►
From YouTube: Kubernetes WG IoT Edge 20220223
Description
AI on the Edge with MicroShift
A
Hitting
record
welcome
to
the
february
23rd
meeting
of
the
kubernetes
iot
edge
working
group
for
today's
meeting,
we
have
on
the
agenda
a
presentation
on
red
hat's
recently
announced
microshift
project,
which
is
a
solution
for
running
workloads
at
the
edge
and
specifically
the
speaker,
miguel
that
we
have
today
is
going
to
address
using
this
for
ai
use
cases.
So
with
that
said,
I'll
turn
it
over
to
miguel.
B
Thank
you
steve
and
thank
you
for
for
having
me.
So
yes,
it
was
interesting.
My
plan
was
to
play
a
video
of
the
presentation
that
we
have
for
devcon
because
I
thought
it
was.
It
was
nice.
I
mean
we,
we
did
some
some
technical
demo
of
running
a
workload
on
the
edge,
but
let's
see
if
that
works.
If
it
doesn't,
then
I
will
fall
back
to
just
slides
and
and
yeah,
and
maybe
I
can
oh
I
I
don't
hear
you
now
sorry.
A
I
know
you
intend
to
go
into
ai
use
cases,
but
I
know
I'm
up
for
myself:
I'm
not
all
that
familiar
with
microshift
other
than
reading
a
couple
of
blogs
and
poking
around
a
bit
on
the
github
source
code
site.
But
if
you
could
start
with
an
intro
to
you
know
what
microshift
is
kind
of,
why
the
project
was
done,
that
kind
of
stuff
before
we
get
into
ai,
I
think
it'd
be
useful.
Yeah.
A
B
B
B
A
Hey
while
we're
waiting
dion,
I
know
that
you
were
working
on
that
report
for
the
steering
committee
and
shared
a
document.
So
I
just
wanted
to
bring
up
that
all
the
users
of
this
group
are
welcome
to
add,
whatever
comments
they'd
like
to
have
go
to
steering
if
you've
got
any
feedback
on
this
group,
good
or
bad,
we're
open
to
your
comments
and
encouraging
them
and
will
as
long
as
they
don't
violate
the
code
of
conduct,
I
think
we'll
forward
them
into
the
report
to
steering
completely
unedited.
A
B
So
well,
this
is
me
yeah
and
my
colleague
ricardo
who
worked
on
on
this
presentation.
I
can
share
the
link
with
you
later
so
yeah.
I
will
skip
the
ea.
B
Yeah
that
part
and-
and
we
can
get
into
microsoft,
so
microsift
is
a
small
form
factor
of
for
open
shift.
We
have
reduced
the
the
footprint
while
still
retaining
some
of
the
features
native
to
to
openshift,
so
people
running
workloads
on
on
openshift.
They
can
still
use
some
of
the
additional
security
features
and
and
yeah
other
apis
embedded
in
in
openshift.
B
So,
as
you
know,
openshift
has
a
lot
of
operators
to
to
make
everything
work
and
in
microsoft
there
is
no
no
operator.
It's
a
simple
setup
that
you
can
customize.
We
have.
We
use
a
few
images
from
from
openshift
instead
of
the
okay,
the
distribution
and
and
for
the
intel
platform.
Those
are
the
same
images.
We
don't
need
to
recompile
anything,
but
for
other
platforms
like
like
arm
risk
power,
pc
and
and
so
on.
We
recompile
those
images,
the
arm,
64
yeah.
B
That's
I
think
that
they
will
have
them
on
on
the
next
okay,
the
versions
but
yeah.
Now
now
we
recompile
those
those
images.
B
So
the
the
idea
is
taking
microsift
and
and
the
way
that
that
jet
hat
works
on
on
building
images
and
building
os3
images
and
and
being
able
to
put
all
that
together
for
the
edge
so
yeah
we.
B
So
we
are
trying
to
to
have
a
complete
workflow
for
how
devices
are
deployed
on
the
edge.
B
Because,
as
you
know,
it's
it's
not
the
same
as
the
cloud
or
a
regular
data
center.
In
some
cases
and
and
we
we
are
working
to
put
to
to
put
together
things
like
the.
B
Os3,
as
we
use
in.
