►
From YouTube: CNCF CNF WG Meeting - 2022-01-10
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
Year,
all
right,
this
call
is
being
recording,
if
recorded.
If
you
didn't
hear
the
notice
when
it
started,
and
we
published
these
to
the
cncf
youtube
channel
and
the
cnf
working
group.
C
A
I
welcome,
let's
see
we
are
at
five
after
why
don't
we
get
started?
Meeting
notes?
Are
posted
into
the
zoom
chat.
A
A
Can
I
think
that
worked,
I
should
be
able
to
see
my
call
there.
I
mean
my
screen
share
on
the
call
you
can
add.
Your
name
would
be
appreciated
here.
A
We
shift
with
the
time
changes,
but
it's
I
guess
it's.
I
guess
it
doesn't
shift.
I'm
sorry.
It
says
1600,
but
we
should
be
this
way
for
a
few
more
months
and
for
those
that
don't
know,
the
main
purpose
in
this
group
is
around
documenting
and
publicizing
on
cloud
native
best
practices
for
telecom
applications
running
on
environments,
kubernetes
based
environments.
A
That's
what
we're
doing
our
main
focus
right
now.
We
have
a
lot
of
documentation
that
we've
been
working
on
around
use
cases,
user
stories,
we're
going
to
be
publishing
best
practices
and
also
publishing
or
writing
up
things
around
problem
areas.
So
if
you're
trying
to
utilize
a
kubernetes
environment
and
having
a
problem
adopting
any
type
of
technology
or
methodologies
or
whatever,
then
we
want
to
note
those
and
try
to
see
you
know
what
are
the
problems
and
what
tips
and
things
that
we
can
have
to
work
with
those?
A
Usually
that's
general
generic,
vanilla,
kubernetes.
But
if
it's
specific
environments
hosted
environments,
then
we
want
to
know
those
too
some
environments,
or
I
should
say
one
of
the
best
practices
that
we
had
done.
A
lot
of
talk
about
was
in
the
area
of
security
and
specifically
least
privilege,
so
we
had
one
practice
that
we
wrote
up
called
non-root,
so
not
running
your
processes
and
containers
as
the
root
user.
A
There's
a
lot
of
different
things
you
can
do
regarding
security
if,
if
someone
say
discover
an
exploit-
or
there
is
a
bug-
maybe
just
something
goes
wrong
with
your
application,
so
not
having
root
limits.
The
damage
within
the
container
there's
a
lot
of
other
places
that
you
can
have
problems,
but
this
is
just
one
area,
so
it's
recommended
to
not
run
root
and
we've
written
up
some
stuff
around
that.
A
B
I
don't
know
taylor,
you
remember
that
I
sent
you
okay,
the
you
know
very
very
early
draft
of
of
my
next
best
practices
around
a
server,
and
if
we
have
a
few
minutes,
okay,
somewhere
along
just
a
small
feedback,
would
be.
You
know
helpful
for
me
if
this
is
the
way
to
go
and
start
to
creating
from
this
items.
A
Yeah
for
sure,
would
you
like
to
drop
a
link
in
here
and
we
just
get
some
feedback
right
now
on
the
call
yeah
I
mean.
A
Minor
georgia
kind
of
give
an
overview
of
it
and
then,
if
it's
do
you
have
a
comment
access
available
on
the
document
yeah,
I
will
open
it.
It
just
opened
comment
access,
since,
if
we're
going
to
drop
a
link
in
here,
don't
want
to
random
people
on
the
internet
modifying
it.
But
if
they
can
do
comments,
then
you
can
approve
or
reject
sure
all
right.
C
A
Just
add
that
below
the
meeting
host
review,
open,
pull,
request,
item,
okay,
okay,
does
anyone
else,
have
anything
they'd
like
to
add.
A
Okay,
so
mwc
barcelona
is
anyone
going
to
be
there?
Do
you
know
of
any
specific,
interesting
events.
A
A
All
right:
how
about
one
summit.
A
Nope,
okay,
so
kubecon
eu
see
if
these
are
closed.
So
if
you
didn't
get
them
in
that's
too
late
for
that.
But
if
you
have
something
interesting
feel
free
to
add,
add
a
an
entry
here,
just
so
that
we
know
about
it,
and
everyone
in
the
group
can
see
it
a
neckline.
D
A
Cool,
well,
I
guess
when,
when
they
make
it
through,
we
can
add
them.
I
guess
would
be
the
next
thing:
yeah
people
that
don't
make
it
through
nick
life.
It
seems
super
interesting.
Maybe
you
could
tell
them
to
come
home.
