►
From YouTube: Multi-Tenancy WG Bi-Weekly Meeting for 20211130
Description
Multi-Tenancy WG Bi-Weekly Meeting for 20211130
C
All
right
well
thanks
everyone,
and
I
think
what
we
wanted
to
do
today
and
this
is
in
the
agenda.
Docs
is
really
talk
about.
I
guess
we
haven't
had
a
meeting
for
a
while.
C
So
one
of
the
discussion
threads
that
we
were
a
few
of
us
were
having
adrian
fay
tasha
and
I
as
well
as
ryan,
is
in
terms
of
where
we
are
with
all
of
the
projects
and
what
we
would
want
to
do
in
a
continuing
forward
in
terms
of
the
future
of
the
projects
as
well
as
for
the
multi-tenancy
working
group
itself
right.
C
So
some
options
to
consider
are
if
we
feel
that
there's
enough
work
done-
and
you
know
enough-
continuation
with
projects
like
hnc
virtual
cluster
with
you
know,
cappy
nested-
and
you
know
we
can
talk
a
little
bit
about
the
benchmarks
projects
and
see
if
there's
anything
left
to
be
done
there.
But
if
these
are
in
a
good
good
place,
maybe
we
you
know
advertise
their.
C
I
guess
the
graduation
or
the
next
steps
on
these
projects
talk
a
little
bit
about
the
milestones,
but
then
the
question
is:
do
we
need
to
also
continue
as
a
working
group,
or
what
do
we
do
to
kind
of
bring
some
closure
to
the
work
done
here
and
set
up
next
steps?
C
Yeah
we
could
do
do
that
and
also
yeah,
I'm
not
sure
if
you
know
everyone's
up
to
speed
on
just
the
project
status.
So
maybe
as
we're
doing
that,
we
can
just
give
a
quick
update
on
you,
know,
work
being
done
and
where
we
are
with
the
major
projects.
B
Sure,
well,
I'm
first
on
the
list.
So
why
don't
I
go
so
hnc?
We,
since
we
last
met
we've
released
0.9
from
the
new
repo,
so
we
finished
moving
to
the
new
repo
bunch
of
nice
changes
that
went
in
thanks
to
ryan
and
a
bunch
of
other
contributors,
and
I've
got
a
little
bit
of
a
backlog
of
things
that
I
need
to
finish
reviewing.
But
I
think
there's
not
much.
B
I
was
kind
of
ready
to
just
call
it
1.0
and
I
think
we
may
just
do
that.
We
may
just
declare
it
to
be
1.0,
but
we
have
basically
fully
transitioned,
as
I
said
to
our
own
repo
technically,
we
report
to
sig
sigoth,
although
I
have
not
yet
attended
a
sigoff
meeting
but
yeah.
As
far
as
the
overall
question
goes
yeah
the
fact
that
we
haven't
had
an
agenda
at
this
meeting
for
a
while
the
fact
that,
basically,
we
haven't
seen
any
new
project
proposals
in
a
while
we've
got
hnc.
B
That's
basically
gone
to
sigoth,
because
its
primary
reason
really
is
as
a
way
to
organize
your
policies
and
that's
really
more
covered
by
signoff.
We've
got
virtual
clustering
cappy
and
that
really
has
sort
of
landed
well
in
the
same
multi-cluster
way.
I
saw
that
we
have
a
visitor
from
from
sigmulti
cluster
today,
and
I
think
benchmarks
is
the
one
thing
that
that
jim
you've
said
that
we
should
decide
where
that's
going.
B
I
think
that
would
probably
fit
well
under
sigoth
as
well
if
they
were
interested
in
in
taking
it,
and
I
think
that
what
remains
after
that
is
basically
sort
of
like
disseminating
best
practices.
That's
that's
kind
of
what's
left
and
I
think
that
that
should
go
either
in
that
that
would
fit
either
well
in
docs
or
usability.
I
don't
really
know
what
the
what
the
dividing
line
is,
but
I'm
sure
tesla
will
have
opinions
on
that,
so
so
yeah.
B
I
think
that
I'm
leaning
towards
declaring
victory
and
saying
like
these
two
projects
that
have
come
out
of
the
working
group
have
graduated
and
or
sorry
three
projects
like
three
sort
of
two
software
projects.