B
In
in
in
inopensive
with
with
fedora
chorus,
sorry,
I
was
ready
for
the
video,
but
I
didn't
rehearse
so
sorry
about
that.
A
B
Yes,
so
we
we
are
working
on
on
having
all
I
mean
all
the
pieces
and
and
the
gaps
together
and
and
making
sure
that
those
can
be
used
with
with
microchip.
There
are
some
things
which
are,
I
mean,
still
not
not
close
and
not
clear,
like
the
the
final
steps
on
this
side,
but
the
the
the
idea
is
that
I
mean,
if
you
know,
secure
device
on
board,
you
can
I
mean
you
can
have
the
manufacturer,
the
manufacturer
pre-initialize,
the
the
device
for
you
and
and
have
a
voucher.
B
And
then
you
get
the
voucher
when
you
finally
ship
the
the
device
to
the
final
location
to
the
to
the
final
owner
and
and
then
they
can
onboard
the
device
and
maybe
flash
the
final
image
or
update
the
image
with
the
final
workload,
and
in
our
case
we
are
working
for
that
to
be
microshift,
so
you
could
go
and
and
on
board
that
device
with
a
operating
system
that
has
microshift
and
additionally,
the
the
container.
B
Maybe
you
could
even
put
the
container
images
of
the
of
the
final
application-
maybe
a
specific
version,
of
course,
but
in
the
device,
for
example,
is
not
going
to
have
a
network
access
and
after
the
onboard
you
could
still
do
that
and
and
depend
for
example.
Instead
on
pulling
images,
you
could
depend
on
simply
updating
the
os3
operating
system,
image,
which
is
supposed
to
be
atomic.
B
So
yeah,
if
you
have
questions
yeah,
please
feel
free
to
to
interrupt
me
yeah
well
after
after
that
yeah
I
don't
know
if
you
have
any
other
questions
about
the
the
idea
of
microsieved.
B
So
do
you
want
me
to
go
over
the
ai
use
case
or
yeah?
That
would
be
great
okay,
so
I.
B
Underspecific
presentation,
what
we
wanted
to
do
was
demo
possible
use
case
of
of
this
type
of
technology
on
the
edge,
and
so
we
we
deployed
microshift
on
on
an
arm
device
and
nvidia.
B
B
B
So
here
we
had
four
cameras
connecting
to
this
access
point
and
and
then
connecting
to
a
service
that
was
running
inside
the
the
the
microshift
cluster
that
had
two
models:
one
for
face:
detection
and
another
one
for
phase
recognition,
recognition
and
then
a
set
of
of
database
of
faces
so
yeah
those
were
the
cameras
and-
and
they
did
some
support.
B
So
we
we
made
an
image
for
like
the
base,
libraries
and
and
a
very
simple
face,
recognition,
python
library
based
on
and
delete.
You
have
the
links
to
that
and
then
the
the
application
which
it's
I
mean.
The
source
code
is
also
on
on
that
repository.
B
So
we
also
have
this
is
the
container
for
the
wi-fi
access
point
that
the
cameras
connect
to
and
yeah
at
this
point,
we
we
had
the
demo
on
the
video.
I
don't
know
if
I
can
play
at
least
that
part
or
let
me
try,
let's
see
if,
if
that
works,.
B
A
C
Board
here,
with
a
wi-fi,
usb
stick,
which
is
going
to
be
used
by
the
cameras
to
connect
to
microsoft
and
the.
C
B
Machine-
and
we
also
have
a
completely
wireless
one
here
on
the
presentation
table,
okay,
so
we
are
connecting
to
the
jetson
x2
board
and
at
this
point
we
have
our
microstrip
cube,
config
ready.
This
is
created
by
microsoft
and
we
can
see.
B
The
microsoft
service
what's
running,
but
there
are
no
no
workloads
in
our
default
namespace.
So
I
will
start
by
creating
the
wi-fi
access
point.
B
The
access
point
is
running
a
support
and
the
cameras
are
connected
to
this
access
point
and
they
are
at
this
point
trying
to
to
to
find
our
microsafe
application.
We
look
at
the
wi-fi
adapter.
We
will
find
the
asking
via
mdns
for
our
microcam
registry,
but
nobody
is
responding
because
there
is
an
application
for
that.
