►
From YouTube: Kuma Community Call - April 28, 2021
Description
Kuma hosts official monthly community calls where users and contributors can discuss about any topic and demonstrate use-cases. Interested? You can register for the next Community Call: https://bit.ly/3A46EdD
A
A
A
I
know
that
for
today
there
has
been
some
milk
change
with
some
folks
from
atlan.
If
I'm
reading
the
name
properly,
do
we
have
anyone
on
the
code
that
is
from
the
company
or
are
we
just
yes?
Yes,
oh
okay,
okay,
hello,
sat,
I'm
sorry!
If
I'm
not
pronouncing
properly
the
name.
A
Okay,
great,
so
please
then
I
I
guess
I
mean
this
is
the
the
only
thing
that
we
have
prepared
for
today.
So
if
you
are
willing
and
have
some
slides
to
share
you
can
I
can,
I
don't
know
if
you
can
just
start
sharing
or
I
can
allow
you
to.
You
know
in
some
way.
A
A
A
Yes,
we
can,
by
the
way
this
call
is
recorded.
So
if
there's
something
proprietary
that
you
would
not
like
to
be
recorded,
you
can
tell
us.
C
Yeah
sure
we
have
added
this
and
we
have
passed
through
the
screening,
so
there
is
no
appropriate
information
right
here.
We
would
like
this
information
to
be
public.
Okay,
great.
So,
let's
start
then
yeah,
hey
everyone.
Thank
you
for
the
opportunity
and
I
am
ramtasa
and
I
have
with
me
nishant
arora
with
me
as
my
co-presenter,
so
on
the
agenda.
We
will
have
a
short
introduction
about
us,
then
we'll
be
meeting
at
them
and
discussing
about
its
architecture.
C
Later
we
can
discuss
we'll
be
discussing
about
why
we
need
cuba,
our
evaluation
process
and
the
q
and
a
session.
D
Yeah
so
hi
guys,
hello,
everyone
you've
met
us
now,
let's
meet
atlan
now
with
atlan.
What
we
are
building
is
atlan
is
a
home
for
your
data
team.
Now,
what
do
we
mean?
When
is
it
when
we
say
we
are
a
home
for
your
data
team?
So
think
of
us
like
how
github
is
a
home
for
your
engineering
team
with
artland,
we
are
trying
to
build
that
for
your
data
team.
Now.
Why
is
something
like
this
needed
like
why
I
do
as
a
radio
team
need
a
home?
D
So
if
you
look
at
heartland's
history,
saturn
was
incubated
as
a
part
of
this
company
called
social
cops.
Now
social
cops
in
its
time.
Basically
was
a
data
company
that
helped
states
plan
their
budgets.
We
helped,
you
know,
govern
the
government
figure
out
where
to
open
cooking
gas
distribution
centers
for
rural
india
and
the
company
ended
up
building
india's
national
data
platform.
So
we
were
a
data
team
ourselves
and
one
thing
that
we
noticed
being
a
data
team
was
there
were
a
lot
of
problems
in
the
data
projects.
We
did
so
next.
C
D
Yeah
so
when
you're
talking
about
a
data
team
like
if
you
have
ever
been
part
of
a
data
team
or
if
you
have
sneaked
into
one
of
the
slack
channels,
I'm
pretty
sure
you
would
have
seen
conversations
like
these
like
there
are
people
complaining
about
missing
files,
people
complaining
about
okay,
the
format
is
missing.
They
are
missing
rows,
like
the
date
format
that
you
have
in
the
files
in
the
date
format
you'll
be
using
in
the
dashboard.
D
D
Now
all
this
leads
to
chaos,
and
this
chaos
leads
to
something
we
call
the
data
culture
problem,
so
next
slide
yeah.
So
this
data
culture
problem
basically
leads
to
a
bunch
of
missed
deadlines
for
your
data
team
bunch
of
projects
or
dashboards
that
you
want
to
build
that,
never
go
out
and
builds
this
whole
low
trust
environment
and
it
leads
to
a
human
dependency
health.
That's
way
worse
than
managing
package
dependencies
like
if
you
worked
on
a
java
project,
I'm
pretty
sure
you
can
relate
so
it's
that
for
humans.
