►
From YouTube: CNCF TOC Meeting 2021-03-16
Description
CNCF TOC Meeting 2021-03-16
A
B
B
B
D
B
D
All
right
looks
like
we
have
stabilized
on
28
people
at
the
moment.
So
hello,
everyone
welcome,
let's
get
started
normal
introductions
apply
hello,
you
made
it
welcome
okay
and
we
have
the
tech
radar.
This
will
be
very
exciting.
I
can't
remember
who
do
we
have
to
present
the
tech
radio
do
we
have?
I
have.
F
C
Hello
to
you,
elena,
thank
you
all
right,
hello,
everyone,
my
name
is
alina.
I'm
a
software
engineer
at
apple
and
one
of
the
cncftocs,
and
today
I'm
going
to
be
presenting
the
cncf
and
user
technical
radar
on
secrets
management
that
got
published
last
week.
Secret
management
involves
tools
and
techniques
to
manage
secret
data
like
token
passwords
and
certificates,
and
it
becomes
more
essential
and
complicated
as
the
cloud
native
ecosystem
grows,
because
the
micro
services
need
to
talk
to
each
other
and
they
need
to
talk
to
each
other
in
a
in
a
secure
manner.
C
Next
piece:
now:
what
is
a
technology
radar
technology
radar
is
an
initiative
from
the
cncf
end
user
community
and
that's
a
group
with
over
140
companies
that
meet
regularly
and
discuss
challenges
that
are
involved
with
the
cloud
native
tools.
Adoption
and
the
goal
of
cncf
technology
radar
is
to
share
the
tools
that
actually
being
used
by
the
community
and
tools
that
end
user
companies
recommend
to
use.
It
is
a
community
driven.
C
The
data
is
contributed
by
cncf
and
user
companies
and
created
by
the
community
representatives,
and
the
adoption
of
the
initiative
focuses
on
the
future
adoption.
That's
why
we
went
with
three
rings:
adopt
trial
and
assess
adopt
is
when
the
technology
is
clearly
recommended
by
the
end
user
community
trial
is
that
companies
use
it
with
success
and
recommend
looking
at
it
and
it
says,
is
companies
try
it
out
and
find
it
promising
and
recommend
you
keeping
an
eye
on
it?
C
Next,
please
79
companies
participated
in
in
the
secret
management
technology
radar,
and
the
results
were
somewhat
interesting
and
surprising.
The
variety
of
tools
that
are
used
for
secrets
management
by
different
companies
was
wide.
Yet
we
are
able
to
identify
some
exciting
themes
of
how
people
use
secret
management
tools.
C
Next,
please
much
of
the
radar
team
was
initially
surprised.
Oh
please!
Next
just
so,
we
can
see
the
first
theme
that
walt
was
the
clear
winner
as
it
got
the
broadest
adoption
across
many
companies.
Vault
is
a
very
mature
solution
by
the
hershey
corp.
Yet
it's
not
the
easiest
one
to
use,
and
it
is
a
rather
complex,
complex
tool
with
a
high
operational
bargain,
but
the
adoption
was
high
and
the
more
we
looked
at
it,
the
more
we
realized
that
it
makes
sense.
C
If
you're
a
small
company,
you
would
most
likely
offload
your
secrets
management
to
the
company.
Who
knows
how
to
do
that,
and
also
it
is
a
very.
It
is
a
very
good
tool,
because
it's
a
cloud
agnostic
tool
and,
if
you're,
unsure
of
what
cloud
you're
going
to
operate
on
or
if
you
are
creating
across
multiple
clouds,
public
and
private
vault
is
a
great
solution
for
that.
C
That
was
our
first
theme
next,
please,
and
the
second
thing
was
that
we've
noticed
that
the
companies
tend
to
choose
the
solution,
secret
management
solution
that
is
native
to
the
cloud
where
they
run
their
workloads
and
it's
and
it's
very
natural,
because
you
tend
to
look
at
the
solutions
that
are
available
out
there
and
the
tools
that
we
got
listed
in
the
technology
radar,
where
aws
secrets,
management,
gcp
secrets,
management,
azure
keyword.
C
And
although
it's
a
very
natural
move
to
use
the
secrets
management
solution
from
the
cloud
where
you're
operating,
we
recommend
you
taking
like
a
broader,
a
broader
look
and
and
consider
using
the
cloud
agnostic
tool,
because,
especially
if
you're,
considering
extending
your
footprint
across
multiple
multiple
clouds.