So
the
next
thing
that
we
are
going
to
do
is
starting
power
of
our
camera
service.
B
So
we
are
going
to
expose
this
service
with
an
applicative
route
with
this
hostname
microcontroller,
so
the
cameras
can
find
our
application.
B
B
Yeah
yeah
I
I
can
share
the
the
link
to
the
to
the
whole
video
later,
as,
as
you
see
I
mean
in
this
presentation,
we
didn't
have
the.
Let
me
stop
sharing.
B
Okay,
no
sorry,
I
was
trying
to
stop
there
here
and
not
used
to
zoom
so
yeah.
I
I
I
don't
want
to
take
more
more
time
in
that,
so
it's
just
so
on
that
presentation
we
we
didn't
go
through
the
whole
life
cycle
of
managing
workloads
on
the
edge
which
probably
it's
important
to
this
group.
So
I'm
not
familiar
with
the
topics
that
you
normally
discuss
and
but
I
I
suspect
that
those
interesting
to
us.
A
B
Let
me
yeah,
it
was
like
the
so.
The
cameras
are
looking
for
the
for
the
end
point
of
the.
A
B
And
and
the
register
and
then
the
server
will
connect
back
to
the
cameras
with
the
token
that
the
camera
has,
I
mean
you
could
do
it
the
other
way
around
I
mean
it
was
simpler
to
to
program
for
the
demo,
but
technically
you
could
have
the
camera
connect
and
then
stream,
video
into
the
server
or
the
server,
find
the
cameras
and
then
connect
to.
I.
A
B
A
A
The
other
questions
I
had
were
about
microshift
itself,
like
you
know,
if
it
gets
installed
by
a
device
that
gets
shipped
out
to
an
edge
site.
I
saw
in
the
github
registry
that
it
says
the
binary
is
150.
Megabytes
is.
Is
that
pretty
much
all
that
you'd
have
to
send
over
the
wire
to
provision
a
device,
or
is
that,
on
top
of
an
os
that
you'd
have
to
get
down?
First.
B
I
mean:
do
you
need
them,
so
you
need
the
os,
you
need
microshift,
and
then
there
are
a
few
container
images
that
we
use
our
plan
and-
and
we
are
working
on
that-
is
using
the
the
os
3
technology
that
you
can
see
in
real
forex
or
fedora
iot,
to
build
images
of
the
operating
system
that
contain
operating
system
microsieve.
B
Any
images
that
microshift
would
need
for
that
specific
specific
version,
and
then
the
I
mean
the
the
the
final,
the
final
owner
of
that
that
will
run
an
application
inside
they.
They
could
provide
the
the
deployment
configuration.
So
that's
picked
up
when
the
system
boots
and
it's
going
to
make
sure
that
the
the
the
deployment
is
running
and
ready,
but
they
could
also
include
the
their
own
images
on
on
the
on
the
operating
system.
B
So
they
could
reveal
the
image
of
the
whole
thing
and
have
it
so
and-
and
those
are
the
things
I
mean
that
we
want
to
analyze
like,
for
example,
on
on
manufacturing.
You
could
have
a
an
operating
system,
image
that
has
the
operating
the
basic
operating
system
with
microshift,
almost
ready
or
microsoft,
plus
the
basic
microsoft
images,
but
no
user
application.
B
And
then,
when
you
onboard
that
on
on
the
final
destination,
the
additional
layer
of
the
operating
system
with
the
final
images
and
and
the
configuration
is
added
and
then
that's
what
needs
to
be
transmitted
over
the
wire
to
the
device.
So
yeah.
We
are
looking
at
all
the
possibilities
and
yeah.
There
are
many
fac,
very
important
factors
on
the
edge
like.
Maybe
you
don't
have
good
network
access
and
you
cannot
download
a
lot
of
data.
A
So
is
it
fair
to
say,
microsoft
attempted
to
take
on
the
mission
of
just
being
a
compliant
kubernetes
with
a
a
small
binary,
and
it
really
is
just
that
so
that
if
you
wanted
other
features
like
I
don't
know,
device
discovery
or
remote
federated
management
of
multiple
clusters
that
you
would
add
it
on.
Just
like
any
other
kubernetes.
