►
From YouTube: Kuma Community Call - July 7, 2021
Description
Kuma hosts official monthly community calls where users and contributors can discuss about any topic and demonstrate use-cases. Interested? You can register for the next Community Call: https://bit.ly/3A46EdD
A
Yeah,
I
would
also
need
to
open
the
changelog,
but
mostly
the
release
was
because
of
some
fixes
that
we
that
we
detected
and
from
the
feature
standpoint
one
semi
feature-
was
that
in
external
services
we
are
now
including
sni,
if
you
are
connecting
via
tls.
A
So
if
your
external
service
is
behind
the
load
balancer
that
requires
cessna
to
balance
this
traffic.
We
now
said
this,
and
also,
I
think
sadiq
2
is
on
the
call
he's
so
he's
contributed.
The
advertised
address
functionality,
so
you
can
now
kind
of
hide,
hide,
comma
dp
with
application
or
run
commodity
in
docker,
and
you
know
buying
to
a
real
address
which
is
available
in
docker.
But
the
advertised
address
is
something
else
which
is
rootable
in
a
cluster.
B
B
The
next
thing
I
remember
is,
is
oh,
I
don't
remember
time.
Is
there.
D
D
D
He
was,
I
was
testing
with
him
this
week
on
twitter
and
he
was
pretty
unhappy
that
the
the
current
kuma
prometheus
sd
crashed
his
computer,
which
was
yeah
not
not
great.
It
resulted
in
a
few
bug
tickets,
but
I
think
that
left
a
rather
poor
taste
in
his
mouth
why?
He
wanted
to
run
that
was
beyond
me,
but
yeah.
E
B
E
E
B
B
Yes,
so
there
was
actually
a
bag,
for
I
don't
know
for
how
long,
but
the
last,
for
the
last
at
least
few
days,
the
cucutal
kilmer
cattle
version
on
homebrew
was
broken
and
from
like
yesterday
or
the
day
before
yesterday
it
is
fixed
now.
So
if
you
will
have
any
problems
and
if
the
manifest
generated
by
puma
cattle
install
control
plane
will
have
the
unknown
version
in
it,
the
suggestion
is
to
uninstall
kuma
cattle
and
install
it
again
and
homebrew
will
use
the
new
fixed
formulas
to
build
it.
E
Yeah,
we
are
doing
we're
doing
kong
builders
again
this
friday,
so
this
friday
we'll
build
start
building
out
like
a
new
application
and
start
wiring
it
up
from
kind
of
the
ground
floor
inside
of
mesh,
so
it'll
be
building
on
the
previous
episodes
11am
pacific
time.
Other.
C
Hey
yeah
thanks
thanks
for
the
release
so
because
it
was
good
actually.
A
C
Have
picked
it
up
and
then
we
are
going
to
try
it
out
now.
Perfect,
that's
good.
B
As
always,
if
you
have
any
problems
put
it
on
our
communities
like,
we
will
do
our
best
to
help.
C
B
Even
if
actually
the
build
coordinates
by
us
and
injected
into
qmrdp
by
default
currently
is
a
very
small
version
of
core
dns,
with
just
the
basic
set
of
features.
So
it's
not
like
a
fully
fledged
heavy
coordinated
version,
but
you
always
can
disable
it
it's
definitely
it's
from
this
version
is
just
enabled
by
default,
but
you
can
using
one
flag,
disabled.
C
B
So
actually,
there
are
a
few
few
things
which
this
solution
can
help
and
improve.
One
of
those
is,
for
example,
if
the
human
cp
is
down
and
the
this
kind
of
global,
dns
server
and
qscp
is
down.
If
you
have
the
dns
server
per
data
plane
instance,
your
kind
of
dns
traffic
is
not
blocked.
You
can
like
send
dns
queries
and
work
as
you
expected.
B
This
is
the
first
thing
and
the
second
thing,
which
was
actually
important
for
us,
was
to
get
rid
of
the
requirement
to
have
dot
mesh
tld
at
the
end
of
our
services.
So
now
you
can
use
external
services,
currently
external
services,
without
a
dot
mesh
tld
at
the
end,
so
maybe
in
the
future.
