►
From YouTube: Kyma Core SIG community meeting 20190619
Description
Meeting notes: https://docs.google.com/document/d/1vWleTon7sJIk0teee4SoVezS4mR3K8TlkvXkgLJwRD8/edit#heading=h.hnbp0tpi5ub0
2:50 - Piotr Mscichowski shares our plans to have authorization server in Kyma and what role plays Hydra project in these plans
9:45 - Andreas Thaler explains how to enable Kiali in Kyma, what for and what are the future plans
21:23 - Sayan Hazra shows how with support of Knative you can now switch from NATS to Google PubSub for messages delivery in Kyma
A
Okay,
so
hi
guys
it's
19th
of
June,
yet
another
course
admitting
I'm
cuckoo
Natsuki
or
today's
moderator
and
also
notes
taker,
so
I'm,
all
one
team
and
the
agenda
for
today.
Of
course,
first
into
the
topics
we
have
usual
question
and
welcome
of
new
attendees.
But
today
we
have
pretty
small
group,
the
only
let's
say
person
that
I
know
from
that:
it's
not
English
Jamie,
but
Jamie
is
working
closely
with
us
eyes
from
a
CP
so
and
I
think
you've
attended
previous
meeting
so
I.
A
So
today
we'll
have
few
topics,
one
quite
important
note
from
a
PhD
coughs
key
that
is
working
in
key
mom
behind
the
service
mask
mesh
capability
and
he
will
share
some
ideas
we
have
in
towards
the
Hydra
project
and
how
we
want
to
work
with
the
project
and
then
because
we
released
kima
one
two.
We
want
to
share
two
really
nice
things
that
we
had
shipped
with
one
two.
A
B
C
B
So
what
we
have
in
keema
as
a
part
of
the
API
gateway
capability
is
that
we
can
expose
any
kind
of
education
slammed
us
externally
and
we
can
enable
authentication
for
those
services.
However,
we
do
not
have
an
authorization
mechanism
like,
for
example,
of
two
server.
We
have
an
pink
as
you
can
see
here,
for
that.
B
What
is
available
I
would
say
in
the
brightest
words,
for
for
all
the
servers
and
we
found
out
already
company
Ori
with
their
product
called
Hydra,
basically
company
or
if
company
is
responsible
for
access
management
services.
They
have
a
few
projects
hydras
off
to
server
of
keeper
as
reverse
off
to
reverse
proxy
keto
as
a
roll
access
management
service.
B
So
they
are
tightly
coupled
with
with
access
management
topics,
and
we
did
appeal
see
in
the
kima
where
we
said.
Okay,
I
would
like
to
expose
my
my
lambda
with
all
the
tokens
fetched
in
the
clients
facing
flow
and
non
client
facing
flows.
The
result
of
our
POC
were
described
in
the
kima
incubator
as
a
just
examples,
and
we
have,
as
I
mentioned
the
the
kind
of
user
facing
flow
implicit
file
here,
and
we
have
service
to
service
communication,
so
no,
not
client
facing
flow,
which
is
called
the
client
credentials.
B
Basically,
what
we
have
achieved
is
that
we
have
Hydra
in
the
in
the
kima.
We
have
F
keeper
as
a
reverse,
proxy
and
and
our
lambda,
which
is
exposed
externally,
is
secured
using
client
credentials,
access
tokens
or
or
access
tokens
fetch
from
the
innocent
grant
in
Hydra.
This
was
a
POC
we
we
ended
up
in
the
in
the
given
results.
However,
now
was
the
questions
how
to
move
further
so
how
to
integrate
kima
officially,
with
with
with
Orion
with
Hydra.
C
B
Of
the
server
given
that
we
did
meet
with
the
ORAC
guys
from
the
Ori
company,
we
had
two
days
workshops
in
Ibiza
and
we
have
accomplished
a
collaboration
where
first,
we
will
create
an
architecture
and
blog
post
about
our
collaboration
with
Hydra
as
main
of
the
server
in
kima
and
with
exact
a
hit
a
tree
diagram
showing
us
how
the
how
the
integration
will
look
like
and
we
as
a
kima.
We
will
contribute
to
Ori
with
controls
on
their
side,
making
Hydra
more
quebradas
native
because
they
are
not
yet
prepared
to
four-carbon
artists,
for
example.
B
Once
there
is
a
result
of
that,
washes
we're
okay,
we
have
to
create
a
hand,
trust
for
off
keeper,
and
we
already
have
some
action
items.
As
you
can
see,
this
is
a
github
of
the
Hydra
they're.
All
to
server
we
created
together
with
Orica
is
new
repository
and
in
the
kheema
we
will,
as
I
mentioned,
created,
create
a
commander's
controllers
for
Hydra
and
for
health
keeper.
B
The
first
one,
the
off
keeper,
will
based
on
the
custom
resources,
will
allow
to
configure
the
reverse
proxy,
like,
for
example,
I
register,
new
authorization
rules
so
that,
in
the
end,
when
you,
when
you,
when
you
have
a
kima
you
the
documentation,
you
will
have
also
off
the
server,
and
you
have
a
reverse
proxy
for
your
application.
