►
From YouTube: CDF - SIG Interoperability Meeting 2021-03-04
Description
For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/
A
D
B
A
E
A
A
Yeah
we
have
topic
for
that,
so
we
can
start.
Then
thanks
everyone
for
joining
and
if
you
haven't
done
it,
please
record
your
participation
and
here
is
the
agenda.
So,
as
usual,
we
will
start
with
action
item
review.
We
have
few
of
those
and
I
think
we
will
be
able
to
close
at
least
half
of
them,
which
is
always
good,
yeah.
E
A
A
B
A
I
also
put
some
notes
about
ebay,
ericsson
and
zul's
take
of
policy
based
on
the
meeting
recording,
and
then
we
will
visit
standardized
metadata.
This
work
seems
to
have
stalled
a
bit,
so
it
would
be
good
to
you
know,
bump
the
topic
up
and
then
we'll
have
a
presentation
from
oliver
on
project
piper,
and
then
I
don't
know
who
edit
the
topic
but
cdcon.
A
So
yeah.
That's
a
good
reminder.
Maybe
we
can
take
that
first
before
before
the
presentation,
because
it
may
be
difficult
to
come
to
that
topic.
Based
on
how
long
the
presentation
is
so,
let's
start
with
action
items
so
dave
sudhir.
I
don't
see
him
in
the
meeting
and,
as
we
all
may
remember,
he
had
some
changes
in
his
employment,
so
he
may
not
be
able
to
contribute
as
much
until
those
things
are
sorted
out
and
steve.
You
volunteered
to
help
with
the
artifacts
metadata
thing.
A
G
G
A
Policy
side
yeah:
I
should
put
a
lot
of
good
information
there,
which
will
quickly
look
at
it
thanks,
steve.
The
next
action
item
is
on
tracy
miranda
and
she
already
got
kara
and
me
in
touch
with
tina
graves
portland
about
the
discussion
on
four
keys
project
and
how
we
can
collaborate
on
common
things,
because
four
keys
project
is
about
measuring
delivery
performance,
and
that
requires
some
way
of
collecting
all
these
metrics,
which
brings
suspect
to
metadata
and
perhaps
range
topics
back.
A
A
About
policy
on
the
document,
from
order
to
use
and
deploy
hub
so
closing
that
one,
the
next
action
item
is
on
you
and
andrea
and
christie
includes
some
information
in
the
policy
document.
So
we
can
close
the
section
item
if
you
think
she
captured
the
conditionals
you
mentioned,
or
we
can
keep
it
open
up
to
you.
A
Okay,
I
close
it
well,
I
I
looked
at
what
she
added
and
she
didn't
use
the
word
conditionals
that
that's
why
I
asked
this.
So
maybe
we
closed
this
action
item
and
you
look
at
it
if,
like
conditionals,
is
something
used
by
community,
it
would
make
sense
to
add
that
keyword
in
the
document.
So
we
can,
you
know,
translate
the
things
between
different
projects.
A
A
Let's
move
to
the
tricky
topic,
daylight,
saving,
time
changes,
so,
as
I
mentioned
at
the
beginning,
us
makes
the
change
on
march
14th.
I
think
it
is
next
weekend
and
then
europe
makes
the
change
on
march
28th
and
our
meeting
on
march
18th
falls
in
between
and
that
confuses
people
at
least
I
am
very
confused
like
what
time
we
should
have
the
meeting.
A
H
A
B
C
A
E
A
A
A
A
E
I
put
that
in
there
the
hard
deadline
is
this
friday,
the
5th
of
march,
so
it
would
be
great
to
have
lots
of
topics
and
talks
on
interoperability
with
all
of
your
projects,
but
in
general
I
mean
you
know,
it
is
very
good
for
you
to
submit
talks
to
cdcon,
but
it
should
be
excellent
and
there's
a
couple
really
interesting
tracks.
So
do
have
a
look
at
the
website.
Thank
you
for
putting
that
in
there
that's
and
get
your
talk.
Submissions
then.