D
Now
what
we,
how
we
solve
these
problems
like
what
we
are
in
what
we
are
doing
is
we're
building
a
modern
data
workspace
for
your
data
team,
so
next
slide
yeah.
So
we're
building
this
modern
data
workspace
for
the
slack
generation
for
the
new
age
enterprise
for
all
these
new
age
companies-
and
we
do
this
by
building
a
winning.
We
help
you
build
a
building
data,
ops,
culture,
verity,
so
our
features,
the
entire
workspace.
All
everything
in
atlanta
comes
together
to
help
everyone
in
your
data
team
thrive.
D
So
let's
look
at
what
the
product
does
run
to
the
next
slide
yeah,
so
we
have
a
bunch
of
core
pillars
for
our
product.
Like
we
help
you
discover
all
the
data
assets
in
your
organization.
We
give
you
a
google
like
search
and
e-commerce
like
experience
for
all
your
data
assets.
So
next
time,
if
you
want
to
let's
say,
look
at
all
the
customers
data,
you
don't
have
to
go
around
finding.
Okay,
who
has
the
latest
updated
customers
table?
You
could
just
go
on
atlanta.
D
You
could
search
for
the
table
you're
looking
for
and
now
you
don't
get
just
that
data
right
with
data.
You
have
this
human
tribal
knowledge
that
lives
in
so
like
that
lives
in
people's
minds.
So,
and
that
for
that
you,
probably
if
you
want
to
understand
that
table,
you
have
to
talk
to
a
lot
of
people
you
have
to
figure
out.
Who
is
someone
who
can
tell
me
more
about
this
table?
Who
is
someone
that
can
tell
me?
How
do
we
store
this
information?
D
So
we
solve
all
of
that
by
building
these
business
tools
like
business,
glossary,
documentation
tools
built
in,
and
we
give
you
an
automated
data
profile
on
data
that
basically
tells
you.
These
are
the
columns
and
these
columns
have
what's.
This
is
the
mean
this
is
the
median,
then
this
is
the
distribution.
These
are
the
missing
values
and
all
of
this
all
these
data
assets.
Basically,
when
you
are
talking
about
data
security
becomes
of
essence
like
you
have
to
make
sure
that
only
the
right
people
have
access
to
the
right
information.
D
So
we
also
give
you
a
complete
governance
layer
on
top
of
your
data,
where
you
can
manage
okay,
this
user,
or
this
team
should
be
able
to
access
these
tables.
They
should
be
able
to
access
only
these
rows
or
maybe
blackout
or
mask
the
pii
columns
for
these
with
this
group
of
people.
So
you
can
manage
all
that
access
and
get
all
audit
records.
All
reports
that
you
need
all
the
business
metrics.
You
need
to
see
how
your
data
team
is
using
the
platform.
How
your
data
team
is
using.
D
That
data
gives
you
an
entire
transparent
layer
and
all
this
entire
experience
is
centered
around
humans.
So
there's
this
collaboration
layer
as
well,
where
you
know
every
data
asset
on
the
system.
Has
this
url,
which
you
can
share
to
anyone
and
they
can
get
all
the
information
they
need
about
that
data?
You
can
also
you.
We
also
support
sql
queries
directly
at
the
source,
so
atlan
never
brings
in
the
data
that
you
know
into
our
systems.
D
The
data
stays
where
it
is,
if
it's
probably
in
snowflake,
it's
probably
in
postgres,
it's
probably
in
red
shift,
so
we
crawl
all
the
metadata
out
into
atlan
and
we
help
you
run
sql
queries
on
top
of
these
and
all
the
queries
that
you
run
are
basically
searchable
and
shareable,
and
it's
not
just
these
data
assets
or
tables
that
we
bring
in
like
if
you
have
these
bi
dashboards
and
we
can
bring
if
we
bring
in
your
dashboards
your
collections,
your
widgets,
so
you
can
get
metadata
and
information
on
that
too,
and
we
also
help
you
build
this
lineage
graph
of
all
these
data
dependencies
in
your
organization.
D
So
you
can
see
this
table
that
I'm
using.
If
I
do
a
change
there.
If
I
make
a
change
here,
then
these
are
the
tables
that
will
be
impacted
by
it
and
all
of
this
gets
a
beautiful
chat
and
collaboration.
Email
alerts,
this
entire
collaboration
layer
on
top.