A
D
A
All
right,
so
there
is
a
there's
going
to
be
a
collocated
event
that
cncf
is
putting
on
cloud
native
telco
day
so
for
anyone
that
doesn't
make
it
through
the
cfps,
maybe
for
kubecon
itself,
maybe
try
to
get
them
over,
but
probably
ask
them
anyways.
A
So
if,
if
you're
available
at
those
times
and
you'd
like
to
be
present
at
the
cloud
co-located
event
cloud
native
toka
day,
then
let
me
know,
I
don't
think
we
have
details
yet
for
submitting
on
that,
but
we'll
get
that
soon
added
as
soon
as
we
have
it.
I
should
hear
more
this
week
about
that.
A
All
right,
cfp's,
not
open
for
the
n,
a
I'm
gonna
go
ahead
and
pull
up
the
pull
request.
Oh
we
have
several
here.
What
do
we
have
25
days
ago?
A
A
Someone
else
to
step
in
that
would
be
interested
in
air
gap
to
help
jeffrey
is
no
longer
a
charter
and
getting
things
going
at
his
new
job
and
we'll
see
how
much
availability
has
gone
forward.
A
Yeah,
I
don't
really
see
anything
else,
but
this
is
still
something
folks
could
look
at
and
give
some
feedback
on,
especially
if
you
do
like
we
have
some
of
these
that
got
they
were
able
to
be
resolved.
So
if
there's
anything
where
you
want
to
change-
and
you
click
on
the
plus
and
then
suggest-
and
edit
is
the
most
helpful
way
to
move
it
through,
but
you
can
take
a
look
at
this
one,
these
user
stories,
so
these
user
stories
will
be
helpful
in
many
areas
to
help
us
with
supplemental
documentation.
A
Oh
yeah,
all
right
this
one
folks
can
look
at
it.
It's
not
ready
yet
got
to
get
back
continue
on
it,
but
this
is
one
of
those
that
are
when
you,
when
you're
looking
at
a
set
of
best
practices
or
you're
you're
working
on
the
test,
you're,
maybe
you're,
working
with
the
cnf
test
suite
and
trying
to
pass
as
much
as
possible,
whatever
you're
you're,
trying
to
improve
your
software
and
going
along,
but
you're
found
an
area
where
it
just
doesn't
work.
A
This
is
an
area
where
you
don't
feel
like
you
can
follow
a
recommended
best
practice,
for
whatever
reason
very
valid
reasons.
Maybe
it's
in
conflict
you're
following
like
hipaa
compliance
or
something-
and
you
can't
do
it-
you
can't
follow
something
because
it
would
conflict
well.
This
is
about
and
we
need
to
update
the
title
there,
but
this
one
is
about
documenting
any
type
of
exceptions.
A
And
communicating
where
you
can,
when,
where
you're
not
able
to
be
compliant
and
the
reasons
and
stuff
and
making
that
easily
accessible
for
the
people
that
care
about
this,
you
know
so
this
could
be
the
ops
team
at
a
service
provider
or
wherever
else
documenting
the
reasons
around
that
and
then
some
suggestions
there.
E
E
No,
it's
fine,
you
can
just
you,
can
I'm
not
going
to
yeah
just
keep
it
up
there
I
mean
yeah.
I
think
this
is
we
opened
this
pull
request
just
before
the
holidays.
I
think
we
we've
done
this
in
the
past.
We
we
have
already.
Today
we
have
a
use
case
which
really
looks
at
stateful
cnf,
but
trying
to
go
a
bit
lower
level
sort
of
to
tackle
some
of
the
user.
Not
you
know
not
some
only
use
cases
but
some
of
the
user
stories.
E
I
I
opened
this
up
with
taylor
here
on
you
know
just
before
the
holidays,
and
these
are
mainly
derived
out
of
you-
know
what
I
would
say:
4g
and
5g.
You
know
online
charging
system
perspective
or
convergent
charging
system.
Company
I
work
for
is
is
offering
a
product
in
this
area,
and
so
these
are
some
of
the
challenges
that
we
face.
In
terms
of
you
know,
cloud
native
for
places
where
we
are
dealing
with
state
need
to
manage
state
as
part
of
it,
a
3gpp
compliant
5g
core.
E
So
that's
where
these
use
cases
are
are
deriving
from
or
user
stories
are
coming
from.
I
have
tried
to
genericize
them
a
little
bit
more
and
the
reason
for
that
was
just
simply
to
try
to
create
some
appeal
for
others
who
might
recognize.
E
You
know
some
areas
where
they
are
also
facing
some
of
the
similar
challenges,
and
I
see
that
we've
had
some
comments
on
here
that
you
know.
Maybe
these
are
more
I.t
related
in
you
know
I
don't
totally
dis
disagree,
but
they
are
in
fact
network
related.
