►
From YouTube: Cloud Foundry Community Advisory Board [May 2019]
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
A
Yeah
welcome
to
district
2
for
becoming
the
brand
new
clarity.
Foundation
member
I'm
gonna
surprised
that
you're
here
and
not
on
the
member.
Well,
you
will
hopefully
join
the
member
call
in
the
next
30
minutes
anyway,
quick
updates
and
run
through.
We
are
slowly
starting
off
with
the
summit
planning
for
the
hunk.
The
culprit
vapors
ends
on
May
31st.
So
get
get
your
speaking
proposal
skin
I
know.
Most
of
you
are
also
working
on
travel
arrangements
and
everything.
A
So
please
make
sure
that
you
are
there
for
the
coach
of
your
summit,
which
is
the
Days
event
on
September
10th.
Please
don't
miss
that
I
know
it's
a
bit
of
a
hassle
to
get
in.
They
are
a
little
ahead,
but
it
will
be
extremely
useful
for
all
the
contributors
use
yourself
in
the
rest
of
the
contributors.
Here.
There
Chris
spearheaded
a
major
major
initiative
from
our
side,
so
we
started
putting
together.
This
whole
thing
called
quarterly
release.
A
Summary
I
think
chip
used
to
do
that
back
in
2017
or
something
as
I
heard
from
Altos
books,
but
we
are
restarting
that
starting
this
quarter
in
2019,
so
every
quarter
we
will
release.
We
will
publish
a
release,
roll-up
kind
of
an
update,
so
that
folks,
within
and
outside
of
our
community,
can
kind
of
take
a
look
at
all
the
things
that
you
all
do
in
our
community.
A
We
also
have
a
user
survey
that
will
close
this
17
this
Friday,
and
so,
if
you
are
a
user
or
if
you'd
know
of
a
user
or
if
you
have
a
customer,
please
let
them
know,
please
give
them
a
gentle
touch.
I
also
posted
the
survey
link
here.
So
if
they
don't
have
the
link,
please
do
share
the
link
with
them
we're
trying
to
get
as
many
folks
to
take
the
survey,
because
that
gives
us
a
good
sample
size
and
good
indication.
B
A
C
B
B
D
C
D
D
So
those
relate
to
how
or
whether
or
not
it
trust
self-signed
certificates
so
certainly
be
aware
of
those.
As
you
are
updating
your
CE
of
deployment
based
app
runtime
clusters,
we've
had
some
releases
from
some
of
the
component
teams
as
well.
The
CLI
most
recently
released
version
six
dot
44.1
in
general,
they've
been
improving
support
for
operations
with
client
credentials,
I
think
they
had
a
minor
regression
in
dot
o.
That's
prompted
them
to
release,
not
one
as
a
fast
follow.
D
The
networking
team
is
continuing
work
on
dynamic
egress
as
a
more
flexible
replacement
for
app
security
groups
and
then
down
in
the
container
depths
of
the
app
runtime
I
know
garden,
has
released
initial
support
for
kind
of
better
metrics,
around
CPU
usage
for
containers
and,
along
with
some
CLI
plug-in
tooling,
that
helps
app
developers
and
operators
get
more
information
about
that.
So
they're.
D
B
B
E
Yeah
so
I
Mukesh
I,
like
dark
mass
I've,
been
with
for
about
two
years.
I
joined
the
watch
team
a
few
months
ago
and
I
join
it
at
the
time
when
we
like
the
team
into
a
tube
one,
is
watch
detector
and
that's
the
team
that
Morgan
piense
and
I'm
hearing
the
bar
systems
team.
The
bar
assistance
team
looks
at
stem
cells,
DNS
and
OS
font
release,
so
Mario
is
actually
not
here
so
I'm
gonna
fill
in
for
him
and
you
know
share,
is
a
place.
E
E
You
know
how
the
drain
happens,
so
you
know,
increase
you
all
to
take
a
look
at
it,
something
that
we
worked
on
use
oculus
can
take
advantage.
