►
From YouTube: Kuma Community Call - November 9, 2022
Description
In this week's call, we discussed:
- Kuma 2.0
- eBPF
-Understanding new policies https://kuma.io/docs/2.0.x/policies/targetref/
A
Hello,
everyone
welcome
to
the
Kumo
Community
call.
So
please
add
your
name
to
the
attendee
list
and
also
please
are
there
any
topics
you'd
like
to
discuss:
hey
Philip
yeah.
So
today
we
will
speak
shortly
about
Kumo
2.0
that
we
released
last
week.
I
think
yeah
I
think
the
most
important
features
are
ebpf
and
from
the
new
policies
and
also
many
more
improvements.
Maybe
Bart
can
can
give
us
some
update
on
the
BPF
or
Lucas.
B
Yeah
yeah,
so
we
have
like
a
two
modes
of
EPF.
Currently
you
can
install
evpf
on
kubernetes
using
cni,
which
is
a
or
you
can
use
the
containers
with
your
program
installed.
Both
are
at
this
point.
Experimental
still
so
feel
free
to
play
with
like
find
some
bugs
send
like
issues
if
they
are
happening
or
send
comments
to
us.
A
A
New
policies
have
a
new
Target
draft
object
that
you
can
use
to
select
proxies
and
other
stuff.
We
can
look
through
this
documentation
right
now,
so
new
policies
they
have
metadata
and
the
spec
and
metadata
is
something
that
we
already
had
in
policies
before
you
have
type
name
and
mesh
and
then
kubernetes.
It
looks
slightly
different,
but
the
idea
is
the
same
new
policies.
A
You
can
now
filter
your
policies
by
mesh,
and
then
you
have
spec
and
in
Spec
you
have
a
top
level
Target
draft
which
identifies
which
proxies
this
policy
applies
to,
and
you
also
can
go
even
like
further
narrowing
and
you
can
have
two
lists
and
from
least
and
two
or
Target
ref
field
defines
rules.
That
applies
to
outgoing
traffic
of
proxies
selected
by
Target
trap
and
the
same
from
from
Target's
reference
from
list
defines
rules.
That
applies
to
incoming
traffic
of
proxy
selected
by
Target
track,
and
there
are
some
examples.
A
So
this
is
just
example
policy.
We
don't
have
such
policy,
but
it's
just
for
purpose
of
visualization.
You
can
have
two
mesh,
which
means
that
this
value
applies
to
all
outgoing
traffic
of
the
proxy
and
same
with
from.
If
you
have
mesh,
it
means
that
it
applies
to
all
incoming
traffic.
A
Yeah
ER
policy
not
necessary,
should
have
a
direction
to
or
from
it
can
have.
Neither
of
these
like
this
example-
and
we
already
have
policies
like
mesh
trace,
for
example,
that
doesn't
have
to
or
from
but
we
we
can
chat
about
this
later
so
yeah.
Here's
a
section
how
you
write
your
target
draft.
The
idea
is
borrowed
from
the
kubernetes
Gateway
API,
and
it's
described
in
madr
number
five
link
is
in
the
docs,
so
dark
distract
has
kind
which
is
mesh
for
subset
mesh
service.
A
Mesh
service,
subset,
smash,
Gateway
route,
and
you
have
name-
and
you
also
can
have
tags-
and
here
are
a
short
description
of
each
of
these
kinds
so
mesh.
It
means
it
applies
to
all
proxies
in
the
mesh
mesh
subset
it's
the
same,
but
you
have
tags
that
you
can
select
some
a
subgroup
of
proxies.
You
can
have
much
service
and
essentially,
if
you,
if
you
have
a
tag
with
the
this
name
with
the
name
from
from
here,
our
Mastery
subset
is
the
subset
of
the
service
and
match
Gateway
routes.
A
You
should
have
an
object
that
get
the
route
in
your
cluster
with
this
name.
So
more
example.
This
example
is
already
with
existing
posts
in
mesh
access
log
yeah.
It
covers
how
can
you
utilize
new
Target
traps
yeah
for
each
new
policy?
We
have
the
following
table
metrics.
That
shows
what
kind
where
this
kind
can
be
used
only
in
top
level
section
or
into
array
or
in
from
array,
and
this
Matrix
exists
for
every
new
policy
we
created.
A
So
we
think
it
should
be
easier
to
see
what
kind
can
be
applied
where
yeah
then
merging
configurations.
We
decided
that
all
selected
to
and
from
at
least
they
are
concatenated,
and
then
we
merge
configuration
for
each
unique
subset
of
to
and
from
so
I
think
it
would
be
better
to
everyone.
Look
into
example
and
try
to
like
understand
how
it
works.
I,
don't
know
if
it's
worth
or
any
trying
to
explain
this
right
now
but
yeah.
A
B
C
D
C
You
go
to
the
introduction
in
the
policies
section
like
yeah,
the
first
bit
like
introduction
right,
yeah,
there's,
actually
a
table
actually
there's
a
link
missing
that
Maps,
the
old
policies
with
the
new
policies
with
n
a
when
they're
not
implemented
yet
so.
A
Yeah
we
also
explained
oh
yeah
I,
don't
know
if
people
want
to
read
the
medr,
but
we
explained
why
we
don't
want
to
replace
the
existing
policies,
but
we
want
to
create
new
policies.
That
is
like
alternative
policy
for
existing
one,
to
simplify
the
migration
from
old
policies
to
new
policies.
Yeah
and
like
Charlie
mentioned
for
traffic
local.
We
now
have
mesh
access
log
for
traffic
Trace.
We
have
mesh
trace
and
for
traffic
permission
we
have
mass
traffic
permission
without
the
link,
but
we
will
fix
that
yeah.
We
have
three
new
policies.
A
A
A
C
Yeah
I
guess
one
point
is
we're
planning
on
rolling
out
all
these
new
policies
in
the
coming
version
is
the
target
so
beginning
of
next
year.
We
should
have
all
the
new
policies
implemented.
A
And
yeah
this
is
it
so.
Thank
you.
Everyone
for
joining
have
a
nice
end
of
the
day
and
see
you
next
time.
Sorry.