►
From YouTube: CNCF CNF WG Meeting - 2022-03-28
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
C
C
A
E
Me
right
good
morning:
everybody
welcome
to
the
meeting
and
to
start
the
beginning
of
the
agenda.
Then
this
is
theoretically,
although
in
practice,
probably
not
quite
the
last
of
our
current
reign
of
co-chairs
meetings,
because
we're
due
to
our
term
expires
on
the
31st
of
march.
E
So
anyone
who
wishes
to
stand
for
any
of
three
co-chairs
should
go,
find
the
mailing
list
link
which
is
cncnf
wg
at
lists.cncf.io
and
stick
their
name
in
the
ring
for
one
of
the
three
co-chairs
and
if
you
recall-
and
I
get
this
wrong,
somebody
will
put
me
right.
One
of
them
is
the
is
for
representing
cnf
developers.
One
of
them
is
for
representing
cnf
users.
E
One
of
them
is
for
representing
the
platform
part
of
the
equation.
So
if
you
want
to
stick
your
name
in
then
please
send
a
an
email
to
the
email
list
to
make
sure
everybody
knows
that
you're
up
for
it,
and
then
we
can
get
the
election
started
shortly.
E
It
might
be
a
little
overdue
because
I
think
we
haven't
got
any
nominations
at
this
point,
but
sometime
soon
I
will
send
a
mail
out
to
the
mailing
list
to
make
sure
everybody's
aware
that
that's
coming
round
any
questions.
C
E
Use
it
no
there's
a
two
or
three
of
those
I
seem
to
recall
the
one
he
had
was
giving
us
50
german
emails,
but
that
was
probably
because
of
the
language
that
he
had
set,
but
I'm
sure
we
can
find
one
of
those
go
and
recheck
which
one
he
used
or
find
excuse
me
find
another
one,
but
we'll
make
the
arrangements.
E
E
Okay,
I
see
we
have
a
list
of
upcoming
events.
I
will,
I
think,
avoid
going
through
the
list
as
usual.
What
I
would
say
is
you
know
that
there's
a
handful
of
ones
there
with
cfps
open
the
eu
open
source
summit
kubecon
north
america-
I
imagine
the
full
on
es-
is
going
to
have
cfps
before
much
longer.
E
Don't
forget
to
a
put
your
name
in
if
you've
got
anything,
you
want
to
talk
about
and
b
advertise
it
around
here
so
that
we
all
know
it's
coming
and
we
can
put
our
support
in
in
any
way
that
we
can
help
you,
but
other
than
that.
Does
anyone
know
of
any
significant
talks
at
any
of
the
earlier
forums
are
coming
up.
E
Okay,
then
keep
an
eye
out
for
the
open
networking
edge
executive
forum,
which
is
due
first
in
just
a
couple
of
weeks
and
we'll
see
if
we
can
find
from
the
agenda,
if
there's
anything
worth
recommending
and
then
we're
on
to
pull
requests
which
will
involve
opening
the
pull
request.
Page,
let's
see
what
we
can
find
three
open.
I
know
I've
got
the
best
practice,
compliance
recording
one
to
do
myself.
E
I
promised
you
I'd
do
that
weeks
ago,
and
I
haven't
done
it
so
we'll
set
that
one
aside,
because
it
needs
a
bit
of
a
rewrite
based
on
the
comments
that
it
already
has.
Let's.
A
Hold
off
on
that
one
ian
in
case
ben
shows
up.
I
did
make
some
updates
to
that
one.
If
we
want
to
criticize
my
attempts
at
coming
up
with
definitions
for
things.
Okay,
that's
the
best
practices.
A
A
So
I
did
an
initial
review.
I
I
need
to
go
through
like
really
with
like
a
fine
tooth
comb.
Like
I
mean
I
just
kind
of
like
read
it
like
start
to
finish
without
kind
of
combing
it
line
by
line,
but
I
mean
this
is
going
to
be
one
of
those
things
like
when
we
talk
about
like
security
like
what
is
too
general
to
where
maybe
it
should
just
be
in
a
security
working
group
versus
you
know.
A
If
it's
good
information,
do
we
just
put
it
in
here,
because
cnf
users
and
developers
might
care
about
it.