If
you
like
to
expose
them
and
select,
ok,
I
want
to
advise
an
authorization
there.
B
Next
topic
will
be
Hydra
governance,
controller
for
managing
Hydra
itself,
because
right
now
it
has
anniversay
P
I
and
that's
it
and,
as
I
mentioned
the
hand,
charts
are
also
repeated.
The
previous
is
already
provided
by
two
to
three
guys
and
it's
already
reviewed
and
will
be
soon
merged.
So
what
are
the
plans
for
us?
B
A
Okay,
no
questions,
then,
let's,
let's
go
back
to
the
agenda,
you
see
it.
Yes,
as
you
can
see,
I'm
super
awesome
in
writing.
Notes
all
the
links
are
there.
Even
so
you
can
check
them
out
later
next
topic
on
agenda
release,
one
so
I'm
stuck
sure,
I'm
gonna
stop
sharing
and
now
he
could
jump
to
into
key
ally
and
then
pass
over
to
cyan
for
Google
pops
up
yep,
okay,.
A
C
C
So
the
communication
between
the
applications
and
providing
a
way
to
see
easily
all
configurations
for
the
applications
of
the
mesh
and
even
providing
the
validation
for
it.
This
we
were
tracing
I
think
that's
not
really
a
feature
at
the
end
of
just
a
deeply
deep
link
in
to
Yaga.
So
it's
not
really
part
of
the
key
Holly
dashboard
itself.
C
It
is
fully
based
on
issue
itself,
but
it
has
no
heart
dependencies,
the
soft
dependency,
because
it's
just
getting
all
relevant
data
from
Prometheus
and
from
from
the
API
server
at
the
end,
so
an
sto.
The
telemetry
must
be
enabled
so
that
the
data
is
getting
collected
by
Prometheus
and
then
aki
ali
will
and
base
everything
on
prometheus
and
the
big
advantage
is
that
naturally,
no
performance
impact
at
the
end.
C
It's
just
visualizing
the
data
coming
from
from
with
us,
and
it
will
not
harm
the
runtime
behavior
of
the
cluster
itself
by
that
and
via
the
optional
services
here,
Yaga
and
katana.
That
are
mainly
that
deep
link
feature.
So
you
can
easily
jump
into
karana
and
see
the
relevant
data
and
same
for
Yaga,
but
there's
no,
that's
it
from
the
integration
perspective.
C
Yeah.
Seeing
that
you
now
and
with
our
integration
looked
like
this
that
it's
now
pandered
into
the
history
module
hem
shot
coming
with
kima
with
a
feature
flex.
We
need
to
say
key
ally
and
neighbor,
true
and
they're.
The
values
yeah
middle
of
the
shots
when
the
Installer
config
overrides
and
there's
a
heart
requirement
that
you
have
the
monitoring
and
what
you
will
also
enable
death
installation
and
yeah.
So
when
I
want
to
quickly
know
summarize
how
I
was
setting
it
up
locally
and
then
showing
it
in
practice.
C
So
I,
just
upfront
install
to
see
I
I
a
homebrew
command
was
quite
easy
and
then
I
just
started
to
provision
mini
cube.
Increasing
this
memory
size
because
I
have
monitoring,
enabled
and
that
takes
more
I
know
that
you
need
more
than
just
standard
configuration
and
afterwards
I
had
said.
Kima
install
I
set
a
custom
password
for
for
the
kima
cluster
itself
and
I
specified
that
I
want
to
use
a
config
override
so
pointing
at
the
end
to
a
custom
fire,
and
that
file
looks
like
this.
C
That
I'm
here
just
duplicating
the
this
installer
resource,
where
the
list
of
components
which
would
be
installed
as
listed
so
I
added
here,
monitoring
because
that's
not
part
of
the
standard
mini
cube
installation
and
I
added
a
config
map
override
for
is
jus,
specifying
the
key
ally
enabled
flag
and
two
more
options,
also
to
configure
a
username
and
password
for
the
login
to
key
ally.
So
that's
currently
a
flow
of
law
of
the
early
integration,
that
is
that
authentication
is
not
integrated
with
schema.
C
Let's
have
such
aesthetic
username
password
and
with
that
I
just
started
the
installation
and,
as
a
result,
I
can
access
have
a
nicely
running,
kima
class
down
local
machine
having
monitoring,
enabled
and
key
ally
as
well.
Unfortunately,
I
detected
her
a
back
which
I
redirect
Li
started
to
fix.
The
problem
is
that
indeed,
it's
not
exposed
well
by
archeology,
my
local
and
for
now
small
workaround
is
just
to
edit
virtual
virtual
service
of
Yali
and
just
prefix.
C
Here
the
host
was
key
ally
that
was
missing
and
then
it's
working
so
in
the
next
key
mobility
that
will
be
fixed
for
sure,
and
so
now
let's
go
into
Jiali.
