►
From YouTube: CNCF TOC Meeting 2022-09-13
Description
CNCF TOC Meeting 2022-09-13
A
B
A
One
all
right
we
are
recording
welcome
in
this
is
your
sandbox
project
for
Tuesday
September
13th
ready
to
go
dims,
yes,
hi.
C
Everybody
so,
let's
start
with
the
resubmission
I
think
this
was
the
only
one
which
was
a
resubmission.
They
ended
up
going
to
the
serverless
working
group
and
this
the
project
name
is
serverless
devs.
C
Did
anybody
get
a
chance
to
look
at
this?
One.
D
I
took
a
brief
look
at
it.
I
noticed
that
it's
MIT,
licensed
and
I
was
trying
to
figure
out
their
reason,
but
was
the
field
cut
off
in
here.
D
Let
me
think
it's
really
use
it.
Okay,
because
I
was
trying
to
understand
the
reason
and
they
put
a
bunch
of
stuff
beforehand.
If
you
scroll
up
dims,
there's
a
link
to
the
English
version
there.
Oh
you
scrolled
past
it
oops
scrolled
past
it
the
other
way
right
after
the
header
there
you
go
yeah.
It
took
me
a
minute
too
foreign.
B
D
Okay,
I
I
only
got
the
briefest
of
looks
at
this
because
it
was
further
down
and
I
started
at
the
top.
It
was
one
of
the
later
ones
that
I
got
to
yeah,
but
it
looks
to
be
some
kind
of
serverless
framework,
but
I
couldn't
exactly
tell
why
they
wanted
it
to
be
in
the
cncf
to
understand
that
and
and
then
there
was
the
MIT
license
that
caught
my
attention.
C
Yeah,
the
MIT
license
is
okay,
we
can,
we
can
do
contingency
based
on
huge,
changing
license,
I
think
what
they
are
trying
to
do
here
is
you
know
you
are
a
normal
application
developer.
You,
you
have
some
serverless
code.
You
want
to
run
it
you,
you
know,
you
want
to
run
it
somewhere
right,
like
you
can
pick
where
you
want
to
run
it.
C
You
know
you
can
generate
a
template
based
on
you
know
different
languages,
so
it's
like
a
menu
driven
thing
and
it
will
generate
a
bunch
of
stuff
that
will
help
you
deploy
to
one
of
these
serverless
runtimes.
So
it
tries
to
make
it
easy
for
people
who
are
starting
their
serverless
Journey,
and
that
is
what
I
got
out
of
it.
A
A
There
is
I
believe
some
documentation
around
open
function,
compatibility,
but
it's
not
very
robust
or
in
depth
at
least
that
I
was
able
to
come
across
overall
I
mean
the
project
is
two
years
old:
pretty
steady
piece
of
development,
nothing
that
kind
of
stands
out
as
being
potentially
problematic
or
hindering,
but
I
think
the
the
question
comes
in
since
they've
already
presented
to
the
serverless
working
group,
and
this
is
a
re-application
how
they
fit
within
Cloud
native.
C
Yeah
I
think
I
I
think
I
want
to
like
help
them
by
bringing
them
on
for
sure
the
other
one
that
triggers
also
is
like
hey.
Does
a
service
serverless
working
group?
Do
they
need
to
be
a
state
at
this
point
because
there's
lots
of
projects
already,
so
that's
a
different
conversation.
We
can
have
it
with
them,
but
for
the
purposes
here,
I
I
feel
okay,
but.
A
Yeah
refresh
what
I've
done
here
is
make
sure
that
everything
is
wrapping
okay,
so
you
should
be
able
to
actually
like
get
in
here.
C
Let's
go
left
to
right,
but
we
saw
this
one.
Oh
no.
C
C
A
Edge
cases
we
find
them
all
the
time.
Okay,
this
one's
a
little
new
now.
C
A
Another
re-application
they've
not
called
it
out,
line
12..
This
is
cubescape,
so
if
we
can
drop
that
one
next
Escape,
okay.
C
Thank
you
skip
okay,
so
open
source
tooling,
providing
a
single
pane
of
glass
for
kubernetes
security,
nsacsa,
miter
or
R
back
cicd
Pipelines.