Like
I
mean
it's,
it's
a
great
series
of
like
best
practices
for
just
you
know,
kubernetes
hardening.
In
my
opinion,
I
do
think
if
we're
gonna
keep
it
here,
we
should
add
some
stuff
around
like
network
security,
and
it
doesn't
necessarily
need
to
be
like
firewalls
and
stuff,
but
I
mean
there's
like
things
to
tweak
ipvs.
A
You
know
what
iptables
does
etc,
that
we
could
potentially
add
into
this,
and
then
we
either
say
that
we're
cool
with
having
things
you
know
just
generic
or
we
kind
of
like
wordsmith
it
a
little
bit
to
talk
about
like
how
the
best
practices
are
relevant
to
either
a
provider,
a
cnf
operator
or
a
cnf
developer
thoughts.
E
Yep
I
mean
I
don't
want
to
get
too
wrapped
up
in
this,
so
that
it's
never
going
to
get
committed
because
it
has
to
be
perfect
before
we
do
it.
So
if
we
can
get
it
to
a
state
where
it's
ready
to
go
in,
we
should
put
it
in
and
then
fix
it
in
place.
But
yes,
absolutely,
I
don't
think
anything
you're
talking
about.
There
is
particularly
asking
too
much.
A
Also
agreed,
like
I
mean
it's
probably
mergeable
like
almost
as
is
right
now,
it's
just
like.
I
said
I'm
with
the
knowledge
that
we
should
open
up
an
issue
and
like
a
network
security
section
is
definitely
needed,
and
then
just
you
know
it
needs
to
be
relevant
to
the
space.
So
I
mean
just
you
know,
specifically
talking
about
bits
and
pieces
on
how,
because
I
mean
best
practice,
you
know,
in
my
opinion,
should
also
be
a
little
bit
more
than
just
a
list
of
you
know.
A
B
There
are
just
few
bleeding
issues
in
this
vr.
I
mean
it's
just
minor
cosmetic
things.
So
basically
the
ci
is
complaining
about
trading
spaces,
some
punctuation
issues,
so
I
don't
know.
Maybe
we
can
immerse
this
as
it
is,
and
maybe
chicks
later.
E
E
Looks
good,
okay,
yeah!
I
see
I've
got
one
unanswered
comment
here
from
last
week,
so
I
should
go
deal
with
that.
I
this
could
do
with
a
reword,
but
it
is
literally
a
reword.
It's
just
that
it's
got
two
sections
talking
about
the
same
thing,
this
one
I
need
to
go
and
revisit.
I
believe
the
point
I
was
making
is
that
there's
a
lot
of
yeah
the
the
wording.
E
There
was
just
a
little
complex,
but
I
don't
think
it
necessarily
has
to
be
fixed
actually,
so
it
just
struck
me
that
we
kind
of
lost
the
lost
the
message
in
the
wording
in
a
sense
so
I'll
see
if
I
can
propose
a
change
other
than
that
I
see.
Pancaj
has
made
a
comment
at
the
bottom,
which
is.
E
And
he
doesn't
seem
to
ch
there
we
are,
he
has
changed
it
to
and.
E
E
A
E
Yeah,
I
mean
no
issue
with
that.
All
right,
fine,
so
we've
got
one
change
to
the
spelling
list.
My
comment
here
wants
a
response
and
I'll
go
and
reread
it
after
this
meeting
oops,
not
that
one
didn't
mean
to
do
that.
Don't
do
that.
A
A
A
Yeah,
this
one's
old,
so
there's
like
trying
to
like
navigate
through
all
the
things,
so
I
added
a
glossary
section
which
is
not
showing
up
on
this
change
log
right
here.
A
I
think
some
of
it
was.
He
was
maybe
just
missing
a
tiny
bit
of
context.
So
I
didn't
really
fundamentally
change
some
stuff
because
I
feel
like
most
people
will
understand
yeah
so
that
one
right
there
I
addressed
the
one
that's
at
the
top
there
and
added
those
three
terms.
Let's
see
victor
was
also
asking
for
air
gap
to
be
defined.
So
I
added
that.
E
E
You're
certainly
breaking
assumptions
I
think,
throwing
cloud
native
in
there
is
not
helping
and
you're
breaking
one
specific
assumption.
