►
From YouTube: CNCF SIG Runtime 2021-02-18
Description
CNCF SIG Runtime 2021-02-18
B
A
A
A
A
Oh
cool,
so
I
think
we
can
start
people
are.
Maybe
gonna
show
up
a
little
bit
later,
but
yeah.
So
so
thank
you
for
taking
the
time
to
present
tryout
excited
to
be
here,
so
the
presentation
will
be
recorded.
So
you
know
other
people
can
actually
watch
it
later
and
yeah
and
then
happy
to
learn
more
about
like
how
you
implemented
it
container
registry
in
rust.
C
D
C
A
C
C
C
And
yeah,
as
I
was
saying,
I
do
want
to
kind
of
a
discussion
about
things.
I
thought
it
might
be
interesting
to
sort
of
first
talk
about,
what's
going
on
with
like
registries
and
so
on
in
general,
and
also
I've
kept
the
stock
fairly
technical.
Given
it
was
the
the
sig
run
time,
which
I
I
assume
was
the
right
decision.
So
you
can.
C
We
can
talk
about
standards
and
stuff
yeah,
there's
a
few
things
that
are
going
on
in
the
registry
world,
which
I
think
are
quite
interesting
and
it's
you
know
a
space,
that's
kind
of
needs,
some
updating,
because
not
a
lot
has
really
been
happening
until
the
last
year
or
so.
Yeah.
Really,
you
know
it's
not
changed
much
since
the
initial
versions
of
docker
distribution,
or
at
least
since
it
moved
to
v2,
which
is
a
good
few
years
now
so
what's
happening
recently.
C
That's
part
of
the
cncf
a
lot
of
registries
and
I'm
particularly
thinking
of
things
like
the
the
google
was
artifact
registry
and
azure
have
one
and
so
on.
They've
all
started
moving
towards
supporting
multiple
artifacts,
so
registries
are
no
longer
just
for
container
images,
they're
also
for
things
like
helm,
charts,
opa,
config
files
exceeding
bundles
things
like
that.
I
guess
cloud
native
stuff
and
there's
probably
an
argument
that
we've
really
recreated
ftp
servers,
but
that's
gonna
be
a
bit
cynical
and
added
a
rest
for
intended
at
the
top.
C
There
is,
as
I'm
sure,
you're
also
aware,
a
standardization
process
of
the
oci,
so
you've
got
the.
I
don't
know
what
it's
called
now,
but
effectively
distribution
spec
around
with
official
title,
but
there
is
a
spec
and
it's
also
conformance
suite.
So
you
can
like
verify
whether
or
not
a
particular
implementation
conforms
to
the
standard
and
they're
starting
to
talk
about.
C
So
people
could
sign
an
image
and
do
so
and
then
people
who
had
that
image
could
verify
that
it
came
from
who
it
claimed
to
come
from
effectively
and
also
it
was
quite
you
know,
impressive
implementation,
because
I
had
all
the
update
framework
stuff
in
it.
So
it
could
also
verify
that
it
was
up
to
date,
and
things
like
that
that
now
there
were
a
lot
of
problems,
the
first
or
there
are
problems
for
the
first
version
of
notary.
It's
not
seen
as
much
uptake
as
we'd
like
and
there's
issues
like.
We
can't.
C
You
know
signatures,
don't
travel
with
images,
so
one
thing
we'd
really
like
to
see
is
if
an
image
has
moved
from
one
registry
another
you
can
still
somehow
you
know,
move
the
sign
with
it
and
and
still
you
know,
tell
where
it
came
from
and
that's
the
sort
of
stuff
that's
been
worked
on
notary
v2
and
I
know
both
docker
and
justin
cormack
and
microsoft
and
steve
lasker
and
people
are
working
heavily
on
this.
The
interesting
thing
is
that
kind
of
notary
v2
is
very
different
from
military
v1.
C
I
think
it's
going
to
become
very
important
over
the
next
few
years
and
that's
supply
chain
security
and
some
people
have
started
looking
at
this.
You've
probably
seen
projects
like
in
toto
and
graffias,
and
I
think
the
google
cloud
platformers
even
integrated
some
of
those
solutions
and
I've
not
really
played
with
what
exactly
they've
done
yet.
But
I
think
this
is
going
to
be
quite
a
big
thing
and
yeah
you'll
see
more
sort
of
solutions
and
and
people
talking
about
this,
particularly
in
the
light
of
things
like
the.
What
was
it
cloud?