So
we
are
talking
about
cnfs
talking
about
network
functions
and
I
certainly
see
the
chf
as
defined
at
least
in
in
3gpp.
E
That
is
a
network
function
and
therefore
you
know
there
are
some
there's
some
interesting
challenges
that
I
think
we
need
to
work
around
with
so
by
all
means.
If
you
have
thoughts
comments,
please
do
have
a
look.
E
Yeah:
let's,
why
don't
you
come
down
then,
to
the
first
one?
Okay,
so
yeah
I
mean
basically
the
way
I
would
look.
Sorry
go
up
just
a
little
bit
tell
her
apologies
right
there
yeah,
so
I
will
try
to
run
through
it
fairly
quickly.
If
you
look
at
the
you
know,
the
way
it
works
is
we
start
off
kind
of
at
the
highest
level
and
sort
of
what
I'm
doing
by
doing
the
way
I've
done
this
is
to
say
you
look
at
this
use
case.
E
You
talk
about
a
csp,
a
a
service
provider.
You
know
just
recognizing
that
there's
you
know
almost
at
the
highest
level,
there's
a
need
to
maintain.
You
know
persistent
data
things
like
subscriber
information
account
balances
quota
balances.
You
know
different
things
that
are
used
along
the
life,
the
journey
of
a
subscriber
and
also
recognizing
that
that
data
may
be
fairly
static
in
nature
or
it
may
be
very
dynamic
and
changing.
You
know
all
the
time.
E
It's
just
kind
of
a
starting
point
to
this,
and
then
I
go
through
and
give
just
a
few
examples
with
the
user
stories.
So
you
know
that,
and
from
a
user
perspective
I
have
a
I
have
an
address
on
file.
I
may
need
to
change
that.
You
know
I
expect
my
provider
to
be
able
to
allow
me
to
do
that
kind
of
thing.
E
So
it's
just
making
the
case
that
the
the
csp
needs
to
be
able
to
handle
that
at
the
same
time,
then,
if
you
move
into
sort
of
the
point
number
two
here,
it
starts
to
move
into
cases
which
are
more,
you
know
dynamic
in
nature.
So
things
like,
I
have
a
balance
and
I
expect
just
like
my
bank.
I
expect
my
bank
to
be
able
to
maintain
my
balance
and
it
should
be
accurate
or
you
know
things
that
I
have
purchased.
E
If
it's,
if
I
purchase
a
number
of
you
know,
gigabyte,
for
example,
I
expect
my
service
provider
to
maintain
that
an
accurate
balance
of
that,
because
that
will
also
be
used
to
trigger
different
decisions.
E
So
that's
kind
of
the
very
first
user
story
or
use
cases
user
story.
Then
you
go
to
the
next
one,
which
is
basically
the
way
I
see
this
is
kind
of
nested
saying:
okay!
Well,
that's
great!
I'm
in
that
situation,
but
you
may
find
yourself
depending
on
what
you're
what
you're
doing
you
may
also
have
the
a
need
for
things
like
real
time
and
low
latency,
and
this
is
certainly
again
an
area
from
from
an
online
charging
system.
E
The
need
for
real
time
is
quite
key,
so
I've
described
this
in
a
use
case.
You
know
that,
basically
just
describing
it
as
being
able
to
do
perform
real-time
crowd
actions.
So
you
know
when
we
create
things
we
want
to
be
able
to
update
them
and
to
delete
them
and
and
there's
a
number
of
different
reasons
why
this
would
be
necessary
and
one
of
the
main
ones
from
a
online
charging
perspective
is
that
you're
trying
to
limit
the
financial
exposure
to
to
to
primarily
the
the
service
provider.
E
Right
I
mean
I
shouldn't
allow
you
to
do
something
unless
you
actually
have
the
right
to
do
it,
whether
you
have
you
know
monetary
funds
or
if
you've
actually
purchased
already
some
again,
some,
you
know
quantity
of
of
some
data
or
you
know
or
events
whatever
it
might
be,
that
you're
allowed
to
do.
I
don't
want
to
allow
you
to
start
doing
that
or
continue
to
do
that
if
you've
run
out
of
money,
because
then
I
put
myself
in
in
you
know,
I
I
I
basically
putting
myself
in
financial
risk.
E
So
this
is
where
sort
of
the
real
time
low
latency
comes
in
and
if
you
look
down
to,
if
you
scroll
down
just
a
little
bit
taylor
to
the
user
stories
here,
I
just
outlined
a
couple
examples:
no
not
that
far,
not
that
far
just
go
up
a
little
bit
to
those
three
green
yeah.
So
the
user
stories
here
is
just
kind
of
again
playing
from
subscriber
doing
different
things.
The
first
one
saying
I
want
to
access
a
service.