C
C
Certificate
manager
is
the
kubernetes
native
tool
that
is
used
for
managing
the
certificates,
rotate
them
on
the
regular
basis
and
ensure
that
they
up
to
date.
It
offers
the
high
integration
with
the
rest
of
the
kubernetes
ecosystem
and
we
believe
that
secret
management
is
a
in
top
of
mind
of
everybody
who
uses
kubernetes.
C
That's
why
secrets
management
is
such
a
widespread
solution,
next
piece
and
other
solutions.
C
Besides
vault
public
cloud
solutions
and
certificates
manager
were
very
fragmented
in
the
technology
radar,
we
usually
offer
the
list
of
the
tools
to
go
by,
but
then,
as
a
user
before
worrying,
you
can
put
your
own
solution
that
you
use
in-house
and
something
we
didn't
think
initially
that,
for
example,
people
were
using
encrypted
data
backs
with
devops
tools
like
chef
and
puppet
ansible,
and
these
solutions
were
one
of
solutions
offered
by
people
and
put
on
the
list
by
people,
but
they
did
not
get
a
wired
adoption
across
companies.
C
That's
why
you
don't
see
it
on
the
radar,
and
one
result
that
we
were
surprised
is
some
some
solutions
like
expire,
for
example,
that
is
an
incubated
cncf
project,
didn't
get
didn't,
get
enough
adoption
yet
to
be
to
be
put
in
the
on
the
radar,
and
I
think
we
know
the
reason
why
it's
a
rather
complex
tool
that
covers
many.
C
C
So
these
are
the
four
themes
that
we've
noticed
in
the
secrets:
management,
a
radar
process,
and
we
are
curious
to
hear
your
feedback
and
hear
about
the
secret
management
solutions
that
you
use
in-house.
That's
it!
Thank
you.
B
One
question
in
chat:
actually
there's
quite
a
few
questions
in
chat.
Take
it
back
so
where
do
you
want
to
start
because
first,
one
is:
how
does
this
particular
tech
radar
response,
compare
to
other
subjects
done
previously
and
then
there's
a
question
from
liz
as
well,
so,
jim
liz?
Do
you
want
to
be
able
to
like
raise
your
questions
by
voice.
G
Yeah
I
jim
st
ledger
just
looking
for
some
comparison.
I
don't
know
if
I
think
cheryl
chimed
in
you
know:
29
companies
79
votes,
you
know
is
that
a
good
is
that
a
better
or
worse
response
than
past
tech,
radars
we've
done.
H
G
D
C
D
C
H
Secretless,
I
don't
think
so.
They
came
down
to
the
companies
that
were
contributing
to
it,
so
if
they
they
could
add
extra
suggestions
to
the
list
of
products
and
projects.
I
guess
in
this
case
they
didn't
keywords
was
on
there
as
well.
I
I
Yeah
there
there's
seems
to
be
the
the
contention
between
what
we
call
a
secret
traditionally
like
certificates
or
more
identities
than
secret
material,
and
perhaps
the
scope
should
be
brought
into
authentication
technologies
which
encompasses
both
touches
both
on
the
proof
of
possession
as
well
as
identities
and
recognition
technologies.
That's
like
spire
and
cirque
manager
would
be.
J
So
hi
I'm
from
hashicorp,
so
it's
good
to
see
vault
up
here,
but
the
way
we
think
about
this
often
is
in
order
to
worry
about
identity.
J
There's
a
sort
of
a
dividing
line
between
human
and
machine
and
human
to
machine
authentication
and
identity
is
very
different
from
machine
and
machine
identity,
recognition
and
differentiation,
and
so
sometimes
we
wind
up
in
a
situation
where
people
are
talking
about
their
identity
or
secrets
management,
and
you
have
to
kind
of
like
chop
down
to
the
next
level
about
what
they
mean
by
that
so
authentication
and
authorization.
J
It's
traditionally
handled
very
well
by
lots
of
like
single
sign-on
providers,
octa
and
microsoft
solutions,
but
the
machine
to
machine
market
is
where
the
secrets
management
winds
up,
becoming
the
most
sort
of
like
natural
thing
to
do,
and
people
have
gone
by
with
certificate
rotation,
but
once
they
actually
realize
they've
got
to
do
some
real
secrets
management.