You
know
other
minor
things.
We
added
a
exported
from
section
in
the
release,
manifest
to
be
more
explicit
about
the
stem
cell
in
the
version
that
the
release
compiled
against
specifically
modified
news.
This,
the
OpenStack
CPR
team,
added
a
resurrection
functionality
we
are
starting
to
the
director
team
is
starting
to
make
improvements
on
how
the
marsh
starts.
E
Stop
the
kick
commands
work
in
a
way
that,
in
past
you
know,
like
wingless
commands,
have
often
surprised
the
user.
It
turns
off
how
they
act,
the
impact
that
it
makes.
So
you
know
trying
to
you,
know,
step
back
and
look
at
the
user
experience
and
make
improvements
on
that
part
and
then
finally,
working
under
going
to
support
for
even
manifest,
if
you
have
any
of.
If
you
have
questions
on
the
direction
part
I'd
encourage
you
to
March.
E
G
E
E
You
can
find
the
details
on
what
exactly
it
means
and
how
to
use
it
in
a
link
that
I
have
it
here,
which
is
a
Tzadik,
see
on
what
the
solution
looks
like
excitingly.
We
also
put
a
new
xenial
sense
alliance.
Even
we
just
need
it
if
you
want
to
take
advantage
of
the
269,
which
has
a
restart
lifecycle.
E
E
I
think
you
know
at
least
couple
years
ago
a
couple
years
like
2021,
but
you
know
we're
just
being
looking
at
supporting
bionics
since
that's
been
out
for
almost
a
year
and
last
one
so
we're
trying
to
make
the
whole.
You
know
getting
the
clearance
of
VM,
and
so
one
of
the
last
fear
that
we
actually
haven't
be
invited,
lock,
stored
credentials.
And
you
know
our
friends
in
Cappy
did
a
similar
explanation.
E
H
B
B
B
H
E
B
B
Yeah,
it
could
have
been
coming
from
the
speaker's
mic.
Sorry
about
that,
alright,
so
I
think
the
folks
from
serviceable
for
API
and
I'm
not
hearing
anything
back.
So
at
some
point
we'll
have
to
figure
out
if
you
want
to
just
remove
them
here
or
figure
info
fine
who
can
give
us
an
update
on
service
because
it
certainly
an
important
part
of
our
foundry,
but
we
have
not
heard
from
them
forever.
B
B
Thank
you
for
extensions.
There's,
a
few
updates,
so
the
apple
is
killer,
is
now
is
Travis.
Ui
extension.
This
fits
into
the
stratosphere
of
having
extension,
so
you
could
add
different
tabs.
So
if
you
haven't
looked
at
the
over
and
you
may
want
to
check
it
out-
and
it
also,
they
added
a
bunch
of
different
features
like
metrics
and
Prometheus
health
in
points
and
so
on.
B
Stratos
itself
is
at
version
2
for
0
and
you're.
Looking
for
new
updates,
you
know
kind
of
new
features
and
I've
been
chatting
with
them,
so
we'll
I
guess
maybe
hopefully,
next
next
week
next
time
we
can
have
an
idea
of
what
they're
doing
the
abacus
project
is
getting
to
some
in
of
life
and
the
team
is
working
on
a
blog
post
on
you
know.
B
Essentially
you
know
if
you
want
to
take
it
forward
or
if
you,
if
you're
still
using
it,
that's
what
you
want
to
do
it's
a
bit
disappointing
in
terms
of
having
that
happen,
but
the
code
is
still
there
and
there
might
be
some
people
using
it.
So
we'll
see
if
somebody
else
wants
to
take
it
over
the
SAV
team
plans
to
do
they
are
essentially
your
proprietary
version.
So
this
is
a
case
of
you
know.