E
E
I'm
using
a
service,
and
the
quota
that
I
have
you
know
from
originally
been
allocated
is,
is
going
to
be
consumed
and
therefore
you
know,
under
the
period
of
me
using
a
service,
there
needs
to
be
frequent
checks
to
make
sure
that
I'm
not
going
over
and
beyond
what
I'm
allowed
to
do
and
again
it
may
serve
to
make
different
decisions,
which
is
the
third
point.
So
looking
at
an
example
here,
you
might
have
in
5g
an
iot
device
in
a
factory
smart
factory
and
you're.
E
It's
attempting
to
access
higher
quality
of
service
network
slice
to
accommodate
a
spike
in
production.
So
there's
a
need
to.
You
know
get
a
better
quality
of
service
well
before
we
can
enable
that
we
may
want
to
first
ensure
that
the
device
has
you
know
the
the
the
possibility
to
do
so
or
if
it
has,
you
know
if
it's
if
it's
already
utilized,
for
example,
a
threshold
that
was
you
know,
allocated
for
the
week
for
the
day
for
the
month,
whatever
that
might
be.
E
So
this
is
just
an
example
of
how
it
might
be
used.
You
know,
and
if
it
and
if
you're,
not,
if
you
don't
have
that
threshold
or
if
you
don't
have
that
balance,
then
you'd
be
denied
or
that
particular
device
would
be
denied
stepping
up
to
a
higher
quality
of
service.
So
again,
it's
just
examples
of
how
that
really
in
the
end,
it's
the
persis.
You
know
this
persistent
and
dynamic
data
is
being
being
used
and
carried
forward
to
make
different
business
decisions.
E
If
you
scroll
down
just
a
little
bit,
then
taylor
we'll
get
to
that
next
point
here,
being
the
high
transaction
just
a
little
bit
there,
high
transaction
processing.
So
you
know,
in
addition
to
that,
you
know
again,
I'm
drilling
deeper
and
deeper
to
sort
of
some
of
the
use
cases
that
we
face,
and
one
of
the
things
is
that
we're
dealing
with
you
know
quite
a
large
amount
of
transactions
that
are
taking
place
per
second,
and
I
think
most
of
us
are
probably
familiar
with.
E
You
know
if
you're
looking
at
it
from
a
5g
perspective,
you
know
the
expectations.
This
is
just
going
to
continue
to
grow
and
we
have
you
know
some.
We
have
some
examples
ourselves.
I
think
I've
mentioned
it
in
here
and
I
don't
remember,
give
me
a
second
here,
yeah,
hundreds
of
thousands,
for
example,
per
second
of
transactions
per
second,
perhaps
there's
others
out
there
who
have.
E
You
know
examples
where
you
know
there's
even
higher
number
of
transactions
per
second,
you
know
these,
but
these
are
business
decisions
right
for
from
our
perspective,
each
particular
transaction
is,
you
know,
is
eventually
a
charge,
that's
being
you
know,
that's
being
applied
for
some
type
of
event
that
has
taken
place
in
the
network.
So
this
is
why
we're
kind
of
saying
that
it's
important
to
be
able
to
do
you
know
to
handle
very
high
high
volume.
E
So
it's
not
just
you
know
one
or
two
transactions
per
second,
but
we're
a
high
number
and
we're
needing
to
do
things
on
a
very
low
latency
basis.
So
that's
kind
of
you
know,
that's
that
complicates
and
challenges
things
technically
for
us
a
little
bit
further.
If
you
go
one
more
a
little
bit
down
acid
compliant,
so
I
think
from
our
perspective,
this
is
not
an
option.
So
again,
this
is
something
because
we're
dealing
with
financial
transactions,
the
expectations
that
these
can
be
relied
on,
always
that
they're
accurate.
E
Always
so
when
you're
making
decisions,
you
know
financial
nature,
it
can't
be
it's
not
okay
to
make
decisions
on
things
that
are
not
yet
accurate,
or
you
know
maybe
accurate
later,
but
at
the
given
time
you
know
it
may
be.
It
may
be
incorrect
data.
That's
that's!
Not
that's!
Not!
Okay,
so
we
we,
you
know
we
are
required
to
be
acid
compliant.
So
this
is
again
one
of
those
things
that
you
know
you
say:
okay.
E
Well,
how
do
we
ensure
that,
when
you're
dealing
with,
perhaps
you
know,
distributed
data-
and
you
know
high
volumes
and
low
latency
responses,
you
know
things
become,
you
know
more
and
more
challenging.
So
that's
you
know
again.
Another
one,
I
think,
would
be
interesting
for
us
to
explore
some
of
the
best
practices
around
how
you
know
others.
