►
From YouTube: Kyma Core SIG community meeting 20191009
Description
4:00 Update on delayed 1.6 release
6:53 New version of Kubernetes Service Catalog. Why? How? and what we gained
16:16 Overview of all improvements in Logs UI
30:25 New alpha version of API Gateway in action aka how to secure your service with OAuth2
Meeting notes: https://docs.google.com/document/d/1vWleTon7sJIk0teee4SoVezS4mR3K8TlkvXkgLJwRD8/edit#heading=h.cxdwuthhutyy
A
C
If
I
look
at
the
Box
repository
data
collection
of
learner
modules
and
so
there's
a
lot
to
mock
a
look,
I'm
October,
Nando
de
tu
mox
over
and
the
and
then
as
a
climber
mock
as
well,
the
climber
mock
confuse
it
calls
it.
You
know
there
is
an
instance
of
that
connector
and
then
it
will
chrome
instance
of
cedi
open
api
mar.
A
Me
quickly
check
you
can
see
my
screen
all
the
time
yeah
you
can
see.
Okay,
so
so,
as
you
can
see,
I
know.
So
what
I'm
showing
now
is
the
is
the
repository
under
sub
organization,
where
our
guys
created
smocks
of
the
some
enterprise
apps
owned
by
ACP,
so
we
can
use
them
as
well
in
kima
and
so
I
can
see
Marcus.
A
A
No,
so
I'm
also
surprised
why
it's
not
it's
not
kima,
but
what
Marcus
so
I
will
for
sure
take
it
to
to
Andres
who's
the
owner
of
Marcus,
but
but
yeah.
That's
how
we
should
use
it
now
and
I'll
clarify
within
whites
and
kima,
but
probably
it's
because
it's
virginal
generic
it
doesn't
have
to
be
under
chemo.
A
That's
I
was
supposed
to
be
presented
by
Ahmed,
but
yeah
I'm
replacing
him
today
and
there's
not
much
to
discuss
if
it
comes
to
the
details
of
the
release.
Unfortunately,
we're
facing
quite
big
issues
with
producing
the
release
the
last
state
which
I
can
share
is
that
we
are
already
over
with
testing.
Well
the
release
candidate
too,
and
we
are
now
creating
the
release
candidate.
Three
two
tests.
We
have
to
make
sure
that
everything
really
works
well,
which
are
we
picking
some
bug
fixes
could.
A
C
B
A
But
yeah
good
good
pony,
and
can
you
mutters
in
the
notes?
Can
you
mark
that
we,
of
course
so
I
will
have
an
action
item
to
clarify
that
that
we
should
not
happen
in
there
in
the
in
the
future,
because
that's
really
confusing,
especially
that
we
now
also
will
try
to
make
more
transparent
work
on
the
releases,
because
now
all
the
problems
are
probably
visible
only
internally,
so
we'll
make
sure
that
on
general
we
put
more
more
updates
in
next
release
but
yeah.
A
B
B
B
Yes,
yeah,
great
okay,
so
basically,
you
probably
probably
know
that
we
have
in
kima
free
flux,
application
connector,
several
s
and
the
last
one.
Service,
management
and
service
management
allows
you
to
consume
and
manage
third-party
services,
and
it's
also
a
glue
for
the
two
first
killers
and
basically
we
have
choosen
the
service
parentheses
catalog
to
provide
such
feature.
For
example,
you
can
provision,
they
might
ask
you
our
service
on
the
DCP
side
and
then
bind
this
instance
to
your
business
application
and
to
implement
that
logics.
Service
Catalog
extended
kubernetes.
B
We
seeks
new
kinds,
but
the
question
is
how
basically
I
need
to
tell
you
that
Service
Catalog
was
started
almost
three
years
ago,
and
at
that
time
you
were
able
to
extend
kubernetes
only
by
creating
your
own,
a
private
API
server
and
just
briefly
what
it
is.
