►
From YouTube: CNCF CNF WG Meeting - 2022-01-17
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
Yeah
I'm
doing
good
yeah
I'm.
I
couldn't
attend
the
last
two
meetings
because
we
had
some
their
mother
trainings
going
on.
A
B
B
I've
posted
the
meeting
nets
to
the
zoom
chat.
You
can
drop
your
topic
in
there
and
put
your
name
in
okay,
we'll
get
we'll
get
started
about
five
after
so
another
three
minutes.
B
We
may
have
low
attendance
today
because
it's
martin
luther
king
jr
holiday
in
the
us.
C
B
All
right
so
today
is
a
welcome
today's
a
little
bit
of
an
off
day.
So
please
come
back
on
a
regular
day.
It's
a
us
holiday
today,
so
there's
a
lot
of
people
that
are
taking
off.
B
D
B
The
working
group
is
focused
around
documenting
and
discussing
best
prac
best
practices
for
cloud
native
best
practices
for
telecom
applications
and
platforms,
how
the
applications
run
on
platforms
specifically
kubernetes
and
how
we
can
improve
them,
as
well
as
looking
at
the
context
around
use
cases
user
stories,
any
type
of
supplemental
information
when
people
run
into
problems.
We
want
to
document
that
sort
of
thing
and
a
related
initiative
has
its
own
call.
B
All
right
so
cigar
did
you
have
a
topic.
You
want
to
add.
A
Yeah
for
today's
discussion,
yeah
we'll
just
you
know,
going
to
discuss
some
best
practices
I'll
just.
B
A
B
D
Honestly
saying
I
I
didn't
have
a
single
name
to
touch
the
documents.
I
got
only
one
one
response
one
comment,
but
I
didn't
have
any
time
to
to
develop
it
more
all
right
something
new.
B
Okay,
shabana,
do
you
have
anything
that
you
would
like
to
add
to
the
agenda?
Would
normally
just
have
people
put
their
names
here
in
the,
and
maybe
it's
not
in
the
notes,
but
I'll
put
it
in
I'm
sorry
in
the
zoom
chat.
So
the
meeting
notes-
and
you
can
add
your
name
and
if
there's
any
topic
you'd
like
to
discuss,
we
can
add
it
to
the
agenda.
B
All
right,
I
will.
B
See
what
we
have
here
so
I'm
going
to
work
from
oldest,
really
quick.
It's
pretty
sure
that
there's
been
no
activity
on
this
one,
but
we
should
probably
see
some
more
activity
over
the
next
few
weeks.
I
jeffrey
salem's
moved
jobs,
so
he
should
be
more
active.
Let's
see
if
there
was
anything
new.
B
B
I
think
it's
going
to
be
a
little
bit
quiet
today,
tom,
because
most
well,
the
u.s
folks
are
off
for
the
holiday
as
you're,
probably
aware,
yep
all
right,
let's
see
if
we
got
any
comments
on
this
one,
so
we
have
a
and
for
those
that
aren't
familiar
with
this,
we
have
people
contributing
content
around
user
stories,
use
cases,
and
then
some
are
working
directly
on
best
practices.
It's
really
whatever
is
of
interest
and
where
you
want
to
add
stuff,
this
particular
one
is
around.
B
When
a
best
practice
doesn't
work
for
a
company,
then
they
should
document
it.
We
want
to
make
sure
that
it's
communicated
to
the
end
users
of
whatever
the
products,
if
something
isn't
following
a
practice,
why
it's
not
and
that
they
can
easily
see
that
and
then
make
decisions
on
it.
It
may
have
very
valid
reasons
to
just
communication.
B
A
Hey
taylor
yeah.
I
had
a
quick
question
on
that,
so
I
was
working
on
like
I
think
one
or
two
proposals
that,
like
we
discussed
in
the
month
of
december,
do
you
want
me
to
directly
go
ahead
and
create
a
pull
request
or
you
want
it
to
be
reviewed
first
by
internally
yeah.
I
just
wanted
to
check
with
you
on
that.
B
B
B
It
has
a
both
a
draft
best
practice.
That's
what
this
is
about
documenting
and
stuff,
the
compliance,
so
let
users
explain
what
they're
compliant
with
and
all
this
stuff.
It
also
includes
some
use
case.
Information
that'll
be
extended
there.
So,
if
you
feel
like
you,
have
enough
content
then
feel
free.
To
put
that,
in
I
mean
it.
B
So
one
of
the
things
as
far
as
reviews,
which
are
saying
getting
a
review
because
pull
requests
are
actually
pretty
nice.
Let
me
open
this.
One
pull
requests
are
pretty
nice
for
reviews,
I
mean
you
can
put
something
in
there
and
if
someone
has
a
suggestion,
let's
say
it's
a
simple
spelling
update
well
there.
They
can
quickly
suggest
that
it.
A
B
If
I'm
recalling
right
ben
yours
was
a
google
doc
and
you
can
then
request
people
to
come
and
add
comments
and
stuff
there.