B
B
B
Since
the
Comcast
team
has
to
talk
together,
let's
put
them
towards
the
answer
that
way
they
can
decide
how
you
want
to
use
the
rest
of
the
time
so
we'll
pass
it
to
Tim,
Downey
and
Scott,
see
cell
form,
pivotal,
who
is
gonna,
give
us
an
update
on
sidecar
its
full-time
Congress,
so
very
excited.
If
you
want
to
share
your
screen
great.
C
I
Thanks
dr.
max
hi
I'm,
Scott
sisal
and
the
kepi
p.m.
from
pivotal
and
I've
been
on
the
kepi
for
about
since
the
beginning
of
the
year
before
that,
I
was
working
on
build
packs
and
CF
dev
and
some
some
other
local
dev
tools
so
yeah.
So
we
really
sidecars
a
sidecar
support
for
maybe
about
four
to
six
weeks
ago
and
it's
an
early
alpha
version
of
the
feature
and
really
with
the
the
reusing
we
kind
of
focused
on
adding
this.
I
This
type
of
functionality
to
the
platform
is
we
had
a
lot
of
users
asking
us
if
they
could
be
able
if
they
were
able
to
run
a
process
alongside
their
main
application,
but
had
the
flexibility
of
deploying
independently,
but
also
have
the
ability
to
communicate
over
on
the
same
network
namespace
or
share
the
same
file
system?
And
it
has
something
that's
interdependent
with
the
main
web
process
that
they're
the
main
process
that
they're
they're
attaching
to.
I
So
this
demo
that
I'm
gonna
go
to
show
today
is
focuses
on
deploying
a
configuration
server
alongside
your
main
web
process
and
the
script
that
I'm
going
through
is
already
pushed
it
on
the
Cloud
Foundry
blog.
So
if
you
want
to
either
follow
along
or
well
or
see
this
and
run
through
this
afterwards,
all
that
material
will
be
located
there.
Alright.
I
So
let
me
jump
in
here.
So
so
we'll
start
here.
What
we'll
do
is
actually
just
create
an
app
for
this
github
repo
that
I
pulled
in
here.
So
this
is
just
a
what
my
bad.
So
if
you
go
into
here,
everyone
see
this.
Alright,
we
have
a
application
here,
that's
just
a
basic
Ruby
Sinatra
app
that
calls
out
to
a
separate
config
server.
I
So
first
step
here
is
I'm
going
to
go
through
and
create
my
application
using
the
v3,
create
app
CLI
command,
so
just
create
kind
of
the
application
on
Cloud
Foundry
and
then,
as
you
can
see
here,
what
we
this
in
the
current
stage
of
this
applicator
or
of
this
feature
you
are
able
to
push
the
sidecar
via
the
app
manifest.
So
let
me
show
you.
D
I
Manifest
here
that
we're
going
to
use
out,
so
you
can
see
here,
there's
a
subsection
here
called
sidecars
that
allows
you
to
name
your
sidecar,
provide
the
name
for
it
and
allows
you
to
attach
it
to
the
diffic
processes
that
you
want
to
run
the
sidecar
along
and
it
has
a
start
command
for
the
sidecar
itself.
For
this
instance,
we
are
communicating
over
localhost
/
port
8080
from
the
main
web
process
out
to
the
sidecar.
So
we
have
the
that
config
are
the
config
server
port
listed
here,
as
well
as
an
environment
variable.
I
I
On
how
they'd
like
to
see
this
feature
evolve,
but
right
now
we're
looking
at
things
like
independent
resource
management,
making
this
deployable
via
build
pack
potentially
running
this
in
a
separate
container
right
now
it
runs
as
a
a
a
in
the
same
container
as
the
main
process,
and
also
the
we're
also
looking
at
some
other
functionality
as
well
so
cool.
So
in
that
sense,
to
start
it
up,
I
can
show
you
the
sidecar
running.
If
I
ssh
into
the
container.
I
I
I
You
can
see
the
we
have
an
out
now
for
not
only
the
side
car
that's
being
hit,
but
then
the
web
process
itself.
