►
From YouTube: CNCF SIG App Delivery 2020-02-25
Description
CNCF SIG App Delivery 2020-02-25
https://docs.google.com/document/d/1CxYsMRmhcx-Cd1IhdcooAsLFX6hYqpu2gZM6x9aMTao
A
A
A
C
D
B
A
E
A
We'll
be
the
goal
here
today
is
to
let's
create
a
work
group
for
air-gapped
workloads
and
I
only
have
a
couple
things
to
say:
one
is
I'm,
not
gonna.
Leave
this
we're
going
to
find
someone
else
delete
this
and
that's
actually
that's
like
one
of
the
biggest
things
like
you
know.
Okay,
you
have
a
lot
of
other
things
going
on
right
now,
but
I
am
super
interested
in
making
sure
this
gets
going.
So
we
want
to
find
out.
We
need
to
find
someone
to
lead
this
effort
and
then
too,
we
need
to
figure
out
alright.
A
You
know
people
are
interested
in
air-gapped,
but
we
need
to
figure
out
what
we're
going
to
do.
This
is
a
workgroup,
so
hopefully
there
will
be
work
coming
out
of
this,
so
we
need
to
figure
out
what
that
work
will
be
and
we
need
to
track
it
and
then
make
sure
that
it
gets
reported
back
so
everyone
and
bask
in
the
goodness
that
will
come
out
of
this.
So.
A
D
E
You
know
I
think
it's
what
really
depends
on
the
people.
Here's
Legree.
We
see
ourselves
immersed
as
facilitators
to
enable
this
and
to
communicate
it
with
you
see
so
that
it's
a
work
group
and
actually
people
working
on
air-gapped
environments
and
have
already
good
understanding
of
what
is
needed
and
what
should
be
done
would
be
good
candidates.
F
Yeah
as
someone
whose
organization
is
just
starting
to
head
into
this,
this,
this
quarter
next
quarter
and
a
year
to
come,
I
definitely
need
to
hear
from
others
with
experience
in
this
area,
especially
if
you're
out
in
the
context
of
CN,
CF,
tooling,
and
everything
in
between
so
definitely
looking
for
somebody
with
with
some
prior
knowledge
to
lead.
This.
A
Alright
in
and
here's
the
best
part
as
with
I
mean
this
comes
with
a
little
bit
of
time,
and
it
doesn't
have
any
one
person
what
I'm
looking
for
is
maybe
one
or
two
possibly
three
people
to
help
leave
this
up.
I
know
put
everyone
on
the
spot.
Everyone
wants
to
come
and
and
get
all
the
goodness
I
mean.
If
not
you
know,
then
either
Alice,
I
or
I
will
have
to
at
least
take
it
from
now,
and
then
we
will
work
on
getting
someone
else,
but
I
don't
want
that.
A
I
don't
want
that
to
stop
us
from
one
of
the
actually
one
of
the
bigger
things
is
on
the
mailing
list.
A
little
bit
ago,
Alice
actually
talked
about
doing
this
whole
workgroup,
and
we
got
a
lot
of
good
feedback
and
people
who
want
to
be
interested
or
who
wants
to
be
involved.
Maybe
we
should
go
around,
and
while
we
do
this,
I
will
get
some
notes
started.
A
What
what
are
we
looking
for
here,
because
I,
because
I
think
that
I
mean
what
I
think
of
as
air
gaps
and
just
in
my
situation
is
I
have
a
kubernetes
cluster
that
is
not
connected
to
anything,
and
you
know
that's
very
big,
because
I'm
thinking
of
in
a
very
vague
way,
what
do
I
expect
to
work?
Why
do
I
expect
not
to
work
and
what
could
be
approved.
E
Yeah
just
that
because
have
like
that
long
moment
of
silence,
it
was
also
the
outcome
of
cube
con
where
we
had
this
discussion.
That
was
exactly
also
the
idea
for
a
working
group
is
to
work
on,
and
that
was
the
big
question.
Okay,
I
like
like
this
nice
internet-connected,
contains
vitamins,
but
what,
if
I,
have
to
ship
a
kubernetes
and
also
my
applications
and
I'm
not
connected
to
the
Internet
I'm
not
connected
to
a
public
registry?
I
really
have
to
run
everything
on
this.
