►
From YouTube: Kuma Community Call - February 17, 2021
Description
Kuma hosts official monthly community calls where users and contributors can discuss about any topic and demonstrate use-cases. Interested? You can register for the next Community Call: https://bit.ly/3A46EdD
A
So
today
we
have.
A
A
couple
of
great
announcements
like
two
new
versions
and
one
you
might
maintain
what
could
be
better
for
a
project
so
welcome.
Welcome
to
the
team
charlie
by
the
way
is,
is
this
a
charlie
or
or
I
mean
I
always
assumed
you
know
the
english
way,
but
maybe.
A
And
bart
is
not
really
bad,
so
you
know
everyone
is
suggesting.
Okay,
so
that's
that's
that's
great.
I
I.
I
really
love
the
fact
that
that
we
have
a
new
person
joining.
We
went
through
the
responsibility
list,
so
I'm
not
not
going
to
talk
about
this.
Yet
after
the
call
I'm
going
to
announce
this
on
the
channel
and
also
on
twitter,
I
got
in
touch
with
our
social
media
person
here.
So
this
is.
This
is
going
probably
and
yeah,
and
that's
it
I
mean
maybe
charlie.
A
B
D
B
Started
working
on
it
and
then
we
needed
things
that
were
not
there
yet.
So
that's
why
I
started
contributing
so
yeah.
A
So
your
your
current
involvement
and
pro
like
a
small
project,
although
it
probably
will
turn
out
to
not
be
that
small,
is
to
actually
employ
the
embedded
and
voice
dns
so
that
we
can
have
a
second
option
of
how
we
can
do
dns
and
maybe
at
some
point
if
this
proves
to
be
a
viable
and
useable
option,
we
will
switch
switch
to
this
for
this
to
be
the
primary
one
and
then
eventually
deprecate
the
quality,
the
dns.
At
some
point,
that's
that's
that's
I
consider
this.
A
I
mean
being
the
person
that
started
the
initial
chromosome,
the
dns.
I
considered
that
to
be
a
significant
improvement
and
having
this
distributed
dns,
and
so
it's
yeah,
it's
all
good.
I.
I
hope
that
that
we
will
get
this
working
it's
slightly
concerning,
as
you
mentioned,
on
the
slide
that
the
envoy
team
themselves,
they
don't.
They
don't
consider
this
to
be
like
a
production
ready
code
yet,
but
I
guess
we'll
see
we'll
see.
A
B
I
know
that
esta
is
not
istaio
ended
up
having
a
dns
on
the
car,
so
they
to
do
that
and
I'm
actually
wondering
why
but
yeah.
A
Well
because
if
if
someone
had,
he
has
already
hit
some
roadblocks,
you
know
no,
no
need
to
repeat
the
same
mistakes.
A
Okay:
okay,
that's
that's
something
to
actually
check
and
see
so
I
have
a
quick.
I
want
to
quickly
go
through
107
108,
which
is
upcoming
just
to
clarify
what
what
are
these
and
and
then
then
we
can.
We
can.
We
can
chat
freely
and
answer
questions.
I
see
deep
is
here
so
maybe.
A
Maybe
he
will
have
some
some
questions:
okay
quickly,
107
is
again
another
minor
release,
except
for
the
usual
gui
upgrades,
which
actually
include
pretty
pretty
pretty
good
charts.
I
mean
this
is
like
one
of
the
main
occupations
of
parts
for
the
last
couple
of
weeks.
So
these
are
the
charts
here.
I
don't
know
if
everyone
saw
them,
but
now
we
have
kind
of
an
overview
of
the
various
aspects
of
the
deployment.
That's
specifically
very
useful,
I
would
say
multi-zone
deployments
where
this
gives
you
like:
a
high
high
level
overview
of.
C
A
A
So
it's,
except
from
the
occasional
small
books
contributions
from
our
new
maintainers,
there's,
actually
two
more
things
which
I
think
like
are
kind
of
interesting
and
I
would
say
more
or
less
unique
to
us
in
terms
of
kubernetes
support.
So
the
first
one
is
the
service
less
spots.
So
we
didn't.