I
don't
know
how
big
how
what
is
the
priority
of
this
will
be
to
get
rid
of
it
completely.
B
So
you
maybe
in
the
future,
will
be
able
to
just
use
the
services
names
without
the
dot
mesh
extension
again,
but
now
you
can
use
it
with
the
built-in
dns
server
on
human
dp,
already
on
without
dot
mesh
extensions
for
external
services,.
C
B
So
solution
is
kind
of
configured
in
a
way
that
when
you
are
sending
a
dns
request
to
the
core
dns
on
umdp,
it's
first
sending
a
request
to
android
and
asking
android.
If
do
you
know
these
services?
If
you
do,
then
we
are
just
returning
the
response.
If
you
don't,
then
we
are
kind
of
processing
this
request
using
the
slash,
etc,
slash
resolve.conf
file
and
your
default.
You
generate
default,
configure
dns
servers,
so
it
is
kind
of
this,
an
additional
hope
to
ask
envoy.
B
C
Yeah,
so
on
youtube,
they
did
some
kind
of
optimization
wherein
all
the
dns
request
was
actually
going
and
hitting
the
the
codiness
for
the
cluster
for
the
entire.
E
C
Yeah,
so
what
they
did
is
to
basically,
instead
of
hitting
the
core
dns,
it
was
getting,
it
was
resolved
locally.
B
Yeah,
so
I
don't
know
about
this,
unfortunately,
but
what
I
know
is
that
our
core
dns
is
like
a
separate
with
the
kubernetes
for
dns
instance,
so,
but
if,
if,
for
example,
by
default,
if
anybody
won't
know
about
the
service,
it
will
go
to
the
core
dns
as
a
kind
of
fallback
solution.
Like
I
mean
kubernetes
for
dns
services,
yeah
yeah,.
C
On
the
similar
lines
right,
so
what
is
I
mean?
Have
you
thought
about
this
particular
style?
When
let's
say
you
want,
I
mean,
let's
say
if
you
want
to
have
a
feature
wherein
we
want
to
have
certain
certain
service
registries
to
be
programmed
into
the
mesh.
Is
that
a
possibility.
C
What
I
mean
is
like,
let's
say
we
want
to
get
rid
of
console
right.
Let's
say
there
isn't?
There
is
a
application
which
was
using
console
or
some
kind
of
service
registry
previously,
and
it
is
trying
to
use
kuma
and
and
half
of
its
application
is
actually
using.
Puma
and
half
of
it
is
not
so
whatever
is
inside.
C
Puma
can
can
be
easily
resolved
because
of
the
control
plane,
but
anything
which
is
outside
of
the
mesh
will
not
be
resolved
by
the
control
plane
and
if,
if
we
would
have,
I
mean
the
other
way
to
resolve,
it
is
to
basically
have
something
like
an
external
external
service
program,
but
instead
of
doing
that
as
in
is
there
any
other
way
to
basically
to
basically
program
the
control
plane,
mentioning
that
these
are
the
few
more
endpoints,
but
these
are
outside
of
the
mesh.
C
A
C
Yeah
your
wise
card
broken:
can
you
repeat,
after
after
yeah.
A
Okay,
do
you
resolve
services
that
are
in
console
using
dns
resolver,
or
do
you
have
a
custom
logic
in
in
every
application,
as
some
kind
of
library.
C
So
it
is
actually
a
custom
logic
in
the
which
is
used
in
the
application
to
populate
the
endpoints,
but
I
mean
just
to
build
on
the
same
story
right
I
mean
let's
say
tomorrow
if
you
have
like
two
separate
meshes
and
and
let's
say
if,
if
a
user
is
trying
to
have
deployments
on
on
half
half
deployment
on
puma
and
half
on
easter,
or
something
like
that,
and
if
you
want
to
federate
these
two
measures,
then
so
that's
where.
C
B
Think
it
does,
we
don't
have
it
on
enrollment
and
it's
not
possible.
Definitely,
it's
not
possible
automatically,
but
if
you,
for
example,
would
like
to
spend
some
time
and
kind
of
investigate
about
how
it's
being
exposed
and
if
maybe
we
could
consume
some
kind
of
an
api
or
other
service,
then
maybe
we
can
start
discussion
about
this.