One
benchmarking
project
say
like
this:
is
it
like
this
is
at
least
until
we
get
a
new
set
of
sort
of
important
use
cases
to
solve?
I
think
that
we
can.
We
can
basically
declare
victory.
That's
my
feeling,
but
that's
just
my
feeling
and
so
I'll
leave
the
floor
open
to
everybody
else.
Then.
B
Had
any,
we
haven't
had
any
regular
meetings,
basically
sort
of
ryan,
and
I
chat
when
we
need
to
fix
something
when
we
need
to
decide
on
something,
and
we
don't
have
like.
We've
got
a
couple
of
users,
but
we
haven't
they.
They
haven't
like
demanded
regular
meetings
and
we
haven't
made
any
so.
I
think
that
for
hnc
we
would
probably
just
roll
it
more
formally
under
sigoth
and
do
occasional
updates.
B
It's
not
a
fast-changing
project
like
the
whole
project
was
that
it
should
be
pretty
stable
and
I
think,
once
we
hit
1.0
we'll
then
leave
it
to
future
users
to
to
release
up
the
agenda
where
we
want
it
to
go.
But
I
think
that
for
the
time
being
it
really
has
stabilized,
which
is
kind
of
nice
and
and
I'm
watching
the
like.
The
number
of
weekly
downloads
is
actually
quite
high
of
the
the
client,
so
people
are
using
it
I'd.
B
Imagine
it's
from
our
two
largest
users,
which
are
mercury
and,
I
believe,
workday,
but
it
seems
to
be
meeting
their
needs
kind
of,
as
is
which
is
which
is
neat
and
we'll
see
where
we
take
it
for
beyond
1.0.
After
that,
there
have
been
a
lot
of
requests
for
a
couple
of
features,
but
not
a
lot
of
people
who
are
willing
to
actually
implement
them,
and
I've
got
enough
other
things
going
on
that.
B
I
haven't
been
able
to
implement
myself
at
work,
but
certainly
when
people
come
in
with
these
kinds
of
requests
we'll
be
able
to
to
work
with
them
to
get
them
in
once
they
come
in.
D
D
So
so
that's
another
meaning
I
think
we
we
have
have
this
multi-tenancy
working
group
in
a
sense,
if
people
really
care
about
this,
they
want
to
talk
with
the
leader.
Gradually
there
is
a
channel
here,
but
in
captions
it's
like
different.
We
we
hold
weekly
meetings.
So
definitely
this
is
not
a
big
problem
for
us.
I'm
just
curious
for
campaign
perspective.
D
I
think
we
have
been
moving
to
a
sick,
sigmaric
cluster
and
we
are
in
the
past
few
months
we
are
keeping
romeo
on
the
refining
the
leverage
in
the
class
api
model
for
the
tenant
control
plan.
So
that's
that's
the
way
that
we
were
doing
and
coming
to
the
next
in
project
hawaii.
So
we
probably
we
are
thinking
about
more
about
more
thorough
entries
solution
in
terms
of
how
they
integrated
with
some
samples
container
like
carter.
So
what
is
the
thing
that
we
should
do?
That's
that's!
That's
the
planning!
D
That's
coming
in
my
mind
from
a
working
group
perspective.
I
think
I
have
the
same
opinion
with
with
ingrain,
but
we
need
to
have
benchmark.
I
still,
I
also
feel
you
know
seek
off,
would
be
a
good
place
for
benchmarking.
D
Just
just
one
more
thing
is
the
the
windmill
has
been
silent
for
a
while,
but
I
just
gotta
get
gathered
news
from
there's
a
child
he's
trying
to
propose
something
to
your
mind
group
for
for
the
multi-tenancy
solution.
Well,
I
still
think
maybe
it
had
been
selling
for
a
while,
but
now
we
have
a
request.
So
I
don't
know.
E
E
Well,
we
are
actually
using
a
proxy
server
in
front
of
the
api
server
and
the
proxy
server
will
kind
of
like
capture
the
request
from
the
tenants
and
also
process
the
response
from
api
server
and
give
the
give
each
tenant
a
view
of
they
are
the
only
user
for
the
api
server.
Things
like
that,
and
I
was
planning
to
give
a
presentation
about
this
project,
maybe
in
one
or
two
weeks,
but
I
just
noticed
that
we
are
well,
I'm
not
sure.
Are
we
going
to
still
continue
this
walking
group?