A
We
didn't
have
this
support
before
we
were
actually
requiring
to
have
a
service
attached
to
each
and
every
bot,
which
created
some
inconveniences
to
some
of
our
users,
which
was
not
the
case
now
and
then
the
other
thing
is
support
for
jobs,
cooperative
jobs.
So
essentially
you
can
have
a
job
that
runs
within
the
mesh
and
once
it's
done
it
can
successfully
complete,
which
tends
to
be
a
problem
with
some
other
implementations.
A
A
A
We
will
also
fix
a
couple
of
small
small
bugs
related
to
usability
primary.
I
think
in
universal
mode,
so
not
not
really
great,
like
release,
but
still,
I
would
say
I
needed
one
and
our
main
focus
is
about
1.1.
A
A
I
have
actually
much
support
for
120
in
terms
of
like
this
is
kubernetes
120,
I'm
sorry,
kumar
can
run
on
in
kind
on
kubernetes
120.
We
had
some
some
discussions
in
the
in
the
public
in
the
slack
channel
in
this
community.
About
this
I
I
was.
I
was
not
sure
if
it's,
if
it's
working
or
not,
because
I
haven't
tried
it
myself
and
there
were
some
reports
about
not
being
able
to
which
okay,
we
suspected
that
it's
it's
the
case,
but
apparently
it's
not.
A
The
thing
is
that
we
will
be
running
in
kubernetes
1.20,
but
our
api.
We
will
just
be
leveraging
everything
from
the
backward
compatibility
list
of
apis
and
we
had
some
discussion
with
austin
that
is
ongoing
for
some
time
about
bringing
our
series
up
to
speed
with
the
new
developments
of
the
apis
there.
A
A
So
I'm
not
saying
that
we're
completely
ready
for
120,
but
apparently
it
works
just
based
on
the
backward
compatibility
of
the
api,
and
so
this
this
probably
is
one
of
the
things
that
that's
going
to
come
with
the
1.1
release
and
we
have
a
long-standing
qdp
support,
which
we
tried
to
break
with
charlie
into
smaller,
like
a
small
chunk
that
we
that
we
already
merged.
A
But
there
are,
there
are
a
number
of
outstanding
questions
there.
So
I'm
not
sure
if
the
udp
will
be
able
to
to
land
in
1.1.
A
I
haven't
actually
seen
anyone
from
the
field
really
I
mean
there
was
some
some
some
response
in
the
pr
saying.
Oh
okay,
I
need
that,
but
no
not
kind
of
a
really
strong
push
towards
something
we.
A
So
I
don't
know
what
what
everyone
is
thinking
about
this,
but
yeah,
that's
more
or
less
it
from
me.
What
are
the
questions
and
topics
that
people
would
like
to
discuss.
D
I've
I've
been
trying
to
work
on
a
prometheus
xds
discovery,
proof
of
concept-
I
I
was
talking
to
jacob
about
it
earlier
I
on
tuesday,
but
really
just
to
summarize
the
I
had
been
going
back
and
forth
with
one
of
the
main
people
at
prometheus
julian
on
their
mailing
list
at
the
end
of
last
year,
trying
to
get
some
generic.
D
Discovery
support
that
wasn't
file
based,
so
we
could
move
away
from
our
kuma
prometheus
sd
yeah
and
I
I
he
wasn't
really
up
for
designing
an
an
http
or
a
generic
grpc
mechanism,
but
it
did
indicate
that
he
was
really
interested
in
xds,
probably
because
he's
heard
it
in
the
envoy
community
and
things
like
that.
D
So
I
I've
almost
got
a
working
prototype
that
I'll
ship
over
at
him
and
see
what
he
thinks
and
jacob
jacob
thought.
It
was
overkill,
and
I
I
agree
but
we'll
see
if
he
comes
to
that
same
conclusion,
but
hopefully
I'll
get
more
traction
than
I
did
last
time.
D
Yeah
pretty
much
so
it's
it's
bringing
in
the
the
metrics
monitoring
assignment
discovery
service
from
kuma,
so
it'll
basically
scrape
an
xds
server
running
a
specific
resource.