So
we
were
able
to
kind
of
tag
things
independently,
so
you
can
actually
see
what
traffic
is
going
to
the
sidecar
and
what's
going
to
the
main
web
process,
and
then,
additionally,
what
we
have
here
is
we
do
allow
with
the
sidecar
feature
when
the
main
app
with
a
sidecar
app
goes
down.
Diego
Auto
restarts
it,
so
you
are
able
to
keep
the
apps
healthy,
sidecar
and
main
app
self
itself.
I
F
I
H
With
with
what
we
have
currently,
they
have
to
be
a
long
live
long
live
processes,
so
they
they
set
up
like
a
pit
health
check
with
Diego,
and
if
that
pit
ever
goes
down,
then
Diego
will
reschedule
the
container.
But
we
we
have
gotten
some
feedback
around
like
making
a
distinction
between
like
initialization
sidecars
and
these
long
long-lived
ones.
B
I
So
you
can
run
as
many
side
cars
as
as
you
would
like
you
can
attach
them
to
multiple
single
side.
Car
to
the
multiple
processes.
That'll
be
deploys
a
side
car
for
each
of
those
processes.
So
you
kind
of
showed
and
the
app
manifest
for
the
processes
that
you
list
out.
That's
just
a
comma
delimited
list,
so
I
could
add
it
that
multiple
processes
running
I
could
just
put
all
those
processes
that
I
wanted
to
attach
it
to
or
if
I
wanted,
to
deploy
multiple
side.
B
B
But
right
now
it
would
share
whatever
resource,
correct,
yeah
cool
one,
more
question
which
and
I
guess
this
is
more
of
a
to
give
people
ideas.
What
what
you
use
cases
you
guys
have
heard
from
the
different
current
users
that
they
could
not
do
without
this.
This
new
feature,
this
I
Club
feature
yeah.
I
So
like
this
instance
of
like
a
config
server
is
a
pretty
big
one
so
being
able
to
keep
credentials
independent
of
a
main
app
and
then
also
using
kind
of
like
as
a
kind
of
a
proxy
to
intercept
a
request
to
an
app
and
run
some
type
of
processing
around
that
it's
very
similar
to
kind
of
the
Envoy
case
as
well.
But
it's
something
that
people
would
have
a
little
bit
more
configuration
over
via
the
app
experience
and
I.
I
H
B
J
Equation
so
on
a
on
a
memory
management
because
it
is
running
on
the
same
container
and
you're
saying
just
you
know
swap
another
another
process
there,
so
they
now
compete
for
the
same
memory
and
if
Java
build
path,
calculates
memory
for
Java.
That
might
be
a
problem.
Do
you
think
about
the
future?
How
to
change
that.
I
C
I
B
J
Yep
so
Sergei
Naryshkin
from
Comcast
and
we
are
big
company.
We
is
a
lot
of
cloud
foundry
foundations
to
be
some
gross
pain
that
we
came
through
and
we
are
investing
and
in
connecting
in
a
creating
an
environment
where
people
can
deploy
the
application.
Multiple
foundations
and
you
know,
have
more
enterprise
rather
than
rather
than
run
on
a
single
one,
and
we
have
a
couple
of
projects
that
we
wanted
to
present
to
you
guys
they
are
on
a
initial
stage,
and
so
they
are
not
really
mature,
not
ready
for
primetime
production.
J
F
So
the
good
news
is
that
a
lot
of
the
technologies
already
exists.
Obviously,
Cloud
Foundry
is
awesome
and
orts
great
and
there's
this
other
project
called
vaults.
That
also
is
really
great
and
we'd
like
to
build
upon
those
two
technologies,
and
so
briefly
in
case
you're
not
familiar
with
it
fault,
it's
an
open
source
project
and
within
your
within
your
organization,
it
can
act
as
a
central
store
for
all
of
your
secrets.