E
A
A
E
G
So
I
guess
I
can
chime
in
so
we've
been
running
air
gaps
for
quite
a
while
now
and
one
of
the
biggest
issues
we
run
into
and
one
of
the
things
I
would
love
to
find
this
good
tuning
for
determining
even
the
artifacts
I
need
to
have
provide,
especially
with
the
explosion
of
operators.
It's
getting
more
and
more
difficult
to
determine
the
artifacts,
the
docker
images
that
we
need
to
actually
serve
up.
So
it's
a
lot
of
testing
in
an
online
mode
to
figure
out.
G
H
A
B
Second,
here
I'm
gonna
nevermind
go
ahead,
so
hey
everybody,
I'm
Chris
short
I
work
at
Red
Hat.
We
do
a
lot
of
disconnected
and
air-gapped
installs
for,
like
US
government
type
folks
like
on-premises,
so
they
have
and
like
just
talking
to
these
customers
like
I,
feel
their
pain.
I
was
in
the
intelligence,
community
and
communications
community
for
the
Air
Force
in
a
previous
life.
B
So
I
completely
understand
what
they're
going
through
and
trying
to
have
these
completely
disjointed
and
disconnected
environments,
but
also
like
you,
have
these
disconnect
environments
where
there
might
not
be
but
like
one
Internet
terminal
for
like
the
entire
facility
so
like
getting
that
piece
figured
out
in
is
like
encapsulated
possible.
I
think
is
good
here,
I
know
at
Red
Hat.
We
have
a
lot
of
documentation
on
this
and
like
working
with
like
Jeremy.
A
A
I
Can
go
next,
this
association,
so
we
operate
on
a
heavily
regulated
environment
where
we
have
kubernetes
clusters
running
in,
but,
as
some
of
the
previous
people
mentioned,
like
everything
is
proxy
through,
like
upstream
proxies
for
us
to
do
installations,
which
makes
it
extremely
difficult
for
us
to
package
and
ship
an
application.
The
case,
if
you
have
a
dependency
which
is
not
available
through
an
existing
proxy,
probably
takes
weeks
for
us
to
wire
up
all
those
informations
proxies
firewalls
and
all
those
things
in
order
to
get
it
deployed.
I
The
second
part
of
the
trouble
that
we
have
is
when
we
ship
some
of
those
things.
We
know
that
you
know
we
tested
it
on
our
side
and
we
validated
it,
but
from
an
end
he
use
a
standpoint.
They
may
be
looking
for
some
attestation
or
some
sort
of
invalidation
on
those
particular
images.
So
how
do
we
validate
something
that
I
checked
in
my
environment
on
that
specific
deployment
side
and
then
confirm
that
you
know
this
is
same
as
what
is
she
shipped?
I
H
Yeah
so
I'll
go
back,
I
think
I
mentioned
that
we're
doing
things
we
were
in
clusters,
in
the
commercial
environment
and
in
the
profit
that
kind
of
more
restrictive
environment.
We
definitely
have
that
attestation
need.
We
have
to
verify
it
like
this
things
were
shipping
across
this
gap
are
what
we
tested
and
ran
in
the
commercial
environment,
and
we
also
have
to
have
like
a
receipt.
So
it's
got
transaction
lists
for
all
the
for
everything
we've
put
through
this
kind
of
gateway
or
diode
thing.
H
We
have
to
have
a
list
of
the
transaction
IDs
associated
to
each
one
of
those
things,
and
one
of
the
problems
we've
run
into
is
that
we've
we
either
missed
those
transaction
IDs
or
somebody
has
pushed
twice,
because
there
is
some
automation
that
kind
of
drives
Newton's
process,
but
it's
kind
of
broken
and
then
getting
on
the
other
side.
We've
missed
a
certain
or
like
we
don't
have
a
good
right.
Now
we
don't
have
a
good
story
for
like,
what's
the
manifest
for
everything
that
makes
up
this
application.
H
What's
the
contents
of
you
know
running
service
acts,
it
may
have
four
or
five
containers.
How
do
we
make
sure
we
get
all
of
those
things
across
at
the
same
time,
we're
going
through
this
like
FedRAMP
I
on
it
right
now,
and
part
of
that
has
been
fixing
up
images
and
making
sure
that
we
don't
have
vulnerabilities
and
certain
things
and
we
missed
certain
versions
of
containers
are
ran
in
an
application.
So
we
went
through
this
fire
drill
this
weekend,
like
oh
crap,
we
have
vulnerability
still
what
happened
and
turns
out.
E
E
A
E
Difference
for
the
different
use
cases
I
think
it
would
be
good
to
start
Agra
for
the
air
gapped
environment
that
everybody
uses.