C
Yes,
no
I'm
sure
I'm
saying
closing
you're
right,
so
it
wins
yeah
and
you
know
a
lot
of
that
was
all
about
supply,
chain
security
and
being
known
where
stuff
came
from
and
being
able
to
prove
where
it
came
from.
Basically,
okay.
So
the
other
question
you
can
ask
yourself
is
why
what's
the
point
involved
in
another
registry,
given
we
have
docker
distribution
and
so
on?
C
C
But
the
thing
is
with
trial
is
I've
kind
of
focused
on
slightly
different
things
and
the
way
I
started
describing
it
and
I'm
still
kind
of
working
on
how
I
describe
it
and
how
I
think
about
it.
So
I'm
very
interested
in
the
feedback,
but
I
started
talking
about
the
work
and
set
so
most
registries
at
the
minute
they're
designed
to
store
all
your
images
for
all
time.
If
you
like,
so
you
push
all
your
test
images.
C
C
I
started
thinking
about
things
a
bit
differently
and
what
I
want
to
focus
on
was
like
the
working
set
of
images,
so
I'm
being
able
to
securely
and
efficiently
deliver
those
to
the
nodes
within
a
cluster
so
by
work
and
set
what
I
mean
it's
just
the
bare
set
of
images
that
are
required
to
run
your
applications
on
your
system.
So
it's
not
the
full
history.
It's
not
like
all
the
things
going
back
in
time.
C
And
leaving
on
from
that,
the
design
that
I
know,
if
you
know
you
can
use
it's
just
a
registry,
so
you
can
do
what
you
like
with
try.
You
know
you
could
store
everything
and
there's
absolutely
no
reason
you
can't,
but
the
way
I
sort
of
designed
it
it's
normally
will
run
inside
a
cluster,
typically
a
kubernetes
cluster.
C
So
if
you
have
a
system
with
multiple
clusters,
you'd
have
multiple
instances
of
trial
and
those
instances
of
the
trial
could
then
talk
to
you
know
another
registry
which
may
be
stored
in
all
your
images,
for
example.
So
it's
not
that
so
in
a
lot
of
cases,
if
I
might
not
replace
harbor
or
whatever
it
may
be,
it
could
work
alongside
it.
For
example,
I
have
there
is
no
choice
of
storage
back
ends
until
at
the
minute
it
just
saves
the
file.
That
was
a
deliberate
decision.
C
C
C
So
one
thing
I
really
want
to,
I
think
I'll
talk
about
this
a
little
bit
later,
hopefully,
is
when
I'm
thinking
about
auditing.
You
know
the
registry
if
it
runs
inside
the
cluster
and
then
the
registry
should
really
give
you
a
good
overview
of
what's
happening
in
the
cluster.
I
should
be
able
to
look
at
it
and
see.
Okay,
what
are
the
images
that
are
currently
used
in
the
cluster
and
how
they've
changed
over
time
and
who
made
what
changes
and
so
on?
C
So
I
think
there's
a
lot
of
benefits
to
an
approach
like
this
for
for
auditing
and
security.
Finally
lightweight
so
you
know
it
needs
to
run
in
the
cluster
or
intended
to
run
the
cluster,
and
so
I
don't
want
to
consume.
You
know
a
lot
of
resources
and
I'm
not
you
know,
I'm
thinking
like
cpu
as
much
as
anything
else
here
and
that's
one
of
the
reasons
that,
as
I
chose
rust
as
you've
pointed
out
earlier.
C
So
what's
some
of
the
current
features
so
at
the
minute
is
oci
standard
compliant,
it
does
have
the
catalog
api,
which
is
the
the
thing
that
lets.
You
say
you
know
list
all
the
repositories
and
images
within
the
the
the
cluster.
I
also
added
what
I
call
the
tag
history
api.
So
I
can
say
you
know
say:
you've
got
image,
redis
3.4,
I
can
say
gif,
you
know.
C
One
of
the
things
I've
been
thinking
about
is
like
how
you
can
integrate
better
with
clusters.
So
one
of
the
first
things
I
did
was
add
some
image
controls.
So
the
idea
is
so
what
I've?
What
I've
got
at
the
minute
is
an
emission
controller
that
that
you
can
spin
up
the
mission
controller
talks
to
trout,
and
so,
if
you
create
a
new
deployment,
the
image
controller
will
check
the
images
in
the
deployment
and
by
default.
C
What
we'll
say
is
if
this
image
does
not
exist
within
the
registry,
then
disallow
it,
and
you
can
also
expand
this
with
regex.
So
you
can
say
things
like
okay.