F
There's
also
a
lot
of
client
libraries
that
already
exist
for
a
vault
in
many
different
languages
and
there's
even
frameworks
like
spring
boot
that
are
aware
of
fault,
so
vault
is
great
and
it
gets
as
close
to
this.
This
goal
of
easy
secret
management,
so
a
Cloud
Foundry
app,
can
use
vault
in
a
couple
different
ways.
One
of
the
ways
is
to
use
the
vault
service
broker,
so
this
already
exists
today,
and
this
can
work
depending
on
your
use
case.
F
But
at
least
here
in
Comcast,
we've
run
into
some
serious
limitations
and
issues
which
would
prevent
us
from
may
be
able
to
use
it
like.
We
would
like
to
the
other
way
that
you
can
use
vaults
from
Cloud.
Foundry
is
just
your:
have
your
Cloud
Foundry
use
one
of
those
client
libraries
and
communicate
directly
with
vaults,
and
this
is
right,
because
you're
not
restricted
by
this
intermediate
proxy
layer.
You
can
you're
communicating
with
all
directly
so
you
can
use
all
of
false
full
features.
F
So
that's
great
what
what
is
the
drawback
or
what's
the
problem,
so
the
the
main
problem
that
we've
run
into
is
when
it
comes
time
for
your
application
to
authenticate
with
vaults,
and
if
you
think
about
it,
when
you
need
to
authenticate
with
vault,
you
need
to
give
vault
the
password
in
order
to
authenticate.
But
the
whole
point
of
authenticating,
with
waltz
and
using
vault,
is
to
get
all
your
passwords,
so
you
can
get
into
this
sort
of
a
chicken
and
egg
same
scenario
right
and
there's
ways
around
that
you
can.
F
F
What
we're
trying
to
solve,
and
it's
like
I
mentioned
before,
there's
other
platform
have
come
up
with
some
nice
relations
to
this
problem.
So
let's
take
a
look
at
the
kubernetes
example,
and
so
what
they
have
is
a
is
a
kubernetes
fault,
authentication
method,
and
this
is
something
that's
built
into
vaults
and
and
at
a
high
level.
The
way
that
it
works
is
that
a
trust
relationship
is
established
between
the
kubernetes
platform
and
vault,
and
this
is
a
this
is
a
one-time
operation.
F
But
once
that
trust
relationship
has
been
established,
then
for
an
application
running
inside
of
that
kubernetes
cluster,
it's
really
easy
to
authenticate
with
vault.
They
an
application,
will
take
a
GWT
token,
let's
give
into
it
automatically
like
kubernetes
and
give
that
DeVault
and
fault.
Since,
since
this
trust
relationship
has
already
been
established,
vault
can
say:
okay,
I
know,
I,
know
that
this
JWT
token
is
valid.
I
know
that
it's
coming
from
this
kubernetes
platform
and
and
I
also
know
I
know
some
things
about
this
application,
and
so
I
can
apply.
F
So
that's
the
kubernetes
example
and
what
we're
proposing
and
what
we'd
like
to
do
and
what
we
started
doing
is
to
replicate
this,
but
in
in
the
Cloud
Foundry
world,
and
so
we're
working
on
is
a
Cloud
Foundry
fault,
authentication,
plugin
and
and
at
our
level
it's
going
to
work
in
a
really
similar
way.
A
trust
relationship
will
be
established
between
Cloud
Foundry
in
vault.
That's
that's
a
one-time
thing
that
needs
to
get
done
and,
and
once
that's
done,
my
laundry
applications
can
then
use
these
certificates
that
that
Cloud
Foundry
provides
it.
F
It
can
use
those
certificates
present
a
JWT
token
to
vaults
and
then
vaults.
Having
established
this
trust
relationship
can
then
Ascenta
kate,
the
application
so
from
from
an
applications
perspective.
This
is
great
right.
This
is
almost
a
keyless
keyless
system.
It
makes
it
easy
and
secure
for
applications
to
to
use
vaults.