That
makes
it
easy
for
your
data
team
to
function.
D
So
how
does
atlanta
work
like
our
customers,
basically
deploy
atlan
on
their
own
infrastructure
on
their
own
aws?
Vpc
next
slide,
please.
So
we
are
built.
The
product
runs
completely
on
open
source
like
our
product.
Basically,
what
we
have
done
is
we
have
found
all
these
products
that
have
solved
really
great
problems.
They've
solved
them
really
well
on
an
engineering
standpoint,
and
we
become
your
experience
layer
on
top
of
all
these
products.
D
So
if
you
look
at
atlin's,
core
metadata
layer
is
powered
by
apache
atlas
and
all
these
authorization
controls
on
top
of
these
data
assets
is
powered
by
apache
ranger.
All
the
crawling
jobs
that
basically
bring
metadata
into
atlanta
are
powered
by
arco
and
main
our
main
gateway
right
now
is
nginx.
Our
user
management
and
authentication
is
powered
by
key
cloak.
D
We
use
cassandra
elasticsearch
and
postgres
as
our
data
source,
depending
on
the
kind
of
service
that
the
kind
of
data
we
need
to
store
and
the
kind
of
service
that's
using
it
and
all
of
these
services
basically
talk
to
our
internal
services,
the
microservices
that
we
have
built
now.
These
services
that
we
have
built
basically
are
our
first
of
all
our
beautiful
front
ends
and
then
the
metadata
crawling
layer,
the
entire
workflow
management
bit
then
advanced
search,
features
that
we
have
added.
D
On
top
of
these
open
source
tools,
our
custom
query
layer
that
talks
to
the
sort
that
talks
to
the
data
right
there
at
the
source
and
the
collaboration
layer
that
we've
built
that
provides.
You
chat,
emails
alerts,
and
we
also
have
a
bunch
of
libraries
that
we
use
in
our
workflows,
which
are
basically
help.
You
extract
metadata
out
of
every
source,
whether
it's
a
data
lake,
it's
a
data
warehouse,
maybe
it's
the
static
files.
D
You
have
lying
there
on
s3,
then,
as
atlan
is
deployed
on
the
customer's
infrastructure,
and
we
basically
build
and
ship
it
from
our
infra.
Now
we
also
have
this
release
management
system
that
talks
to
our
services,
get
pulse
and
all
the
releases
and
helps
you
configure
artland
according
to
your
needs,
so
you
can
configure
what
resources
do
you
want
to
give
to
all
these
internal
services?
D
D
Next,
like
this,
so
all
of
this
internally
runs
as
part
of
a
single
kubernetes
cluster,
where
all
these
services
communicate
using
normal.
You
know
directly
using
kubernetes
internal
service,
urls,
so
user
just
directly
hits
the
gateway,
that's
mapped
the
elp,
and
that
internally
hits
the
cluster
and
all
these
services
basically
give
the
user
the
front
end.
It
hits
the
front
end.
D
First,
the
front
end
then
makes
an
api
call
to
the
metadata
layer
that
metadata
layer
internally
talks
to
you
know
it
creates
a
job
for
querying
for
crawling
that
information
crawling
that
information
into
atlanta
and
that
data
isn't
really
stored
in
atlas.
Then
all
the
user
information
is
stored
in
key
cloak
and
all
and
all
key
clock
and
argo
basically
share
a
single
database.
D
So
a
lot
of
these
services
talk
together
and
when
this
beautiful
dance,
this
beautiful
communication
happens
of
these
services,
sort
of
the
entire
atlanta
product
shows
its
magic
and
comes
into
play.
Now,
let's
talk
now
with
this
computer
service
communication
that
we're
talking
about,
I
would
leave
it
to
ram
prasad
to
talk
to
you
about
cuba
and
how
we
are
evaluating
it.
C
So,
let's
discuss
about
why
we
need
qmr,
so
we
are
focusing
on
getting
associated
compliance
and
in
that
we
are
especially
focusing
on
the
security
part
and,
let's
move
to
the
security
part
in
the
security
criteria.
C
They
have
a
criteria
called
cc
2.0,
where
the
communications
and
information
criteria
address
how
organizations
handle
the
internal
and
external
communication
and
information
flows.