So
now
it's
available
iron
acumen,
okay,
I'm
saying
because
it
was
my
custom
configuration
of
the
Installer.
It's
complaining
here
that
the
Khurana
URLs
are
configured.
That's
also
missing
this
and
katana
and
Giga
integration.
We
have
not
done
yet,
but
that's
just
as
I
said
this
deep
linking
which
is
not
working
and
yeah.
C
C
C
C
You
can
also
see
here
traffic
animation,
how
the
things
are
flowing
here
and
and
yeah.
We
can
easily
see
that
we
have
here
a
problem
that,
or
the
really
add
in,
were
Freakfest
seven
overall
and
request
rate
of
33
percent
to
one
third
of
all
requests
you
are
failing,
you
can
click
on
it,
click
on
and
to
see,
then
the
detailed
request,
information
for
the
specific
application
and
what
you
also
can
do.
C
C
When
you
go
inside,
you
can
get
more.
You
see
Willie
the
pots
then,
and
more
details
at
the
end
yeah,
it's
really
a
drill
down
of
what
requests
are
happening
which
protocol
is
used
and
what
are
the
fading
rates,
even
there's
some
nice
pictures
and
what
the
workload
view
is
more
than
the
code
view
and
the
services
once
it
and
there's
the
feature
of
usually
so
we
just
refresh.
Where
is
it?
Usually
you
see
also,
and
if
the
application
has
an
sto
sidecar
now,
because
the
oil
of
course
all
my
applications
haven't,
is
to
sidecar.
C
I
am
configuring,
the
arbok
rule
set
this
application
cannot
do
modifying
changes.
I
think
that's
also
for
the
real
integration.
Then
it
should
be
up
to
the
Installer,
of
course,
to
decide
on
and
enabled
or
not
enabled
the
configuration
I
thought
that
you
can
really
save
here
and
change
things
yeah.
C
So
summarize,
I
think
as
we
will
go
for
it.
You
do
a
final
integration
of
it
and
it
will
definitely
help
figuring
out
what's
going
on
in
the
cluster
and
what
is
mainly
missing
is
really
this:
integrating
the
authentication
and
having
a
toggle
form,
and
for
this
configuration
editing
and
the
proper
integration
of
eegah
and
katana.
Deep,
linking
and
that's
form
it
myself.
A
D
D
D
But
one
could
change
the
default
configuration
to
anything
like
in
memory
or
GCB
pops
up
and
in
this
demo,
I'm
gonna
show
you
how
to
use
TCP
pops
up
with
Kiba
for
event
a
so
I've
changed
the
default
channel
configuration
to
use
the
GCD
pops
up
and
I
have
installed
a
bunch
of
GCP
related
controller
and
dispatcher
inside
key
line
candidate
again
ting
namespace.
So
what
I'm
gonna
do
now
is
I'm
gonna
create
a
lambda.
D
D
D
D
D
D
If
I
can
switch
back
to
Chrome
as
fast
as
possible,
so
auto
box,
installation
for
Pima
comes
with
Mac's
right
and
then
you
could
change
the
faster
channel
traditional
to
in
memory
as
well
as
Google
website
and
Google
parts
are
being
used
here
to
demonstrate
how
it
works
in
Cuba.
Now,
that's
it
for
me.
Any
questions,
sorry
for
the
hiccups.
D
A
Okay,
so
the
usual
bar:
it's
the
release,
process,
improvement
proposal
that
is
working
and
working
waiting
for
another
proposal
on
how
we
would
long-term
deal
with
some
of
the
components
of
kima
that
are
inside
chemo
repo
and
at
the
end,
should
not
be
there
and
but
rather
a
standalone
projects.
So
no
did
no
more
details
here.
I
can
just
tell
you
that
I'm
one
of
the
ones
that
is
responsible
to
create
this
proposal,
so
just
yeah
we're
gonna,
keep
you
posted.
A
A
A
Thread
on
your
own
go
der
and
I'm,
showing
it
to
you,
because,
as
a
result
of
the
thread,
I
created
a
issue
on
our
web
site
repo
to
work
improvements
for
for
the
landing
page,
because
me
anyway,
anyway,
wanted
to
put
a
productive
users
on
the
landing
page
that
we
we
know
that
we
have
its,
of
course,
as
ap,
plus
that
economy
that
was
unpublished,
official
blog
post
about
it,
but
using
the
the
reddit
threat.
I
think
that
it's
again
time
to
really
go
through
the
wording
that
we
have
on
the
landing
page.
A
A
A
I
I
have
some,
but
if
you
already
know
how
in
much
easier
way,
we
can
explain
to
developers
which
developers
are
our
main
audience,
what
kima
is
really
without
using
words
like
cutting-edge
cloud,
native,
scalable,
etc,
then
feel
free
to
join
the
conversation
you
Oh
key
dokey,
then
that's
it
thanks
a
lot
for
joining
the
recording
I'll
share
today
and
send
a
tweet
about
it.
So
here
you
again
in
two
weeks.
Thank
you.
So
much
bye,
bye,.