What
does
your
environment
actually
look
like
and
we
have
specific
use
cases?
Obviously
we
have
to
deploy
kubernetes
there,
somehow,
which
is
ideally
something
we
can
more
easily
handle,
then
how
we,
the
ship
in
there
are
an
application
which
problems
that
we
run
in
here.
I.
Think.
If
you
have
to
full
list
there,
then
we
can
Morris
as
it's
a
working
group
like
really
work
from
top
to
bottom.
E
D
H
H
H
J
And
it
feels
like
there's
a
couple
of
different
ways
to
tackle
this
as
well
in
terms
of
like
part
of
the
concern,
at
least
my
part
of
the
concern
is
really
the
common
ideas,
installation
part
being
totally
air-gapped
right
and
then
there's
also
all
right.
Here's
the
stuff
that
user
X
is
running
on
top.
That
has
to
also
be
you
know,
coming
from
internal
registries
or
whatever
right,
and
so
at
least
for
me,
I'm
far
more
concerned
with
the
installation.
Part
taluses.
J
B
F
Exactly
our
princes
are
our
concerns,
aren't
necessarily
around
the
bootstrapping
of
the
environment
like
where
we're
in
a
where
we're
working
on
a
lower
level
of
FedRAMP
right
now,
so
like
an
initial
bootstrapping
of
the
kubernetes
cluster
and
some
of
the
infrastructure
or
like
image,
registries,
etc.
Isn't
is
it
in
scope,
but
the
day
to
day
operationalizing
of
deploying
to
that
target
is
more
in
scope
for
us
right
now.
So.
C
Not
sure
is
images
are
everywhere
and
a
lot
of
times
the
manifests
are
pulling
from
a
specific,
publicly
available
registry.
Now,
there's
tools
out
there,
helm
customized
things
like
that.
That's
all,
but
but
it'd
be
great.
If
this
came
packaged
and
with
the
delivery
mechanism
of
said
application,
you
know
here's
how
you
deploy
using
it
from
a
different
image.
B
John
Roach
and
chat
I,
don't
think
he's
on
voice.
He
mentioned
that
it
might
be
easier
to
start
at
for
this
group
like
how
to
install
Kate's
in
a
disconnected
environment.
Alright,
like
just
get
it
up
and
running
what
what
level
of
disconnectedness
and
like
that
would
be.
The
output
initially
of
us
like
doing
this
work,
and
then
we
could
iterate.
On
top
of
that,.
A
E
F
E
A
So
I
think
that
is
a
I
mean
I'm,
just
trying
to
I'm
trying
to
little
down
to
something
where
hey.
This
is
what
we
can.
We
can
actually
rally
or
rally
around
and
still
looking
for,
I
will
ping
again,
but
still
looking
for
someone
else
to
run
this
meeting
and
and
then
decide,
you
know
how
often
what
you
want
to
meet.
Is
it
we're
meeting
today
on
this
Tuesday
and
I
just
picked
it
because
it
worked
for
me
to
tell
you
all
the
truth.
It's
just
this
time
work
for
me,
but
going
forward.
D
A
And
then
start
figuring
out
how
how
the
coordination
is
going
to
work?
Is
it
gonna
happen?
Are
you
is
happening
in
a
repo
or
is
it
a
dock?
Is
it
a
Google,
Doc
they're,
just
it's
starting
with
I.
Think
that's
the
lowest
amount
of
friction
for
me.
I
would
just
say:
ask
my
Google,
Doc
and
and
start
typing
in
there
and
then
and
then
the
group,
whoever
it
is,
can
can
start
working
on
that
yeah.
So
I'm,
just
a
branch
Jeremy.
A
A
E
We'll
just
do
one
more
thing
we
could
trigger
Brian.
We
should
we
know
we
have
actually
because
we
talked
a
lot
about
FedRAMP.
We
have
a
lot
of
end
users
in
the
end
user
community
in
the
CN
CF
from
government
organizations
mm-hmm,
and
they
might
just
not
know
that
we're
working
about
this
right
now
so
right.
D
E
Might
be
used,
Air,
Force
and
a
couple
of
others
who
are
actively
I
can
reach
out
to
Nicholas.
I'll
show
you,
and
if
you
want,
oh,
you
might
know
them
as
well.
So
it's
just
nobody's
exists.