C
Little
bit
of
research,
so
in
vmware
has
a
protocol
called
hamlet
and
it
it
helps
to
basically
populate
the
registry.
By
and
and
then
it
is
kind
of
open
source
and
what
is
needed
is
basically
to
have
a
plugin
for
this
particular
hamlet.
B
Definitely
my
suggestion
is
because
we
we
started
with
the
with
the
console.
Then
we
moved
to
istio
and
then
to
this.
Third
one
is
to
definitely
create
an
issues
reissue
and
then,
because
then
kind
of
provide
us
with
some
knowledge
about
where
it's
being
used,
why
it's
being
used
and
how
we
can
kind
of
fit
into
this,
and
because,
for
example,
I
this
is
the
first
I
was
working
for
vmware.
This
is
the
first
time
I
heard
all
this
right
here
about
this
protocol.
To
be
honest
and.
B
E
D
C
So
idea
is
basically,
we
will
never
have
like
one
one
particular
mesh
used
everywhere
right,
so
some
kind
of
federation
is
something
that
is
needed
at
some
point
in
time.
We'll
always
have
something
outside
of
the
mesh
inside
of
the
mesh
and
in
a
separate
mesh.
B
B
Separate
mesh
is
that
there
is
no
one
kind
of
decided
interface,
so
it's
like
would
be
catching
a
mouse,
so
if
there
is
no
way
to
automatically
integrate
it,
I
don't
think
we
will
spend
resources
to
to
go
further.
C
B
If
there
is
an
easy
way
which
we
don't
know
about,
then
definitely
this
is
a
great
opportunity
to
start
discussion.
Maybe
we
will
be
able
to
kind
of
figure
out
something
together
to
do.
I
don't
know
it's
it's
I
I
my
suggestion
is
to
start
a
discussion
on
on
an
issue
and
then
go
further
with
this,
because
we
can
just
stop
here,
but
maybe
there
is
something
hidden
which
is
easy
and
great
to
just
implement.
B
A
Yeah
and
so
far,
I
think
our
suggestion
was
to
have
essentially
api
gateway
on
top
of
every
mesh
right,
because
every
mesh
has
their
own
mtls
implementation
and
so
on.
So
like
super
tight
integration
is,
I
would
say,
pretty
much
impossible,
maybe
even
so
so
far.
What
worked
is
that
you
put
api
gateway
in
front
of
every
mesh
like
an
entry
point
for
a
mesh
right
and
that's
the
way
how
you
can
integrate
many
meshes.
A
C
Yeah
yeah
I
mean
like
I
mean
I'm
also
basically
trying
to
see
what
what
best
can
be
done,
but
I
mean
just
wanted
to
pass
it
by
you
guys
that
if
you
have
come
across
these
kind
of
requirement
or
if
you
have
some
kind
of
parts
around
it,
what
you
talked
about
is
like
converting
east-west
traffic
into
like
an
output
traffic,
so
that
is
yeah.
C
E
B
B
C
So,
additionally,
what
I
want
to
do
is
to
have
a
jwt
verification
done
on
on
the
endpoint.
So
is
there
something
which
is
coming
in
or
are
or
it
could
be
achieved
only
by
a
proxy
template?
B
A
Yeah,
I
don't
think
there
are
any
plans
at
this
moment
to
implement
such
things,
but
if
you
would
like
to
contribute
this,
then
we
would
be
happy.
C
So
what
would
what
would
you
suggest
as
an
to
build
on
top
of
the
traffic
the
traffic
routing
crd.
A
C
C
It's
actually
not
possible
right
because
not
each
deployment,
we
can't
have
a
side,
car
gateway.
So
let's
say.
A
C
B
C
Actually,
jacob
only
helped
me
create
the
proxy
template.
I
I
shared
one
github
link
with
what
I
what
I
really
wanted
to
do
and
then
on
slack
jacob
converted
that
github
link
into
into
a
proxy
template
and-
and
I
had
to
do
a
slight
modification
on
to
that,
but
it.