F
F
F
Andray
in
a
second
is
going
to
give
a
demo,
but
before
he
does
that
I'll
just
describe
at
more
of
a
lower
level,
what
the
how
this
plug-in
is
going
to
work
this.
This
is
the
dike.
This
is
a
diagram
and
in
the
upper
right
hand,
corner
is
vault
and
vault.
Has
this
really
nice
plug-in
architecture?
And
so
that's
that's
really.
F
What
we're
building
is
we're
building
this
vault
plugin
for
cloud
foundry,
so
the
artifact
or
the
binary
that
gets
built
from
this
repository
will
brought
alongside
vault
and
so
down
at
the
bottom
is
Cloud
Foundry,
there's
really
not
much
described
here,
because
all
we
care
about
is
Cloud
Foundry
use
certificate
authority
and
what
happens?
Is
the
it's
a
one
time
step
that
certificate
authority
is
given
to
the
vault
plugin,
so
that
establishes
the
trust
relationship
and
then,
from
there
Cloud
Foundry
using
its
instance
identity
mechanism?
F
It
drops
these
certificate
pairs
on
each
Cloud,
Foundry
applications
file
system
and
the
interesting
thing
about
these
certificates
is
that
they
they
have
embedded
in
them
the
applications
or
space
and
app
grids.
So
we
can
you
can
we
can
use
that
information
later
on
and
then,
when
they
authenticate
and
from
there
it's
up
to
the
App
Cloud
Foundry
application
to
create
a
JWT
token
using
these
certificate
pairs,
and
once
it's
got
that
token,
that
token
two
vaults,
both
in
delegates
that
request
to
our
plugin
and
then
the
plugin
validates
that
that's
a
correct
valid
token.
F
That
didn't
bet
a
trust.
So
then
it
can
offend
to
get
the
application,
and
then,
on
top
of
that,
it
looks
at
these
certificate
attributes
and
they
can
apply
policies
to
to
that
application.
So
it
can
prevent
it
or
or
grant
it
access
to
certain
secrets
with
involved
and
now
that
I
think
about
it.
This-
the
creation
of
this
JWT
token,
that
might
be
a
good
use
case
for
a
sidebar.
So
to
tie
it
back
to
the
to
the
previous
presentation.
F
G
Thank
Sergei
so
introduce
myself
a
little
bit.
I'm
ray
Harrison
I
am
a
part
of
enterprise
architecture
on
one
of
Comcast's.
Well,
Comcast's
only
data
vertical,
so
we're
focus
in
a
variety
of
spaces.
One
of
them
is
Cloud,
Foundry,
I'm,
actually
pretty
new
to
cloud
boundaries
to
be
honest,
but
that
makes
it
fun
the
the
ecosystem
that
you
know
we
work
in
as
as
users
of
Cloud
Foundry
is,
is
pretty
broad,
so
we
have
Amazon
footprints.
G
So
we
got
a
lot
of
challenges.
The
the
work
that
we're
doing
here
really
is
is
to
to
help
make
it
less
painful
for
us,
and
we
hope
that
this
you
know
is
helpful
to
others,
and
we
really
really
want
feedback
from
folks.
You
know
we're,
you
know,
we
want
the
best
brains
and
folks
on
the
planet
to
come
in
and
and
help
us
out
with
this,
so
we're
out
the
same
location
that
Adam
was
just
pointing
to
out
in
github
in
a
branch
called
POC.
It
is
very,
very
early
days
the
the.
G
Demo
itself
is
literally
seconds,
which
is
great,
because
that's
you
know
that's
how
easy
we
want
it
to
be
right,
and
so
we
want
developers
to
not
have
to
think
too
hard
right.
They've
got
a
lot
of
other
things
on
their
minds
and
on
their
plates,
so
we
want
to
make
sure
that
what
we're
doing
helps
that
right.
As
you
know,
we
we
want
productive
developers
and
we
want
very
fast
turnaround
time
on
new
features
and
things.