Is
that
I
I
that
that's
sort
of
what
I'm
picking
up
here,
but
maybe
I'm
missing
something.
A
No,
no,
we
still
can't
hear
you
no.
D
B
D
I
right
so
if
your
question
is
basically
that
if
microchip
is
just
a
kubernetes,
that's
more
or
less
right,
I
would
say:
okay.
A
That
was
my
question,
and
I
only
ask
because
there
are
a
few
other
edge,
optimized
kubernetes,
that
attempted
to
bundle
in
more
functionality,
so
that
I
mean
that
could
be
good
or
bad.
You
know
there's
an
argument
against
being
a
monolith
that
lets
people
plug
and
play
components
just
the
way
they'd
want
to,
and
in
the
end
it
as
long
as
you
can
put
in
what
you
need
and
get
the
functions,
you
want
you're,
fine,
but
yeah.
That
was
my
question.
D
Yeah
we
tried
to
provide
also
some
extra
apis
from
from
openshift,
so
developers
that
use
openshift
like
in
the
cloud
and
so
on
can
have
their
application
some
kind
of
portable
to
to
the
edge
so
just
like,
develop
once
and
run
it
everywhere,
but
yeah
microshift
is
mainly
an
edge
optimized,
kubernetes
distribution.
That's
right.
A
Is
it?
Is
it
constrained
to
have
a
single
node
cluster,
or
can
you
go
the
kubernetes
route
of
deploying
a
three
node
cluster
or
something
like
that.
D
So
far,
it's
just
single
node,
but
actually
right
now
in
the
repo
there's
a
vr
and
we
are
working
on
on
multi-node
but
yeah.
I
don't
know
when
it
will
be
yeah,
somehow
ready.
B
Yes,
yeah
like,
if
probably
in
most
cases,
it
will
be
fine,
but,
for
example,
if
I
mean
if
your
application
is
doing
some
sort
of
artificial
intelligence
workload,
maybe
the
gpu
on
a
single
board
is
not
enough,
and
maybe
you
need
to
add
more
or
I
mean
whatever
your
application
needs
to
do.
It
spreads
over
multiple
places.
B
A
So
how
opinionated
is
it
with
regard
to
the
operating
system
it
runs
on?
I
mean
I
obviously
understand
that
being
done
by
red
hat
you're,
going
to
support
red
hat
flavors
of
os's
first,
but
if
I
had
something
I
don't
know
like
in
my
home
lab
to
play
around
with
I've
got
raspberry
pies,
which
seem
to
be
better
supported
with
the
debian
variants
of
os's.
From
my
experience
is
there
enough
there
that
I
could
find
in
the
documentation
a
way
to
run
it,
or
is
it
at
this
stage
pretty
much
expecting
a
red
hat
os.
B
So
yeah
initially
we
started
with,
I
mean
with
an
installer
that
will
run
you
in
in
almost
any
any
distribution.
But
today
we
are
going
more
into
trying
to
make
it.
B
B
Now
sorry
coros,
I
I'm
mixing
all
the
projects
at
this
point:
coreos
and
fedora
iot,
for
example,.
A
Okay,
yeah,
because
I
I
heard
you
say
that
the
two
packaging
options
were
rpms
and
docker
images
or
oci
images.
I
assume.
C
D
So
it
is,
it
is
a
single
binary
for
most
of
the
kubernetes
components
and
openshift
control,
plane
components,
but
we
run
as
static
bots
or
schedule.
Pods.
Some
extra
services
like
ingress
service
certificates,
our
flannel
cni,
and
you
know
I
think,
we've
run
dns.
We
run
this
extra
services
as
pot.
D
The
core
is
just
a
single
binary,
but
the
thing
is
that
we
have
packaged
it
in
two
different
forms
and
rpm
that
gets
extracted
as
a
single
binary
that
you
run
it.
And
then
you
get
this
extra
services
running
containerized
and
a
container
image
that
contains
the
microsoft
binary.
B
Yeah-
and
I
mean
it's
it's
similar
to
k3s,
but
with
some
different
design
decisions
for,
for
example,
we
don't
we
don't
embed
cryo,
and
so
you
need
to
install
cryo
on
the
host
and
yeah.
