►
From YouTube: CNCF TOC Meeting 2023-06-13
Description
CNCF TOC Meeting 2023-06-13
A
Okay,
all
right,
we
are
recording,
welcome
everyone.
This
is
our
sandbox
application
review.
We
are
hoping
to
clear
as
many
of
the
projects
out
of
the
queue
as
possible.
Today
we
have
with
us
some
of
our
tag
chairs
on
the
call
to
observe
and
potentially
provide
any
insights
that
the
COC
members
may
not
have
gotten
the
chance
to
go
over.
Yet
we
first
have
two
returning
sandbox
projects
and
then
12
additional
new
applications
we're
going
to
try
to
get
through
as
many
as
we
can
all
right.
A
B
So
as
a
refresher,
so
Exline
is
a
geo
distributed
key
value
store
for
metadata
management
so
which
is
based
on
a
protocol
called
curl.
So
they
mentioned
that
when
existing
distributed
key
value
stores
are
deployed
across
data
centers,
the
latency
between
nodes,
maybe
tens
or
hundreds
of
milliseconds,
at
which
point
the
rough
protocol
will
start
to
build
a
performance
bottleneck.
So
the
code
protocol
was
designed
to
solve
this
problem
now.
B
Coming
back
to
the
concerns
that
we
had
raised
earlier,
so
tax
storage
recommendation
is
that
we
can
consider
them
for
sandbox,
especially
given
that
they
offer
a
novel
approach
to
existing
functional
areas.
There
was
also
a
concerned
raised
earlier
around
the
lack
of
contributors
or
maintainers,
especially
given
the
health
of
the
fcv
project.
B
A
C
D
A
Yep
Josh
had
posted
a
question
in
SL
in
the
chat
around
the
repos.
That
would
be
in
scope
for
the
for
acceptance
into
this
encf,
because
there
is
a
lot
of
other
items
within
Dayton,
Lord
I
believe
it's
just
the
X
line,
but
we
can
certainly
follow
up
out
of
band
on
this
issue,
just
to
clarify
which
ones
are
within
that.
E
D
We
should
probably
be
a
bit
clearer
on
the
phone,
because
I
think
when
we,
when
we
mean
when
we
say
org,
we
actually
mean.
Are
you
donating
a
whole
log
I
think
is
what
we
meant
to
mean
and
if
so,
what
is
it
versus
the
repo?
Maybe
we
just
need
to
have
a
bit
of
clearer
wording
on
that,
because
it's
sometimes
people
have
an
org,
but
they
don't
mean
to
donate
all
of
it,
but
they
still
have
an
org.
A
Yep
all
right,
so
we've
got
an
action
to
update
our
sandbox
form
and
I.
Think
what
we'll
do
is
we'll
follow
up
with
this
project
through
a
comment
after
this
meeting
just
to
get
clarification
on
which
which
repositories
are
included
within
it.
Is
there
a
Toc
member
that
is
willing
to
take
on
that
action
or
potentially
a
tag
chair,
Nikita,
you'll,
follow
up.
A
There,
thank
you
all
right.
Next
up
eraser,
this
is
a
returning
project.
Ricardo
had
reached
out
to
them
last
time
to
get
some
verify
or
clarification
on
preventing
vulnerable
workflows
from
deployment
with
this
project,
as
well
as
some
of
the
similar
runtime
security
projects
within
the
cloud
native
landscape
Ricardo.
Did
you
want
to
provide
any
additional
color
or
commentary
on
the
updates.
F
Affected
their
updates
are
clear,
so
they
don't
see
too
much
overlap
with
the
tools
that
do
scanning
or
at
the
registry
level.
They
do
some
sort
of
some
level
of
overlap
with
runtime
security
tools
like
Falco
and
similar
they
highlight
this
is
mostly
focused
on
the
image
cleanup
of
the
caches
on
the
on
the
nodes,
so
that
there
is
value
on
it
and
also
because
this
area
is
kind
of
still
evolving
I,
see
it
as
a
potential
candidate
for
sandbox.