That's
where
vault
points
are
becoming
super
popular,
and
so
we
noticed
that
a
lot
well.
This
chart
on
the
radar
looks
very
much
like
what
we
see
when
we're
talking
to
customers.
J
J
D
H
My
impression
was
that
the
secret
was
actually
in
the
repository,
and
that
was
the
bit
that
was
encrypted,
but
I
don't
know
in
enough
detail
to
confirm.
I
don't
know
because
it
yeah.
D
K
Yeah,
I
think
that
that's
master
key
right.
I
think
that's
what
you're
talking
about
right.
K
Yeah,
I
think
in
vault,
is,
I
don't
know
if
if
it
has
changed
over
the
years,
but
I
looked
at
it
like
a
few
years
ago
and
then
and
they
were
in
keeping
that
in
memory.
So
essentially
you
you
had
a
cluster,
so
they
recommended
redundance
redundancy
where
you
had
like
several
several
nodes,
like
you
know,
maybe
three
nodes
and
that
key
was
actually
stored
in
all
of
the
nodes.
K
So
if
one
of
the
nodes
actually
went
down,
then
you
still
had
the
master
key
lying
somewhere,
but
then
the
question
came
up,
but
what,
if
all
the
nodes
went
down?
Where
would
that
master
key?
Be
right?
So,
but
I
don't
know
if
they've
actually
changed
some
of
that
implementation
over
the
years
they
might
have.
K
I
I
D
H
Published
right,
it
is
published,
I
mean
we
can
do
whatever
we
want
right.
We
can
make
changes
to
it.
I
so
the
the
radar
team
that
created
this-
I
don't
want
to
speak
on
their
behalf.
I
don't
want
to
change
things.
The
judgments
that
they
made
with
this.
I
think,
if
security
wanted
to
publish,
take
this
as
a
starting
point
and
then
publish
a
more
nuanced
discussion
or
suggestions
on
it.
That
would
be
fantastic.
D
D
H
And
this
is
actually
a
really
interesting.
We
had
quite
a
lot
of
discussion
when
forming
this
report
about
whether
this
truly
was
secrets,
management
or
whether
this
covered
various
categories
and
which
ones
so
I
agree.
Actually,
the
the
range
of
products
and
projects
listed
here
don't
quite
match
just
secrets
management.
H
We're
unlikely
to
revisit
this
exact
topic
again,
because
every
quarter
we
pick
a
different
topic,
do
something
differently,
but
I
mean
ricardo.
If
you
wanted
to
shoot
me
a
email
afterwards,
then
maybe
we
can
figure
out
something
you
could
do.
H
Great
yeah
that
would
be
fantastic,
just
I'll
drop
my
email
into
the
chat,
and
I
think
this
has
always
been
just
a
starting
point.
I
mean
it's
always
opinionated,
always
biased
and
the
more
we
can
use
to
expand
on
this
and
give
experts
like
yourself
the
opportunity
to
respond
to
it
and
add
more
nuance,
like
I
think,
they're
better
for
everybody.
C
It's
also
very
similar
feedback
to
to
the
previous
technology
readers
like
on
observability
and
databases
everywhere
we
can
benefit
from
from
nuances
and
and
the
follow-up
reports
and
conversations
and
to
be
more
detailed
and
and
in
categories
in
categorizing.
The
items
from
there
from
the
reader.
D
I
H
H
D
D
H
A
little
bit
yeah,
I
think
this
was
again
one
of
the
ones
where
we
looked
at
the
landscape.
I
was
like
some
of
this
makes
sense,
some
of
it
not
so
much
fair
enough.
Yeah.
H
Revisiting
that's
really
good
yeah,
just
just
a
teaser
like
the
name
of
this
group
is
called
carte,
cartagraphos
cartographos,
the
greek
for
mapping
technology.
I
think
it's
like
the
idea
is
that
I
map
out
assets
which
will
help
people
map
out
how
to
use
cloud
native
technologies.
I
It's
all
predicated
on
this
building
blocks
so
any
way
that
we
can
energize
the
space
for
people
not
just
to
reassemble
existing
components
and
expect
different
configurations,
but
actually
introduce
breakthrough
technologies
and
breakthrough
ideas,
and
perhaps
this
this
will
precipitate
of
well
if
secret
certificate
manager.
Here,
maybe
there's
a
world
where
there's
just
enough
secrets
and
just
enough
identities.