If
the
image
exists
in
this
local
registry
allow
it
but
also
allow
official
images
from
the
docker
hub,
but
not
user
images,
and
things
like
that,
so
I
tried
to
make
it
easier
to
add
controls
like
that.
You
can
also
do
something
very
similar
things
with
oppa.
C
So
that's
another
way
to
go
for
that
proxy
docker
up.
So
that's
a
thing
I
implemented
the
end
of
last
year
and
that's
another
thing
that
I
I
see
is
sort
of
an
essential
feature
for
really
to
to
try
and
take
five
forward
is
sort
of
being
able
to
proxy
and
cache
images.
So
this
goes
back
to
working
in
alongside
other
registries
if
you
like,
but
the
approximate
docker
hub
was,
as
you're.
A
C
No
there's
nothing
like
that,
but
having
said
that,
you
can
associate
a
user,
so
I
mean,
and
that
works
both
for
excuse
me
for
pulling
private
images
and
for
the
limits
are
per
user
so
like,
if
you
authenticate
to
the
docker
hub,
you
get
like
a
higher
amount
of
limits,
so
you
can.
You
can
use
a
certain
user,
but
the
limits
like
you
know
it's.
I
can't
remember
it's
a
per
hour
they're
a
bit
odd,
so
it's
actually
and
also
they
don't
enforce
them
strictly.
C
C
C
I
nearly
went
with
go
but,
to
be
honest,
I
wasn't
a
big
fan
of
go,
but
I
am
happy
that
I
chose
rust
before,
like
the
safety
and
the
speed
things,
I
think
it
potentially
will
give
us
the
ability
to
create
a
very
efficient
solution.
It's
not
that
efficient
at
the
minute.
I
have
a
lot
of
work
to
do
there,
but
the
potential,
I
think,
is
pretty
good.
The
issue
with
choosing
boss
was
web
frameworks
and
stuff.
So
I
have
the
libraries,
especially
at
the
start,
weren't
as
strong.
C
Yeah,
so
to
install
it,
I
created
like
a
couple
of
different
methods:
there's
a
quick,
install
method,
which
I
can
I
can
demo
if
you're
interested,
there's,
also
standard,
install
methods.
The
first
one
I
did
was
with
customize,
which
I
really
quite
like,
but
everybody
wants
to
use
helm.
So
I've
had
to
start
trying
to
to
support
that
properly
and
there
is
a
helm
install
now.
C
But
the
quick
install
is
quite
interesting
because
normally,
when
you
install
a
registry,
you
have
to
faff
about
setting
up
a
domain
name
and
pointing
at
it
and
so
on,
which
is
quite
right.
But
you
know,
if
you
have
just
a
development
cluster,
you
probably
don't
have
a
domain
name
or
you
can't
be
bothered
putting
it
at
a
domain
name.
So
I,
the
quick,
install,
has
some
hacks
that
kind
of
gets
around
that.
C
Yeah,
let's
do
it
cool,
it
won't
take
too
long,
and
it
might
give
you
a
chance
to
ask
any
other
questions
right.
So
let
me
see
if
I
get
this
right
so
just
before
I
started
this,
I
did
from
the
zoom
window.
I
did
spin
up
kubernetes
cluster
I've
not
even
connected
to
it
yet,
and
let
me
see
if
I
can
share
my.
A
C
C
Oh
whoa,
oh
you
get
a
bunch
of
stuff
and
you've
used
to
be
less
there.
I
think.
Okay,
apparently
it's
got
stack
driver
and
I'm
sure
that's
costing
me
a
fortune
anyway.
So
this
is
a
you
know.
That's
all
you
know.
That's
only
the
stuff
that
comes
with
by
default.
I
don't
have
anything
around
there
at
all
yet
which
directory
I
mean.
C
C
I
can't
remember
you
know
it's
like
there's
a
couple
of
ways
you
can
handle
certificates
and
kubernetes,
but
it
tends
to
be
annoyingly
complex,
especially
for
just
developing
yeah.
If
you
went
on
jke,
you
need
to
run
this,
and
this
I've
done
it
before.
So
I
don't
need
to.
One
of
them
is
just
to
open
the
port
in
the
firewall
for
cubectl
and
this
other
one
yeah
what
to
do
with
the
rights
and
yeah.
C
So
this
script
is
very
hacky,
but
it's
kind
of
cool
you
can
set
the
the
namespace
you
want
to
install
and
for
some
silly
reason
I
installed
like
to
keep
public
by
default.