You
know
again,
as
you
follow
down
this
tree,
it's
sort
of
how
do
we
handle
that
and
then,
if
you
have
to
do
that
as
well,
how
would
you
do
that?
E
You
know
what
are
some
of
the
technologies
that
you
know
might
be
possible
to
use
or
best
practices
that
might
be.
You
know
useful.
I
don't
want
to
take
all
the
time
here,
taylor,
so
if
you
just
want
to
slide
down,
I
think
we've
got
one,
maybe
two
more
the
availability
and
continuity.
E
You
know
I'm
I'll
kind
of
try
to
go
through
these
a
little
bit
quickly.
Yeah
I
mean
as
users.
I
guess,
if
we
think
about
it,
you
know
we're
expecting
our
services
to
work
right,
I
mean
we
don't
we.
We
want
to
make
sure
that
they're,
you
know.
I
say
at
least
from
a
customer
perspective.
The
expectation
is
that
services
that
I
want
to
use
are
available.
E
24,
7
365,
so
you
know
csps
need
to
have
that
high
availability
and
I
don't
want
to
pigeon
us
into
sort
of
the
the
five
nines
or
something
like
that.
I
was
thinking
mainly
from
the
perspective
of
you
know
how
you
accomplish
that,
whether
it's
you,
you
have
the
resilience
and
you
can
you
know
you
can
spin
up.
You
know
if
you've
got
a
number
of
instances
running
of
a
particular
service.
One
goes
down.
Well,
it's
not
the
end
of
the
word
world.
E
You
have
multiple
and
you're
able
to
handle
that
so
that's
kind
of
where
this
one
was
coming
from,
as
is
the
the
next
point,
is
also
really
you
know.
Instant
and
total
recovery
is
basically
saying.
You
know
that
persistent
data
is
extremely
critical.
You
know
back
to
the
point
it
is
making
there's
financial
implications.
There
are
business
decisions
which
are
being
made
from
that
data
and
again
it's
not
something
we
look
at
at
the
end
of
the
month.
E
So
I
want
to
you
know,
erase
any
notion
that
this
is
sort
of
billing
data,
and
you
know
we've
got
we
still
have
time,
but
this
is
sort
of
this
is
in
line
service
being
used.
This
data
is
constantly
being
you
know,
accessed
in
order
to
make
decisions
for
that
subscriber
for
that
particular
device.
You
know
what
it
can
and
cannot
do
or
consume.
So
this
is.
E
This
is
sort
of
the
the
last
place
where
I
wrap
up
and
then
you
know,
I'm
sure
there
are
other
challenges,
other
you
know
things
that
need
to
be
addressed,
but
these
are
the
the
key
ones
that
I
think
from
a
from
matrix
perspective.
What
we,
what
we
see
and
what
we
face
within
our
area,
that
we
work
with
in
you
know
convergent
charging
systems
for
5g.
A
Thank
you.
Oliver
comments
and
questions
from
everyone.
E
And
this
was
to
I
don't
know
if
pankau
is
on
the
is
on
the
call
here
but
yeah
I
threw
a
comment
in
there.
I
don't
I
I
just
think
it's
you
know.
I
think,
there's
certainly
more
examples
of
where
we
have
some
of
these
same
kind
of
challenges,
and
I
don't
think
that
they,
you
know
some
of
them
are
going
to
be
complementary.
E
Some
of
them
may
be,
you
know
completely
new,
I
you
know
I
I
don't
want
to
you
know
see
I
I
don't
particularly
see
these
partic,
these
use,
use
cases
or
user
stories
as
being
accounting
related.
I
think
these
are
very
much.
You
know
these
are
they're
online
charging
they're.
E
You
know
convergent
charging,
they're
they're
in
line
to
service,
you
know
experience
and
and
and
very
much
you
know,
impact
the
customer
experience
in
in
real
time
in
the
sense
that
you
know,
if
you
you
have
inaccurate
data,
you
may
be
denying
customer
service
when
they
should
have
service
or
providing
them
a
certain
experience.
E
And
again
I'm
talking
people
it's
easier
for
us,
but
it
could
be
a
device.
It
could
be
a
you
know,
piece
of
equipment
that
is,
you
know,
then
stopped
from
doing
what
it
should
be
doing,
because
it's
you
know,
not
accurate
data
and
that's
why
I
think
this
is
extremely
important
to
the
to
the
to
the
work
that
we're
doing.
A
A
We
can
always
add
more
user
stories,
so
I
don't
want
this
to
be
a
block.
If
anyone
wants
to
write
up
any
of
this.
A
These
particular
ones,
so
this
is
referencing
a
good,
a
good
paper.
It's
also
it's
always
great
by
the
way
to
reference
existing
papers
and
content.