A
Yes,
so
it's
middle
of
the
night
like
tomorrow's
pacific
time,
12
p.m
or
11
59
p.m,
or
something
so
we
have
a
little
more
than
one
day
to
get
the
proposals
in
thanks
for
reminder.
Kara.
I
forgot
about
that,
because
I
already
sent
my
proposal
for
early
bird
and
I
failed.
I
could
have
made
it
early
bird.
That's
why
I
remember
okay,
so
the
next
topic
is
the
meeting
with
dean
apartment,
so
portman
from
google.
A
It
was
pretty
good
to
hear
because
this
topic
is
also
end
user
aspect.
There
is
a
topic
in
end
user
console
about
measuring
devops
success,
so
it's
like
cdf
end
user
console
is
looking
at
that
thing,
and
four
keys
project
is
looking
at
similar
thing
and
we
are
also
looking
at
how
we
can
establish
some
kind
of
interpreting
domain
to
make
these
things
easier.
So
this
discussion
is
to
find
talk
about
those
things
and
find
opportunities
to
collaborate
further.
A
E
I
think
that's
a
good
point
that
we
should
be
spreading
encouraging
people
from
other
cigs
and
groups
to
join
I've
encouraged
the
jenkins
cloud
native's
sake
to
attend
and
there's
been
a
lot
of
interest
so
in
your
own
projects
and
other
groups
and
meetings
that
you
go
to,
you
might
wanna
tell
people
about
it.
It's
a
very
interesting
project.
The
four
keys.
A
F
Yeah
I
had
a
need
to
chat
with
the
rest
of
the
governing
board
and
not
much
happened
from
it.
Yet
I
guess
it's,
but
it's
definitely
an
interesting
area.
So
I
think
one
of
the
points
in
dinner
presentation
last
year
was
the
faculty
of
trading
different
events
from
tecton,
because
there
is
no
kind
of
obstruction
there
about
what
pipeline
being
deployment
or
specific
item
there.
F
G
Yeah,
so
let
me
just
get
this
right,
so
some
of
the
things
that
we
were
looking
at
at
a
high
level
were
around
licensed
policy
enforcement,
cve
enforcement
and
configuration
policy
enforcement.
So
the
first
few
are
pretty
obvious.
You
know:
are
there
any
licenses
or
cves
that
should
prevent
us
from
moving
forward
with
the
deployment
of
a
particular
version
of
an
application
and
then
like
on
the
configuration
side.
G
So
this
has
come
about
where
you
look
at
teams
that
are
organizations
that
have
a
group
like
an
open
source
group
that
they'll
go
through
and
and
say
that
this
is
a
good,
let's
say:
mongodb.
This
specific
version
is
a
good
version
to
use,
and
that
goes
on
their
approved
list
as
part
of
that
process.
G
So
that'd
be
something
that
we
would
be
looking
at
as
another
policy
and
then
again,
the
licensed
cve
policy
and
the
configuration
policy
are
carried
forward
from
the
ortilla
side
and
then
one
of
the
things
that
we
put
out
there.
We
don't
know
how
easy
it's
going
to
be
do
to
do
from
a
policy
perspective
but
trying
to
rev
the
duplicate
component
policy,
which
we
would
try
to
enforce.
G
Reuse
instead
of
copying
of
code
as
part
of
that
that
level
and
then
finally,
the
sll
sli,
which
would
hook
into
more
of
the
telemetry
that
we're
getting
from
the
clusters
themselves,
the
runtime
environment
and
how
we
should
react
to
what's
happening
at
that
level.
So
that's
kind
of
a
high
level
of
what
we
saw
from
a
policy
standpoint
for
both
artelias
and
deploy
hub.
A
Thanks
steve,
I
have
a
question.
Actually
you
know
when
we
were
talking
about
police
topic
during
previous
meetings.
Few
policy,
engines
or
police
frameworks
were
mentioned,
like
open
policy
agent
and
open
network
automation
platform
policy
framework.
Do
you
use
something
like
that?
An
external
compound
to
enforce
policies
or
like
write
policies
as
codes
or
something
like
that
because,
like
spinnaker
uses
open
policy
agent
and
what
ortelius
uses.