I
So
we
can
reduce
blast
radius
of
things.
So
I
I
think
we
might
be
on
to
something
of
something
innovative
and
breakthrough
ideas
like
I
see
the
mention
of
compliance
well,
better
governance,
better
compliance
is
predicated
on
strong
identities
and
very
little
secrets,
or
only
as
many
secrets
as
necessary.
So
I
think
a
stride
in
that
direction.
So
there's
perhaps
a
framing
that
is
all-encompassing
of
different
security
dimensions
and
a
broader
narrative.
D
I
I'm
thinking
in
combination,
it
will
be
good
to
work
with
cheryl
sounds
like
she's,
also
working
in
other
areas
around
well.
How
do
people
do
modern
interpretations
of
landscapes
like
perhaps
this
is
not
a
topographic
map?
That's
more
a
a
subway
map.
What
station
you
get
on
and
your
destination
dictates
your
journey
and
we
we
can
take
well
the
the
report.
That's
been
done
and
the
data
from
it
and
either
perhaps
change
the
language.
So
it's
not
as
disparaging
of
certain
projects
or
like
shed
slide
of.
Why
do?
I
How
would
this
projects
come
into
the
equation,
not
being
secret
solution
on
their
secrets
management?
We
can
add
a
ton
of
color
of
like
how
can
you
leverage
both
in
combination?
We
can
also
do
like
the
next
set
of
things
like
well.
What's
the
intersection
of
the
two
and
do
a
write-up
about
it
about
it,
use
the
cloud
native
security
landscape?
I
That's
in
the
works
for
that
purpose,
as
well,
and
unlike
cheryl's,
renewal
of
the
landscape,
so
yeah
thinking
thinking
a
little
bit
scatter-minded
and
and
in
every
single
direction,
but
starting
to
to
hear
the
semblance
of
something
that
that
we
can
perhaps
form
for
more
more
thoughts
around.
H
I
would
love
to
brainstorm
with
you
on
how
to
do
those
things
together.
Definitely
I'm
open
to
new
formats,
new
ways
that
we
can
produce
helpful
content
for
people
yeah
just
to
help
guide
them.
I
think
it's
it's
very
hard
for
people
who
are
not
in
this
day-to-day
looking
at
it
to
really
understand
the
the
kind
of
reality
there's
a
lot
of
hype.
There
is
a
lot
of
hype
right.
H
D
100
agree
with
that,
and
I
think
we
have
some
very
good
articulations
of
like
kind
of
101.
You
know
how
to
adopt
cloud
native
101,
but
actually
you
don't
have
to
go
very
far
down
the
road
before
you
realize.
Oh
there's,
a
ton
of
security,
observability
all
kinds
of
other
bits
that
maybe
are
a
bit
more
confusing
yeah,
but
I
do
I
remain.
I
think
these
technology
radars
are
a
fantastic
initiative.
I
think
we're
learning
a
lot
about
what's
actually
being
used
and
that's
really
useful.
F
B
D
H
Good
question:
oh
yeah!
I
should
have
put
a
link
into
this,
so
if
you
go
cncf,
dot,
io,
slash
tech,
dash
radar
and
this
links
to
a
github
issue
where
you
can
put
in
you
can
make
a
suggestion
for
what
a
future
radar
should
be,
or
you
can
plus
like
thumbs
up
things
that
you're
interested
in
hearing
about,
and
then
it
will
be
up
to
the
next
techradar
team
to
decide
which
one
they
find
interesting
and
they
think
is
is
worth
having
a
radar
on.
H
H
About
10
weeks
end
to
end
we
pull
together
a
team,
they
decide
a
topic.
We
survey
the
end
user
community.
Then
the
team
decide
on
the
the
final
radar
and
then
we
write
it
up
and
publish
it.
D
H
People,
people
love
it
so
one
of
the
things
that
is
really
interesting
about
the
way
this
is
set
up
is
that
if
you're
an
end
user,
you
can
see
exactly
which
company
uses
what
technology
and
what
they
think
about
it.
So
you
have
a
lot
of
private
access
to
this
data
that
externally,
you
can
only
see
the
kind
of
aggregated
version,
so
internally,
people
really
really
have
found
a
lot
of
value
out
of
it.
They
go
present
it
to
their
own
teams.
When
they're
deciding
on
what
technologies
they
should
be
using
yeah.