So
we
can
pull
more
and
more
material
and
show
relevance
and
why
it's
helpful
important
if
anyone
wants
to
take
these
and
do
a
write-up
on
any
of
them,
especially
if
it's
relevant
to
you
because
you're
working
on
these
problems,
then
then,
please
feel
free
to,
and
this
can
be
adding
to
existing
documentation
because
you
feel
it's
related,
go
in
or
create
new
documents
to
add
into
this
section.
A
These
are
this:
pull
request
is
going
to
the
docs
folder,
covering
any
user
stories.
User
cases
use
cases,
but
you
can
add
new
ones
there
or
add
to
existing.
I
don't
want
to
block
this,
though,
based
on
that.
So,
if,
if
folks
can
look
at
it
and
as
long
as
you
don't
see
any
problems,
I
mean
go
update
this
one.
Let's
get
it.
A
Merged
I'll,
do
I'm
going
to
do
a
review
oliver
this
week
to
go
through
and
make
sure
there's?
No,
you
know,
spelling
or
grammar
or
anything
that
we
don't
want
to
adjust
slightly
and
otherwise.
You'll
have
a
thumbs
up
for
me
in
the
next
couple
of
days
to
merge
and
we
want
to
get
some
reviews
here.
A
Similarly,
for
the
this
one
that
ian's
working
on,
if
you
add
comments,
we'll
try
to
address
those
and
then,
ideally
by
next
monday,
we
can
get
both
of
these
merge
but
for
sure
the
stateful,
the
air
gap
may
take
a
little
bit
longer
because
jeffrey's
not
available,
but
I
think
again,
this
is
these
are
just
areas
we're
trying
to
give
context,
and
then
we
can
add
to
that
context.
A
Okay
ben,
are
you
ready,
I'm
sorry
yeah,
you
want
me
to
share.
Are
you
ready
ben
yeah,
yeah?
Sure,
okay,
I'm
gonna
stop
my
share
and
I'm
going
to.
Let
you
share.
Go
ahead.
B
I
do
so
again.
I
I
just
you
know
our
last
meeting
was
way
back,
so
I
just
going
back
to
the
original
story.
Okay
of
of
adding
security
related
the
best
practices,
okay
around
the
cnf-
and
I
just
simply
you
know,
started
to
get
together.
B
You
know
the
best
practices
from
you
know
from
getting
from
the
top
to
bottom,
I
mean
getting
from
the
most
relevant
and
and
simplest
things
with
some.
You
know
very
speci
with
some
specific
recommendations
of
best
practices,
so
not
just
a
high
level
suggestion.
Okay
of
of
you
know,
try
to
like
you
know
when
sometimes
we
joke
okay,
we
say:
that's
okay,
try
to
do
your
system,
secure,
okay,
but
that's
the
recommendation
and
it's
usually
it's
not
enough.
B
Obviously,
so
what
I'm
trying
to
do
here
is
I'm
with
my
proposal
was
to
start
from
the
next
network
security
part
of
of
of
the
kubernetes
installation
and
how
to
set
up
a
cluster
okay
in
the
in
the
telco
industry,
which
is
you
know
somewhat
more.
I
would
say
mo
nate
uses
kubernetes
more
natively
than
you
know,
users
who
are
who
are
using
kubernetes
in
in
by
through
a
cloud
vendor.
B
So
so
I
started
to
collect
to
call
the
the
recommendations
are
around
network
and
started
with
the
grantees
api,
because
in
the
previous
meeting
we
discussed
the
two
main
parts
which
was
in,
on
the
one
hand,
protecting
the
kubernetes
api
server
and
the
access
to
the
api
server,
and
the
second
part
was,
in
the
general,
the
the
protection
of
the
kubernetes
control
plane
and
a
control
plane
components
and
not
just
the
api
server,
but
also
the
cubelets,
the
scheduler,
the
cd
and
stuff
like
that.
B
B
Okay,
what
what
is
the
best
practice
and
how
to
do
it
so,
for
example,
okay,
disabling
anonymous
requests,
okay
in
api
server,
so
api
server
once
won't
do
anything
for
unauthenticated
users,
which
is
a
option
you
know
in
in
api
server
that
you
can
enable
for
many
reasons:
anonymous
requested
api
server,
audit
logging,
okay,
how
to
setting
up
audit
logging
and
and
audit
log.
So
you
have
a
trace
of
any
kind
of
security
event
in
case
of
any
consent
of
security
event.
B
You
can
have
a
log
back
of
of
what
was
done
against
the
api
server,
the
authorization
configuration
and
authentication
configuration
so
so
one
hand
okay.
Obviously,
today
we
are,
we
are
promoting
those
also
in
the
security.
We
are
promoting
the
role-based
access
control
in
any
kind
of
of
setup.