I
think
that
was
a
mistake.
I
should
probably
have
created
a
try
namespace
this
step.
I
should
push
this
a
minute
ago
as
well,
because
this
step
takes
a
little
while
I've
never
really
figured
out
why,
but
for
some
reason,
when
you
submit
a
certificate
to
the
community
ca,
it
takes
a
little
while
before
it
approves
it.
C
Oh
yeah,
it's
already
created
a
bunch
of
the
deployments,
the
service
role
bindings
yeah.
I
think
this
is
you
know
what
sometimes
we
complain
about
with
kubernetes.
You
can
kind
of
see
it
there.
Just
for
all,
I'm
really
trying
to
spin
up
is
a
single
container,
but
you
end
up
with
like
a
whole
bunch
of
effectively
config
around
about
it
as
well.
Okay,
there's
a
certificate.
C
C
C
The
way
that,
like
this
hacked
version,
only
works
with
docker
like
if
you
have
a
container
d
based
kubernetes
distribution,
then
it's
actually
going
to
break.
I
need
to
figure
out
a
way
to
to
make
things
easier
in
container
d
as
well
and
it's
to
do
with
where
the
certificates
live.
Basically,
so
what
I've
done
here
and
all
the
nodes?
I've
configured
seos
to
know
this
try.cube
public
address
and
I've
copied
the
certificate
to
the
docker
directory,
so
in
container
d
that
changes
to
be
a
different,
it's
not
even
a
directory.
C
Actually
you've
got
like
set
it
in
the
config
and
it's
it's
a
bit
of
a
mess
actually,
but
in
docker
what
you
can
do
is
you
can
just
put
the
certificate
in
a
specific
docker
directory
and
docker
sort
of
picks
up
at
runtime.
So
I
don't
have
to
restart
docker
or
anything,
but
that's
not
the
same
with
container
d.
So
it's
a
bit
of
a
problem.
To
be
honest,
I
think
they're
actually
changing
that,
but
I'm
not
100
sure,
okay,
but
anyway,
so
it's
kind
of
it's
it's
copied
stuff
gets
to
the
docker
directory.
A
C
I
think
it's
even
worse
than
that.
I
can't
remember
to
look
exactly
what
I
did.
I
think
I
creates
empty.
I
can't
remember
it's
it's
possibly
a
security
hole.
Actually
I
mean
I've
not
done
anything
to
this
kubernetes
cluster.
This
is
like
a
default
kubernetes
cluster
and
it's
actually
surprising
what
you
can
achieve.
C
Yeah
yeah,
it's
a
default
gke
thing.
I
wish
you
would
remember
the
details.
Basically
yeah
you
can
edit
etsy
host
basically
for
the
node,
because
you
just
mount
it.
I
think
I
can't
remember
the
details,
but
it's
a
while
ago
since
I
wrote
it,
but
it
stayed
it's
kept
working
for
a
couple
of
years
now,
but
it's
a
hack,
it's
not!
This
is
purely
for
setting
up
a
development
cluster.
C
It's
not
something
you
should
ever
do
in
production,
okay,
so
the
other
bit
I've
got
down
here
is
yeah
we've
added
to
local
laptops.
So
this
is
the
just
adding
it
to
local
laptops,
so
troy.keep
public
yeah,
it
can
be,
can
be
rooted,
but
this
bit
more
interesting.
Try
with
the
validation
webpage.
So
that's
that
admission
controller
I
was
talking
about
earlier,
so
I'm
going
to
say.
Yes,
if
I
said
no,
then
I'll
let
any
image
run.
C
C
C
C
C
C
C
It's
a
domain.
It's
a
single
instance.
There
is
like
when
I
it's
again
like
my
ambitions,
kind
of
get
ahead
of
me
sometimes
so
when
I
designed
it,
I
did
design
it
for
the
idea
of
being
distributed,
so
you
could
have
multiple
instances
for
aja
and
so
on,
but
I've
not
really
got
that
far
yet,
but
it's
it's
actually
quite
nice
all
the
same,
because
it's
all
based
off
disk
at
the
minute.
So
you
know
if
you.
C
C
C
C
C
That's
not
going
to
help
that's
going
to
be
in
the
video
now
yeah,
so
that's
it
there,
and
these
are
the
so
that
was
you're
asking
about
how
I
copied
the
search.
It's
actually
a
job
that
goes
and
copies
the
search
onto
each
node
in
a
slightly
hacky
way,
and
so
that's
those
ones
you
can
see
completed
there
and
there's
our
deploy.