Then
we
put
all
the
specific
openshift
services
inside.
A
B
That
I
was
not
around
when
that
decision
was
made.
I
suspect
I
don't
know.
Maybe
ricardo
is
more
aware
of
that.
I
just
joined
the
team
very
recently.
D
Yeah,
our
first
vision
was
to
to
have
microshift,
so
this
edge
optimized
operating
systems
like
fedora,
iot
or
rail48,
or
they
use
os
3
rpm,
os
3
right
and
most
of
the
file
system
is
read
only
and
you
cannot
just
like
you
know,
edit
some
of
the
files
that
are
embedded
into
this
os3.
So
it's
like
an
immutable
tree
with
packages
and
so
on.
So
our
initial
idea
was
to
have
cryo
embedded
in
the
os3
and
microshift
as
a
as
a
container
running
on
on
docker.
D
So
the
idea
with
this
is
that
you
can
upgrade
microshift
without
interruption
for
the
workloads.
So
you
have
this
extra
services
running
as
containers
in
cryo,
and
you
have
your
workloads
and
your
applications
and
so
on.
So
you
could
easily
replace
microshift
without
any
service
interactions
for
for
the
workload.
So
the
idea
of
not
embedding
cryo
is
that
if
you
upgrade
microshift
with
cryo
in
it,
there
will
be
some
service
interruption.
So
that
was
like
the
main.
The
initial
idea.
A
Does
anybody
else
have
any
questions,
so
I've
got
one
more,
but
I
don't
want
to
monopolize
it
here.
C
That's
my
second
second
time
or
third
time.
I
think.
A
Well,
mike,
my
question
was
just
I
saw
the
github
repository,
but
if
people
wanted
to
get
involved,
maybe
you
know,
like
I
said
my
for
my
own
education.
A
I
don't
have
one
of
the
jets
and
things
that
I
saw
you
use
in
your
demo,
but
I
do
have
some
other
things,
so
I'd
probably
want
to
take
it
onto
a
raspberry
pi
or
something
like
that.
Now,
where
can
I
go?
Is
there
a
collection
of
or
a
community
formed,
where
people
who
are
using
this
get
together
and
chat
and
ask
questions
and
things.
B
Oh,
we
have
a
sorry
right,
no.
D
No,
there
is
a
slack
organization,
it's
not
within
kubernetes
it's
just
there.
We
have
our
own
free,
three-tier
micro
shift
slack
and
there
there
is
a,
for
example,
a
specific
room
for
arm
enablement
and
how
to
run
microsift
on
raspberry
pi's
and
all
these
kind
of
devices.
There
are
a
couple
of
blog
posts
from
red
hatters
that
have
tried
to
well
that
I
have
achieved
to
deploy
microshift
on
raspberry
pi's.
D
Regarding
our
demo,
I
I
bet
you
could
run
the
demo
on
a
microsoft
on
a
raspberry
pi,
but
probably
you
might
need
to
do
some
tweaking
because
of
course,
there
are
no
gpus
in
in
the
raspberry
pi's,
and
there
is
a
specific
correct
me,
miguel,
if
I'm
rom,
there's
a
specific
parameter
to
change
the
machine
learning
model
from
gpu
to
only
cpu
right.
Well,.
B
B
B
I
need
to
check
if
we
are
still
building
for
arm
32,
so
it
will
need
to
be
a
a
64-bit
device
so
on
raspberry,
pi,
4
for
sure
and
raspberry
pi
3,
I
haven't
tried,
but
it
is
technically.
It
should
run.
D
C
B
It's
actually
something
like
700
megs
or
something
like
that,
but
still
yeah.
We
we
didn't
go.
I
mean
we
didn't
explore
optimization
too
far.
At
this
point
we
just
trimmed
down
all
the
operators
and
everything
unnecessary
for
that.
We
thought
it
necessary
for
the
edge
like
image,
building
or
any
other.
I
mean.
A
So
how
flexible
is
it
for
making
your
own
choices
on
componentry
like
from
the
sounds
of
it,
you
separated
out
the
cni
so
that
a
user
should
be
able
to
choose
their
own.
Could
they
choose
a
container
runtime
other
than
what?
What
what
is
built
in?
Maybe
that's
potentially
on
the
table
too
or
not.