E
So
I
I
wanted
to
see
what
you
guys
think,
because
if
we
do
not
have
this
working
group,
I'm
not
sure.
Where
should
I
present
this?
This
work,
yeah.
F
Say
I'll,
try
I'm
in
and
I'll
be
the
contrarian.
So
I
guess
from
my
perspective
I
think
yeah
we
definitely
have
victory.
But
if
we
look
at
the
original
charter
of
the
working
group,
it
was
kind
of
to
define
the
best
practices
of
how
to
make
a
multi-tenant
cluster,
and
we
never
actually
did
that
right.
F
That's
the
one
thing
we
haven't
done:
it's
we've
because
it's
hard,
you
know
it
depends
on
what
your
cluster
looks
like
it's
not
one
another,
but
there's
still
a
huge
amount
of,
I
guess
desire
from
the
community,
for
how
do
I
make
a
multi-cluster
or
multi-tenant
cluster?
So
I
I
guess
my
proposal
would
be
that.
Maybe
if
we
can
maybe
find
people
that
want,
you
know
not
necessarily.
F
I
guess
just
change
focus
to
documentation
and
like
best
practices
around
you
know,
if
you
wanted
to
make
a
multi-tenant
cluster,
you
know
here's
some
tools
you
can
use,
but
then
this
is
how
you
actually
implement
the
tools
in
the
best
practice
way
and
we
we've
never
really
dove
into
even
kind
of
some
of
the
lower
level
things
that
you
need
to
care
about
from
a
multi-tenant,
a
cluster
like
even
on
the
infrastructure
side.
So
those
are
some
areas
that
I
think
that
we
could
definitely
work
on.
F
But
again
we
also
need
volunteers
to
do
that
and
I
think
that's
what
we're
lacking
more
than
anything
because
we're
all
very
busy,
and
especially
now
that
we've
all
signed
up
for
all
these
other
projects
now
so
so
I.
F
A
You
know,
I
think,
I
think
that
if
we
have
opportunity
for
new
projects,
both
from
what
ryan
was
describing
and
what
chao
wants
to
present,
my
perspective
has
been:
I'm
not
surprised
that
the
meetings
have
been
quiet
lately.
I
think
everyone's
very
burned
out
from
kovid
and
just
kind
of
working
night.
A
A
If
we
were
getting
to
a
point
where
it
was
time
to
spin
stuff
down,
but
I
would
say
that
if
we
have
some
ideas
for
other
stuff,
we
could
do.
We
should
make
a
project
plan
around
it
see
if
we
can.
If
people
want
to
lead
it,
and
if
there
is
interest,
then
we
could
kick
those
off
and
if
there
isn't,
then
we
could
be
like
you
know.
Working
groups
are
supposed
to
be
temporary
right
like,
and
so
we
could
spin
it
down.
So
that
would
be
my
perspective.
Is
it
if
we
see
additional
things?
A
B
Time,
depending
I'd
be
interested
in
working
with
ryan
on,
like
that,
basically,
that
last
set
of
documentation
right
because
we've
kind
of
we've
done
it
in
pieces
right
we've,
we've
done
the
occasional
blog
post
and
there
are
like
phase
written
stuff
on
virtual
clusters.
I've
written
stuff
on
on
hnc,
we've
done
it
in
pieces,
and
so
I
think,
maybe
bringing
it
all
together
in
a
place.
That's
not
a
blog
like
that
goes
into
the
kubernetes.
B
Like
the
official
docs.
Like
I
mean
I
could
write
something
on
a
medium
post
too,
but
I
don't
think
that
would
really
make
us
feel
like
we'd
accomplish
it.
So
so
who
would
we
want
to?
There
is
a
six
docs
right.
I've
never
worked
with
them.
Is
that
correct.
A
There
is,
but
I
think
that
they're
more
about
automating
the
delivery
of
dogs
than
delivering
the
dock,
so
it
would
really
be
on
us
to
like
make
the
pull
request.
You
know
it's,
it's
the
same
as
everything
else.
It's
like
a
github
pull
request
to
like
add
a
docs
page.
B
Oh
yeah,
no
sorry,
I
didn't
intend
to
mean
that
they
would
write
it
for
us.
I
certainly
wasn't
expecting
that
I
was
expecting,
like
whose
permission
do
we
need
to
go
and,
like
add
a
new
set
of
docs
into
the
like
I'm
happy
to
help
write
the
content.