E
A
I
believe
we
asked
them
to
come
back
due
to
a
lack
of
clarity
in
the
project
and
the
direction
and
I
know
that
we
asked
them
to
present
to
tag
security.
So
the
maintainer
reached
out
to
me
to
verify
that
they
did
everything
that
we
asked
them
to
do.
They
have
they
presented
to
tax
security,
they've,
gotten,
better
vision
and
direction
to
move
forward
and
they're
working
on
their
Community
growth
and
development.
C
They
scan
nodes,
they
scan
yaml
files
was
as
far
as
I
got,
and
you
know,
they'll
tell
you
if
something
is
not
right.
C
B
E
E
Yes,
it
is,
and
I
had
some
conversations
with
them,
because
there's
also
a
SAS
service
that
it
submits
to
yeah,
which
was
a
very
unclear
how
much
of
it
was
open
to
us
and
how
it
was
related
to
the
project
and
what
the
boundaries
were
at
the
time.
C
Oh
okay,
yeah.
E
A
So
I
will
say
going
through
their
documentation.
They
do
have
instructions
on
running
it.
Offline
in
a
air-gapped
environment.
C
Okay,
so
they're,
probably
building
they're
using
the
engine
in
their
service,
also
I,
guess.
D
C
C
E
Good
I
believe
it
works
offline
by
default
and
you
have
to
do
submit,
but
it
doesn't
have
a
way
to
yeah,
so
you
have
to
do
minus
minus
submit
on
the
command
line,
but
there's
no
configuration
as
to
who
you
want
to
submit
to
other
services
or
anything
like
this.
It's
basically.
D
Is
the
version
that
you
self-host?
D
Does
anybody
know
if
that's
open
source
or
is
that
a
proprietary
software?
You
then
self-run
in
your.
E
D
I
mean
a
CLI
that
that's
tightly
coupled
to
a
startup
says,
isn't
something
we
should
probably
have
in
this
the
cncf
right,
because
then
that
plays
up
one
vendor
over
others
in
an
open
source
project.
C
Foreign,
so
let's
ask
a
specific
question:
get
the
answer
and
based
on
the
answer,
or
do
we
just
say
contingent
to
this
being
a
standalone
thing
that
can
be
installed
in
some?
You
know
they
do
cover
that
right.
Air
gap.
E
C
E
A
C
What
can
we
tell
them?
What
we
can
tell
them
is
hey,
the
people
should
be
able
to
run
cubescape
in
their
environments,
kubernetes
environments,
conformant
kubernetes
environments,
and,
if
and
the
CLI
should
be
able
to,
they
should
be
able
to
submit
whatever
they
need
to
submit
to
the
local
instance
and
be
couple
their
specific
SAS
out
of
this
equation.
C
Yeah
without
needing
their
SAS,
people
should
be
able
to
do
what
they
need.
What
they
want
to
do.
C
Okay,
so
that's
three
things
we
are
calling
out
between
the
three
three
folks.
Just
now,
do
you
want
to
write
this
down?
Amy.
B
C
So
decoupled
their
SAS
from
the
open
source
project
and
it
you
know
which
implies
that
the
running
the
whole
stack,
including
the
person
okay,
needs
to
be
possible
with
local
open
source.
Yes,
what
were
the
other
things
that
we
told
just
now.
E
A
So
naming
issues
and
okay.
A
Quick
question
on
that,
because
they're
going
to
reach
back
out
once
they
have
that
complete,
are
we
waiting
again
for
another
sandbox
review
before
accepting
or
is
a
check
in
with
the
TOC
in
the
main
Channel
sufficient?
We
should
wait.
A
Ways
to
be
able
to
onboard
like
in
out
of
band.
C
So
is
this
going
to
be
question
or
is
this
or
how
are
we
framing
this
Richie.
B
E
I
mean
I,
think
the
I
mean
they
could
come
back
and
say.
The
Persistence
of
the
data
is
a
separate
bit
of
functionality.
