes, but you can put only Kuma system namespace at that moment and yeah and yeah, and we also put mesh as a label for new policies because it's convenient with Cube cuddle.

A

You can now filter your policies by mesh, and then you have spec and in Spec you have a top level Target draft which identifies which proxies this policy applies to, and you also uh can go um even like further narrowing and you can have two lists and from least and two or Target ref field defines rules. That applies to outgoing traffic of proxies selected by Target trap and the same from from Target's reference from list uh defines rules. That applies to incoming traffic of proxy selected by Target track, and there are some examples.

A

So this is just example policy. We don't have such policy, but it's just for purpose of visualization. You can have two uh mesh, which means that this value applies to all outgoing traffic of the proxy and same with from. If you have mesh, it means that it applies to all incoming traffic.

A

Yeah ER policy not necessary, should have a direction to or from it can have. Neither of these like this example- and we already have policies like mesh trace, for example, that doesn't have to or from but we we can chat about this later so yeah. Here's a section how you write your target draft. The idea is borrowed from the kubernetes Gateway API, and it's described in madr number five link is in the docs, so dark distract has kind which is mesh for subset mesh service.

A

Mesh service, subset, smash, Gateway route, and you have name- and you also can have tags- and here are a short description of each of these kinds so mesh. It means it applies to all proxies in the mesh mesh subset it's the same, but you have tags that you can select some a subgroup of proxies. uh You can have much service and essentially, if you, if you have a tag with the this name with the name from from here, our Mastery subset is the subset of the service and match Gateway routes.

A

You should have an object that get the route in your cluster with this name. So more example. This example is already with existing posts in mesh access log yeah. It covers how can you utilize new Target traps yeah for each new policy? We have the following table metrics. uh That shows what kind where this kind can be used only in top level section or into array or in from array, and this Matrix exists for every new policy we created.

A

So we think it should be easier to see what kind can be applied where yeah then merging configurations. We decided that all selected to and from at least they are concatenated, and then we merge configuration for each unique uh subset of to and from so I think it would be better to everyone. Look into example and try to like understand how it works. I, don't know if it's worth or any uh trying to explain this right now but yeah.

A

This is the point of this is just to show that there is a new policies we have docs for them, so yeah please go and try and give us your your feedback. So this is the idea of this small presentation.

A

uh Any questions for this.

A

You can maybe show that we have masteries.

B

And much like the slogan like the new policies that are on the bottom of the types of the sidebar.

C

If.

D

You if.

C

You go to the introduction in the policies section like yeah, the first bit like introduction right, yeah, there's, actually a table actually there's a link missing um that Maps, the old policies with the new policies um with n a when they're not implemented yet um so.

A

Yeah we also explained oh yeah I, don't know if people want to read the medr, but we explained why we don't want to replace uh the existing policies, but we want to create new policies. That is like alternative policy for existing one, to simplify the migration from old policies to new policies. Yeah and like Charlie mentioned for traffic local. We now have mesh access log for traffic Trace. We have mesh trace and for traffic permission we have mass traffic permission without the link, but we will fix that yeah. We have three new policies.

A

They marked as beta in the brackets, so yeah.

A

You could you can you can use them any other questions.

A

Or if we don't have questions about Target draft, we can just have time for any questions. So do people have questions about Kuma in general,.

A

Foreign.

A

Yeah we have, we have Shane, we have Eric uh yeah guys. Any specific reason you came today to this community call maybe discuss something.

C

Specific I just wanted to come in and check it out.

C

Yeah saying I didn't have a customer call right now, so I I wanted to have a luxury of jumping in and listening.

A

Yeah yeah, if nothing specific, we oh I, think we can wrap this up.

C

Yeah I guess uh one point is um we're planning on rolling out all these new policies um in the coming version is the target so um beginning of next year. um We should have all the new policies um implemented.

C

um Yeah.

A

And yeah this is it so. Thank you. Everyone for joining uh have a nice end of the day and see you next time. Sorry.

D

To say.

A

Everyone bye thanks.