G
Right
now,
we
do
not
have
any
policy
hooks,
so
we're
currently
not
using
any
policy
agent
per
se,
but
this
is
what
we
would
be
envisioning
if
we
were
to
hook
in
something
like
open
policy
agent
in
the
process.
So
that's
one
of
the
things
that
would
look
at
as
a
next
step
is
to
figure
out
how
we
are
able
to
enforce
these
policies
that
we're
looking
to
do.
C
A
A
I
A
A
Yeah
so
before
we
move
to
users
like
cara
jenkins,
I,
as
I
mentioned
too
like
few
weeks
ago,
jenkins,
has
a
plug-in,
I
think,
cloud-based
plug-in
it's
not
an
open
source
plugin,
and
I
didn't
include
that
explicitly
because
I
didn't
want
to
you
know
misrepresent
what
plugin
does.
So,
if
you
could
like
help
putting
jenkins
information
here
or
ask
your
colleagues.
E
A
A
A
Okay
and
then,
when
it
comes
to
users,
so
I
mean
I
again
similar
to
what
I
did
with
rule.
I
tried
to
extract
what
you
summarized
during
the
previous
meeting.
I
included
it
in
the
document,
so
please
correct
what
I
put
there.
I
include
like
badges
and
central
system
handing
out
badges
and
that
actually
enforces
which
applications
could
go
to
which.
A
C
The
approach
the
approach
we've
taken
is
to
decouple
policy
enforcement
away
from
continuous
delivery
workflow
engine
so
that
the
cd
engine
does
what
it
does.
It's
going
to
still
go
to
the
next
step,
go
to
the
next
phase,
and
only
if,
if
things
fail
in
between
it
gets
signaled,
it
itself
does
not
have
any
sort
of
a
you
know.
Policy
has
been
not
been
written
into
the
cd
engine,
it's
been,
it's
been
it's
been
enforced
by
other
things
and
which
then
can
signal
the
cd
workflow
to
stop.
A
So
so
you
can
see
this
diagram
here
I
am
showing.
I
think
this
is
something
like
what
you
described
like
you.
Have
this
cicd
pipeline
technology
like
tools,
but
you
have
an
external
system
who
actually
drives
policy
enforcement
stuff?
Yes,
okay,
so
it
is
pretty
similar
to
our
use
case
like,
as
I
mentioned
during
the
previous
meeting.
We
use
events
and
events
actually
contain
the
metadata
about,
like
certain
confidence
levels
or
badges.
In
your
context,
I
think
we
have
some
common
think
surfacing
here.
I
A
A
Okay,
please
feel
free
to
update
the
document.
It
is
out
there
and
I
will
push
this
version
to
the
repo
as
well,
so
people
can
find
it
there
too.
I
think
we
have
something
here
because,
like
everybody
seems
to
be
doing
similar
things
calling
themselves
differently,
calling
those
things
differently
and
if
you
can
find
a
way
to
bring
these
things
together.
That
would
help
us
in
future,
as
well.
A
A
This
work
has
not
been
progressing
because
of
perhaps
dave's
changes
in
circumstances
steve.
Thank
you
for
adding
commit
thing
here.
I
think
that
is
good
enough
information
to
start
with
and
if
you
could
get
the
artifact
in
place
as
well,
that
would
help,
and
then
we
can
talk
with
dina
as
well,
because
they
are
looking
at
git
information
from
git
and
they
are
probably
looking
at
information
from
artifact
repositories.
A
A
D
Yeah
and
then
let
me
introduce
you
to
to
piper,
which
is
an
open
source
project
since
I
believe
end
of
2017,
where
we
open
sourced
it.
We
started
as
an
inner
source
project
within
sap.
Today,
it's
essentially
both.
We
have
very
sap
specific
aspects
which
are
still
maintained
as
an
inner
source
project,
but
the
majority
of
aspects
is
part
of
the
open
source
project
and
we
are
probably
the
biggest
user
also
of
this
open
source
project
and
within
our
development
organizations,
just
some
fun
facts
for
sap.