E
This
is
kind
of
this
is
effectively
open
core
and
that
bits
separate,
but
I,
don't
think
we
would
accept
projects
that
don't
have
neutral
providers
of
these
services
that
you
know
what
submit
goes
to
their
service,
not
the
service
that
you
configure
okay,
but
at
the
very
end,
there's
a
spec
for
the
and,
ideally,
sales
go
for
some
right,
some
tooling
for
collecting
data
or
something
something
that
some
other
ways
that
you
could
do
if
that
functionality
is
truly
useful,.
C
I,
okay,
here,
let's
start
from
the
top
container
SSH,
creates
a
new
container.
It's
useful
for
several
things:
debugging
production
systems,
running
honey
pots,
I.
B
Think
I
can
get.
I
can
give
some
info
here.
We
we
actually
have
a
diplomatic
turn
of
this
and
it
was
just
to
see
if
it
worked
they
presented
at
the
cncf.
Research
is
a
group
and
after
the
presentation
there
was
a
suggestion
to
submit
it
for
for
sandbox.
So.
E
B
Do
it
there's
a
the
the
model
that
they
want
is
to
hide
the
handling
of
containers
from
Mostly
scientific
communities
where
people
are
used
to
SSH
to
Central
machines
where
everything
is
installed
for
them
and
it's
kind
of
a
niche
project.
There's
not
a
lot
of
contributors.
It's
and
there's
something
to
be
checked,
which
is
it's
an
MIT
zero
license?
So
we
also
need
to
check
that
okay,
but
yeah.
So
it's
it's.
It
is
an
issue.
I
think
it
will
remaining.
E
At
least
parts
of
it
have
just
been
re-licensed
to
Apache
the
the
lip
container
SSH
is
now
Apache.
Okay,.
B
We
also
have
some
funny
like
branding
link
I'll
place
it
here,
I,
don't
know
exactly
which,
like
a
branding
license,
I,
don't
know
what
that
means
and
I'll
paste
the
link
for
the
their
presentation
in
the
morning.
C
Yeah
yeah:
this
is
fine
we'll
when
we
are
working
through
this,
whatever
they
have
here,
we'll
get
reward
with
whatever
we
do
for
cncf
projects.
E
E
Is
it
bigger?
Is
it
big
enough
to
be
a
thing.
C
Yeah
I,
don't
know
that's
what
we're
telling
them
to
do
right
like
do
come
into
the
sandbox
and
figure
it
out
if
they
make
it
to
incubation.
You
know,
then,
we'll
worry
about
the
graduation
right.
A
So
this
project,
when
I
went
through
the
documentation,
has
a
lot
of
really
positive
potential
associated
with
it
from
operational,
workflows
and
administration
of
production
environments,
as
well
as
some
potential
significant
security
concerns
over
the
execution
of
it,
particularly
around
default
Behavior.
A
There
are
organizations
and
companies
that
have
traditional
production
level
management
of
their
clusters,
where
you
have
folks
that
are
logging
into
prod
environments,
sshing
directly
into
containers
to
make
changes
on
the
Fly
instead
of
promoting
better
immutability
with
container
images
in
their
clusters.
So
this
is
kind
of
set
up
to
assist
in
offloading
some
of
that
behavior
into
a
more
isolated
container.
A
So
there's
value
there
in
organizations
that
already
have
those
and
getting
them
to
change
those
processes.
However,
because
it
is
a
container
that
you're
allowing
someone
to
SSH
into
those
reports
are
open.
There
are
potential
additional
concerns.
So,
generally
speaking,
I
see
the
value
in
this
I'd
be
interested
in
seeing
what
the
project
does,
but
I
would
weigh
heavily
that
they
really
need
heavy
security
involved
movement
from
whatever
their
default
configurations
are,
and
the
overall
behavior
of
the
container
within
a
cluster.
C
E
It
also
supports
usage
as
a
honey
pot,
which
is
very
different
use
case,
which
is
kind
of
confusing
from
the
configuration
point
of
view,
because
configurations
are
somewhat
different.
C
Yeah,
it
looks
like
they
have
separate
Quick
stats
for
Docker
and
kubernetes.
So
that's
good,
yeah,
I'm
I'm,
happy
to
let
them
in
I.
Think
there
is
enough
value
out
here
that
other.
B
C
Okay,
so
any
other
objections
other
than
what
we've
already
talked
about,
we
can
go
for.
A
C
A
B
C
Fga,
this
is
something
interesting.