So
when
you
have
a
new
operating
on
the
core
resources,
you
are
going
through
the
main
API
server
and
the
manifest
as
are
stored
in
the
main
it
CD.
B
When
it
comes
to
extended
with
the
API
server,
then
you
need
to
create
your
own
server
and
also
have
connection
to
your
etcd
storage,
where
your
custom
kinds
will
be
stored
and
basically,
when
someone
wants
to
operate
on
your
resources,
he
all
so
going
to
the
main
API
server.
But
in
this
case,
in
that
case,
the
main
gates
are
only
processing
that
call
to
your
application
and
you
need
to
hole
in
to
hold
and
handle
this
action
in
your
code
and.
B
It
sounds
a
cage,
but
we
had
a
few
problems
with
Service
Catalog
when
it
comes
to
maintain
that
application
in
our
cluster
in
kheema
project
and
also
implement
new
features
in
that
project.
Why
I
have
a
few
reasons?
First,
one.
This
approach
requires
you
to
write
an
API
server
from
scratch
right
and
maintaining
its
code
and
when
I'm
saying
maintain
its
code
I'm
seeing
a
lot
of
code,
because
you
need
to
write
storage,
connector
and
strategy
for
each
kind.
B
So
it's
a
lot
of
boilerplate
when
you
have
a
lot
of
code
is
really
problematic
to
maintain
that.
The
second
reason
is
that
you
write
in
the
PI
server
from
scratch,
and
you
also
owning
some
core
logic
like
incrementing
generation
fields,
and
this
is
also
problematic
because
you
duplicate
in
CoreLogic
and
is
easy
to
introduce
backs,
and
it's
also
hard
to
follow
best
practices
next
one.
B
B
We
have
problem
with
doing
that
if
in
a
correct
way,
because
the
best
practices
were
not
well
documented,
so
it's
really
nice
to
have
architecture
which
is
which
allows
you
to
do
that
only
in
one
way
and
the
Slavs
from
my
list.
Probably
the
most
important
is
that
you
are
requiring
the
connection
to
the
etcd
storage
and
in
case
of
kima.
We
are
running
our
project
on
manage
kubernetes
clusters,
so
we
are
not
able
to
connect
to
the
mini
CD.
Instead
of
that,
we
need
to
create
create
our
own
one.
B
So
because
of
that
we
need
to
take
care
of
backups
upgrades
and
so
on
and
so
forth.
What's
more,
there
is
also
an
issue
when
etcd
is
down.
Then
api
sorry
is
also
done
because
of
that
kubernetes
and
all
physical
resources
disappear.
So
what
you
can
do
is
to
delete
a
space
where
those
we
say
resources
were
created
when
api
server
is
back,
then
you
have
resources
in
namespace
which
does
not
exist
anymore
and
it
caused
a
lot
of
problems,
and
we
of
course
had
all
of
them
in
the
whole
platform.
So
it's
only.
B
This
connection
is
also
not
a
good
idea,
because
of
that
we
discovered
that
we
have
a
new
kid
on
the
block,
which
is
series
and
series
already
in
GA
stage,
so
didn't
mean,
is
a
global
Bible
and
what
we
did.
We
just
inserted
all
agree
praised
the
API
server
with
the
custom
widows
definition
thanks
to
that
is
really.
B
You
can
also
intercept
your
request
before
they
will
be
studying
CD,
for
example,
apply
some
defaults
or
add
additional
information
with
the
series
you
are
going
for
the
mini
player
server
and
the
data
is
stored
in
the
main
in
CD.
But
basically,
what
you
can
do
is
to
reuse
the
idea
behind
imitation
admission
webhooks.
Thanks
to
that,
you
can
register
your
web
hooks
and
mutate.
B
So
change
the
spec
before
it
will
be
saving
me
mainly
TCB.
What
more
you
can
use,
schema,
validation
or
dynamic
validation,
this
quite
similar
to
the
mutation
webhooks,
because
you
will
receive
the
payload.
