►
From YouTube: Gloo Platform and Gloo Mesh 2.1 Demo
Description
Check out the demo for Gloo Platform and Gloo Mesh 2.1.
A
So,
with
glue
platform,
what
we're
focusing
on
is
that
next
set
of
challenges
and
next
Journey
that
organizations
need
to
take
once
they've
gotten
past
the
initial
steps
of
modernization,
adopting
Cloud
technology
things
like
first
few
steps
into
public
Cloud
things
like
containers
kubernetes,
and
what
we
find
is
that,
once
they've
deployed
their
applications,
these
applications
need
to
communicate
with
each
other
and
how
you
provide
that
application
networking.
On
top
of
these
various
Cloud
Technologies,
whether
that's
on
premises
in
a
public
Cloud,
both
or
multiple
clouds
we
need
to.
A
The
second
layer
is
glue
mesh,
and
this
is
an
Enterprise
service
mesh
that
focuses
on
running
a
service
mesh
at
scale,
allowing
various
teams
to
onboard
to
it.
The
complex
works
workflows
that
might
show
up
around
it,
centralized
observability,
zero
trust
properties,
multi-tenancy
and
you
know
tying
in
with
with
a
various
components
that
a
large
organization
probably
needs
like
observability
tools
or
private
key
and
public
key
infrastructure.
A
A
A
So
we
have
two
clusters
in
this
demo:
it's
for
Simplicity
of
the
demo,
but
you
can
add
as
many
clusters
as
you
need,
and
the
first
thing
you
will
notice
is
that
we're
able
to
discover
what's
running
in
those
clusters.
Here
we
have
a
cluster
in
US
West.
Here
we
have
a
cluster
in
U.S
east
and
we've
discovered
that
we
have
istio
running
in
the
Clusters.
This
happens
to
be
a
solo
supported
version
of
istio.
A
We
have
full
life
cycle
management
as
well
as
cve
patching
and
production
slas
around
our
builds
of
istio,
which
are
drop-in
replacements
for
the
open
source
project.
The
next
thing,
we'll
see,
is
a
concept
called
workspaces.
Workspace
is
a
way
to
carve
up
the
capabilities
of
the
service
mesh
that
you
want
to
expose
to
different
teams.
A
So
all
of
the
configuration
that
drives
the
behavior
of
this
platform,
whether
at
the
Gateway
level
or
at
the
mesh
level
or
the
networking
level,
should
be
done
and
should
be
driven
through
declarative
configuration
and
those
should
be
stored
in
git,
and
so
in
this
demo,
you'll
see
that
we
have
our
git
repo
with
the
various
policy
objects
that
we
will
use
to
drive
the
behavior
of
the
mesh.
We
also
use
Argo
CD,
and
you
can
see
that
things
are
green
here.
We've
synced
everything
into
the
various
clusters
and.
A
A
Now
our
glue
Gateway
as
I've
mentioned,
can
replace
full
stack
or
full
life
cycle,
rather
API
management
gateways,
with
capabilities
such
as
request
transformation
rate,
limiting
oidc
integration,
web
application,
firewalling
and
and
more
for
this
demo,
I'm
going
to
take
a
look
at
rate
limiting
so
the
first
thing
we'll
do
is
we
come
into
our
configuration,
we're
going
to
drive
this
through
a
git
Ops
workflow?
A
If
we
take
a
look
at
our
rate,
limiting
policy,
what
you'll
notice
in
blue
mesh
is
that
the
way
we
configure
our
services
and
our
Behavior
is
slightly
different
than
what
you
see
in
the
istio
community.
Now
we
can
do
it
with
istio
objects,
but
if
the
objects
are
very
service
specific,
you
apply
a
policy
to
a
specific
service,
with
glue
mesh
to
manage
a
more
wide
scale,
widely
deployed
set
of
services
and
and
application
networking.
A
So
in
this
case,
what
we're
gonna
we're
gonna
do
here
is
we
can
see
that
this
policies
rate
limit
policy
applies
to
routes
that
have
this
label
rate.
Limited
is
true,
so
let's
find
a
route,
and
let's
actually
come
in
here
and
edit
this
route,
and
what
we're
going
to
do
is
I'm
going
to
give
it
labels
put
rate
limited
is
true.
So
now,
whenever
we
call
a
product
page
in
the
book
info
demo,
we
will
potentially
be
rate
limited.
Let's
see,
rate
limit.
These
changes
come
back
here
and
we'll
look
at
the
client
settings.
A
We're
set
right
here
and
specifically
we're
going
to
be
rate
limiting
on
requests
that
come
in
with
these
specific
headers
X
number
and
X
Type,
and
if
we
see
those
requests
over
it,
we'll
rate
limited
them
at
one
per
minute,
all
right!
So
now,
if
I
come
over
here
and
check
out
our
go,
CD
we'll
see
that
we're
out
of
sync.
A
So
if
we
send
in
requests
these,
don't
we're
not
going
to
enable
these
headers
we'll
send
in
the
requests
we
should
see.
We
do
get
the
HTML
page
back.
That's
the
book
info
page
now,
if
we
enable
these
headers
and
send
them
in,
we
should
see
that
approximately
it's
not
100,
but
approximately
we'll
see
one
and
we'll
see
two.
It's
too
many,
so
approximately
one
request
per
minute
will
trigger
the
rate
limiting
now
under
the
covers.