Anybody
read
the
Zanzibar
paper.
E
Who
is
it
from
my.
D
E
C
D
D
That
was
the
only
thing
that
I
really
noticed.
That
made
me
go
wait
a
minute.
Let
me
take
a
deeper
look
and
then
I
only
got
so
far.
Yeah.
D
C
Yeah
so
yeah,
this
is
what
I
was
reading.
Simply
queried
as
needed
is
a
database
for
relationship
that
govern
access
to
resources.
E
And
that
this
is
a
positive
thing
where
you
should
encourage
people
to
get
involved
with
yeah
rather
than
right,
yeah,
so
I'm,
even
though
it's
recent,
it's
a
you
know,
it's
a
clearly
a
serious
project
from
them
and
they're
they're
they've
got
a
serious
model
that
they're
trying
to
implement
and
a
model
of
how
they're
going
to
do
it
using
hyper,
which
is
already
gradually
as
a
project
and
so
on.
E
C
Go
award
then
I
think
we
have
enough
confidence
here.
B
Before
we
one
concern
and
I
know
that
I
think
Emily
mentioned
this
in
the
DLC
Channel
as
well,
so
as
to
why
this
is
so
new.
This
is
forked
from
from
a
different
company
actually
and
that
doesn't
Inspire
great.
B
Long-Term
strategy,
or
anything
at
least
as
of
now
there's
there's
a
smell
of
a
little
bit
of
Smashing
crap.
To
be
honest,
I
don't
claim
to
have
the
full
background
on
this,
but
when
looking
into
it,
because
someone
poked
me
about
it,
it
didn't
Inspire
confidence
at
all.
C
B
Yeah,
it's
not
at
least
last
I
looked
no
attributions
have
been
have
been
given.
The
thing
you
want
to
look
at
is
from
a
spice
to
be
from
offset.
C
So,
are
they
using
it
here
or
or
this.
B
Story:
okay,
let
me
let
me
give
a
little
bit
more
background.
I
was
contacted
by
someone
who
who
also
worked
on
spice
CP
in
the
past,
and
they
they
were
concerned
about
over
open,
fga,
basically
forking
their
stuff
without
any
attribution
and
then
submitting
it
to
to
cncf,
which
has
an
ungot
smell
to
it,
in
particular,
unless
we
see
OCTA
actually
carry
this
forward.
C
So
yeah,
so
here
is
what
they're
talking
about
right:
yeah,
largely
inspired
by
graph
and
dispatch
packages
in
odd
Zodi,
spice
DB
and
it's
Apache
Duo
license.
So
they
are
free
to
do
that.
C
Attributions,
I
think
we
talked
about
it
and
I
opened
this
issue
for
attributions.
So
during
sandbox
we
can
work
with
them
on
making
sure
that
the
attribution
are
you
know
better
than
what
it
is
right
now
so
I
remove
the
conversation
now.
B
The
question
is,
if
given
the
time
since
they,
since
they
got
started
from
the
Frog
and
I,
agree
that
apache2
allows
forking,
it's
explicitly
designed
to
allow
forking
in
any
and
all
other
licenses
still
looking
at
the
project
as
of
itself
after
the
point
of
fork
is
a
super
short
history
with
no
strong
history
of
contributions
or
Community
Building
or
anything,
because
it's
literally
a
new
thing.
C
I
would
like
to
use
it
and
to
do
better
now
in
sandbox,
under
our
guidance,
rather
than
telling
them
to
go
away.
B
Sandbox
I
think
we
need
to
make
sure
we're
we're
adhering
to
the
the
bar
that
we
expect
out
of
that,
I
think
is
what
dim's
saying
is
like
it
might
not
be
perfect,
but
it's
also
sandbox.
So
you
know
when
we
go
to
incubation,
we
can
certainly
list
this
is
concerning
that
needs
to
be
fixed
prior
to
their
application.
Yeah.
C
Okay,
so
let's
go
back
to
the
vote.
You
know
please,
if
you
do
a
plus
zero
or
a
minus
zero.
If
you
feel
strong.
A
E
C
Okay,
10
more
seconds.
A
E
E
Foreign
I
think
it's.
You
know.