G
A
So
next
up
is
why
my
store
wammy
store
is
a
local
storage
solution
for
cloud
native
stateful
workloads
with
high
availability
capabilities
and
full
life
cycle
management
of
the
local
disks
on
the
kubernetes
worker
nodes.
Is
there
anyone
that
wants
to
kick
off
the
discussion
around
this
project,
foreign.
B
C
There
are
some
unique
things
about
huami
store
around
being
able
to
migrate
data
between
nodes
and
and
providing
additional
and
migration
capability
which,
which
is
quite
different
to
to
the
to
the
other
systems,
and
it's
based
on
operating
system
and
and
not
additional
sort
of
third-party
products
that
need
to
be
installed
in
the
system.
So
it's
kind
of
very
easy
to
to
adopt
so
I
think
it
could
be
quite
interesting.
There
are
a
lot
of
stateful
workloads
that
depend
on
that.
A
A
This
project
appears
to
be
one
of
the
more
non-traditional
projects
in
the
sense
of
how
we
view
sandbox
applications
and
so
I'm
curious
how
some
of
how
we've
reviewed
this?
What
do
other
Toc
members
think
I
personally
do
not
see
this
as
a
project.
I
see
it
as
a
collection
of
best
practices
that
could
be
highly
valuable
for
some
of
our
software
Engineers
within
the
ecosystem,
or
even
in
some
of
our
adopters
to
reference,
but
I,
don't
necessarily
see
it
as
a
project
moving
on
to
incubation
or
even
graduation.
What
do
others
think.
G
D
E
D
E
D
G
A
A
H
H
How
does
something
like
that
work
and
I
think
it's
going
to
be
more
difficult
to
track
than
other
things
where
you
can
look
at
their
code
and
you
can
look
at
what
they've
done
and
what's
been
shipped
and
what's
you
know,
they're
going
to
have
to
explicitly
document
it
which
is
going
to
make
it
a
little
bit
more
difficult
in
some
cases,
but
it
also
doesn't
fit
the
cloud
native
definition,
because
I
could
take
things
that
are
definitely
not
Cloud
native
and
probably
apply
these
same
things
to
it.
So
does
it
fit.
H
B
D
Yeah
I
think
I
I
think
what's
uncreasing
me
is
also
how
how
to
adopt
it,
and
if
there
are
potential
people
who
do
want
to
adopt
it,
because
the
they're
kind
of
that
it's
a
it's
a
set
of
it's
a
set
of
Google
standards
which
are
not
being
donated
but
which
they,
the
instructions,
recommend
you
fork
and
modify.
But
I
just
I,
don't
understand
what
the
how
the
community
would
use
something
like
this
effectively
and
I
think
it'll
be.
D
It
would
be
good
to
see
more
of
how
it
can
be
used
by
someone
else
and
how
the
the
structure
of
the
reaper
in
the
organization
works
for
other
people
to
use
it
or
collaborate
on
it
or
whatever.
First
potentially,
because
it's
very
unclear
to
me
how
anyone
else
would
would
use
it
now,
which
is
kind
of
related
to
the
point
about
well
again,
I
think
there
could
be
Roots,
but
it
might.
A
G
A
They're,
specifically
looking
for
vendor
neutrality,
I
think
that
this
could
do
well.
Personally,
however,
they
could
potentially
go
to
tax
security
and
environmental
sustainability.
There
are
comments
within
their
repository
that
talk
about
minimal
utilization
and
really
focus
on
the
minimum
requirements
for
deployment,
so
there
there
could
be
opportunities
to
further
reduce
that,
but
I
wanted
to
check
in
with
the
other
Toc
members
and
other
folks
on
the
call,
if
you
all
have
any
comments,
observations
about
Cube,
pooper.
F
A
E
Being
no
I
was
asking
about
the
previous
one.