D
So
it
it's
interesting,
I
think
it
brings
a
lot
of
dependencies
into
prometheus
that
are
probably
unnecessary,
and
then
you
have
to
maintain
a
whole
other
api
within
prometheus,
so
yeah,
there's
no
official
monitoring
assignment
xds
resource
from
envoy.
I
don't
think
well,
at
least
our.
A
Experience,
I
don't
know
jacob,
what's
what
you
you
you
can
share,
because
you,
you
kind
of
that
very
deep
into
switching
from
one
version
of
the
xds
api
to
another,
which
kind
of
you
know.
We
touched
a
lot
of
dependencies
there.
I
guess,
but
it
was
not
so
hard,
at
least
from
what
I
can
tell
I
mean
I
do
agree
that
it
brings
a
lot
of
you
know
external
dependencies,
but
maintaining
it.
It's
not
that
big
of
a
pain.
A
B
C
Yeah
I
mean
changing
version
is
not
a
problem
right,
maintaining
the
dependencies
and
eventual
dependency
health.
If
there
is
any
that's,
that's
the
that's
the
problem
here.
If
they
are
fine
with
putting
more
dependencies
in
prometheus
itself,
that's
okay,
I
mean
xds
way
of
delivering
list
of
data
planes
to
scrape
metrics
will
work
for
us.
I
just
think
it's
better
to
do
this
in
a
generic
way
with
less
dependencies,
but
if
they
are
for
some
reason,
oh
too
scared
to
provide
the
official
gg
grpc
api-
that's
okay!
A
Well,
I
guess
the
popularity
of
invoice
on
how
drives
this
into
that
direction.
A
If,
if
there
is
a
tighter
coupling
between
prometheus
and
then
boy,
you
would
claim
that
okay,
you
have
native
support.
If
you
want
to
complement
this,
so
this
kind
of
brings
both
projects
somehow.
C
A
C
D
C
B
C
B
C
Yeah,
it's
just
it's
our
concept
right.
D
D
Yeah
is
there
any
good
tooling
for
I've
just
started
to
do
the
the
grpc
bits,
but
is
there
any
good
tooling
for
like
setting
up
a
grpc,
xds
server?
That
makes
it
easy
for
people
to
implement
it
themselves
more
than
it
would
be
to
implement
this
straight
grpc
server
like?
Are
there
any
client
libraries
that
make
it
really
easy
to
just
say,
hey
here's,
the
business
logic
for
getting
the
assignments.
C
I
don't
think
there
is
a
library
for
a
client
right.
We
had
to
build
this
ourselves,
but
it
was
fairly
easy,
like
it's
not
much
of
a
call.
So.
A
Do
you
have
any
anything
on
your
side?
You
usually
bring
interesting
questions
and
we
have
quite
quite
some
discussions
around
this.
You
have
something.
E
Yeah
I
yeah
I
was
wanting
to
basically
ask
a
few
questions,
but
yeah
the
newer
changes
are
really
great.
I
mean
I
we
just
pulled
in
the
1.07.
E
Gui
looks
pretty
good,
so
couple
of
things
we
I
know
in
slack
like
we
were
talking
about
the
https
routes
or
http
path
that
we
wanted
to
add
as
a
feature
as
in
did
we
add
that
when
exactly
are
we
planning
to
release
it.
A
E
Don't
believe
that
I
mean
we
are
using
your
proxy
template
to
do
it
at
this
point
in
time
by
adding
a
dummy,
outbound
and
dummy
inbound
connections,
but
yeah
if
you
can
get
it
get
a
native
support
on
that
it'll
be
really
great.
E
Because
because
it
does
not
do
service
discovery,
when
you
add
a
proxy
template
and
and
let's
say
on
on
on
the
gateway
onward,
you
want
him
to
route
to
the
back
end
to
the
back
end
service.
So
the
back
end.
If
it
is
not
configured
on
the
gateway,
then
then
it
will
not
do
the
discovery,
service
discovery
and
so.
A
E
No,
no,
not
transparent
proxy.
We
are
using
localhost
only
okay,
but
we
have
a
gateway,
kind
of
a
construct
and
and
depending
on
the
path
we
want
to
route
it
to
different
different
backends.