This
was
one
group,
the
other
one,
that
initially
started
as
customers
dead,
the
telco
working
group
simply
because
they
deployed
two
telco
hardware.
We
can
just
paint
these
two.
So
if
you
already
know
people
do
it,
but
if
it
was
a
rocketed
by
Amy,
I
cannot
connect
this
to
the
right
people.
This
actually
exists.
H
Good
idea
have
Amy
connect
us
to
as
many
people
in
the
end
user
community
that
might
have
good
input
for
this
I
think
there's
probably
a
lot
of
people
that
are
doing
this
stuff,
that
don't
necessarily
participate
in
meetings
like
this
all
the
time
or
watch
mailing
lists,
and
it
would
be
good
to
kind
of
reach
out
and
proactively
try
to
get
them
involved.
Oh
yeah.
A
All
right,
let's
see
here
so
I,
guess
between
Ryan
and
and
Jeremy.
Now
this
is
your
show.
It's
no
longer,
you
know,
I
can
not
say
anything
else
for
the
rest
of
this
call,
as
you
all
can
see,
I'm
a
professional
delegator.
This
is
my
job
to
delegate
and
and
in
the
CN
CF
and
at
VMware
it
is
all
I
do
so
what
we'll
do
and
actually
I
don't
know
if,
unless
you
all
want
to
talk
more
today,
I'll
be
here
from
the
entire
time,
but
this
is
really.
This
is
Jeremy
and
and
Ryan.
H
Awesome
so
I
I
think
I,
like
the
approach
is
starting
with
how
we
deploy
kubernetes
in
an
air-gap
environment.
We
should
just
start
a
Google
Doc
and
we
can
start
kind
of
capturing
ideas
in
there
and
then,
once
we
have
some
content,
we
can
add
some
structure
to
it
and
refactor
it
a
little
bit.
Is
everybody
in
the
cig,
app
delivery
channel
on
slack?
Is
that
the
best
place
to
communicate
a
see,
Chris
just
joined.
H
D
E
A
F
Is
anybody
just
maybe
this
is
a
little
early
for
this,
but
does
anybody
discussed
LC
NAB
might
fit
into
this
picture,
or
is
it
I
mean
that's
pretty
big
subject,
obviously,
but
we're
thinking
very
we're,
leaning,
very
heavily
into
in
de'cine,
have
been
thinking
in
that
direction,
and
one
of
the
things
we're
trying
to
keep
in
mind
is
it.
We
might
be
able
to
use
lean
on
the
spec
to
help
us
realize
like
what
one
manifest
were.
Artifact
might
look
like
to
be
to
be
shipped
in
an
air-gapped
manner.
F
H
I
both
work
on
Sina
and
we
were
the
authors
of
a
tool
called
Porter
that
does
seem
enough
stuff,
I
think.
Definitely
it
has
a
place
in
as
a
solution.
The
people
can
take
a
look
at
whether
it's
appropriate
for
every
situation
or
not
I
think
has
some
debate
still
I
think
we
learn
some
things
regarding
air
gaps
from
working
on
Sina,
the
we
get
into
like
the
security
and
attestation
piece
of
that
I
think
there's
a
we.
B
There's
gonna
be
a
lot
of
tools
in
this
space.
Oh
I
think
it's
like
Sina.
It
might
be
a
great
solution.
Don't
get
me
wrong
right,
like
but
I
think
it'd
be
more
important
to
focus
on
not
necessarily
high-level
but
like
more
process
and
more
expectations
and
not
necessarily
like
tools,
if
that
makes
sense.
A
A
You
had
a
set
of
manifest
and
you
want
to
just
take
those
manifests
figure
out
what
images
were
involved
package
that
thing
up
in
the
tarball
ship
it
over
USB
cd/dvd
does
not
matter,
and
then,
when
I
new
expanded
on
the
other
side,
you
could
automatically
get
the
you
could
automatically
rewrite
your
yamo
even
before
it
was
hit
into
the
cluster
and
it
would.
It
would
fix
all
the
images
and
I'm
calling
this
thing.
Chief
and
I
could
talk
about
it
because
it's
almost
done
think
of
the
source
at
VMware.
A
I'm
I,
don't
understand
the
problem
so
I
when
I,
don't
understand
problems,
I,
write
code
and
I
will
be
sharing
it
with
this
group,
and
it
was
just
to
solve
that
problem.