D
Now
what
is
piper,
I
tend
to
say
it's
shared
code
in
knowledge
or
shared
codified
knowledge,
which
is
ready
to
use
for
a
development
team
on
the
top.
We
essentially
provide
what
we
call
ready-made
pipelines.
That's
a
continuous
delivery
pipeline
or
even
continuous
deployment
timeline
pipeline
from
code
commit
to
production
deployment.
D
This
knowledge
about
how
to
integrate
these
with
these
kind
of
systems
is
basically
put
into
these
fighter
step.
Libraries
underneath
there's
a
common
configuration
layers,
we'll
see
that
in
a
minute,
as
well,
essentially
yaml
file
containing
configuration
for
the
individual
steps
and
also
for
the
complete
pipeline.
D
Now,
if
you
want
to
get
started,
it's
essentially
four
lines
of
code
which
you
need
to
put
into
your
repository.
Two
files
main
focus
is
jenkins,
but
we'll
come
to
that
also
a
bit
later:
teams
using
jenkins
and
there's
a
jenkins
library
which
is
included
into
a
jenkins
file,
and
then
the
pipeline
is
executed.
Therefore,
this
jenkins
file
is
just
can
be
just
copied
over
sap
internally.
D
D
What
you
want
to
use
you
see
here
in
the
screenshot
above
the
various
stages,
where
a
complete
pipeline
can
run
through
there's
pull
request,
voting,
that's
as
simple
as
getting
started.
Building
unit
testing
integration,
testing
acceptance,
security
performance
until
we
reach
a
promotion
now
very
important.
We
do
have
a
separation
of
the
pipeline
logic
and
the
configuration
the
pipeline
script
is.
Then
I
showed
it's
just.
Essentially
these
two
lines
of
code
are
provided
centrally.
They
are
provided
within
project
piper.
D
That
means
we
allow
for
central
central
innovation.
People
can
consume
those
things
without
doing
anything
since
most
of
the
teams
just
use
the
master
branch
of
the
project
and
with
that
they
just
consume.
What
comes
in
and
by
abstracting
these
things
away,
we
dramatically
reduce
cognitive
load
and
inside
on
the
other
side.
There's
this
team
owned
configuration.
D
I
said
you
have
various
configuration
layers
you
can
configure
on
a
step
level
here
you
see
the
example
of
the
versioning.
Now
you
can
configure
on
a
stage
layer
or
even
for
the
complete
pipeline.
Certain
things
what's
possible,
for
teams
as
well
is
that
they
can
break
out
of
the
predefined
stages,
extend
them
replace
them.
D
Now,
let's
have
a
quick
look
at
the
configuration
it's
a
layered
configuration.
We
have
defaults,
which
come
with
type
with
a
with
piper
with
the
library
itself,
with
step
configuration,
detail,
defaults,
configuration
tutorials
for
basically,
overall
generally
everything
you
run
comes
in
very
handy.
If
you
have
like
me
in
the
company
certain
instances
of
a
scanning
tool
with
a
dedicated
url,
we
can
just
put
that
into
the
company
default
and
no
team
needs
to
take
care
of
it
anymore.
Any
longer,
then
teams
can
also
provide
custom
defaults
right.
D
D
We
have
one
step,
doing
the
automatic,
versioning
and
essentially
hiding
away
the
the
different
aspects
of
of
the
build
tools
like
working
for
npm
versioning
for
maven
version
for
go
and
so
on.
Right
and
the
only
thing
a
team
needs
to
do
is
tell
the
fill
tool
and
maybe
add
some
specifics
for
the
versioning.
D
That's
all
the
team
needs
to
do
not
caring
about
the
nitty-gritty
details
of
how
to
read
a
version
out
of
a
pom-xml
file.
Writing
it
back
and
so
on
now
I
I
mentioned.
We
essentially
started
with
jenkins
we're
a
pretty
big
jenkins
shop.
I
guess
within
sap,
but
the
world
is
evolving,
continuous
delivery
foundation
and
other
and
other
things
right.
We
see
github
actions
taking
traction,
there
is
tactile
and
there
is
various
various
tools
I
mentioned
at
sap,
we're
pretty
heterogeneous.