G
So
that's
the
goal
here-
and
this
is
a
slightly
different
readme
here,
but
I
did
want
to
walk
through.
You
know,
basically
how
things
get
set
up.
It's
pretty
straightforward,
the
you
know
on
the
bulk
side
of
things
you
have
to
register
the
plugin
with
a
couple
of
steps,
enable
it
and
then
and
then
do
what
Adam
was
talking
about
so
start
on
the
vault
site,
establishing
that
trust
relationship
with
with
a
certificate-
and
you
know
once
you've
done
that
and
once
you've
gotten
a
certificate
authority
certificate
in
place.
G
Well,
then,
it's
pretty
straightforward
to
to
begin
setting
things
up.
You
know
and
the
examples
here
we
have,
you
know,
setting
it
up
for
organizations
and
for
spaces
and
the
you
know
in
this
example,
you
know
we'll
have
the
names
of
the
policies
that
we
want
to
associate
with
the
org
and
spaces,
and
once
you
have
that
we've
also
included
within
this
particular
POC
capability,
a
essentially
a
jot
token
generator.
You
can
do
a
variety
of
things
with
it.
G
You
can
deliver
it
to
a
file,
specific
location
or
you
can
spit
it
out
to
the
command
line
and
standard
out.
So
you
have
some
flexibilities
there.
You
can
put
in
string
delimited
policies
because
the
jot
token
has
a
couple
of
things,
so
it
does
have
a
certificate
that
the
instance
certificate
that
includes
the
organization
and
space
and
app
you
you
IDs
be
also.
It
includes
in
our
particular
example.
G
So
we
can,
you
know,
do
it
directly
from
Cloud
Foundry,
but
nonetheless
it's
pretty
straightforward.
You
you
build
the
you
know
everything's
in
go
and
you
build
out
the
the
module
you
you
know
in
this
case
this
is
local,
so
we've
started
up
a
local
vault
ecosystem.
Do
the
the
registering
like
we
showed
above
we
enable
it
like
we
showed
above
to
do
it
locally.
You
get
the
instance
Keys
directly
from
you
know,
for
example.
G
G
You
know,
equivalents
of
CF
instance
key
and
CF
cert
and
censored
as
well,
once
you
do
that
you
generate
your
jot
token
and,
and
then
you
log
in
and
as
as
I'm
showing
here,
you
get
back
that
the
token
that
applications
like
spring
boot,
for
example,
can
use
and
I'll
do
so.
This
is
literally
I'll.
Do
two
things.
Well,
just
you
know.
Most
of
this
is
pretty
sunny
date,
but.
G
This
this
was
a
jot
just
to
show
you
sort
of
the
failure
path.
First,
this
is
a
jot
token
that
was
created
with
policies
that
aren't
actually
connected
to
the
the
the
AB,
the
Oregon
the
space,
and
so
what
it
would
return.
Just
as
you
know,
an
error
is
that
the
policy
that
you're
trying
to
associate
isn't
found,
but
that's
okay,
we've
got
one
with
the
correct
policies
and
then
it
comes
back
with
the
token
and
again
you
know
in
the
real
world
this
would
be.
G
You
know,
available
from
within
a
spring
bid,
for
example,
that
and
then
both
allows.
You
know,
for
example,
a
REST
API
that
can
do
the
same
call
and
bring
it
back
in
for
going
on
your
merry
way,
and
that
is
the
demo
again,
it's
very
very
early
days.
The
code
is
out
there.
You
know
please
go
out,
take
a
look,
you
know
interact
with
us.
You
know
we're
we're
fully
engaged
ready
to
help
and
we're
we're
we're
ready
for
you
to
help
us
to
you.
So
thank
you
very
much.
J
B
And
any
questions
I
had
one
question,
but
let's
see,
if
what
do
people
have
no
I
think
the
main
question
is:
is
whether
or
not
you
guys
looked
into
the
service,
Booker
I
think
there's
been
a
couple
service,
Booker's
or
vault
or
foundry
and
I?