I
have
I
have
manifest
and
they
were,
and
they
talked
to
images
and
I-
want
to
move
them
somewhere
else,
but
that
led
into
like
a
thousand
other
problems
where
you
realize,
where
99%
of
everything
is
in
a
pod,
spec
template,
you
can
find
images,
but
people
use
things
like
for
arguments.
A
They
actually
just
hard
code,
the
image
right
in
the
argument,
and
now
you
get
to
the
place
where,
if
we
had
a
great
convention
for
specifying
images
and
a
config
map,
then
any
toolkit,
yes,
so
I'm
in
actually
and
funny
enough
on
our
vmware
slack.
I
threw
that
bomb
to
our
kid
a
double-team
this
this
morning
and
it's
now.
It's
spawned
off
this
huge
amount
of
meetings
and,
yes,
goodness
was
happened
there.
But
I
would
like
to
talk
about
this
because
we
can't
be
the
only
people
that
are
having
this
problem.
A
Everyone
that's
gonna,
run
into
this,
and-
and
I
would
like
to
see
other
solutions
minds
of
POC
I,
just
wrote
it
in
a
weekend
to
say
hey
this
to
happen,
but
I
would
like
to
see
not
only
tools
in
this
but
exploration
of
conventions
too,
because
there's
things
that
we
can
do
and
then
ultimately
I
mean.
Ultimately,
we
wish
that
kubernetes
could
support
this
like
kubernetes,
actually
kubernetes
supported
image.
A
Relocation
out
of
the
box
would
even
be
having
conversations
right,
but
what
would
we
actually
say
and
how
could
we
actually
spearhead
that
or
tell
our
work
with
someone
to
spearhead
that
effort?
It
would
take
two
years.
I
swear
it'll
take
two
years
to
get
it
done,
but
let's
see
we
could
get
that
done
too
and
that
that's
a
that's
a
weird
place
for
this
group,
because
we're
seeing
CF
and
not
super
Nettie's,
but
at
least
we
can.
F
G
So
one
of
the
main
issues
we
ran
into
with
the
the
image
thing
that
you
were
discussing,
Brian
and
I-
don't
know
I,
guess
the
full
implementation.
But
you
know
when
you
do
that.
Sometimes
you
lose
some
of
the
signing
and
you
can't
validate
that
it.
You
know,
came
from
upstream
and
so
what
we've
actually
done,
which
we
found
quite
a
little
lot
of
success
with
we
switch
to
the
container
of
ECRI
and
they
allow
much
better
proxying
to
upstream.
G
So
we
just
proxy
every
single
possible
upstream
URL
into
our
own,
and
then
we
validate
the
keys.
So
it's
kind
of
it's
not
great
from
a
signing
perspective,
but
it's
allowed
us
to
not
have
to
worry
about
reimaging
in
taking
images
to
meet
our
internal
registries
as
far
better
than
talkers
approach.
So
that's
cool.
Actually.
E
I
think
it'll
have
a
list
like
of
everything
that
people
already
worked
on
and
did
like
I
say
silly.
Well
is
a
collection
of
things
we
should
eventually
be
discussing
I
think
we
have
a
lot
of
I.
Think
if
you
go
order
that
recording
again
we'll
find
a
lot
of
things
that
we
eventually
want
to
discuss.
It's
good.
We
have
a
point
to
start
somewhere,
but
because
also
shows
it
like
significant
work
eventually.
E
A
A
And
keep
in
mind
I
scheduled
us
for
50
minutes,
because
I
was
not
sure
we
were
going
to
talk
about.
So
you
don't
don't
feel
that
you
have
to
bandit
50
minutes
but
Jeremy
and
Brian.
If
you
need
some
help
getting
things
going,
Alice
and
Harry
and
myself
are
here
to
help
you
and
you
can
definitely
lean
on
us
for
whatever
else
you
need
to
in
and
then
we're
still
trying
to
figure
out
how
how
we
work
with
TLC
too
so
we'll
be
learning
for
everybody
and.
E
You
also
have,
if
you
have
questions
and
we
want
to
bring
them
up.
There
is
a
a
meeting
that
Brian,
Harry
and
I
have
like
on
Mondays,
where
we
discuss
moralistic
organizational
chair
each
type
of
stuff,
and
usually
we
don't
have
that
much
to
discuss
right
now,
because
most
of
our
work
is
actually
going
into
the
working
groups.
So
if
you
need
some
discussions
around
bootstrapping
for
petition
organizational
point,
I
think
we
can
also
invite
you
to
these
meetings
as
well.
Okay,.