The
specific
assumption
here
is
that
that
you're
connected
to
the
internet,
isn't
it.
A
Well,
I
mean
yes
and
no,
I
think,
that's
an
implied
piece
like
the
main
assumption
is
this
notion
of
on
demand
right
like
and,
and
maybe
it's
not
necessarily
cloud
native.
It's
just
quote
unquote
cloud.
This
notion
that,
like
I
have
resources
on
demand
right
like
if
I
want
an
image,
I
get
it.
I
want
an
ec2
instance.
I
get
it.
I
want
a
container,
I
get
it
and
the
air
gapped
environment
breaks
one
of
those
implicit.
I
get
it
when
I
want
it
type
of
scenarios,
so
I
mean.
A
A
Was
saying,
is
it
that
the
cloud
has
the
assumption
that
it
has
connectivity?
I
mean
if,
if
I
create
a
tenant
network
with
no
routable
ip
address
on
the
you
know
the
floating
side,
then
I
mean
it
doesn't
necessarily.
Have
I
don't
know?
That's
let's
I
don't
know
we'll
leave
this
one
as
an
open
topic.
I
agree
that
it
needs
to.
A
I
think
this
is
closer
yeah,
that's
better
cloud
software
like
because
that's
really
what
it
boils
down
to
right
and
typically
when
we
say
cloud
software,
we're
really
talking
about
containers
and
then
there's
this
notion.
You
know
that,
like
docker
hub
that
red
hat's
repositories
that
vmware's
repositories
that
amazon's
repositories
are
always
just
one,
you
know
pull
command
away
from.
I
get
this
container
image
when
I
want
it
or
all
the
like,
nested
curl
commands
hidden
in
every
single
installer.
A
Some
of
this
is
covered
in
the
definitions
that
I
added,
which
are
not
perfect,
but
it
addresses
some
of
these
things.
A
A
Yes
and
no
I
mean
because
the
whole
concept
of
you
know
it
being
a
virtual
private,
private
being
the
key
word
is
you're
now
just
extending
where
this
potentially
isolated
environment
goes.
But
on
the
flip
side,
though,
by
doing
that,
I
100
agree
and,
like
I
said
actually
yeah
it's
the
next
section
down
is
where
I
added
the
glossary,
like
I'm
trying
to
like
capture
that
exact
point
somewhat.
I
don't
think
I've.
A
I've
got
it
there
yet,
but
there's
going
to
be
trade-offs,
so
I
agree
like
in
an
ideal
world,
if
you
were,
you
know,
secure
like
you're
one
of
these
super
secret
three-letter
agency
clouds,
that's
being
built
in
aurora
colorado
right
now,
they're
not
gonna,
allow
any
of
that
right
right
and
they
have
found
ways
to
still
build
and
run
clouds
fully
isolated.
So
it's
doable
it
just
it
takes
work.
And
so
then
you
have
to
decide
for
your
individual
air
gap
environment.
A
A
E
If
it's
physically
isolated,
it
doesn't
disallow
network
connectivity,
there
is
no
network
to
connect
to
so.
The
the
point
is
that
as
you've
written
this,
there
is
the
actual
meaning
of
an
air
gap
environment.
There
is
an
air
gap
between
this
environment
and
others,
and
then
there
is
the
logical
meaning
of
an
air-gapped
environment
which
is
it's
defended
from
others,
and
then
there's
the
fact
that
you're
talking
about
vpns,
which
cannot
be
truly
in
an
air
gap
environment.
E
So
my
my
point
is
you're
describing
a
spectrum
using
the
words
that
describe
one
end
of
the
spectrum.
I
I
don't
have
much
to
offer
on
that
other
than
to
say
you
know
in
a
second
paragraph
or
a
second
line
that
actually
you
know,
we
accept
that
air
gap
environments
may
be
unacceptable
or
unusable,
and
something
slightly
short
of
an
air
gap.
Environment
in
that
direction
is
what
you're
actually
looking
for.
A
Yeah
I
mean
I
don't
know,
maybe
we
go
to
like
a
larger
glock
like
I
was
not
sure
how
verbose
to
make
this,
because
to
your
point
like
that,
first
sentence
is
intentionally
broad
and,
like
you
said,
the
spectrum
being
full
like.
