 Hello, everyone. My name is Lucas Ponce. I'm a software engineer at RedCAD. I'm one of the developers of the KeyAli project. So in this session, we are going to demo how to use the Easter service mesh from a visual perspective using KeyAli. So service mesh provides rich features to add advanced traffic routing, to add advanced security and authorization control for your traffic and also increasing the observability of the new signals like telemetry and tracing on top of your Kubernetes cluster. So what is KeyAli? KeyAli is a management console for Easter Bay service mesh with the goal to simplify the use of all of these low levels. So it's going to tell you which microservices are part of my service mesh, how are they connected, how are they working, and also it's going to help me to operate on the service mesh to simplify, to generate and modify all the configuration that I need to create high-level scenarios for traffic routing for security also and for visualization. Okay, so in this demo, all the workshop steps, all the workshop resources that we are going to use are fully documented at KeyAli.io under the tutorial section. Okay, so let me describe the application that we are going to use for this demo. So we are going to use the Travis demo application, which basically simulates travel shops that are talking with a travel agency. So the travel shops are going to generate or simulate user requests for a travel agency asking for available destinations and with one destination, a user may select one city and it's going to ask the travel agency to generate a travel to get the quotation for flies, cars, hotels for a travel, right? So the interesting thing of this demo app is that I can customize all these user requests. So I can create completely different type of traffic load based per city, based per user type, or just per travel type. One travel may involve flights, other travel could be only by car, all travels may need some insulin discount, etc. Right? I have also another main space in this travel demo application, which is going to provide a user interface to give me visibility of all of these travel requests per city, what type of travel is more purchased, and also to let me to modify the simulator. So I can, from one travel shop from one country, I can increase the rate, the request rate, I can change the type of the device that you use or the type of the type. So that is going to create a more rich demo scenario that will let me to showcase better all the Easter capabilities. Okay, in this demo, we divide the steps in a scenario. So we would like to showcase most of the typical situation that when some user starts using a service message, starts using Easter, it's going to fire. For example, the first step will be how to migrate or how to see when I have some name space connected or deployed into the message, but all the namespace are not yet connected into the message. Right? So we are going to show how to get on that scenario. Another typical step in the using of the Easter service message is exposing services through ingress using gateways. Right? Also, we are going to show all the capabilities of observability. Right? We are going to show how to build a graph with one or many namespace to see what is happening, how my services are communicating. And not also, we are going to stop that. So we are going to create a scenario for traffic 16 on HTTP or TCP traffic. We are going also to simulate errors to test the resilience of my systems from very simple way, just adding delays, but also we can also increase and add resilient techniques like secret breakers, just adding request time outs for some specific routing. And we are going to finish the demo showing how Kiali can help me to generate authorization policies for existing traffic. Right? So how I can use Kiali to simplify the management of the authorization policies within Easter. Okay, so let's start with the first scenario. So imagine that I'm starting to use deploy application namespace into my mess. So a typical situation is that I'm going to have namespace that are in the mess and other namespaces that are talking with this other application, but are not yet in my mess, how I can show that. Right? So this is my Kiali. This is the overview page where I can see the travel INC, travel portal, travel control. I can filter this namespace. And I can see that I have three namespace deploy my application, but how to see which applications are in the mess or are not. So the way to see that is using the Wallows view or the application view and checking the sidecars. So when I deploy a sidecar into a Wallows is when I connect a Wallows into the mess. Right? So this is something that I can check in Kiali. I can select in the Wallows or the application view. I can check all the namespace that I am migrating. And I can see that for the travel INC or the travel portal, all these Wallows are already included, deployed into the mess. So they have sidecar, but not the travel control. Right? The travel control has an amazing sidecar. So I can also click into the application and it will tell me that I don't detect the Easter container. Right? So what is the next step? What I'm going to show you is how I can deploy this namespace, travel control into the mess. There are several ways to do that. I can do this manually. Just with the Easter CTL command, I can manually inject the sidecar in my deployment. But typically another way to do that is to annotate in the namespace. I can add the enable auto injection annotation from the overview page. I can click into the full list view. I can see that now the travel control has the Easter injection label enabled. And I can see into the Wallows. That annotation means that every time that I deploy a new Wallow into this namespace, Easter is going to add the sidecar. As this Wallow was deployed before this annotation, I can also go to these Wallows and enable auto-initiation to create the annotation of the Easter inject panel. So what this is going to do right now is going to deploy this spot. And now I can see how the sidecar is deployed into this Wallows. I can see the container here. I can see that it's not showing any warning about that. And I can also show that the point details, the low-level details of the sidecar that is perfectly working. Okay. So that was our first scenario. Our second scenario is now that I have applications deployed into the mesh. The next typical step is to expose it to offset my cluster using the Ingress and using the Easter