So
in
order
to
achieve
this
criteria,
we
have
set
two
goals:
one
is
a
short-term
goal
and
another
is
a
long-term
goal.
The
short-term
goal
would
be
to
secure
our
internal
service
communication
with
mtls,
and
the
long-term
goal
would
be
to
control
our
traffic
with
traffic
permissions.
C
So
we
believe
that
cuma
has
the
potential
to
help
in
both
of
these
goals,
and
that
is
one
of
the
reason
why
we
chose
coma,
why
we
choose
humor
and
why
we
believe
we
love
cuba,
so
the
evaluation
process.
C
We
have
done
a
feasibility
analysis
for
other
service
measures
along
with
qmr,
and
here
is
what
it
says,
and
qma
takes
a
lot
of
boxes
which
we
require,
while
one
being
empty,
less
and
another
being
hand
chat.
So
hemshot
is
very
critical
for
us
because
our
product
deployments
of
major
services
happens
using
health
chart.
So
that
is
something
we
look
into
it
and,
apart
from
that,
the
complexity
of
managing
humor
is
very
less
compared
to
other
providers
like
istio
or
console
yeah.
Now
coming
to
the
exploration
phase.
C
Currently
we
are
in
the
poc
status
with
qma
and
we
have
installed
q
minor
product
via
qmrctl
for
poc,
and
then
we
faced
some
issues
with
zookeeper
and
elasticsearch.
Last
week
we
have
resolved
them
and
currently
we
are
facing
issues
with
cassandra
and
promiscus
the
issue
being
the
pod
is
not
being
up
in
pramit
years.
The
part
is
taken
at
in
its
state,
so
once
we
resolve
those
issues,
the
next
steps
would
be
to
enable
mtns
and
test
the
product
about
the
working
condition.
C
To
know
a
particular
thing
we
can
enable
emptiness
by
applying
applying
it
yaml
file,
but
then
how
how
shall
we
disable
that
will
be
able
to
disable
it
from
a
health
chart?
Yeah,
that's
something
we
would
like
to
know,
and
apart
from
that,
let's
go
to
the
queue.
B
A
A
So
thanks
for
that
yeah
and
essentially
the
mtls,
is
a
property
of
the
mesh
when
you,
when
you
install
it
by
default.
I
remember
back
in
the
days
austin
was
like
wanted
to
have
like
this
option.
A
When
you
install
to
do
not
have
a
mesh
to
skip
the
default
mesh
installation
but
the
the
the
default
mesh
installation,
if
being
applied,
we
we
will
land
you
in
a
position
where
mqs
is
not
it's
not
enabled,
so
I
don't
if,
if,
if
anyone
has
has
any
other
suggestions,
what
would
be
the
best?
I.
E
E
C
A
Yeah,
correct,
okay.
I
hope
that
this
this
answers.
Your
question.
I
have
a
quick
question
for
you.
You
said
that
one
of
the
next
steps
would
include
also
evaluating
the
traffic
permissions.
Have
you
looked
into
this?
Is
there
anything
that
that
you
feel
like
is
missing?
Is
there
anything
that
concerns
you
so
far?.
C
With
respect
to
traffic
permissions,
we
haven't
explored
much,
but
since
we
know
that
qmr
supports
the
traffic
policies
and
yeah,
that's
something
it
would
be
useful
in
the
long
run.
Okay,
what
might
be.
E
Sorry
me
we
collide
to
yeah.
I
just
wanted
to
say
that
in
the
next
release
we
will
be
making
a
change
to
traffic
permissions,
so
you
could
so
you
can
use
any
type
in
sources
and
destinations
because
so
far
you
could
use
only
commando
tile
service
tag
in
sources.
So
with
the
next
release,
I
hope,
or
maybe
with
the
next
next,
then
you
you
will
be
able
to
use
any
tag.
So
you
get
like
you
know,
more
flexibility
to
your
to
your
traffic
vision
policies.
B
B
App
called
that's
like
it's
just
a
random
tag
called
app
if
you
did
source
and
destination
of
app
that
would
effectively
self-contain
that
that
rule
set
right,
so
everything
inside
of
that
tag
would
be
able
to
communicate
with
each
other,
but
everything
else
outside
of
that
would
potentially
be
denied
right
like
so.
I.