I
just
want
to
know:
do
we
need
to
coordinate
with
someone,
or
can
we
just
like
start
making
a
pull
request
and
say
this
is
on
behalf
of
the
multi-tenancy.
F
Group
and
I'm
not
sure
if
they
would
allow
us
in
general,
if
we're
pushing
a
third-party
tool.
Usually
the
kubernetes
stocks
are
very
strict
on
not
you
know
technically
we're
third
party
right,
we're
sig
we're
not
a
core
kubernetes,
so
I
don't
know
if
we
can
make
it
into
full
docs,
but
we
could
look
into
like
kind
as
the
sub
project
right,
and
so
they
just
have.
F
A
I
think
we
have
a
shot.
You
know
when
we
started
this.
I
gathered
examples
of
how
other
cncf
projects
had
had
documented
multi-tenancy
and
a
lot
of
it
was
here's
alpha.
Here's
beta
here's
projects,
you
can
use
in
their
official
docs,
and
so
I
always
thought
that
was
something
that
we
should
emulate.
A
A
lot
of
those
pages
have
now
been
deprecated,
but
I
do
have.
I
do
have
some
like
links
like
istio
and
a
couple
other
projects
where
they
just
had
much
better
multi-tenancy
documentation
than
the
kubernetes
project
did
natasha.
D
Can
you
share
the
link,
yeah,
look
as
well.
C
Yeah
I
was
just
gonna
mention
that
kubernetes
docs
does
have
like
concepts.
You
know
they
they
talk
about.
Other
things
like
pod.
Security
is
a
great
example
right,
which
started
out
as
an
implementation
moved
up
into
a
conceptual
thing,
and
then
now
there's
various
implementations
that
can
fulfill
that
concept
right.
So
I
think
we
can
take
a
similar
approach.
There
have
been
contributions
like
one
thing,
we're
doing
from
the
policy
working
group
is
we're
creating
a
a
paper
on
kubernetes
policy
management
which
will
go
into
the
kubernetes
github
repo.
C
Maybe
most
of
us
here
perhaps
take
a
lot
of
this
for
granted
at
this
point,
but
certainly
there's
a
lot
of
interest
and
questions
around
the
topic
so
having
a
set
of
guidance
and
guidelines
to
say
what
the
different
tenancy
models
are,
how
you
would
you
know,
go
about
implementing
them
and
testing
for
them
certainly
would
be
very
helpful
and
it
should
be
possible
to
point
to
project
pages
from
there
as
long
as
they're
projects
and
not
third-party
or
vendor
tools.
Things
like
that
there
are.
C
You
know
I've
seen
guidelines
from
cncf
on
how
to
put
disclaimers
and
make
that
a
self-service
process.
So
if,
for
example,
if
folks
from
loft
or
we
cluster
also
want
to
list
their
projects
and
show
how
they
implement
the
same
concepts
right,
so
we
could
follow
that
similar
approach
as
well
for
multi-tenancy.
B
Yeah,
I'm
just
looking
at
the
tasks
page
right
now
and
I'm
seeing
like
administering
with
cube
adm,
which
I
think
is
not
a
core
component
or
is
it?
Is
it
a
car
component.
F
B
And
you
know,
there's
a
thing
about
using
core
dns
for
service
discovery
like
core
dns
is
definitely
not
part
of
core
gates,
and
so
I
mean
I
think,
that
they
using
a
kms
provider
for
data
encryption
like
I
think
that
there's
and
then
a
couple
things
about
namespace
is
share
a
cluster
with
namespaces.
I
wonder
who
wrote
that
I
think
that's
probably
a
pretty
old
tutorial
at
this
point
or
task
but
yeah.
I
think
that
there
is,
I
think,
putting
this
under
the
tasks
we
might
be
able
to.
B
We
might
be
able
to
get
away
with
that.
Oh
sorry,
tesh
is
suggesting
something
this
used
to
be
a
doc's
page,
and
it's
now
a
blog
yeah.
I'm
not
loving
the
idea
that,
like
permanent
documentation,
goes
into
blogs.
A
Well,
I
always
from
a
you
from
a
usability
perspective.
I
think
that
the
kubernetes
docs
leave
a
lot
to
be
desired
from
helping
new
or
confused
users
about
just
how
to
navigate
kubernetes
in
general.