gateway. How I can do that using KiAli. So remember in this demo application, I have a service, the travel control that expose a user interface. What I want to do is to expose these services to the Ingress. How to do that? I can go to the service details, I can go to the actions, the request routines. And I can generate a very simple generic rule for this. I can add just a rule to say, okay, any request to this service is going to be root to the control Wallow. But I can add an advanced option to add this service to the gateway. So I can add it to our gateway. I can select an existing gateway or I can create a new one. In this gateway, I'm going to write the DNS, the public DNS, where this service will be exposed. In this case, it's control.Esteo.cluster.g. Okay. So this is going to generate all the configuration required, a virtual service, a destination rule, a gateway connected to all of them. And now if I access to the UI, I can see that this UI is exposed to outside traffic with using this cluster. So as I commented in this UI, it can tell me, okay, what the table shops are requesting to the table agency per city, per type. And I can also change the request ratio of these tools. I can modify the setting of my simulators to create more heterogeneous traffic and to create a more liberated demo scenario. Okay. So next one. So the next scenario that we want to show is now that we have this name and space connected or deployed into the mess, I'm going to start to receive additional information like additional telemetry about what the traffic is doing, additional tracing signals from the sidecars as well. And I'm going to show you how I can use Kiali to build a graph from one to many namespace. And I can see the details of security, the request rate, the distribution rate, the response time with the goal to help me to identify critical paths. And when I identify some world that it look like some critical, I may have something to test. So we are going to show details and try to correlate more information to understand what this world is doing. Right. So let's do that in Kiali. So how to start? Typically, we will start with them in the overview. Right. In the overview, I see all the namespace that I have in my cluster, deployed or not into the mess. And as I commented, I exposed the table control namespace. Now I start to see the limiting. And I'm going to show the graph for this namespace. Right. One of the, in this graph, I can see that traffic is coming from the East English gateway as expected. You know, it's calling the control service to the control workload. And as I described, this control world is talking with the table shop, right, to collect information. So one interesting feature is that I can build a graph from one to many namespace. So I see that this table control is talking to the table portal namespace. So I can add it into my graph. And I can see that, okay, the table control is talking to the table portal in the table portal. I have three shops that are talking with the travel sciency. I can also select the travel sciency into the graph view. And I can build a rich graph of all of the element that are talking into my, into my graph. Right. So it's very interesting. So let me to show several options that I can visualize in the graph. To me, the first interesting, the first one, the most interesting one is the security. So one of the benefits or one of the first reasons that I'm going to deploy my application into a service mess is to automatically have secure all the communication. So I can display the security option here and I can confirm that all the traffic that is flowing into the mess are using mutual TLS for communicating. So it's all secure about that. So the next interesting option that I recommend to use is the traffic animation. The traffic animation is a visual helper to show the request rate. So it's building, this animation is built based of the rate information that they collect. And I can identify, for example, some difference. So I can see that in this edge, this traffic rate, I have more traffic in the hotel's workload compared with others apparently. Right. So also what I can show is the, I can show the information that I can show the numbers of this request rate. I can also try to identify the distribution. Right. And also the response time of all my edges. Right. So another interesting option that I would like to include is how to identify critical paths. So I can query the graph to highlight edges and communication with some expression condition. Right. In this case, I would like to highlight all the edge that have more than 50% of the traffic. Right. And to see that, okay, I can think that the travel communication with the hotels is higher than the travel communication with others. Also, another examples of queries that I can do is I can query not only TCP traffic, but I can query TCP traffic. That this could be interesting, for example, to get information about how my travel agency workloads are communicating with the database. And I can increase the, change the query, for example, to see, and I can confirm that, okay, the hotels have some big queries compared to the database compared with others. Right. I can also zoom in into the travels, into the travel service. I can zoom in into the travel workload to see the details. I can, for example, to show more details into the inbound metrics. I can see, I can feel that in the inbound metrics, what is incoming from the portals. And I can see that, okay, especially the hotels is showing a lot of information. Let's show more interesting features. Right. So, oops. Okay, so let me hide that here. I don't know what they're coming. Okay, so let me go, the hotels has identified that it may have some interesting information to show. Another feature that they have is that I can click in the hotel's particular application. I can show the trace that this application is collecting. And I can overlap. I can correlate the tracing information with the telemetry information in my graph. So this particular trace is coming from a portal. It's calling the travels. So it's traveling into the insurance, cancer hotels, and also talking with the discounts and also with the database. Right. So I can get more disinformation. So I can correlate this information also from the charts. I can put in the charts. So the same telemetry information with the tracing, with the goal to tell me, okay, all these traces are good or are bad. How I can say, okay, this is a slow for my environment. So