That
would
be
my
one
concern
about
the
previous
one
and
unfortunately,
I
didn't
get
to
that
one
before
this
meeting,
so
that
they
could
answer
it's
just
not
clear
from
the
documentation,
the
repositories,
whether
their
management
interface
is
cloud
agnostic
or
whether
it
is
specific
to
their
cloud.
Okay,
because
it
was
specific
to
their
Cloud.
Then
we
need
to
ask
them
about
what
plans
they
had
to
make
a
cloud
agnostic.
A
So
for
folks
that
have
looked
at
cubesteller
are
there
any
considerations,
additional
observations
that
you
have
associated
with
the
project
I'm
a
little
bit
on
the
fence
about
this?
One
I
think
that
there
is
value
in
having
this
added.
However,
I
I'm,
not
an
expert
in
this
particular
area,
so
I'm
curious.
What
other
folks
feel
from
runtime
or
some
of
the
other
tags.
G
Oh
hi
yeah,
so
this
this
product
and
those
you
know
some
age.
Basically,
it
spans
a
broad
functionalities.
So
there's
a
party
called
Coop
h.
It
looks
like
a
little
bit
overlapping,
sound
and
also
it
mentions.
You
know
the
multiple
clusters
right.
So
there's
there
are
other
projects
that
handles.
You
know
the
management
of
clusters
so
I'm
just
thinking
if
they
can,
you
know
clarify
what
is
the
difference
or
differentiation.
A
I
G
A
H
You
know
and
go
ahead
well.
I
I
was
just
going
to
add
to
this
that
you
know
their
reason
for
why
the
CNC
app
it
doesn't
really
link
back
to
any
of
the
reasons
we
do.
Sandbox
projects
like
they
could
run
this
just
fine
outside
of
the
CNC
app
and
I
understand.
You
know
it's
born
from
the
principles
of
the
cncf,
but
a
lot
of
things
are
that
don't
need
to
be
in
the
cncf,
so
why
the
cncf
is
still
one
of
those
questions.
I'm
left
wondering.
H
A
A
A
G
G
A
I
think
this
project
could
do
well
from
a
from
an
adoption
perspective.
The
question,
generally
speaking,
it
could
probably
do
well
from
an
adoption
perspective,
because
there
are
a
lot
of
existing
Enterprise
organizations
that
are
either
on
their
Journey
just
starting
out
or
halfway
through
this
transition
to
Cloud
native,
and
this
can
solve
a
lot
of
their
existing
problems
with
their
Network
management,
using
their
existing
architectures
firewalls,
pretty
much
anything
that
they
already
have
in
place
and
just
allowing
that
onboarding
to
happen
a
little
bit
smoother
for
them.
A
C
G
D
A
A
G
I
D
E
I
F
H
You
know
I'll
come
back
to
this,
though,
when
I
look
at
why
the
cncf
right.
The
first
thing
is:
it
increases
awareness,
but
the
reality
is
a
cncf
Sandbox
projects,
don't
get
increased
awareness
just
from
being
a
Sandbox
project,
they
don't
get
the
marketing
and
other
things.
Some
people
may
stumble
upon
them
as
a
Sandbox
project,
but
by
and
large
we
observe
that
people
don't
get
improved
awareness
just
by
becoming
a
cncf
Sandbox
project.
H
We've
got
to
do
something
in
their
own
right
to
be
interesting
and
then
with
guidance
of
the
cncf
right.
They
can
adhere
to
requirements
and
set
directions,
but
the
cncfs
in
itself
isn't
going
to
set
guidance
for
spider
pool
they're,
independently
governed,
and
so
there
isn't
somebody
here
who's
now
going
to
set
requirements
for
them.
They
may
be
able
to
go
towards.
You
know
some
tags
and
some
other
places
to
get
guidance
from
there,
but
they
could
actually
do
that
anyway.
H
F
Yeah
so
I
was
just
gonna
reinforce
the
previous
comment
that
this
might
be
a
niche,
but
there's
a
need
from
some
deployment.
Some
end
users
to
have
some
solution
like
this
and
answering
Emily.