This
is
using
the
glove
Gateway
and
glue.
A
Gateway
is
built
on
top
of
istio
istiocentroscale
and
it
is
in
the
glute.
When
you
adopt
the
glute
platform,
you
can
choose
to
use
this
technology
standalone.
You
don't
have
to
use
the
full
bone
surface
mesh.
You
can
just
use
the
Gateway
if
you
want
so
the
next
thing
we'll
take
a
look
at
is
cross
cluster
traffic
and
failure.
A
So
if
I
come
back
to
the
webpage
here
and
I
I
refresh
a
few
times,
we
should
see
traffic
is
flowing
back
and
forth
to
the
review
service
reviews,
V1
and
V2.
You
know
if
you're
familiar
with
book
info,
there's
no
red
stars
reviews
V3
is
not
here,
so
this
traffic
happens
to
be
pinned
to
Cluster
one.
At
the
moment,
cluster
2
is
where
we
have
reviews
V3.
A
What
we'll
see
is
come
back
and
refresh
across
fingers.
We
should
see
the
traffic
still
continues
and
eventually
we
should
see
red
stars,
because
now
we
are
failing
over
automatically
into
the
second
cluster,
and
this
failover
behavior
is
handled
by
include
mesh.
There
is
a
concept
include
mesh
called
virtual
destination,
which
allows
you
to
specify
a
global
name,
a
globally
routable
name.
That
can
then
use
priority
and
locality
as
a
failover
mechanism.
A
Another
thing
that's
interesting
about
glue,
mesh,
2.1
and
glue
platform
is
the
ability
to
manage
the
life
cycle
of
istio
itself.
So
across
a
large
number
of
clusters,
it
can
be
very
difficult
to
automate
and
control
the
upgrading
process
and
the
management
of
a
particular
version
of
istio
from
a
single
location
or
any
location.
A
So
what
we
have
in
in
glute
mesh
is
the
is
the
ability
to
let's
see
if
I,
have
the
the
ability
to
install
and
deploy
lifecycle
Managers
from
a
single
point
of
view,
which
then
allows
to
control
what
istio
versions
get
installed
across
a
fleet
of
clusters
and
we
can
automate
how
we
upgrade
those
those
istio
control
planes
and
data
planes
across
the
fleet
now.
Lastly,
what
I'm
going
to
cover
here
is
the
the
defense
and
depth
capabilities.
A
So,
as
we
mentioned,
you
can
optionally,
so
the
Gateway
can
run
standalone,
blue
mesh
can
run
Standalone
or
they
can
run
together
with
glue,
Gateway
and
then
glue.
Network
can
run
Standalone
or
with
the
mesh
and
the
Gateway
together,
and
what
the
networking
component
provides
is
functionality
that
can
be
built
into
ebpf
and
leverage
from
the
cni.
A
Now
we
can
also
take
a
look
at
the
health
of
each
of
these
various
components
deployed
in
here.
We
can
see
that
we
have
psyllium
in
a
good
State.
We
have
istio
in
a
in
a
healthy
state
and
now,
if
I
deploy
a
glue
mesh
access
policy
that
states
that
product
page
can
or
cannot
talk
to
the
review
service,
what
we
want
to
see
happening
when
we
use
the
network
is
defense
and
depth.
A
So
the
first
thing
we'll
do
is
come
over
to
the
policies
page,
a
debug
page
and
we'll
take
a
look
at
any
authorization
policies,
but
but
we
don't
have
any-
maybe
we'll
also
add
some
cilium
Network
policies.
Again,
we
don't,
we
don't
have
any,
but
in
in
glue
mesh.
What
I
want
to
do
is
I
want
to
apply
an
access
policy
to
glue
mesh
to
the
to
control
the
traffic
between
product,
page
and
reviews.
A
well,
we'll
see.
Is
it
hangs?
It
hangs
because
only
product
page
can
talk
to
the
review
service.
Other
applications
cannot
and
this
is
being
blocked
at
the
network
level.
Now,
if
we
could
somehow
circumvent
the
network
level
Maybe,
you
know,
since
the
the
rule
allows
us
to
talk
from
the
product
page,
but
we
don't
have
any.
Let's
put
that
back
from
the
product
page,
we
should
be
able
to
talk
to
the
the
review
service,
but
what,
if
I,
don't
call
it
using
uco's
Mutual
TLS
mechanism?
A
A
Reviews
one:
we
should
see
that
the
connection
will
fail,
because
the
mutual
TLS
that
was
expected
isn't
isn't
provided.
Now.
If
we
recall
this
from
product
page
directly,
then
the
call
would
succeed,
because
that's
that's
what
we've
written
the
authorization
policies
for
now.
I
invite
you
to
take
a
look
at
the
glue
platform
and
to
take
a
look
at
the
glue
mesh
2.1
release,
there's
a
lot
of
stuff
in
in
there
that
I'm
not
able
to
cover,
and
but
we
will
create
smaller
demos,
to
walk
you
through
things
like
the
istio
lifecycle
management.
A
Things
like
ebpf
acceleration
for
istos
now
in
in
English,
2.1
and
integrating
with
psyllium
and
with
network
policies
from
your
cni
to
give
a
much
tighter
control
over
the
security
and
the
network.
Policies
in
your
multi-cluster
heterogeneous
deployments
so
again
take
a
look
at
glue,
matching
glue
portal
and
thanks
for
stopping
by
this
demo,.