Obviously,
okay,
no,
the
authorization
is
needs
to
be
allowed,
but
but
but
you
bypassing
a
back.
B
Authentication
is
is
important,
okay
and
something
up
to
how
we
think
that
that
modern
deployment
of
kubernetes
should
look
like
and
simply
I'm
going
to
to
go
through.
Okay,
now
of
the
api's
clients,
authent
aps-era,
client
authentication
and
progressing
from
here
to
to
the
access
to
it
to
lcd
and
setting
up
secure
access
to
lcd-
and
you
know
putting
inside
you
know
not
just
you
know
not
just
the
statement,
but
also
okay.
So
what
is
going
to
be
set
in
the
actual
deployment?
B
Okay,
what
is
the
the
actual
recommendation
of
configuration
and
if
at
least
okay,
someone
decides
that
that,
for
his
deployment
is
for
some
reason
it's
not
good.
At
least
we
have
to
make
sure
that
they
understand
what
is
what
chances
they
are
taking
and
what
is
what
is
going
to
happen
if
they
not
use
the
the
best
practices,
and
you
know
I
think
that
this
might
this
might
be
okay.
B
The
resolution
here
is,
you
know,
is
very
detailed
here:
okay
and-
and
you
know,
really
going
into
kind
of
different
configuration
settings,
but
on
the
hand,
I
think
that
that
this
is
for
someone
who's
hands
on
to
create
the
deployment.
B
It
is
going
to
be
an
great
way
of
of
going
through
these
things,
because
in
general,
okay,
these
are
not
very
new
things.
Okay,
these
are
things
which
we've
many
myself
any
other
people
from
from
security
discussed
in
different
places.
Okay,
but
but
I
think
that
this
is
going
to
be
in
a
one-stop
shop
of
of
of
how
to
set
up
these
things,
and
I
would
be
glad
to
to
to
get
some
input.
A
Thank
you
so
much
ben.
It
sounds
great
to
me
I'd
like
to
hear
some
feedback
if
folks
are
have
any.
B
So
guys,
really,
okay,
so
you
can
you
know
slack
also,
and
you
know
you
can
also
come.
I
try
to
enable
comments
here,
okay
documents,
so
I
I
will
try
to
finish
by
the
end
of
this
week.
Okay,
all
the
api
server
communication
part.
A
B
A
To
and
I
tried
to
access
it
from
an
account
that
you
didn't
share
with
and
it's
not
accessible.
A
Okay,
can
you
set
the
settings
so
that
anyone
in
the
world,
with
the
link,
anyone
with
the
link
so
that
yep
sure
yeah
click
on
share
with
armor
bottom
left
and
then
change
it
to
let,
on
the
left
hand,
side
anyone
with
link
but
make
a
comment
only
yeah
yeah.
A
A
If
you
have
you
want
to
add,
you
have
thoughts
or
comments
or
you
just
want
to
update
like
a
grammar,
spelling
whatever
add
some
clarification,
either
add
a
comment
or
directly
suggest
an
edit
I'm
going
to
delete
my
suggestion,
but
you
can
suggest
and
edit
and
then
we'll
look
over
it,
and
if
it's
you
know
it's
aligned,
then
we
can
just
add
that
right
in
and
that'll
help
ben
move
this
along
feel
free
to
look
at
it
and
review
at
your.
You
know
whenever
it
works
for
you
your
time.
B
E
C
Oh
hi,
everyone.
I
I
have
a
question.
Actually
oh,
go
ahead,
hi!
So
I'm
I'm
I'm
new
here.
My
name
is
charles
unizy
and
I
always
ask
how
would
I,
how
would
I
contribute
because
I'm
pretty
new
to
this
technology
though,
but
I
was
hoping,
maybe
resources
I
can
probably
read
up.
C
A
C
A
All
right,
so
this
is
a
new
area.
Maybe
so
the
the
working
group
has
documentation.
You
can
look
under
the
two
main
areas.
I'm
gonna
try
to
bring
this
up.
I
can
screen
share
as
well,
and
let's
see
all
right,
so
there's
these
user
stories
and
use
case
folders,
we'll
probably
move
those
under
this
documentation.
Folder
I'm
going
to
bring
this
up,
but
this
would
be
some
areas
to
kind
of
look
and
understand
context
around
problems
that
are
trying
to
be
solved
specific
to
communication
service
provider
environments.
A
But
a
lot
of
these
are
generally
useful
for
any
type
of
networking,
environment
and
problems
you're
running
into,
and
some
of
them
are
even
applicable
to
general
I.t
issues,
but
you
have
under
this
user
stories.