These
are
both
implementations
of
Zanzibar,
both
derived
from
something
else
anyway,
and
we're
not
being
King
makers
about,
like
I.
Think
that
and
it's
I
mean
I-
think
that
yes,
he's
got
a
horrible
chunky
initial
commit,
but
it's
not
all
copied
from
supposed
to
be
by
any
means.
So
yeah,
I'm,
I'm,
okay,
with.
C
It
okay,
so
keep
the
previous
vote
okay
passes
and
we
can
move
on.
Okay.
Thank
you.
How
much
time
we
have.
We
have
19
minutes
so
Q
red,
so
this
is
from
V
Works
and
this
is
for
restarting
the
nodes
so
that
you
know
you
can
apply
some
patches.
D
Yeah,
if
I
look
at
this,
this
was
started
back
all
the
way
in
2017
and
has
been
developed
consistently
for
a
long
time
and
I
think
it
was
originally
a
weaveworks
project
and
then
others
started
picking
it
up
and
using
it
yeah.
D
A
E
C
It
is
just
like
we,
the
focus
is
on
the
smallest
set
of
bits
that
go
out
as
a
kubernetes
release
right
yeah,
you
know,
and
we
do
have
a
lot
of
repositories
that
are
don't
end
up
in
in
the
release
for
sure,
but
those
are
all
small,
tiny
stuff.
You.
C
C
C
Of
them
now,
okay,
Carvel-
this
is
from
VMware
Carvel
is
a
project
that
kind
of
says:
hey.
Helm
is
not
the
only
thing
out
there.
There
is
a
few
other
patterns
that
might
be
better
than
hell.
Here
is
a
set
of
tools
that
work
well
together,
Unix
fashion,
you
know
for
you
to
build
up
your
deployment
package
thingy,
that's,
basically
what
I
got
out
of
this.
E
C
Right
and
if
you
look
at
the
sentence
here,
a
common
pattern
for
travel
uses
pipe
various
CLI
tools
together
so
ytt,
which
munches
yaml
files,
cable,
K
app.
C
You
know
they
pipe
it
to
each
other,
essentially
like
so
here.
Ytt
is
usable
separately
or
you
can
combine
it
with
other
tools.
D
Yeah
I
think
an
easier
way
to
think
about
this
is
Helm.
Is
a
package
manager
in
the
traditional
sense
right,
yeah
you
it's
like
apt
or
Homebrew
or
yum,
or
any
of
these,
and
it's
designed
for
packages.
This
is
more
and
so
there's
a
lot
in
what
makes
a
package
manager.
This
is
a
bunch
of
tools
that
are
small
slices
of
things
that
you
can
use
Standalone
or
pipe
into
each
other
in
different
ways.
Yeah,
it's
a
different
way
of
working
with
your
stuff.
C
Yeah
so
the
unit,
what
each
of
these
does
and
the
K
app
controller
is
one
which
understands
what
a
package
is,
and
you
can
I
guess
you
can
do
an
update
to
newer
versions,
rollback
and
things
like
that
too.
So
it's
kind
of
like
gives
you
the
github's
model
there
I
think,
and
there
is
something
there's
a
controller
for
secret
generation
too.
C
So
the
thing
here
is
yeah:
they
also
have
something
where
they
can
understand.
They
can
migrate
home
packages
to
parallel
packages
as
well.
I,
don't
think
they
called
it
out
here-
and
there
is,
you
know
sufficiently
big
team
working
on
this,
and
they
want
to
now
come
here
and
see
if
they
can
do
more
stuff
in
the
community.
C
So
there
is
a
story
about
you
know.
Standalone
packages,
there
is
a
story
about,
you
know,
can
I
upgrade
a
package
downgrade
a
package
that
kind
of
stuff.
There
is
a
migration-ish
thing
from
Helm
or
to
yeah,
see
image
package
can
be
used
with
Helm
to
make
Helen
charts
aircraft
and
air
gap
friendly.
C
So
there
is
lots
of
ideas
out
here
that
that
is
useful
to
people
who
want
to
ship
their
applications.
E
Out
of
Interest,
how
many
people
using
it
now,
is
it
something
that
you
kind
of
ship
returns
there
and
I
encourage
people
to
use
those
experiments
or,
as.