You
can
validate
that
and
respond
to
server,
it's
correct
or
not,
and
what
we
did.
We
just
collect
all
custom,
API
server
features
and
we
substituted
them
with
this
year.
The
approach,
and
what
is
important
or
important,
is
that
the
architecture
is
already
in
place.
So
right
now
we
have
a
new
service
catalog
released
with
this
year
implementation.
B
Right
now
we
have
a
beta
1
release.
All
those
things
were
powered
by
kima
developers,
and
what
is
more
important
is
that
we
use
that
thing
in
current
release
upcoming
release
1.6,
because
we
have
a
new
version
now,
it's
time
to
migrate
our
clients,
and
our
goal
was
to
do
that
with
one
click
upgrade
because
of
that
we
reuse
the
hem
up
great
concept.
So
what
you
can
just
do
is
to
execute
an
upgrade
command.
Of
course,
for
you
as
a
female
user,
we
even
automated
that
process.
B
So
you
just
upgrade
your
kima
cluster
and
we
doing
all
those
things
for
you
things
to
take
away
is
that,
right
now
the
Service
Catalog
in
Pima
is
more
stable,
because
we
are
reusing.
The
native
kubernetes
support
for
extending
kubernetes
the
installation
time
was
reduced
because
we
are
not
installing
the
etcd
cluster
and
also
we
are
not
deploying
the
API
server.
So
thanks
to
that
is
around
30
seconds
and
next
one
is
we
reduce
the
memory
of
course,
because
we
are
not
owning
the
TCD
storage
anymore.
We
only
deploying
the
controller
and
web
hooks.
B
B
A
A
B
A
E
Hello,
everybody
so,
with
upcoming
increase
1.6
and
the
UI
team,
we
have
reworked
the
lock
UI
in
in
kheema.
So
I
would
like
to
show
it
to
you
and
ask
for
foreign
feedback
and
ask
you
if
you
would
see
any
additional
follow-up
features
for
the
log
UI,
so
the
location
for
that
navigation
note
didn't
change.
There
is
a
it's
under
diagnostic
category.
E
You
will
find
logs,
and
previously
it
was
quite
complex,
and
now
we
decided
to
simplify
it
really
drastically
and
to
have
some
sort
of
face
set
search
like
experience
so
from
all
of
the
logs.
The
logs
are
indexed
in
low
key
component
and
they
are,
they
are
using
all
logs
have
their
labels,
so
you
can
further
drill
down
into
logs
that
are
interesting
for
you
using
those
log
labels.
So
this
exactly
like
you're
searching
for
some
products
on
the
shop.
You
can
navigate
really
by
adding
more
filters.
E
So,
for
example,
I'm
interesting
in
the
logs
from
a
given
namespace
and
I'm
I
can
select
a
namespace
category
and
see
all
the
namespaces
that
are
available
in
my
runtime.
So,
let's
take
came
a
system
now
I'm,
seeing
all
the
logs
coming
from
schema
system.
That's
probably
a
nice
bird
eye
view,
but
it's
probably
too
much
and
let
me
reduce
the
results
limit.
You
can
find
that
in
the
in
the
Advanced
Settings,
which
is
hidden
by
default,
and
you
can
further
on
narrow
down
your
search
results
using
this
label
selectors.
E
So,
for
example,
I'm
interested
in
the
asset
store
made
the
media
service
so
now
I'll
be
I'm.
Viewing
a
live
logs
from
a
given
component
asset
metadata
service
from
the
namespace
schema
system,
and
you
can
see
there
are
some
documents
being
processed.
So
it's
it's
automatically
refreshed.
You
can
decide
to
stop
it
to
pause
the
auto
refresh
and
take
a
moment
to
analyze
state
a
given
time
frame.
Never
given
the
given
logs,
you
can
use
this
drop
down
here
to
further
define,
define
the
time
constraints.