I
think
that
they're
good
at,
like
the
first
touch,
kick
the
tires,
kubernetes
the
hard
way
kind
of
style
but
like
when
it
comes
to
actually
like
help
me
set
this
thing
up
for
production
like
they're,
not
good
right,
and
so
what
we're
discussing
adding
here
is
actually
like
a
fairly
advanced
set
of
documentation.
A
C
So
is
this
something
we
should
maybe
discuss
in
in
the
next
cigar
meeting
or
seek
security
or
one
of
those
sigs
and
sort
of
get
a
sponsor
for
this
or.
A
I
don't
know
that
we,
so
what
what
I
would
suggest
is
that
we
just
outline
what
we'd
like
to
do
and
start
circulating
it.
Okay
and
then
we
can
also
invite
people
to
participate.
You
know
it's
easier
for
people
to
know
how
to
participate.
If
you
can
have
a
jumping
off
point
for
them,.
F
A
A
As
long
as
we
have
like
scoped
projects
that
still
need
sort
of
continual
coordination,
then
we
can
keep
the
working
group
going
and
then,
when
we've
run
out
we're
just
kind
of
like
yeah,
okay
spin
it
down,
and
you
know
I
wouldn't
be
surprised
if,
if
we
spin
it
down
in
the
next
six
to
12
months,
I
wouldn't
be
surprised
if
at
some
point
it
got
spun
back
up.
C
A
You
know
as
because
it's
like
kind
of
like
the
waves
of
like
interest
in
the
topic
and
just
ability
to
pay
attention.
I
think
there's
so
much
going
on
right
now
that
people
just
don't
have
a
lot
of
extra
bandwidth.
The
other
thing
I
would
say
is
that,
especially
for
a
project
like
this,
it
could
be
an
opportunity
for
us
to
partner
with
the
linux
foundation
with
some
interns,
potentially,
if
we
had
like
some
scoped
work
there,
so
that
might
be
a
way
to
get
some
kind
of
boots
on
the
ground.
F
Yeah,
that
sounds
good.
Another
thing
that
we
can
sorry
go
ahead
or
was
that
feedback?
Okay,
so
I
mean
if
we
do
decide
to
stick
around,
we
could
discuss
changing
the
cadence
of
the
meetings
too
to
once
a
month,
and
you
know
have
a
and
then
we'd.
If
we
even
if
we
don't
have
an
agenda,
we
can
just
get
an
update
on
the
sub
projects
and
I
don't
know.
B
A
Yeah
and
in
the
meantime,
if
people
do
have
additional
approaches
to
multi-tenancy
that
they
want
to
kind
of
bring
to
the
working
group,
we're
super
happy
to
work
with
them
as
appropriate.
You
know
it's
just
that.
We
have
identified
an
ongoing
project
that
we'd
like
to
resolve,
so
we're
not
going
to
spin
down
the
working
group
right
now.
D
Yeah,
I
think
I
think
our
models
are.
People
can
leave
the
same
order
for
new
projects
if
they
want
to
get
a
sponge
or
get
a
support
for
what
working
group
and
it's
fix
our
scope.
I
think
we
we
we
can
support
them
right.
I
mean
going
through
the
previous
process
of
hnc
and
the
virtual
cluster
is
kind
of
we
incubate
from
working
group
get
get
feedback,
get
people's
attention,
you
know
and
in
the
end
they
can
choose
to
graduate
to
their
either
seagull
repo
or-
or
even
I
mean
separate
repo.
D
I
think
it's
also
okay.
I
think
we
can
do
that,
but
you
I
mean
on
other
hand,
people
can
directly
open
sources,
some
other
github
directory.
I
mean
it's
also,
okay.
I
personally
feel
this
model
works
well,
in
the
sense
that
I
can
get
expertise
in
this
area
get
a
lot
of
feedbacks.
B
F
Is
it
somebody
else?
I
think
I
think
technically
sig
off
owns
it,
because
the
the
multi-fancy
working
group
is
sponsored
by
sigoth,
so
I
think
technically
they
inherent
it.
But
that
is
that,
yes,.
B
Is
that
the
right
place
for
it?
Like
I'm
afraid
I
don't
know
much
about
what
what
your
sick
does
from
this
perspective,
like
I
mean
I
can
I
can
or
do
do
you
do
anything
in
terms
of
like
document
like
owning
documentation,
or
is
it
all
about
like
actually
improving
kubernetes,
to
make
it
more
usable,
okay,
yeah?