This
is
a
security
related
set
of
user
stories,
supply
chain
attacks,
so
these
are
laying
down
a
bunch
of
areas
where
there
could
be
problems,
and
then
we
could
talk
about
what
are
different
ways
that
we
can
try
to
address
these.
If,
if
a
attack
occurs,
then
what
are
you
going
to
do?
How
do
you
try
to
prevent
them?
A
Is
one
thing
and
then,
whenever
you
can't
prevent
it
and
it
happens,
then
what
can
you
do
and
that's
what
a
lot
of
this
is
leading
up
to
under
the
use
cases
we
have
different
things
like
onboarding,
so
this
onboarding
that's
about
a
new
application.
A
Let's
say
you
have
a
firewall
or
a
charging
application
like
what
oliver
was
presenting
user
stories
related
you're,
bringing
that
into
an
environment
and
what
are
the
different
things
that
you
may
want
to
think
about,
and
this
was
actually
put
forward
by
a
service
provider
talking
about
some
of
those
different
life
cycle
issues
more
on
the
stateful
things
you
should
think
about
this
one's
a
more
specific
to
a
application
and
set
of,
I
guess,
related
applications,
so
bgp,
and
what
you
need
to
think
about
and
there's.
A
If
we
go
into
some
of
these,
they
have
diagrams
related.
What
are
we
looking
at
here?
So
these
are
all
areas
for
context
under
let's
see,
this
document
area
is
probably
not
it
here
we
go
so
the
best
practice
area
right
now
we
don't
have
any
that
are
published
other
than
the
the
non-root.
I
think
in
this
quarter,
we'll
probably
see
a
few
more
and
then
more
and
more
come
along
as
we've
gotten
all
the
rest
of
the
documentation,
the
context,
but
we
should
start
seeing
more
in
here.
A
These
are
going
to
be
specific,
so
if
you're
interested
in
bringing
over
best
practices
that
exist
in
other
areas,
so
non-root
is
not
something
specific
to
cns.
It's
a
good
practice
everywhere.
It's
utilized
in
many
areas,
if
you're
in
a
hosting
environment
that
uses
sc
linux,
like
red,
hats,
environments
or
other
hosted
solutions
or
maybe
you're,
seeing
an
environment
that
someone's
building
their
own
kubernetes
based
environment,
they
may
have
root
disabled
capabilities.
A
If
you
go
through
and
then
a
lot
of
references,
so
I
think
it
was
ponchai
on
one
of
the
other
pull
requests,
add
references
to
white
papers,
so
we
want
to
always
have
references
if,
if
they're
out
there
and
happy
to
see
them
so
these
are
all
areas.
I
think
you
could
go
check
out
if
you're
interested
in
on
the
documentation
side
reading,
I'm
writing
up
new
ones.
A
The
cnf
test
suite
this
effort
is
around
implementing
tests
that
are
checking
various
practices
so
similar
to
the
kubernetes
ede
test,
suite
and
really
most
environments
where
you're
already
building
software,
and
you
want
to
test
and
validate
that
things
are
running.
As
you
expect,
the
the
I
guess,
implementation
side
moves
at
a
different
speed
from
the
documentation
side,
as
we
in
the
working
group,
we're
figuring
out
how
things
make
sense
to
a
large
group
of
people
and
trying
to
improve
how
it's
communicated
on
the
test
suite
we
have
at
this
point.
A
I
think
it's
close
to
50
tests
implemented
across
many
different
categories.
So
we
didn't
really
talk
about
the
categories,
but
if
you
think,
there's
stuff
that
we're
talking
about
compatibility,
the
statefulness
that
oliver
and
talked
about
earlier
security
there's
a
lot
around
security.
So
there's
a
lot
of
different
areas,
so
the
tesla
itself
has
close
to
50
tests
if
it
didn't
hit
it
already
over
the
holidays,
and
this
would
be
another
area
if
you
want
to
come
check
out
and
and
take
a
look,
there's
a
if
you
want
to
run
it.
A
A
A
Cubescape
from
armo-
and
you
can
go,
read
more
about
this
specific
test,
but
we
try
to
put
reasons
why
it
would
be
problems
to
allow
privileged
escalation,
not
that
you
may
not
need
it.
That's
fine!
If
you
have
an
exception,
it
should
be
written
up,
but
in
general
we're
saying
you
shouldn't
allow
it
for
most
components
and
most
applications.
A
A
A
You
can
join
there,
there's
slacks
for
both
the
working
group
and
the
test
suite
channel.
So
you
can
chat
in
those,
but
either
way
it's
you
know
you
can
get
involved,
read
up,
learn
more
about
the
area
and
happy
to
have
more
contributors
than
any
of
it.
Including
stuff
is
as
simple
as
straightforward
as
grammar
and
spelling
mistakes,
all
contributions
would
be
appreciated.