Some
people
use
markdown,
so
you
could
do
something
like
hacking
day
or
whatever
and
just
share
it.
So
it's
really
what
whatever
you
feel
comfortable
with
and
they'll
get
the
request
in
when
you're
ready.
B
Like
you
have
enough
content
enough
sections
and
you
can
always
mark
them
as
a
work
in
progress,
a
whip
like
this
and
keep
it
that
way,
but
you're
wanting
people
to
review
it,
got
it.
Okay,
all
right.
So
this
one
stateful
user
stories,
oliver
they're
gonna,
be
on
vacation
today
in
the
u.s.
So
I
probably
won't
hear
anything,
but
this
is
this
is
is
around.
B
I
think
this
is
going
to
be
related
to
a
lot
of
applications
that
we're
going
to
see
specifically
for
falcon,
going
with
data
and
needing
to
think
about
state
the
use
cases
and
user
stories.
These
happen
to
be
related
to
a
charging
and
accounting
type
application
for
5g
charging
and
accounting.
B
But
I
think
a
lot
of
the
concepts
and
stuff
that
are
needed
in
these
are
going
to
be
useful,
other
places
so
getting
some
feedback.
And
then
we
want
to
get
this
merged
pretty
quickly,
specifically
user
stories
and
use
cases.
We
want
to
get
emerged
quickly
and
then
iterate
any
changes
on
them
updates
because
they
provide
context
for
a
larger
group
of
people.
B
Let's
see
I'm
going
to
go
on
to
the
next
one,
so
this
one
is
new
and
pretty
straightforward:
hey
is
it
time
to
change
this
change
mining
time
all
right?
I
think
this
one
can
just
be
merged
and
it
looks
like
you
already
got
an
approval.
B
A
Sure,
taylor
yeah,
I
think
one
of
the
proposals
that
I
was
working
is
so
having
your
applications
pull
images
from
known
registries,
and
in
addition
to
that,
I
was
also
thinking
that
we
should
sign
the
image
signatures
that
we
use
in
our
application.
A
So
so
I
think
it
would
be
really
good
that
we
validate
our
images
that
we
use
in
our
deployments.
For
example,
what
we
can
do
is
we
can
verify
the
signatures
associated
with
images,
and
I
think
these
days
it's
very
important
in
these
supply
chain
security-
that
we
do
that
and
we
know
from
where
the
images
are
being
pulled
and
the
signatures
associated
with
those
images
is
validated.
A
A
So
what
we
can
do
is
we
can
verify
its
signature
by
using
its
public
key,
and
I
think
this
is
really
important
and
to
extend
this.
We
can
also,
you
know,
validate
the
attestation
of
the
image.
That
is
one
option,
so
I
just
wanted
to
discuss
this.
So
what
are
your
thoughts
on
this.
B
Yeah,
I
think
it's
a
good
idea.
This
is
probably
relate
to
that
supply
chain
attack,
and
this
will
be
part
of
defense
against
supply
chain
attacks.
A
A
A
There
is
this
using
certificates,
so
if
we,
if
we
have
to
upgrade
the
certificates
that
your
application
is
using,
then
we
can
mount
those
certificates
as
volume,
and
you
know
this
will
help
kind
of
in
the
automation.
So
I
was
not
really
sure
if
it
can
be
a
best
practice.
B
I
think
I'd
need
to
see
a
little
bit
more
about
this
one,
but
I
mean
it's:
it's
anything
can
be
proposed
as
far
as
a
best
practice.
D
A
Yeah,
this
is
right,
so,
basically,
if
you
want
to
update
your
ca
trust
store,
you
know
you
can
bundle
all
the
certificates
and
you
know
map
it
as
a
config
map
to
your
deployment.
I
think
this
is
so
the.
D
Idea
is
the
idea
is
to
to
detach
the
the
the
sea
certificates
from
the
container
image
and
and
and
map
it
from
from
a
config
map
right.
A
D
There
is
a
there
is
one
known
fact
that
that
if
you
want
to
prepare
a
flat
image
where
you
know
you
don't
want
to
build
your
image
based
on
on,
you
know,
fat
base
images
and
you
want
to
want,
want
to
let
go
application
inside
then.
The
only
problem
usually
is
actually
what
you're
telling
here
that
there
are
no
ca
certificates
inside.
So
this
is
sounds
like,
in
that
case,
an
interesting
solution
for
that
problem.
Specifically.
A
Right
so
I
mean
if
we
have
any,
if
you
have
to
basically
update
any
certificates
instead
of
having
your
application
build
an
image
with
that
certificate,
you
can
just
mount
it
as
a
config
map.
This
is
more
like
automation,
but
I
just
wanted
to
you
know
check
with
you
guys
if
it
can
be
a
best
factors,
but
yeah
I'm
going
to
create
a
draft
with
more
information
and
share
it.
So
you
know
you
can
review
and
you
know
see
if
it
can
be
a
best
practice.