Oh.
E
Additionally,
two
more
two
more
things.
I
wanted
to
basically
ask
you
guys
in
whether
you
guys
are
what
are
your
thoughts
around
that
so
the
gateway
data
plane.
Let's
say
if
you
want
to
secure
it
with
https
or
maybe
a
tls
certificate.
E
So
the
use
case
is
basically
the
gateway
will
be
far
away
and
and
and
and
the
and
the
first
public
endpoint
of
the
application
that
needs
to
receive
traffic,
which
has
to
be
securely
transported
from
the
gateway
till
the
first
entry
point.
E
C
I
I
have
a
question
here
so
do
I
understand
correctly
that
you
are
using
a
gateway
data
plane,
but
you
are
adding
the
inbound
listener
that
routes
to
some
some
destinations
is
that
is
that
correct.
E
C
Okay,
so
the
gateway
data
plane
was
designed
that
you
kind
of
you
do
not
intercept
and
support
any
incoming
traffic
by
envoy
right,
but
you
have
some
api
gateway
that
is
responsible
for
managing
the
this
traffic,
and
then
this
traffic
goes
to
to
any
application
in
the
mesh
via
envoy
right
and
only
intercepting
the
outbound
action.
So
that
was
our
our
goal.
With
this.
With
this
design
right.
E
Right
right,
so
let's
say
there
are
three
backends
right,
so
you
will
put
it
in
like
three
different
outbounds
in
different
different
ports.
Isn't
it
yeah?
So
our
requirement
was
to
send
it
to
three
back
ends
but
depending
on
the
path,
because
it's
receiving
http
traffic
so
depending
on
the
path
it
is
supposed
to
route,
it
would
be
different
back
ends.
C
Okay,
have
you
considered.
E
E
E
C
Yeah
because
those
are
outbound
interfaces,
my
my
idea
was
that
if,
if
we,
if
we
had
the
l7
traffic
routing
right,
so
you
can
say
that
okay
traffic
from
web
to
back
end
on
some
path,
sorry
yeah
yeah,
then
essentially
you
can
do
the
routing
with
with
headers
or
with
paths
right.
C
C
Yeah,
which
can
be,
can
be
done
if
you
can,
you
put
a
certificate
and
a
key
to
encrypt
the
traffic
on
this
gateway
that
you
cannot
control.
C
C
You
could
generate
this
extra
certificate
based
on
the
ca
that
you
have
right
and
then
put
this
certificate
and
key
to
this
gateway
and
kind
of
pre.
Pretend
that
this
is
part
of
the
mesh
right,
yeah.
E
So
that
is
one
way
of
doing
it.
The
other
way
is
because
it's
actually
an
optional
traffic
right,
so
that
could
be
a
totally
different
key
value
pair
and
what
we
need
to
do
is
to
basically
upgrade
the
ingress
with
tls
context.
Tls
transport,
I
think,
what's
the
new
header
right,
I
forgot,
then
you
have
that
name,
transport,
config
or
something.
E
C
Yeah,
I'm
having
a
little
bit
hard
time,
imagining
the
like.
What
exactly
is
the
architecture
that
you
are
proposing
here,
because
the.
C
E
E
Yeah
yeah
and
additionally,
I
think
we
are
only
running
late
on
the
call
just
one
more
question
as
in
are
we
also
planning
to
put
jwt
zwt
token
validation
for
for
interfaces.
E
We
haven't,
we
haven't
done
that,
but
I
know
for
sure
that
istio
supports
it
and
on
istio
we
are
able
to
kind
of
get
this
rolling
in,
but
oauth2
and
jwt
token
validation
is
something
that
that
we
might.
That
will
be
a
good
feature
to
have.
C
E
C
Yeah,
but
this
is
like
a
separate
feature
right:
that's
what
we
are
building
right
now,
technically,
the
job
verification
I
don't
know
marco
is
not
here
on
the
call.
He
would
be
the
best
to
answer
like
what
is
the
priority
and
plan
to
do
this.
E
A
We
are
a
couple
of
minutes
over.
I
suggest
we
wrap
it
up
here,
so
we're
chatting.