So
that's
that's
the
wrong
place
so
yeah,
probably
a
combination
of
sig
off
or
then
sick
multi-cluster
for
the
stuff.
Well,.
C
F
A
C
Yeah
so
yeah,
I
haven't
attended
six
security
or
six
security
docs
meetings,
but
I
know
that
both
of
those
you
know
there
are
so.
For
example,
there
was
a
threat
model
for
admission
controllers,
which
is
being
published
under
six
security
docs,
which
I'm
partially
involved
with.
So
maybe
that
is
a
good
forum,
or
at
least
you
know,
a
good
good
place
to
have
a
discussion.
C
B
That
might
be
a
good
place
to
own,
like
the
top
level
documentation,
because,
like
it's
one
thing,
that's
like
oh
go
to.
You
know
sick
multi-cluster,
to
see
all
the
details
on
how
to
run
virtual
clusters.
But
how
are
you
going
to
land
there
in
the
first
place
and
I
think
that
yeah
63
seems
like
a
reasonable
place
for
that
top
level,
one
to
say
like
yeah
go
here.
If
you
want
something,
that's
more
cluster-like
go
here.
B
A
Yeah
yeah,
I
have
a
feeling.
The
better
home
is
probably
going
to
end
up
being
sick
off
and
if
there's
any
way
that
we
can.
A
I
was
gonna
say
automate
the
generation
of
documentation
from
the
code
like
because,
like
you're
right
like
as
soon
as
you
publish
it,
it's
out
of
date
right
like
so
that's
just,
I
think,
probably
just
pushing
people
to
the
github
repo
like
having
something
super
high
level
in
the
docs
is
probably
the
best
way
to
go.
B
C
Just
point
them
to
the
blog
post,
right
and
anytime,
I
get
a
question
that
seems
to
answer
most
of
the.
You
know
at
least
initial
questions
for
folks
who
are
trying.
F
F
See,
I
guess
the
questions
I'm
answering
are
yeah.
How
do
you
secure
it
at
the
os
level
for
the
like
containers
and
that
kind
of
stuff,
because
that's
what
you
care
about
from
like
a
production
perspective?
But
you
know
we
were
also
running
on
prem,
so
we
didn't
have
bottle
rocket
and
other
things
so.
F
So
yeah,
I
guess
like
to
me
that
that
would
be
ideal
is
if
we're
like
hey.
This
is
how
you
can
actually
deploy
from
nothing
to
something
a
multi-tenant
kubernetes
cluster.
You
know
in
you
know,
and
then
we
can
have
volunteers
for
different
cloud
vendors
to
say
this
is
how
you
could
do
it
specifically
for
gcp
versus
aws
or
the
considerations
or
differences,
but
yeah
a
lot
of
it
is,
I
don't
know
a
lot
of
the
kubernetes
things
I
think
to
tasha's
point.
F
Is
it's
assumed
that
you
are
an
expert
in
all
the
things
and
then
you
deploy
kubernetes
on
top
of
it
and
then
you
can
get
started,
but
going
deep
is
very
difficult,
so
doing
like
actual
secure,
multitask
multi-tenancy
at
the
lower
levels
with
like
kata.
If
you
don't
use
qatar,
you
know
you're
looking
at
some
of
the,
I
think
it's
intel's
working
on
secured
workloads,
I
think
kubernetes
you
know
you
have
to.
F
I
don't
know
you
have
to
dive
deep,
and
so
I
don't
know
if
we
need
to
solve
that
problem.
But
it
is
not
like
you
know.
The
you
know,
using
hnc,
can
give
you
somewhere,
but
it
my
my
concern
is:
gives
people
a
false
sense
of
security
right
like
they
think
that
they're
secure,
because
they're
using
hnc
and
like
we,
I
don't
even
think
our
our
our
agency
docs,
really
dive
into
all
right
now
that
you
have
hnc
and
you
can
do
self-service
namespaces.
F
F
So
I
guess
I
don't
know
what
the
right
answer
is.
I
just
think
that
you
know
we.
I
think
we
need
to
make
it.