D
Yeah,
I
I'm
not
sure
you
know
it's
it's
from
my.
In
my
point
of
view,
it's
a
little
bit
borderline
because
because
there
are
some
some
places
where
this
is
needed,
but
but
but
most
of
the
I
think
most
of
the
industry
solve
this
problem
without
without
you
know,
mapping
config
maps.
So,
therefore,
for
me,
it's
a
little
bit
borderline,
but
but
I
you
know,
I'm
just
one,
I'm
happy
to
hear
what
they're
saying
I
think.
A
B
So
one
thing
to
remember
is
some
best
practices
or
some
practices
may
be.
B
B
Bonuses
and
versus
a
requirement
type
of
thing.
This
is
a
little
bit
easier
on
the
I
think.
The
test
suite
side
there's
there's
things
that
on
the
test
suite
where
we
would
think.
If
you
don't
have
this,
then
you
can't
claim
your
cloud
native
at
all
and
then
there's
things
where
it's
more
of.
If
you're
doing
this,
it's
helpful,
but
it's
not
a
hard
requirement
and
it
kind
of
feels
like
this
might
be
in
that
area.
I'm
I'm
just
not
quite
clear
either
from
a
testing
standpoint.
I
think.
B
D
Yeah,
we
do
have
an
image
scanner.
Actually
we,
our
image
scanner,
is
based
on
another.
An
other
open
source
project
called
gripe
by
encore.
If
you
know
it
actually,
I
think
it's
one
of
the
best
vulnerability
scanners
and
we
simply
are
packaging
it
for
kubernetes
clusters.
D
So
it's
rather,
we
are
giving
a
wrapping
around
that,
but
but
for
for
actually,
the
reason
why
we
are
using
is
is
more
not
just
provide
image
scanning
on
itself,
but
but
but
more
to
to
enable
you
to
identify
vulnerabilities
which
are
public
facing
and
and
some
things
which
have
to
be.
You
know
priority
prioritized
okay,
so
it's
not
general
vulnerability
scanning,
but
it's
rather
to
take
actions
over
at
this
cluster.
A
Yeah,
hey
taylor:
I
had
one
more
thing:
yeah
like
regarding
the
kiberno
integration
with
cnf
right,
I
have
written
the
code
for
the
you
know,
some
of
the
best
practices
that
we
discussed.
A
So
can
I
go
ahead
and
there
were
some
policies
which
are
you
know,
which
are
already
there
in
the
cnf
test
fit.
So
I
was
thinking
whether
to
include
them
or
not.
So
how
do
we
you
know?
Do
we
have
to
shortlist
before
creating
a
pull
request
or
I
just
create
it,
and
then
we
can
discuss
it
further.
A
B
So
I
would
suggest
create
a
ticket
for
the
task
that
you're
going
to
do
and
you
can
add
some
info
there
and
then
feel
free
to
go
ahead
and
do
a
pull
request
and
reference
the
ticket.
And
then
we
can
do
a
review
there.
Okay,
yeah
sure
we'll
do
that.
B
You
check
out
the
the
if
you
haven't
looked
lately,
but
the
usage
guide
specifically
around
like
security,
the
security
category
and
the
resilience
and
availability
there's
more
documentation
around
those
tests
and
we're
trying
to
have
information
about
the
importance
of.
Why
are
we
testing
this?
What
is
it
doing?
And
that
sort
of
thing
and,
of
course,
any
reference
links
back
for
more
content?
That's
fine
as
well
on
those,
but
that
will
be
part
of
the
tie-in
that
we'd
want
before.
We
would
merge
a
pull
request.
B
So
there's
okay
code
for
testing
the
documentation
around
it.
Why
it's
there
and
then
the
other
part
would
be
expect
tests
that
validate
that
the
test
is
working
as
expected
right,
okay,
but
I
think
you
have
a
lot
of
examples
around
that
at
this
point
and
feel
free
to
reach
out,
but
yeah
go
ahead
and
just
create
an
issue,
and
then
you
can
create
a
pull
request,
either
fully
open
or
put
it
in
a
draft
and
feel
free
to
ping.
B
All
right
tom,
I
don't
know
if
you've
been
updating
that
walk
through
for
people,
ops,
type
people.
That
is
a
checklist.
Are
you?
Are
you
doing
this?
Yes,
you're
thinking,
cloud
native
and
so
on?
If
you've
been
updating
it,
but
I
think
it'd
be
good
to
bring
back
forward
and
share
with
the
group
again
there's
a
lot
of
new
people
that
haven't
seen
it
not
today,
but
just
in
the
future.
If,
if
you're
willing
to.
B
C
D
B
B
C
Rings
a
bell:
yeah
yeah,
if
you,
if
you
ping
me
and
just
I'll,
see
if
I
can
find
the
document
in
terms
of
whether
people
have
been
using
it,
I'm
not
sure
I
can.
I
can
try
and
find
out,
though,.