B
Clever
a
clever
model
for
creating
logical
groupings
with
traffic
traffic
policies.
I
just
want
to
make
sure
I
understood
that
concept
before
I
kept
thinking
about
it.
That
way,.
E
Yeah,
correct
you,
you
yeah,
you
will
be
able
to.
You,
know,
specify
attack
on
on
a
pod
which
will
be
converted
to
a
data
plane
tag,
and
then
you
can
use
this
data
plane
tag
in
a
traffic
permission
policy.
C
So
in
future
we
will
be
able
to
configure
traffic
permissions
via.
E
Yeah
sure
you
could,
because
you
know
this
is
a
crd
right,
so
you
can
just
treat
this
as
any
other
resource
on
kubernetes.
So
you
can
like
group
all
the
poll
diseases
in
one
in
one
home
chart
and
just
apply
this
hand
chart
after
you
install
comma.
A
That's
good
news-
and
this
probably
is
not
because
it's
community
call,
so
it's
not
the
best
time
to
to
talk
about
enterprise
offering,
but
you
can
just
check
at
what
we
offer
in
the
in
our
enterprise
mesh
solution.
Like
our
I
mean
that
kong's
enterprise
mesh
solution,
there's
a
good
integra,
very
interesting
integration
with
opa,
which
is
additional
level
of
you,
know
permissions
and
whatever
you
want
to
do.
B
A
Okay,
we
have
about
eight
minutes
left.
Maybe
we
can
stay
a
little
bit
more.
If
needed,
can
we
wrap
up
the
this
presentation?
Is
there
any
any?
Any
final
questions.
C
Yeah
sure
we
can,
the
routes
from
our
side
for
now
is
clear,
and
if
we
have
any
further
doubts,
we
will
reach
out
anytime
in
slack.
B
C
Yeah,
like
I
just
collected
many
users,
feedback
on
who
are
using
different
service
measures
and
like.
C
Task,
you
know
especially
people
who
are
trying
to
implement
a
service
mesh
for
months,
and
there
are
people
who
are
implementing
service
mesh,
but
they
didn't
get
what
they
were
expecting
so
yeah.
That
was
a
nice
start.
A
A
Okay,
so
you
use
entirely
cooper.
Knight
is
not
not
anything
universal,
okay,
good
yeah!
It's
a
stateful
set.
A
Oh
because
one
of
the
one
of
the
interesting
advantages
of
kumar
like
when
you
compare
it
to
other
solutions,
is
that
we
have
this
hybrid
mode
where
you
can
actually
mix
and
match
various
workload
types
running
on
virtual
machines.
If
you
have
some
like
heavy
database
running,
you
know
pre-existing
virtual
machine,
you
can
actually
make
it
part
of
the
mesh,
make
it
being
consumable
from
some
remote
kubernetes
cluster,
et
cetera,
et
cetera.
But
okay,
if
that's
not
you
your
use
case
now,.
B
A
Yeah,
it
is
good.
Are
there
any
other
topics
that
people
would
like
to
bring,
because
on
my
side,
maybe
I
can
quickly
touch
on
what's
going
on
in
between
bit
with
bin
tray?
I
think
that
we
mentioned
it
last
time,
so
bitrate
is
going
away.
We
have,
I
have
much
moved
all
the
binaries
and
container
images
or
whatever
to
public
repositories.
A
There
is
a
pr
ongoing
to
actually
go
like
move
away
from
bin
tray.
We
should
have
a
version
tomorrow
or
friday
latest.
So
all
the
film
charts
will
be
updated
to
point
kumakoto
deployments.
Everything
is
going
to
point
to
the
new
repositories.
A
Docker
hub
is
our
container
image
repository
and
for
the
universal
images
just
use
the
standard
script.
The
standard
script
will
hide
abstract
away
the
actual
storage
from
from
people
that
are
interested
into
universal.
It's
an
interesting
step
for
the
project,
but
things
happen.
You
should
be
prepared
for
such
things.
C
Yeah
got
it,
and
I
put
note
like
what
we'll
be
doing
is
we'll
be
pulling
images
from
public
repositories
and
we'll
be
hosting
it
in
our
private
repositories
and
from
the
repositories
our
product
pull
the
images
and
use
it
inside.
A
Yeah
we
we
have
seen
this
a
lot
with
various
users
and
customers
that
we
we
get
in
contact
with.