Maybe
it's
just
a
decision
of
hey
if
you're
reading
these
docs,
we
assume
you're
an
expert
in
kubernetes
and
if
you're
a
beginner
go
read
all
these
things
first
right
or
this
is
like
an
expert
or
intermediate
level.
B
Yeah,
I
would
want
to
aim
for
intermediate
level.
I
don't
think
that
this
would
be
appropriate
for
total
beginners.
I'm
worried
about
trying
to
build
the
boil
the
ocean
too
yeah
like
if
we
want
to
do
a
sort
of
kelsey
hightower.
You
know
kubernetes
the
hard
way
from
the
ground
up.
You
know
make
some
sand
to
make
your
first
computer
chip.
It's
like
it's
like,
there's
a
lot
to
know
and
even
like
security
best
practices,
like
you
know,
least
privilege
and
stuff,
like
that,
I
don't
think
we
can
teach
all
of
that.
B
I
think
that
there's
so
much
that
you
need
to
know
that,
basically
having
an
idea
of
what
the
high
level
patterns
are
and
saying,
like
you
know,
understand
like
we
can't
solve
all
of
your
problems
right
like
if
your
tenants
are.
If
you
have
specialized
problems,
then
you
know
you're
going
to
need
to
go
below
the
level
of
of
whatever
we
can
give
in
sort
of
broad
overviews,
but
we
could
at
least
highlight
what
are
some
of
the
main
solutions,
either
like
software
products
or
or
patterns
and
their
limitations
and
say
like
okay.
B
So
none
of
these
things
that
we've
done
actually
secure
the
os
level
so
if
you've
got
so,
if
you,
if
you
think
that,
like
you
know,
docker
or
I
guess,
runs
or
whatever,
if
that
is
not,
if
that
is
not
secure
enough
for
you,
then
you
can
go
check
out
these
things,
but
you
have
to
understand
the
trade-offs
of
them
right.
C
And
we
did,
you
know,
provide,
and
I
just
pasted
the
link.
I
was
checking
on
what
we
put
in
the
blog
post,
so
we
did
cover
at
least
at
a
very
high
level,
all
of
those
items
as
a
checklist
to
say
you
know
you
need
to
think
of
security,
no
matter
which
multi-tenancy
model
you
implement,
even
if
it's
a
single
tenant
cluster
really
all
of
this
still
applies
right.
B
Ironically,
my
my
mission
was
always
to
get
rid
of
the
word
tenant
completely
because
I
hate
the
word
tenant.
So
maybe
this
will
be
my
one
last
chance
where
I
can,
where
I
can
try.
B
Yeah,
I
guess
like
tenant,
is
a
great
umbrella
term,
but
it
describes
no
use
case
as
well
like
a
tenant
is
always
an
application
or
a
team
or
a
person
or
like
a
sas
consumer
or
so
like,
and
that's
the
thing
it's
like.
I
always
want
to
say
like
okay,
it's
great
and
I
think
it's
a
great
idea
to
have
like
how
to
set
up
a
multi-tenant
cluster.
B
B
B
F
Another
thing
I
guess
to
bring
up
from
working
is:
in
the
past
we
had
discussed
once
we
had
a
quorum
of
what
multi-tenancy
means
in
kubernetes
to
start
pushing
for
core
features
to
start
implementing.
Some
of
that
as
a
potential
kind
of
sounds
like
we've,
given
up
on
that
hope.
Since
it's
highly
unlikely,
I
guess
it's
worthwhile
to
confirm.
If
that's
you
know,
if
that's
something
we
still
gonna
want
to
consider
doing
or
if
we
think
you
know,
these
tools
are,
are
better
suited
for
the
use
cases
that
we're
trying
to
solve.
B
F
Yeah
from
the
from
the
control
plane
perspective,
though,
there's
still
some
gaps.
You
know
that
you
know
well
that
virtual
clusters
kind
of
solved
some
of
it,
but
you
mean,
like
you,
mean.
B
Data
plane
security,
correct
yeah,
actually
tried
to
set
this
up
myself
was
that
things
like
all
rocket
kata
gvisor
are
solutions
to
that.
Is
that
not
did
you
not
agree
with
that
and
maybe
astio
on
the
on
the
l7
networking
side.
F
Well,
yeah
so
yeah
through
third-party
products.
I
guess
yeah
you
can
get
to
some
resemblance
of
like
a
networking
but
they're
still
yeah,
I
mean
technically,
I
think,
yeah.