E
As
you
can
see,
there
are
quite
fixed
at
the
moment.
Just
get
me
logs
from
last
minute
up
to
last
hour
and
what
will
come
in
the
future
is
like
a
precise
time
picker
so
that
you,
you
could
focus
on
logs
from
a
very
specific
time
period.
That's
probably
most
wanted
at
the
moment
here.
We're
gonna,
add
that
next
and
you
can,
of
course
you
can
also
change
the
lock
order
yeah.
So
this
is
you:
can
you
can
further
search
the
locks?
E
E
With
search
with
text
error,
no
that's
good,
so
there
are
no
errors
in
the
asset
store,
and
so
it's
it
could
be
quite
handy
if
you,
if
you
would
like
to
see
for
any
problems
and
I,
give
a
name
safest,
namespace
for
a
given
container.
So
this
is
the
it's
a
generic
general
purpose,
lock
macro
front-end!
You
can
use
the
the
same
log
UI
in
a
given
context.
E
Asset
store
media
service-
this
is
the
one
so
previously
I
have
shown
you
how
to
really
use
the
log
labels
on
the
general
purpose.
General
purpose
lock,
UI
now
you
can
I,
will
show
you
how
to
show
the
locks
of
that
specific
pot
and
those
in
an
action
menu
on
the
under
list.
Entry
here
and
I
can
choose
to
show
the
locks
from
the
spot
and
now
I
don't
need
to
really
select
anything
because
I'm
already
in
the
context
of
the
spot
and
I
can
use
the
same.
E
It's
in
the
context
of
a
lambda
so
for
the
purpose
of
this
demo,
I
have
prepared
a
lambda
function
that
is,
processing
orders.
It's
quite
simple:
it
takes
an
input,
a
older
data,
and
it's
just
if
the
format
of
the
event
is
correct,
then
it's
adding
a
processed
flag
to
true
and
then
returning
that
order,
and
if
the
the
format
is
wrong,
then
it
just
returns,
-1
and
and
locks
the
error
in
the.
If
there's,
everything
is
fine
that
it's
also
logging
in
information
that
order
is
being
processed.
E
E
Some
order,
related
events
that
are
available
in
my
in
my
name
is
and
send
a
sample
payload
to
the
lambda.
I
can
see
the
response
and,
as
you
can
see
immediately,
I
can
also
see
the
lock
from
the
lambda.
So
in
this
particular
view
when
when,
when
you
view
a
sale
on
to
developer,
you
are
really
validating.
If
the
lambda
code
is
fine
and
you
are
want
to
really
test
some
some
corner
cases,
then
it
will
be
quite
handy.
E
E
A
E
F
E
A
B
C
E
E
C
C
E
C
E
A
E
So
what
you
have
seen
probably,
is
the
namespace
details
view
which
we
plan
to
where
you
would
see
all
the
workout
statuses
in
your
given
name,
space
saying
which
deployments
are
healthy
or
the
percentage
of
healthy
deployments,
jobs,
etc,
and
we
would
see
here
and
a
component
showing
only
logs
that
are
going
to
the
standard
error
stream
here
and
that
would
be
such
such
place.
So
you
would
not
need
to
have
all
those
views
open.
So
we
could.
We
were
planning
to
deliver
something
like
that.
E
E
C
E
E
F
F
Ok,
do
you
see
apk
to
API
gate,
wait
version
2
I
can
see
terminal.
Ok,
that's
all
right!
It
should
be
fine,
I,
guess!
Ok
again,
it's
very
nice
to
to
have
you
here
for
this
short
demo
of
API
gateway
controller,
which
is
essentially
a
kubernetes
controller
that
allows
you
to
expose
and
secure
applications
and
lambdas
using
instances
of
the
API
rule
custom
resource.