Typically,
when
people
are
relying
on
the
home
charts,
they
have
their
own
copies
of
the
hem
charts,
modifying
them,
the
way
that
they
want
and
have
their
own
internal
repositories
to
refer
to.
A
C
C
Yes,
yes,
like
this
ensures
that
even
if
the
some
of
the
public
repositories
are
down,
then
we
we
can
be
sure
that
our
private
repositories
are
there
and
yeah.
We
ensure
some
kind
of
privacy
or
something
like
that.
Yeah
yeah.
A
So
put
anything.
C
Else
I
have
one
small
question:
I'm
trying
to
run
the
on
the
kuma
part
as
a
gateway
and
when
it,
when
I
run
it
as
a
gateway,
it
listens
on
localhost
and
port.
What
I
want
to
do
is
to
basically
listen
on
vm
ip
port
and
not
on
localhost
is.
Is
that
possible.
E
Right,
so
what
do
you
have
in
the
address
of
the
of
the
data
plane?
Definition
in
networking.
E
It
should
listen
on
all
network
interfaces
right,
but,
okay,
what?
If
you
put
this
ip
of
the
interface
that
you
are
trying
to
use
the
public
interface.
C
It
does
not
have
on
the
on
the
out
it
it
does
not
have
inbound,
but
on
the
outbound
side,
whatever
you
put
on
localhost
colon,
some
some
ip
port,
it
ships
it
to
to
the
back
and
right
so
instead
of
localhost
colon
ip
address,
I
want
it
to
be
listening
on
vmip.
E
Address:
okay,
because
the
networking
I
mean
the
address
in
networking
is
overall
used
for
inbound
key
scenarios
and
for
the
outbound
it
always
listens
on
the
local
host.
But
I
see
there
is
an
address
for
every
outbound.
So
are
you
setting
the
address
for
every
album?
Is
that
correct.
E
Okay,
maybe
please
start
the
thread
on
the
on
the
stack,
so
we
don't
forget
to
test
this
because
I
don't
know
if
I
have
time
to
do
this
today,
so
we
can
double
check
if
we
kind
of
reproduce
this,
because
it
will
be
pretty
quick
to.
C
Yeah
check
mean
if
we
can
configure
it
via
proxy
proxy
also
that
would
work
or
or,
however,
you
want.
Actually,
if
we
can
get
that
working,
it
will
be
a
get
help.
C
Cross
sections
absolutely
actually,
so
we
already
took
help.
I
already
took
her
from
jack
to
get
the
jwt
token
so
that
I've
asked
my
colleague
to
test
it
out.
I
think
he'll
test
it
in
another
one
or
two
days,
but
I
think
looking
at
the
solution,
it
should
work
so,
additionally,
what
I
want
to
do
is
to
listen
on
via
my
people,
and
I
also
want
to
have
a
certificate
attached
to
that.
So
either
jw
t
or
certificate
or
those
are
my
use
cases
gateway,
does
not
have
ingress
right.
It
will
not
have
any
inbound.
A
A
C
C
A
Good
with
that,
we
are
two
minutes
over
the
hour.
We
have
our
if
there
are
any
other
pressing
issues
or
questions
that
people
would
like
to
bring.
I
think
that
we
can
stay,
maybe
a
couple
more
minutes.
If
not,
we
can
wrap
up.
B
Just
an
update
on
the
prometheus
side:
they
thanks
everybody
for
merging
madsv1
or
getting
that
place
to
merge.
Prometheus
uses
an
unmaintained
protobuf
library-
that's
not
compatible
with
our
protobuf
library
yeah.
So
I
I
know
why
I've
already
pinged
the
their
dev
list
and
they
they're
willing
to
move
back
to
the
correct
implementation
or
the
the
modern
implementation.
B
A
Okay,
good,
that
was,
that
was
a
great
update.
Thank
you
all
see
you
in
two
weeks
and
meanwhile,
on
slack.
C
Yeah,
thank
you.
We
have
a
really
active
community
and
thank
you
guys
for
helping
us
a
lot.
This
lack,
I
think,
for
about
a
month,
we
have
been
actively
discussing
many
issues
and
yeah
from
the
start.
The
community
has
been
very
helpful
yeah.
Thank
you.