Don't
think
it
solved
the
same
exact
problem
as
you
guys
are
trying
to
do
with
keyless
entry,
but
I
know
that
stuck
and
Wayne
and
a
few
other
people
have.
You
know,
discussed
this
problem.
J
Yes,
so
service
broker
is
iam
is
the
first
thing
that
we
start
to
look
on
and,
firstly,
we
had
a
move
out
of
that
pass
because
sort
of
broke
interface,
and
has
you
know
by
intent,
unbind
and
calls-
and
this
are
the
only
time
when
we
can
generate
and
pass
credentials
to
the
application
right
and
bind
and
unbind
usually
happening.
When
you
first
deployed
application,
you
bind
it
and
D
unbind
when
you
give
you
the
application,
so
there
is
no.
J
There
is
no
way
in
a
service
broker,
API
to
actually
have
key
rotations
right
and
also
the
the
secrets
are
passed
to
applications
through
environment
variables
and
again,
environment
variables
are
static.
They
cannot
be
modified,
they
can
be
rotated.
So
once
process
is
started,
the
process
read
that
environment
variables.
There
is
no
way
to
update
in
the
flight.
J
So
this
this
are,
the
security
rotation
is,
is
one
limitation
and
how
cities
are
passed,
and
so
at
the
end,
somebody
can
can
take
that
that
secrets
and
to
use
it
outside
of
class
founded
and
that's
what
we
don't
want
to
have,
and
the
second
is,
is
how
to
manage
policies.
We
want
to
not
just
to
have
small
sandbox
for
each
application
for
recipients.
J
We
just
need
ability
to
wire
to
to
cause
found
a
property,
and
we
just
took
an
example
from
kubernetes,
because
that's
wiring
to
kubernetes
already
exists,
and
it
is
awesome,
so
we
wanted
to
reproduce,
replicate
the
very
same
developers.
Experience
on
cloud,
foundry
and
service.
Broccoli
is
not
exactly
the
same
developer
experience.
That's
why
we
took
a
different
path.
Sure.
J
This
is,
this
is
a
good
point
and
what
we
actually
trying
to
do
is
to
communicate
also
visit
service
brokers,
I
team
and
see
what
kind
of
new
features
is
good
to
have
in
a
service
broker.
Still
environment
variables
are
static
and,
as
example,
is
to
help
that
secrets,
not
environment,
environment
keys,
but
enough
files
that
might
be
progress
and
when
that
files
can
be
updated
and
rotated
so
that
differently,
room
for
improvement
and
I'm,
not
saying
that
service
broker
is
not
not
the
right
thing.
C
C
J
B
J
So
so,
let's,
let's
do
the
next
up
might
be
on
max
cardmaking,
and
the
next
project
was.
He
is
about
DNS
management,
specifically
how
to
manage
DNS
across
multiple
foundations,
because
Cloud
Foundry
has
ability
you
can
use
wildcard
in
essence,
wildcard
as
a
certificate
points
to
a
single
foundation.
It
works
great,
but
when
organization
is
growing
and
there
are
four
Cloud
Foundry
sites,
we
want
somehow
more
active
management
to
crandall
application
to
make
them
more
portable
and
second,
second,
project
that
we
wanted
to
introduce.
J
B
Thank
You
Sergey
we're
out
of
time
so
we're
looking
forward
to
that
next
talk
and
then
we'll
try
to
manage
the
time
this
time
and
then,
of
course,
if
you
anybody
else,
have
a
talk,
pick
me
and
then
let's
see,
if
we
can
schedule
it,
there's
already
a
couple
more
talks
coming,
but
we'll
figure
it
out
paternity
Sergei
and
cm.
Thank
you
for
that
and
Scott
and
Jim.
So
thank
you
well
to
you
guys.
Next
time,
Cheers
bye,
everybody,
you
you
you
you.