F
Of
course
you
can
visit
or
a
dot
as
H
for
some
more
details,
but
let
me
just
cut
straight
to
the
point
there
is
this
HTTP
bin
service
residing
in
in
go
to
test
namespace,
let's
see
if
I
can
secure
it
with
all
of
the
token,
of
course,
I'm
securing
with
things
with
JWT
token
is
possible
as
well,
but
let's
just
focus
on
this.
This
particular
method
here
for
your
information
prior
to
this
demonstration,
I
registered
and
off
to
client
using
another
great
product
from
our
portfolio,
which
is
hyda
Meister.
F
You
can
learn
something
more
about
the
controller
itself.
I
mean
the
other
controller
Hydra
Meister,
the
customer
resource
it
operates
on.
You
can
yeah.
You
can
just
visit
our
documentation
that
came
up
project
that
I,
oh
I,
guess
it's
the
Security
tab
so
yep,
so
usually
when
I
want
to
expose
a
service.
I
create
a
virtual
service
like
the
one
you
see
here,
I'm,
of
course,
I'm
able
to
call
the
upstream
service
through
the
host
expose
here,
but
the
service
is
not
secured.
F
F
We
need
an
instance
of
the
API
role.
Custom
resource,
like
the
one
here
as
you
can
see,
I
secure
the
entire
service
by
specifying
the
asterisk
here
in
path.
I
make
sure
it
is
available
at
HTTP
bin
dot
domain.
It's
our
city
to
cluster
in
this
case
here
and
yeah
I,
secure
it
with
all
to
introspection
token
that
should
be
issued
with
a
with
with
with
the
disco
breed
here
and
basically
that's
it.
It
is
now
up
to
the
API
gateway
controller,
to
create
corresponding
virtual
services.
F
F
We
are
not,
and
there
is
no
wonder
or
not
we're
missing
an
a
token
issued
by
Hydra.
So
let's
simply
ask
for
it
again:
I
have
created
enough
to
client
prior
to
this
presentation,
so
what
I'm
doing
is
basically
calling
Hydra
for
a
token
with
scope
read
as
there.
It
is.
Let
me
just
expert
it
as
an
environment.
Variable
perfect.
So
now,
I
guess,
if
I
include
the
token
in
my
request,
I
can
I
should
be
able
to
call
the
upstream
service
and
yet
that's
the
case.
F
Instead,
I
choose
to
secure
just
one
path:
let's
have
a
look
here
say
headers
in
this
case
and
make
sure
the
remaining
end
points
here
are
accessible
from
outside
the
cluster
without
any
additional
meaning
of
authentication
authorization.
That's
their
meaning.
I
do
not
have
to
include
the
header,
the
authorization
header
in
my
request,
so
yeah
I've,
just
updated
the
resource.
Let's
see
where
it
takes
us
I
need
to
make
sure
the
the
setup
is
exactly
what
I'm
looking
for.
F
So
let
me
call
header
the
the
headers
and
point
one
more
time
with
no
token
okay,
the
call
fails
as
expected.
Now
let
me
try
another
call.
That
was
a
token
this
time
and
dia
we're
through
and
let's
just
check
one
more
thing.
We
should
be
able
to
call
an
unsecured
endpoints,
a
user
agent
from
outside
the
cluster
without
any
additional
means
of
authorization,
and
that's
it.
We
are
able
to
do
so.
Which
concludes
my
presentation.
It
was
very
nice
to
have
you
here.
You
guys
now
it's
time
for
some
questions.
A
A
F
I
mean
the
the
name
of
the
customer
resource
could
potentially
be
subject
to
further
changes.
I
mean
we're
not
really
sure
at
this
time.
How
is
it
going
to
to
look
like
what
it
is
going
to
look
like
here?
I
mean
we
decided
to
go
with
API
rules
so
that
there
is
this
distinction
between
what
between
the
custom
resource
we
used
in
the
past,
but
we
haven't
decided
yet
on
the
final
on
the
final
resource
type.
Ok,.