B
I
think
for
for
the
container
runtime
it's
only
cryo
and
for
the
cni
I
I
don't
know
if
that's
modular
on
the
settings
yet,
but
I
found
that
I
mean
we
are
we're
installing
flannel
so
far,
because
it's
probably
the
smallest
thing
that
we
can
use,
but
also
I
mean,
if
you
are
going
to
be
on
a
single
node,
you
could
use
the
cryo,
the
the
bridge
plugin,
which
is
going
to
put
all
the
containers
on
a
on
a
virtual
network
but
single
note,
no
multi-node
connectivity,
so
that
would
bring
down
a
little
bit
more
than
the
the
disk
and
memory
requirements
and
and
for
the
other
I
mean
so
we
have.
B
I
mean
the
components
you
you
can.
You
can
select
some
of
the
components
and
disable
them.
B
Think
ricardo
worked
more
more
on
on
that
part
because
it
was
done
before
I
I
arrived
into
the
project,
but
there
is
yeah
some
some
work
that
we
need
to
do
yet,
to
make
I
mean
to
be
able
to
to
select
granularly
all
the
components
that
are
installed
into
the
system
and
even
I
mean
preconfigure,
like
the
maybe
the
jammers,
with
the
workloads
that
you
want
to
run
in
in
your
device.
A
B
B
I
am
still
learning
about
them,
but
I
mean,
as
as
far
as
I
understood
you
could
you
could
have
a
a
private
key
that
runs
on
the
on
the
tpm
and,
and
you
could
I
mean,
do
your
authentication
like
with
a
client
certificate
through
the
tpm,
that
the
dpn
will
be
signing
your
requests
to
the
maybe
the
masternode
or
something
the
device
manager
on
on
your
on
your
iot
network.
B
B
You
have
a
something
that
you
cannot
extract.
I
mean
they
could
technically
if
the
tpm
is
not
inside
the
the
the
processor
and
it's
external,
I
suspect
that
they
could
just
reap
the
tpm
and
and
use
it
to
authenticate,
but
I
mean
it's
and
it
makes
makes
it
harder,
but
I
think
yeah
that
that
maybe
at
some
point
I
mean
we
could
have
a
maybe
a
standard
standard
method
to
to
to
do
authentication
in
kubernetes
with
dpns.
A
C
I
think
it's
also
going
to
be
really
important
for
large
scale
deployments,
because,
if
you're
going
to
handle
the
rollout
of
a
thousand
edge
nodes,
you're
going
to
want
that
as
your
basis
of
identity,
that
you
can
use
to
do
less
less
human
touch,
onboarding
or
ideally
like
zero
touch.
C
Onboarding-
and
I
noticed
in
your
presentation-
you
actually
had
a
shout
out
to
the
secure
device
onboarding
or
I
think
that's
the
name
of
the
project
right
in
the
in
the
flow
and
and
so
the
root
of
that,
of
course,
is
that
you
have
to
be
able
to
trust
the
the
hardware
that
it
comes
from
right
and
have
some
way
to
validate
that
in
the
process.
C
So
it
seems
like
that
was
already
considered
that
that
should
be
in
the
workflow,
and
I
think
the
implementation
is
the
tricky
part
right,
the
devil's
in
the
details,
and
it
is
if
you
solve
it,
then
you're
solving
it
for
the
whole
industry.
So
I
would
say
the
discussion.
The
discussion
right
now
is
is
a
really
really
big
one
right
and,
as
usual,
steve
asked
the
pointed
questions
that
caused
really
good
group
discussion.
C
We
happened
at
the
at
the
eclipse
side
at
the
edge
native
working
group.
We
happen
to
be
putting
together
an
article
right
now
opening
the
discussion
on
this
topic
right.
It's
like
how
to
use
509
certificates
as
a
a
potential
stack.
That
would
give
you
the
ability
to
to
stack
your
identities,
but
it
all
begins
with
a
hardware
route
of
trust
and
then
the
question
is
you
know?
C
How
do
you
leverage
that
properly
and
maybe
you
didn't
build
the
device,
and
so
then
you
also
need
to
say
if
we
acquired
it,
but
then
we
put
our
software
stack.