I
have
a
local
network
that
literally
connects
to
nothing
else
like
there
is
literally
pure
physical
isolation.
A
It's
complete
intranet
right
versus,
like
you
were
saying.
I
now
have
connectivity
but
there's
a
logical
segregation
via
firewalls,
and
I
block
everything
off
and
yada
yada,
which
is
typically
what
I've
seen
most
on.
If
we're
not
talking
about
one
of
the
three
letter
agency
clouds
or
like
some
yeah.
E
A
And
then,
conversely,
to
your
exact
point,
though,
proxies
and
vpns
etc
are
basically
gap,
closers,
so
you're
bridging
the
gap
at
that
point.
So
then
you
know
what
does
that
entail,
but
I
mean
you
know
collectively
to
the
group
here,
like
you
know,
should
ian-
and
I
expand
this
out
in
this
or
should
we
keep
this
one
kind
of
high
level
and
do
we
need
to
like
go
somewhere
else
for
like
a
comprehensive.
A
E
Know
I
know
I
remember
being
the
one,
so
I
I
entirely
sympathize
with
this,
but
if
it
makes
you
feel
any
better,
apparently
github's
not
going
to
take
that
comment.
So
it
feels
the
same
way
about
it.
A
I'll
be
honest,
the
next
two
definitions
too,
I
kind
of
felt
weird
adding
because
I
kind
of
feel
like
they
should
just
contextually,
be
you
know
there
and
things,
but
I
put
them
in
because
they
were
asked
for
and
once
again
I'm
it's
a
start.
I'm
not
100
married
or
in
love
with
the
first
attempt
at
wording.
This
out.
E
Yeah
I
mean
you
basically
said
you've
almost
contradicted
yourself
in
the
definition
of
upstream,
because
if
you
can't
connect
to
a
repository,
then
how
can
it
be
an
upstream
repository.
A
Taylor,
you
cracked
me
up
the
this
is
where
you
know
your
comment,
though,
about
the
spectrum
comes
into
play.
I
mean
here's
the
thing
there
has
to
be
some
means
of
getting
software
into.
B
A
Isolated
environment
right
and
I
mean
so-
you
are
some
in
some
way-
shape
or
form
bridging
the
gap.
Whether
that
is
you
know
your
own
private
repository
that
you
know
is
able
to
pull
from
the
outside
world.
It
locks
everything
down
before
it
makes
it
available
to
the
inside
world.
I
mean
it
literally
could
be
someone
walks
into
this
place
with
a
thumb,
drive
and
sticks
it
into
the
server
hosting
source
control
and
starts
uploading
files.
A
You
know
I
mean
like
this
is
where
I
think
we
get
into
actually
describing
like
the
best
practices
of
you
know.
I
mean
that
would
be
my
hope
right.
As
we
start
talking
about
the
best
practices
of
hayer
forward
proxies,
maybe
not
a
good
idea,
because
if
you
get
a
bad
image
and
it
phones
home,
you
know
terrible
things
could
happen,
but
there's
there's
still
got
to
be
some
compromises.
Right,
like
you,
have
to
have
some
way
of
making
images
source
codes.
Ovas
all
this
stuff
available
to
the
people
inside
that
air-gapped
environment.
A
And
I
have
seen
a
lot
of
people
basically
just
turn
their
private
repository
into
a
proxy,
because
all
they
do
is
make
a
request,
the
url
of
their
private
repository,
but
then
it
instantly
just
pulls
it
straight
from
upstream.
So
then
I
have
the
you
know,
debate
with
them
of
why
I
set
up
the
private
repository
in
the
first
place.
E
A
E
Well,
I've
offered
you
a
suggestion
there,
but
I
don't
think
it
changes
the
meaning
of
what
you're
trying
to
do.
I
think
it
just
helps
clarify
what
you're
trying
to
say.
A
E
While
you
would
like
to
do
this,
then
you're
cutting
you,
you
know,
you
might
argue,
you're
cutting
off
your
nose.
Despite
your
face.
Your
things
like
this
are
impossible.
If
that
is
the
thing
you're
trying
to
achieve,
you've
got
to
find
a
different
way
of
doing
it.
Then
your
supply
chain
attack
that
you
were
making
the
point
about
earlier.