this is what we try to do from Keyali. We tend to correlate this tracing information with heat mass, with other telemetry signals, just to tell you that, for example, this tracing are more or less green, but are not as low as expected. But I have some slow traces that probably can get more my attention. So I can get to the span details and I can say, okay, this particular span from this trace could be slow and could be interesting to see more details into the Jagged UI. So when I can just browse for all the details of this span and try to understand what could be the bottleneck with method is taking more time than expected. Right. Okay. So then let's show a couple of more scenarios for this demo. So one typical scenario for using service mesh is also to do advanced traffic routing. So in this case, imagine that my developers are recommending to create new versions for the travel service in the travel agency and the database that they want to check if this new version are performing better than others. So let me show you how to do that. So I'm going to connect to my console. Okay. I'm going to deploy the traverse version two, version three, deploy the MySQL. Okay. So if I go back to the overview, I expect that in the travel agency, I will have more workloads so I can filter the workloads by travel and MySQL. Okay. So they are deploying. Right. Now what I would like to do is to go to the travel service that I have now, the visibility of the three travels workloads. And I would like to create a traffic shift in a scenario. For example, I would like to keep the 50% of the traffic for the travels version one. And I want to test version two and version C, just sending 25% of the traffic to these two workloads. All right. I want to create that. And I would like to do that for the database as well. So I go to the database. This is, the database is fully TCP. I'm going to create a TCP traffic shift in a scenario in the same way. I'm going to show 50% here, about 25% to this other scenario. Okay. So this is, we are going to see how in, if I click into the travels one second into the travels application and I display the request distribution, I expect, no, sorry. Okay. I wanted to zoom into the, into the version up graph. And I want to zoom into, I don't know why I showing this middle notes. Okay. I wanted to zoom into the travels app. And I, okay. This is what I wanted to show. Okay. So now I see that I'm sending, I have a bit of service defined in the travels and I'm sending most of the traffic to the version one. Right. Okay. So a couple of last scenario before that, that we end this, this quick demo. So we are going to introduce a full injection scenario. So we have identified that the whole test is, is having a lot of traffic compared with others. So if it's the old service mess, allows me to, to test the resilience of my system, introducing errors. Right. So it's something that we can create what we call a full injection scenario. So I can do that, go into the hotel service. I can click the actions to create a full injection scenario. I can add an extended, a standard delay. And Kiali is going to generate the virtual services initial service for this, for this service, introducing this, this form. So this information is going to, to be propagated to the cycle and is going to introduce error for, for this service. So now if I go to the, to the graph and I display the response time, now with this error scenario, I expect that at some point I may see, let me see if I start to see some response times. Okay. So now I see update to the telemetry that is sending this. Okay. So now I can query and I can ask, okay, well, how is the impact of a slow workload in my, in my workloads in my, in my graph? Right. So let me to show that with all the wallows on my system. And this query can tell me, okay, how the impact of an error is, is slowing all the, the, the traffic into this system. Right. So this is one scenario we wanted to show. Right. So how to query that. Also, let me do query with more details in the hotel service. I can go to the input metrics. I am trying to show local version by destination and I can see in the input metrics that, you know, an average I'm introducing five seconds delay for this service, but with peaks to two times the, the five seconds up to, to 10, to 10 seconds of delay. And I can show that into the graph how the impact of a, of a slow workload can affect to my whole graph. Okay. Okay. So let me to, to finish my, my demo with a security scenario. So now that I have all my communication, right? So I'm going to show you how I can tell Kiali that, okay, now I want to create additional traffic policies for the travel I NC world. So I can go to the name space and go to the actions, create the traffic policies. So it's still, I'm going to generate Kiali is going to generate more restrictive authorization policy for the world. So only the existing traffic at that moment are going to be allowed to communicate with the world. For example, I'm going to create a deny all authorization policy rule for all this name space. I'm going to allow to create a specific authorization policies for all the work. So now I want to show this a scenario. So it's the communication is secured, but I want to deploy a new, a new warlord to show that this new warlord is not authorized to talk with the target I NC. Okay, so I think that I have now in the table for that a new warlord calls load balancer, not yet. Okay, a lot tester, sorry. And now I expect that this new warlord, it should start showing telemetry. Okay, it's not yet working. I guess it's starting to, okay, now it is. So let me do the zoom in to this, to the tables I NC. Okay, so this is what we wanted to show what we did. So we create authorization policies for assisting traffic. So all the previous warlords were working currently, but now we deploy a new lot tester warlord that has not the rights to access to the table I NC. So I will see how the Istio issue show that, okay, all the communication is not permitted, it's forbidden, and it's just denying the request to do this. Okay, so yeah, this was a very quick introduction to how to use Istio with Kiali. Just remember a very long version of this tutorial with more use cases to how to use Kiali to visualize and operate Istio is available under Kiali.io under the tutorial section. And thank you for watching. So we are at Kiali project in Peter, Kiali ruining Istio client or free now. So any question, please let us know. Thank you very much.