B
E
C
C
So
it's
a
bet
to
see
if
they
can
do
better
than
hell
and
if
they
do
it's
a
win-win
for
everyone.
If
they
don't,
you
know
there
is
still
options
for
people
who,
like
another
way
of
doing
things
outside
of
hell.
B
C
19
unicraft
I
have
to
give
this
to
you
Justin.
What's
up
with
the
uni
kernels,
have
you
seen
this
before.
E
I
have
seen
this.
This
has
been
around
for
quite
a
long
time.
Actually,
I
haven't
looked
at
it
very
recently,
but
it's
been
around
for
I
mean
it's
better
speed
around
for
I.
C
E
Please
are
we
sure
it's
a
Zen
project,
just
sorry,
I
just.
E
Says,
but
on
the
page,
that's
the
broken
foreign,
not
on
the
home
page.
E
C
E
E
C
Yes,
so
let's
take
it
out
of
the.
A
C
This
point
they
can
move.
You
know
if
I
mean.
A
C
It
says
can
act
as
a
cnco
project,
but
you
know
if
they're,
acting
as
what
they
are
and
project-
that's
probably
not
going
to
work
at
this
point.
C
Okay,
moving
on,
since
we
are
shot
on
time.
Thank
you
so
again,
Justin
I.
E
Labor
is
a
compiled,
Lima
was
thinking
about
joining
as
a
containerdy
subproject,
and
then
it
decided
the
sandbox
was
more
appropriate.
It's
I
mean
it
sounds
weird
as
a
cloud
native
project
is
this
project?
That's
for
creating
VMS
on
Macs,
but
the
I
mean
the
context.
Is
it's
for
building
part
of
it
took
it's
part
of
the
base
tool
thing
for
creating
development
environments
for
running
container
engines
on
Macs,
but
it
still
is
weird
that
it's
a
it's
basically
a
tool
for
running
VMS
on
Macs,
which
just.
D
C
It
started
I
started
noticing
this
more.
When
people
started,
you
know
figuring
out
how
their
Docker
subscriptions
would
work
right
like
I.
D
I
can
talk
a
little
bit
about
this
if
you're
using
Rancher
desktop
on
Mac
or
Linux
you're,
actually
using
Lima
under
the
hood,
it
provides
a
better
user.
Well,
I
would
argue
a
better
a
graphical
user
experience
on
top
of
Lima,
with
a
bunch
of
additions
and
Lima,
primarily
targeted,
initially
container
D
and
nerdy
control
work,
nerdy
control
being
sub-project
under
container
D
and
it
expanded
as
people
wanted
to
do
more.
D
Like
there's
Colima
that
I
think
runs
Moby
instead
of
container
D,
we
started
doing
things
in
Rancho,
desktop
with
it,
where
we
brought
in
containerdy
or
Moby
and
k3s
and
there's
other
people
doing
other
things
on
top
of
it
and
ultimately
their
reason
for
wanting
to
bring
it
into
the
cncf
is
so
that
it
lives
in
a
vendor
neutral
home,
because
it
already
has
multiple
vendors
contributing
to
it
and
as
maintainers
and
that's
their
their
reason
is
they
want
to
the
vendor
neutral
home
to
own
it,
rather
than
it
being
somebody's
project
up
on
GitHub,
with
different
vendors,
contributing
to
it.
C
This
was
akihiro
suda
right,
yeah
named
yeah
the
email
slightly
different.
Yes,
yes,
it
is,
it
is
good,
so
they
know
our
ecosystem
inside
out.
You
know
having
worked
on
with
multiple
projects,
so,
like
I,
haven't
like
no
hesitation
asking
you
know
giving
them
space
here
for
sandbox
any
objections.
C
D
I
have
questions
about
this
one
anyway,
because
you
know:
are
they
submitting
everything
because
they
operate
a
registry
and
they
have
a
policy
client?
Are
they
just
submitting
a
client
or
are
they
submitting
the
client
and
registry
I
I
wasn't
clear
on
that
when
I
was
looking
at
this
and
if
they
want
to
keep
the
registry-
and
we
have
the
client
and
that's
something
to
call
into
question
so.