E
Is
that
having
cut
yourself
off
from
the
internet,
then
attack
vectors
still
do
exist
in
you
know,
poisoning
the
supply
chain
and
the
private
repository
that
you're
going
to
need
in
your
air
grabbed
environment
gives
you
an
opportunity
to
both
filter
and
quarantine.
What's
coming
in
to
make
sure
supply
chain
attacks
don't
exist,
but
the
quarantining
part
of
it
is
not
the
primary
point
of
an
air
gap
environment,
which
is
that
active
attacks
can't
be
made
in
the
network.
E
All
right
well,
there's
more
comments
there,
but
we
can
assume
that
jeff
is
gonna,
actually
try
and
finish
this
thing,
because
I'm
sure
he
wants
it
off
his
shoulders
and
with
that
we
will
switch
to
this
one,
which
is
on
my
shoulders
and
which
is
very
old.
I
don't
think
there's
been
any
recent.
Oh
there's
been
a
couple
of
recent
changes.
E
E
Okay,
anyway,
yeah
I'll,
take
that
I
know
that
nobody's
adding
anything
to
the
agenda
and
I've
run
out
of
gender
items.
So
I'm
open
season
who
would
like
to
say
anything.
C
C
A
I'm
on
there
already
I'm
going
to
probably
assuming
I
can
get
this
user
story
done.
I
don't
know
if
I'm
going
to
write
like
a
full-blown
use
case
for
it
afterwards
or
not
or
if
I
just
start
kind
of
maybe
taking
some
stabs
at
different
methods
to
you,
know,
deal
and
operate
in
an
air-gapped
environment
and
then
at
least
get
some
conversation
going.
I
mean
I
kind
of
already
know
what
my
opinion
is
on
some
of
this
stuff,
but,
like
you
know,
there
are
several
topics
there
like.
A
How
do
you
secure
the
supply
chain?
What
is
licensing
going
to
look
like
in
this
world,
and
I
think
I
think
the
licensing
one
is
going
to
be
interested
interesting
and
definitely
something
that
we
could
build
test
cases
around
taylor
where
it's
just
like.
We
do
different
types
of
deployments.
We
find
ways
to
like
you
know
we
take
in
different,
like
licensing
systems.
You
know
like
if
we're
pushing
out
you
know
virtual
du's,
to
sell
sites.
A
You
know
what
does
license
management
look
like
for
that,
we're
just
doing
csr
spin-ups
in
our
central
clouds.
What
does
licensing
look
for
that?
And
you
know
different
environments
different
reach,
because
you
know,
as
part
of
this
too
there's
going
to
be
some
level
of
security
controls
right,
something
from
like
pure
air
gap
to
like
you
know,
hey
we've
poked
a
lot
of
holes
to
where
this
thing's,
basically
a
sieve,
but
there's
still
some
mechanisms
that
are
in
place
right
so,
like
you
know,
just
I
think,
an
interesting
one.
A
When
you
talk
about
a
provider
network
with
cnfs,
is
you
know
just
the
software
delivery
and
management
like?
How
do
I
push
an
image?
How
do
I
cache
an
image?
How
do
I
license
an
image?
You
know
you
have
the
entire
front,
end
of
that
which
is
all
concerned
with,
like
the
air
gap,
piece
of
it
right
like
how
did
that
image
get
into.
A
You
know
the
ecosystem
to
begin
with,
so
I
kind
of
think
maybe
that's
where
I
might
start
focusing
some
of
my
efforts
from
a
best
practices
standpoint,
because
I
don't
know
I
deal
with
it
every
day
now.
So
it's
interesting
to
me.
A
C
A
A
Yeah,
I
think
it's
interesting,
like
I've
been
exposed
to
more
stuff
right,
like
I
mean
you'll,
see
a
lot
of
stuff
from
a
supply
chain
standpoint
for
certain
vnfs
and
cnfs.
Now
or
you
know,
they're
gonna
come
from
the
factory
with
the
software
already
on
them,
which
is
cool
until
you
run
your
first
update.
What
does
that
look
like
you
know
what
if
it
doesn't
come
pre-packaged
from
the
factory,
so
it
yeah.
I
think
I
think
it's
interesting
and
it's
one
of
the
few
things.
That's
also
very
you
know.