How
do
we
certify
ours
and
anyway,
I'm
basically
rambling,
but
I
wanted
to
say
that
that
you
know
this
discussion
is,
is
about
a
16-hour
discussion
in
itself
with
with
no
final
answers,
but
I
thought
it
was
cool
that
you
had
the
device
onboarding
in
your
flow
charter.
B
Yeah
yeah,
I
mean
it's
it's
something
that
I've
been
exploring
like
in
in
the
last
few
weeks
weeks.
I
I
I
deployed
like
on
fedora.
They
were
developing
the
fedora
iot
project.
They
were
developing
developing
fedora.
B
Sorry,
the
fido
onboarding
protocol
like
the
manufacturing,
server,
rendezvous
and
onboarding
server,
along
with
the
application
that
you
have
to
run
on
the
device,
and
so
I
was
getting
those
pieces
and
getting
familiar
with
them,
and
I
still
I
mean
there
are
some
I
mean
fido
defines
the
protocol
of.
How
do
you
do
that?
And-
and
you
can
I
mean
you-
can
move
the
device
and
authenticate
the
status
of
the
device
during
the
whole
process?
B
Yeah,
I
still
I
mean
there
are
still
some
gaps
like
in
in
my
opinion,
and
I
don't
know
I
really
love
to
to
join
the
discussions
that
you
were
mentioning.
A
Yeah,
this
group
had
a
presentation
from
intel
on
this
that
secure
device
onboarding,
I
think,
was
to
a
fair
extent
initiated
by
intel,
and
then
they
moved
it
into
the
foundation.
But
that
presentation
happened
about
a
year
ago
in
this
group
and
it's
up
on
youtube.
So
I
I
thought
it
was
a
good
presentation
that
covered
the
subject.
Well,
as
of
that
time
now,
like
all
things,
this
is
a
rapidly
changing
area.
A
So
I
suspect
that
what
might
be
in
that
presentation
is
potentially
stale,
but
it
was
a
great
overview
of
what
was
in
there
and
why
you
needed
to
care
about
these
things,
and
there
was
a
lot
you
needed
to
care
about.
A
Tilton
you
apologized
for
rambling,
but
while
you
were
talking,
I
I
appreciated
the
rambling
and
you
brought
up
the
point
of
the
tpm
or
other
module
being
necessary
to
authenticate
the
edge
device,
but
I
think
another
factor
in
here
for
this
and
many
other
things
being
proposed
for
edge
hosting
of
applications
and
services,
they're
they're,
using
oci
containers.
A
You
know
either
docker
images,
or
some
of
these
talks
have
been
even
on
web
assemblies,
potentially
packaged
in
an
oc,
high
form
factor,
and
at
that
point
your
image
registry
also
becomes
another
thing
you
need
to
care
about.
I
mean
there.
There
are
a
lot
of
these
scenarios
where
people
invest
in
a
container
image
registry
that
does
security
scanning
and
things.
C
A
C
Is
great,
this
is
great,
I
completely
agree
and
then
I'm
going
to
add
another
log
on
to
the
fire.
So
how
about
those
cameras
so
whatever
you're,
connecting
to
probably
needs
to
be
able
to
be
certified
as
well
as
a
disconnected
but
connected
information
source
right?
It's
not
built
into
the
board
and
therefore,
even
if
it's
over
I
squared
c
or
spy,
it
could
be
something
that
is
a
plug-in
right.
And
so
then,
how
do
we
certify
or
usb
it's
usb
attached
right
and
so
the
harry?
C
The
hairball
mess
of
certification
and
attestation
is
a
wonderful
playground
and
a
great
place
to
start
a
company
right
now.
But
but
the
thing
is,
it
would
be
very
difficult
to
solve
it
in
a
universal
way.
So
I
think
just
open
discussion
is
probably
my
guess
is
going
to
be
going
on
for
years
and
you're
right
steve.
C
That
was
a
year
ago
that
we
saw
that
the
with
the
secure
device
on
boarding,
and
I
think
it
was
good
for
for
everything
it
covered
and
then
there's
probably
about
you
know
a
dozen
more
things
that
that
need
to
be
added,
such
as
yeah
container
registry
and
then
and
then
I
would.
I
would
bring
sensors
or
devices
to
the
list.