I.
Think
I,
see
this
project
applying
for
incubation
and
and
moving
forward.
So
I,
don't
think
that's
that's
a
system
all.
I
So
that's
going
back
to
your
question
about
like
whether
this
like
are
we
missing
a
gap
and
would
this
fill
it
I
think
this
is
interesting
because
it
is
you
would
deploy
this
in
addition
to
another
cni
I,
don't
see
this
as
a
complete
cni
in
itself.
This
is
like
extending
features
for
particular
applications
in
your
in
your
use
case.
This
is
where
I
think
the
use
case.
A
I
see
it
as
an
indirect
project
as
well,
so
the
question
that
I
have
is:
it
was
proposed
that
this
go
to
tag
Network.
My
question
for
you
all
is:
if
we
send
them
back
to
tag
Network
to
do
a
presentation
or
a
discussion.
What
information
are
we
hoping
to
get
back
out
of
that
activity?
That
would
inform
a
decision
for
us.
J
A
Kbt
is
a
Patrick
Centric
package,
Centric
tool
chain
that
enables
wysiwyg
configuration
authoring,
Automation
and
delivery
experience,
which
simplifies
managing
kubernetes
platforms
and
care
and
driven
infrastructure
at
scale
through
manipulation
of
declarative
configuration
as
data.
Does
anyone
have
any
discussion
or
observations
to
kick
this
off.
E
Yeah
I
was
thinking
about
this
is
I
mean
this
is
a
project
that
came
from
inside
Google,
so
hopefully
somebody
here
should
actually
know
more
about
it.
My
main
concern
about
it
would
be
ongoing
maintenance,
because
the
current
maintainers
are
people
who
already
have
like
15
different
responsibilities
in
Cloud
native
yeah.
J
That
shouldn't
be
a
barrier
for
sandbox,
though
I
don't
disagree,
but
we
should
notate
that
percent.
What
would
they
hope
to
get
out
of
sandbox,
and
how
is
this
again?
Some
of
these
projects
today
are
are
extending
the
ecosystem
not
necessarily
integral
to
it.
So
perhaps
this
is
the
direction
we're
heading
for
the
cncf.
Is
it's
more
these
kind
of
ancillary
projects
that
I
don't
even
know
what
tag
this
would
go
to
to
be
honest,
yeah.
F
A
A
Okay,
so
let
me
ask
a
different
question
associated
with
the
project:
the
problem
that
it's
trying
to
solve,
which
it's
not
really
clear.
Based
I
I've
looked
at
the
Repository,
it's
more
a
different
opinionated
take
than
actually
doing
something
brand
new,
highly
Innovative
experimental
again
it's
an
extension.
D
H
This
way,
just
looking
at
adoption
from
that
non-traditional
mindset
which
we're
starting
to
see
so
I
do
see
something
there
and
their
reason,
for
it
is
an
interesting
one
right.
They
would
like
to
use
the
cncf
CLA,
because
it's
widely
accepted
and
adopted,
and
it's
different
than
using
the
Google
CLA,
which
is
what
I'm
sure
it's
under
today
and
that
does
allow
for
a
wider
contribution,
pool
I,
think
that
is
their
their
reason.
They
call
out
here,
which
I
think
is
an
interesting
and
useful
reason
in
this
place.
A
A
Is
this
something
that
we
feel
given
how
given
the
age
of
the
project
that
we
need
to
have
them
come
back
after
a
period
of
time,
a
little
bit
more
robustness,
maturity,
more
clarification
in
the
use
cases
and
the
problem
space
that
they're
working
towards
potentially
doing
a
presentation
and
app
delivery?
Or
do
we
have
enough
information
to
make
a
decision
on
the
project
today,
given
the
information
that's
presented
here
within
the
application.
D
B
G
Okay,
yeah,
so
so
for
this,
this
poster
in
a
another
open
source
project
called
nephew,
and
it
is
that
nephew
party
used
for
class
kubernetes
class,
so
management.