C
C
C
And
yeah
it
explains
because
we
turned
on
the
admission
controller.
It
makes
it
explicit
like
what's
allowed,
so
we
can
push
anything,
that's
prefixed
with
kubernetes
or
gcr.io.
Oh
and
myself.
I
think
that
was
another
problem
I
had
you
know
you
need
to
be
able
to
pull
yourself
in
some
cases,
yeah
it's
update
and
so
on,
and
you
can
also
say
things
like
this
is
specific
image
explicitly
allowed,
so
that
would
be
like
a
full
image
name
or
you
can
say
an
image
of
the
prefix
is
allowed.
C
A
C
C
C
C
No,
that's
a
good
question.
Yeah
I
mean
that's
one
of
the
interesting
things
in
kubernetes.
I
think
because
the
second
people
start
adding
admission
controllers,
especially
mutating
ones.
Then
you
end
up
with
like
very
different
clusters.
So
what's
something
that
works
in
one
cluster
doesn't
necessarily
work
in
another
cluster.
A
C
D
C
It
is
a
little
bit
there
is,
so
it's
actually
a
little
bit
strange
because
in
a
standard,
the
distribution
standard
there
is
a
delete
command.
So
you
can
call
you
know
from
from,
like
a
sort
of
rest
command
line,
you
can
do
an
http
delete
and
give
it
a
share,
and
that
will
delete
the
associated
blob.
C
Now,
that's
obviously
quite
a
low-level
way
of
doing
things.
It's
also
a
bit
dangerous
because
you
can
delete
blobs
that
are
used
by
more
than
one
image,
for
example,
and
for
that
reason
several
registries
don't
actually
support
the
method
of
deletion,
and
I
think
it's
probably
going
to
be
changed
a
bit
in
in
the
standard.
I'm
not
quite
sure
what
I
should
go
and
check
exactly
what
what
the
situation
with
that
is
at
a
minute,
but
it
it
arguably
makes
more
sense
to
do.
C
D
D
C
C
I
took
it's
so
it's
quite
reliable
at
the
minute,
but
it's
slow
and
but
what
I'm
working
on
the
minute
would
would
be
like
an
order
of
magnitude,
speed
up
or
I
think
it
might
actually
be
two
orders
of
magnitude
speed
up
and
in
which
case
I
think,
try
will
at
that
point
be
very
competitive,
like
I
think
it
should
be
possible
for
try
to
become
one
of
the
faster
implementations
once
I've
done
a
few
changes
at
the
minute.
It
won't
be,
though,
so
I'm
quite
happy.
C
D
C
B
C
Thanks,
okay,
yeah
so
what's
happening
in
the
future.
One
thing
is
vulnerability
scans
and
actually
that's
one
of
the
things
that
harbour
has
already,
but
one
of
the
very
nice
things
they
did
was
they
basically
created
a
standard,
so
there's
basically
standard
in
harbor
for
how
to
connect
new
vulnerability
scanners.
C
So
if
I,
the
idea
is
that
I
can
implement
pretty
much
the
same
interface
in
trowel
and
then
you
can
plug
in
whatever
vulnerability
scanner
you'd
like
assuming
it
implements
that
interface
gui.
That's
actually
been
worked
on
a
minute
by
one
of
my
colleagues,
so
I'm
very
keen
to
get
that
working
and
usable.
There
is
a
question
about
whether
or
not
you
know
we
should
do
a
gui,
that's
usable
by
any
sort
of
oci
compliant
registry
at
the
minute.
C
It's
just
compatible
with
trial,
but
you
know
it's
definitely
something
to
think
about.
I'm
full
audit
log
yeah!
I
talked
about
that
earlier.
I'm
very
keen
on
this
idea
that
you
know
we
can
look
at
throughout
and
see
what's
happening
in
thrive,
and
that
gives
us
a
very
good
idea
of
what's
happening
in
our
clusters.
I
should
give
us
a
very
good
idea
of
what's
happening
in
clusters:
mutable
tags
yeah.
C
So
that's
actually
really
interesting
with
relation
to
kubernetes.
You
know
when
you
do
like
kubernetes.
Like
the
first
time
you
spin
up
a
cluster.
You
probably
thought
right.
I
want
to
update
this
image
at
some
point,
and
so
you
just
push
a
new
image
and
then
you're
sitting.
Thinking
hang
on.
How
do
I
and
then
you
know
you
did
the
acoustic
tail
deploy
and
nothing
happened,
because
the
yaml
hadn't
changed,
because
the
image
name
hadn't
changed
and
that's
because
kubernetes
effectively
sees
taxes
immutable
right.