A
Yeah
bringing
devices
you're
saying
it's
a
good
idea
for
a
startup
or
something,
but
would
make
a
great
movie
plot
too,
for
these
kind
of
heist
films
where
they
go
in
there
and
patch
out
the
security
cameras
in
ways
that
are
probably
incredulous.
But
then
again,
when
you
look
at
this,
what
would
stop
that?
Really?
You
know,
you
know
you
think
you're
monitoring,
all
your
security
cameras
and
somebody
hooks
in
a
pipe
of
a
recorded
video
that
isn't
really
what's
going
on.
That's
right,
because
you
can
you
can.
C
Mimic
a
camera
feed
right
because
it's
the
same
network
traffic,
that's
the
exciting
version
is
the
james
bond
hack.
Then
the
non-exciting
version
is
that
you
go
to
like
a
away
scale
for
vehicles
coming
through,
and
the
equipment
certificate
is
out
of
date
because
it's
not
has
not
been
calibrated
recently
enough
or
for
things
like
fuel
pumps
and
so
on,
and
and
that's
not
movie
worthy
or
exciting.
A
An
interesting
thing
that
just
popped
into
my
head
for
cameras,
given
that
some
of
these
are
legacy
things
with
long
device
like
times,
meaning
that
people
aren't
likely
to
change
them
out
for
things
with
tpm
chips.
If
they
were
even
available,
there
might
be
a
way
to
close
the
loop
by
having
a
device
with
a
tpm
engage,
an
activity
that
would
be
picked
up
by
the
camera
so
that
at
least
you'd
know
that
it
was
connected
end-to-end.
You
know.
Let's
let's
say
I
had.
A
I
don't
know
a
laser
projector
that
could
project
a
a
pattern
on
the
ground
at
a
random
time
and
verify
that
it
comes
in
through
the
video
stream.
At
least
you'd
know
that
at
that
point
in
time
these
the
video
feed
was
authentic
and
the
camera
was
where
it
should
be.
You
know
you
could
have
a
laser
projector
or
maybe
a
drone
that
flies
in
the
area
or
who
knows
what
I'm
just
daydreaming
here.
C
This
is
really
cool.
What
you're
actually
talking
about
steve?
You
could
generalize
as
two-factor
authentication
for
things
that
that
exist
in
the
physical
world,
sensors,
etc,
and
it's
kind
of
like,
what's
the
the
source
of
entropy,
that
we
would
expect
to
hear
from
same
as
I
used
to
have
a
key
fob
right
in
in
2005
to
get
into
my
my
my
banking
system
or
whatever.
C
C
A
A
C
Just
one
quick
question
from
me:
so
you
think
regarding
it
being
an
openshift
in
in
a
miniature
miniature
version
right,
so
it
doesn't
have
operators,
but
does
other
openshift
features
comes
in
like
routes
and
console,
and
you
know
cicd
stuff
is
that
packed
in
I
mean
how
how
hard
would
it
be
to
to
migrate
the
application
that's
customized
to
run
on
open
should
be
to
to
make
it
run
on
on
the
on
the
micro
shift.
C
B
So
yeah
I
will
face
the
the
pr
if
I
know
how
to
do
it
yeah
and
there
you
have
a
list
of
the
included
apis
and
they're,
not
included
ones
yeah,
but
I
mean
mostly
so
we
have
the
the
the.
We
include
the
binding
restrictions,
the
bills,
images
and
proxies
apis
image
and
registry
configurations,
and
then
cluster
resource
quotas
and
security,
cons,
context
constraints.
D
Yeah,
and
the
thing
is
that,
even
though
you
microchip
doesn't
ship
cluster
operators,
you
can
always
install
you
know,
operators
on
top
like
tekton
or
what
whatever
you
you
need.
A
Okay,
well
we're
one
minute
past
the
top
of
the
hours,
but
thanks.
That
was
a
great
presentation.
I
appreciate
the
effort
again
if
you
can
afterward
get
me
the
link
to
the
presentation
that
was
in
the
recording-
and
I
don't
know
whatever
you
want
to
give
me
I'll,
cut
and
paste
it
into
the
meeting
notes,
so
that
people
who
catch
this
on
the
recording
and
find
it
later.