So
this
for
I
mean
better
configuration
yeah,
it's
quite
it's
I
would
say.
In
terms
of
the
I
mean
there
is
the
technology
itself.
It's
quite
it's
kind
of
it's
not
like.
You
know
very
primitive,
it's
mature.
They
have.
You
know
implementation
on
that.
A
All
right.
Next
up
is
easegrass.
It's
a
cloud
native
tracker
traffic
orchestration
system
with
a
lot
of
different
considerations
in
its
design.
One
of
the
things
that
I
do
want
to
call
out
for
Toc
members
and
other
folks
on
a
call
is
that
the
application
is
a
little
light
on
some
of
the
content
that
we
traditionally
look
for
as
well
as
it's
a
named
product
of
a
company
I
believe
it's
a
company
called
Mega
ease
and
it's
by
the
same
name.
So
they
they
specifically
call
out
easegress
on
their
product
page.
A
B
G
H
A
H
A
A
A
J
J
I'm
also
wondering
if
that
is
just
a
gap
you
know
like
how
do
we
know
that
you
know
the
features
in
the
non-enterprise
version,
won't
eventually
be
merged,
and
then
this
kind
of
becomes
irrelevant.
I
guess
it's
just
kind
of
interesting
I
guess
to
try
to
create
an
open
source
version
of
something
that's
Enterprise,
not
knowing
whether
or
not
because
terraform
does
have
two
different
versions.
J
A
D
To
build
a
product
and
it's
difficult
to
manage
an
open
source
well
as
effectively
an
open
source-
that's
probably
I
I,
don't
as
a
as
a
cncf
project,
so
because
it's
very
you
know
vertically
integrated,
so
I
don't
understand
what
the
you
know.
Quite
what
the
contribution
model
and
contributor
you
know
contribution
model
is
for
things
like
that.
A
A
A
A
B
A
E
E
A
A
B
A
I
A
A
A
Here
is
the
issue
from
Tag
app
delivery,
so
perhaps
what
we'll
do
is
we'll
reach
out
to
tag
app
delivery
and
get
their
feel
for
it,
and
then
we
can
make
a
decision
based
off
of
their
feedback.
Does
that
sound
good
for
everyone?
Okay,
would
one
of
the
TOC
Liaisons
for
app
delivery?
Take
this
on
to
proxy
that
information
and
request.
A
A
Effectively,
my
understanding
of
the
project
is
one.
It
is
extremely
early.
Ai
is
a
growing
interest
Space
by
a
lot
of
projects,
and
this
is
the
first
sandbox
application.
That's
looking
to
take
advantage
of
those
capabilities,
it
does
talk
about
whether
or
not
you're
leveraging
hosted
or
bring
your
own,
which
is
nice
for
Enterprises.
That
need
to
have
that
sense
of
confidence
that
their
information
isn't
leaving
their
environment.
A
C
I've
seen
a
few
demos
of
this
because,
because
I
happen
to
know
Alex
Jones
and
it
it
actually
is
it
like.
It
looks
pretty
clever
you
can
kind
of,
for
instance,
after
kubernetes
cluster
and
kind
of
get
it
to
suggest.
What's
going
wrong
when
there
is
an
issue
yeah,
it's
it's
interesting
and
certainly
but
like
like.
You
mentioned
it's
obviously
early
days,
but
it
does
seem
to
be
getting
quite
a
healthy
community.
At
least
you
know
if
the
Twitter
feed
there's
anything
to
go
by.
D
D
A
I
I
A
A
A
I
think
what
we'll
do
for
this
one
is
we'll
hold
off
until
the
next
time
before
we
can
make
a
decision
to
UIC
members.
Tank
chairs
feel
free
to
comment
on
the
issue
for
the
Liaisons
for
tag
security,
if
you
all
could
reach
out
to
them
and
and
have
them,
take
a
look
that
way.
The
next
time
we
have
a
discussion
on
this
project.
We're
well
informed.