C
C
Oh,
I
could
have
presented
and
as
you're
aware
as
you're
probably
aware,
there's
already
a
couple
of
projects,
one
of
which
is
cncf,
which
is
the
dragonfly
one,
and
it's
also
the
cracking
one
from
uber
for
that
and
they're.
Both
some
quite
large-scale
projects,
though
so
they're
both
around
this
idea
of
like
distributing
images
quicker
and
using
sort
of
bittorrent
style
distribution.
C
They
do
seem
quite
large
projects
intended
more
at
the
extremely
large
scale
of
clusters,
and
I
would
like
to
try
and
keep
things
perhaps
a
bit
simpler
if
anything
so
they're
also
useful
on
the
smaller
scale,
and
I
could
be
wrong
there.
It
might
be
disparaging
dragonfly,
for
example,
and
I
don't
want
to
do
that
because
it's
certainly
an
interesting
project,
so
I
come
backwards,
but
yeah
that's
pretty
much
all
I
have
so.
Thank
you
very
much
for
listening
to
me
and
see
more
questions.
B
C
C
I'm
I've
not
really
got
to
the
bottom
of
why
people
need
a
registry
in
ci
cd,
but
they
did.
I
guess
you
know,
as
many
people
pushing
an
image
and
testing
it
in
the
later
part
of
the
pipeline,
but
you
know:
there's
not
a
there's,
not
a
large
number
of
users
and
yeah
I'm
interested
in
the
thoughts
on
how
I
can
get
more
users.
I
think
there's
a
couple
of
features
that
really
need
to
be
implemented
first,
especially
around
proxy
before
I
can
really
address
the
use
cases
that
I've
been
talking
about.
A
Good
so
one
more
question
question
so
so
yeah
in
more
about
the
the
differentiation
with
some
of
the
other
projects.
Right
so
like
I
mean
you
have
written,
trowel
and
rust
right,
so
one
of
the
things
is
that
maybe
it's
faster,
but
you
know
and
so
and
then
you
were
saying
that
maybe
because
it's
in
kubernetes,
then
it's
with
a
mission
controller.
A
C
C
The
other
thing
I
want
to
look
at
is
soft
security
in
auditing.
I
think
we're
missing
like
stuff
there
around
auditing
and
the
supply
chain
and
security,
and
so
on.
It's
not
clear
to
me
if
anybody
really
shares
my
concerns,
though
certainly
people
start
talking
about
supply
chains
and
note
3
a
lot
more
yeah,
so.
A
One
question
about
that,
so
I
mean
a
lot
of
these
other
container
registries
use,
maybe
third-party
scanning
tools
right
so
for
container
images
right.
So
maybe
one
way
to
target
different
types
of
users
is
to
have
that
integrated
into
a
registry
and
yeah.
And
then
maybe
you
talked
about
notary
v2,
and
maybe
that
could
be
something
that
could
be
used
more
directly
with
a
container
registry
to
sign
or
verify
legitimate
images
right.
So.
C
A
A
Yeah
because
we
have
the
sandbox
stage
and
that's
actually
more
of
a
playground,
but
I'm
not
really
sure
if
the
I
don't
remember
exactly
if
there's
like
a
requirement
for
a
number
of
users
right
so
eventually
when
when
it
goes
into
like
the
next
stage
of
incubation.
Obviously
there
needs
to
be
some
amount
of
users.
A
C
A
Yes,
but
some
of
the
questions
will
will
be
you
know
about
differentiation
with
other
projects.
I
mean
hardware
is
already
a
cncf
project,
it's
a
graduated
project
and
then
all
also
the
question
comes
up.
You
know
how
is
this
yeah?
How
is
this
going
to
be
better
in
the
context
of
like
the
cncf,
you
know
having
all
these
projects
to
help
end
users
right
and
you
know
when
you
have.
You
know
too
many
projects
that
are
doing
the
same
thing.
A
It
may
not
actually
look
beneficial
for
end
users,
because
that
that
may
end
up
being
confusing
them
right
so
like
which
one
should
I
use
right,
but
then,
if
there's
more
distinct
features,
then
there's
more
of
a
story
right
behind
like
okay,
you
can
use
trial
for
this
type
of
thing
right,
so
it
might
actually
not
not
even
be
about
the
technology.
It
may
actually
might
actually
be
just
about
the
messaging
right
about
yeah.
So
like
how
how
you
position
it
right.