D
D
D
We
still
have
some
jenkins
stuff
in
there
for
people
who
are
on
jenkins
to
essentially
access
this
world
instance
now,
looking
at
jenkins,
if
you're
familiar
with
jenkins
scripted
pipeline
in
this
case,
in
order
to
do
a
versioning
of
an
artifact
which
you
check
out,
it's
it's.
Basically,
these
lines
of
powered
radio
empty
your
workspace
just
to
save,
check
out
the
repository
and
do
the
versioning
how
the
version
versioning
is
done.
If
it's
major
minor
patch,
what
have
you
it's
just
written
in
the
config
file?
D
Therefore,
you
can
also
across
teams
in
a
certain
area
just
move
that
over.
If
you
wish,
if
you
now
see
the
need
to
move
to
another
orchestrator
system-
or
maybe
you
want
to
first
test
it
locally,
you
can
just
do
it
via
shell.
You
can
call
piper,
you
can
set
the
wall
credentials,
you
can
clone
the
repository
and
run
piper
artifact
prepare
version
and
it
executes
on
the
same
configuration
file.
D
Does
the
same
thing:
if
we
now
go
look
at
github
actions,
there's
a
type
of
github
action
available,
same
thing:
checkout
use
the
action
with
the
command,
artifact
prepare
version,
and
it
does
the
same
version.
Therefore,
you
can
really
switch
pick
and
choose
orchestrator
systems
depending
on
your
demand,
also
and
also
support
migration
parts
tech
time
not
yet
done
to
come.
Maybe
we
can
also
have
a
chat
afterwards
for
those
colleagues
being
involved
in
tact
on
how
we
could
best
achieve
that
and
then
to
close.
D
On
the
other
side,
a
team
should
not
have
a
mandatory
action
in
order
to
be
able
to
consume
something
for
sure.
In
many
cases
some
configuration
requirement
will
will
appear,
but
for
the
typical
flow
logic
of
the
pipeline,
a
team
shouldn't
do
anything
and
to
give
you
some
numbers
internally,
we
we
have
about
520
enterprise,
github
organizations,
using
it
with
more
than
3000
pipelines
and
having.
I
need
to
look
up
the
number
it's
so
high,
390
000
pipeline
runs
active
pipeline
runs
per
month.
D
D
D
D
C
D
D
But
if
a
team
says
we
want
to
execute
on
github
actions,
for
example,
then
there's
no
jenkins
involved
right,
but
then
we
don't.
We
cannot
provide
today
ready-mades
these.
We
call
it.
We
can
only
provide
the
individual
steps
and
also
in
the
in
the
open
source
project
itself,
we're
using
our
own
binary
to
to
do
certain
things
using
it
with
github
actions
underneath,
but
jenkins
is
still
the
majority
cases
so.
C
So
to
get
the
get
them
get
the
most
benefit
from
piper
meaning
centrally
centrally
authored
pipelines
from
I'm
going
to
please
correct
me:
I'm
making
centrally
centrally
authored
pipelines,
but
then
with
local
customizations
to
get
to
get
that
benefit.
A
team
would
have
to
be
using
jenkins
as
their
today.
Yes,.
D
Okay,
we're
looking
into
how
we
can
provide
this
for
other
orchestrators,
ideally
in
a
in
a
orchestrator,
neutral
format.
Right,
we
don't
need
to
have
all
the
nitty-gritty
details,
a
a
an
orchestrator
has,
but
in
the
end
we
would
need
to
have
some
kind
of
flow
definition
and
allowing
to
extending
extending
certain
stages,
replacing
stages
and
so
on.
And
we
don't
have
this
yet.
C
D
E
So
as
as
you've
indicated,
the
jenkins
x,
2.0
dsl,
has
essentially
been
deprecated
in
favor
of
sexton,
so
the
idea
being
that
tech
town
is,
you
know,
they're
going
behind
the
idea
that
tecton's
the
best
cloud
native
way
standardized
way
to
represent
your
pipelines
and
tasks
for
continuous
delivery
and
that
they
want
that
to
be
the
primary.
They
think
that
should
be
the
primary
dsl
for
developers
and
tools.
That's
an
opinion
where
the
jingle
x
project
is
at
right
now,
but
it.
E
Be
helpful
for
you
they've
all
the
james's
have
also
done
a
really
interesting
blog
post
on
interoperability
with
jing
and
zach
son
jenkins,
and
that
may
have
ideas
that
are
useful
for
you,
since
piper
is
predominantly
a
works,
works
with
jenkins
but
you're
looking
for,
I,
I
guess
a
more
cloud
native
dsl,
so
that
might
be
interesting.
I'll
put
the
links
in
the
chat,
but
but
having
said
all
that
actually
would
be
really
interesting
to
have.
You
have
a
collaboration
with
the
jenkins
project
I
feel
like
this
should
be.
E
D
E
A
About
the
bullet
point,
our
new
cds
interrupt
project.
It's
it's
not
interrupt
project,
but
cdf
project,
like
I
don't
know
like,
because
I
am
checking
the
website
and
the
github
project.
I
think
it's
like
there
are
lots
of
contributors.
It
looks
like
pretty.
You
know,
attractive
project.
So
what
do
you
mean
with
that?
Like
you,
because,
like
you
donate
project
to
cdf,
I
think
if,
in
order
for
it
to
become
a
cdf
project,
yeah,
do
you
mean
that
or
something
else.
D
D
A
The
reason
why
I'm
asking
this
because,
like
when
we
first
proposed
sick
interoperability
like
a
year
ago
or
so
like
one
of
the
things
people
highlighted
under
pull
request,
was
like
exactly
dsl
thing.
You
know,
and
now,
when
you
talk
about
dsl
and
the
idea
you
present
like
it
makes
sense,
if
you
look
at
from
that
perspective,
just
you
know
remember
that
discussion
from
pull
requests.
That's
why
I
asked
and
your
point
they're
making
a
cdf
project,
but
I
don't
know
how
things
work
to
make
a
cdf.
We
have
trace
dragon
here.
A
D
C
C
This
subject
was
heavily
debated
in
that
in
that
group.
In
fact,
there
was
a
proposal
to
not
have
tecton's
dsl
be
described
as
a
crd,
so
it
would
be
described
as
something
very
generic
and
then
it
could
be
interpolated
into
a
crd,
which
is
you
know
totally
kubernetes
specific,
because
you
know
kubernetes.
Yes,
is
the
main
cloud
name,
it's
a
very
dominant
cloud
native
framework,
but
there
are
believe
it
or
not.
There
are
other
ones
like
nomad
from
hashicorp.
C
Does
this
similar
thing
as
kubernetes
does,
but
does
it
very
differently
so
anyway?
But
the
point
is,
it
was
heavily
debated,
but
the
end
of
the
day
the
the
consensus
of
the
community
was
that
it
doesn't
add
anything
to
if
we're
gonna
go.
You
know
full-on
kubernetes
cloud
native.
Let's
just
create
the
dsl
as
a
crd
and
be
done
with
it
and
not
have
to
worry
about
generalizing
it.
So
that's
just
something
that
was.
D
F
So
so,
if
I
can
add
something,
but
we're
still
trying
to
do,
we
try
to
keep
any
as
much
as
possible.
Kubernetes
specific
dates
out
of
the
api,
and
also
we
started
an
effort
to
have
a
conformance
document
where
we
specify
the
api
for
tecton,
which
the
only
implementation
we
have
today
for
is
the
kubernetes
crd.
F
F
Yeah,
that's
a
topic
we're
talking
about
a
lot,
it's
not
straightforward
to
do.
Today
I
mean
there
are
some
approaches
you
could
do.
You
could
use
certain
templating
engines
on
top
to
generate
a
pipeline,
but
to
do
it
dynamically.
One
of
the
things
that
you
can
do
today
is
to
basically
break
down
your
pipeline
in
multiple
pieces
and
use
events
to
connect
them.
So
you
could
have
a
core
pipeline
and
then
use
events
to
trigger
stuff.