I
can't
think
of
any
immediate
gaps.
I
mean
well
there's
the
pvc
problem
is
a
continued
issue,
but
that's
largely
solved
with
dynamic
pvcs
now
but
yeah.
I
guess
I
don't
know.
B
F
B
Yeah,
we've
we've
looked
into
it
so
many
times
like
I've,
looked
into
it,
jordan,
like
it's,
looked
into
it.
It's
like
I,
and
I
think
that
like
you'd,
have
to
fundamentally
revamp
the
api
in
a
breaking
way
and
the
demand
isn't
there,
given
the
things
like
vc
exists,
right,
likes
and
so
like.
If
that's
your
problem,
if
the
problem
is
that
you
have
different,
your
different
tenants
need
different
views
of
the
kubernetes
universe
or
the
kubernetes
like
the
the
resource
model.
The
krm
resource
model
then
get
a
different
cluster
like
on
the
manage
clouds.
B
That's
easy,
and
now,
thanks
to
virtual
clusters
on
on-prem,
it's
pretty
easy
as
well
release.
I
say
that
having
never
tried
it
at
least
it
should
be
at
least
it's
possible
right
yeah.
I
mean
that's
fair
and
we
have
like
multiple
examples.
I
think
apple's,
probably
being
the
most
prominent
of
them,
who
are
actually
doing
this.
C
Yeah,
there
was
also
that
article
from
salesforce
right
on
how
they
kind
of
use
one
common
control
plane,
but
just
segregated
hosts
right
for
different
workloads.
So.
D
Yeah,
I
was
trying
to
point
to
the
same
thing,
so
I
think
jim
just
looking
at
advanced
rear
event,
so
the
hyper
force
kind
of
what
sales
force
guys
was
building.
So
I
was
thinking
so
I
mean
our
brand
problem.
Exactly
is
not
I'd
rather
say
we
are
trying
to
resolve
a
path.
I
mean
a
past
problem,
not
not
exactly
an
infra
problem,
so
in
the
sense
that
there's
no
consensus,
everybody
has
this
past.
There
is
no
consensus,
everybody
has
their
own
opinion,
so
they
are
so
so
that's
the
reason.
D
Every
time
I
want
to
talk
about
multi-tenancy.
The
first
thing
I
want
to
define
the
scope.
So
exactly
like
anchoring
does
what
is
a
tenant?
I'm
going
to
just
talk
about
this
tenant
in
my
entire
context,
I'm
not
going
to
talk
about
anything
else,
so
yeah
yeah.
I
guess
I
guess
my
feeling
is.
If
we
want
to
document
something
we
try
to.
We
should
probably
highlight
the
point.
D
B
I'd
be
willing
at
an
undefined
undefined
point
in
time
to
give
a
first
cut
at
this,
because
I
am
interested
in
helping
to
write
the
sort
of
canonical
docs,
at
least
for
the
next
year
or
two
so
yeah,
and
I
have
some
some
cycles
to
help
as
well.
D
B
F
B
With
the
idea
that
we'll
go
into
the
kubernetes
tasks
page
and
the
page
will
be
oh
thanks-
laura
that
would
be
great
and
yeah.
I
think
that
our
pla,
our
let's
say
that
the
place
that
we
would
want
to
put
it
would
be
well.
B
My
initial
thought
is
we
put
it
under
tasks,
slash
like
setting
up
a
multi-tenant
cluster
or
something
like
that,
but
there's
a
lot
of
stuff
in
those
tasks,
and
so
I
want
to
find
some
way
to
make
sure
that
it's
more
as
discoverable
as
possible
as
well,
so
just
spend
a
little
bit
of
time,
figuring
out
where
to
put
it
to.
D
D
E
B
G
And
if
you
get
pushed
back,
you
can
probably
throw
it
under
the
extending
kubernetes
section
as
well.
G
G
B
A
I
mean,
I
think,
it's
kind
of
it's
up
to
you
jim,
like.
If,
if
it
was
me,
what
I
would
do
is
is
sort
of
sketch
out
an
outline
of
what
we
want
to
do
and
then
just
circulate
it
with
them.
But
you
know.
C
Yeah,
that
sounds
good.
Let's,
let's
start
with
the
outline
and
then
we
can
certainly
share
on
the
right
slack
channels
and
look
for
feedback
and
if
there's
enough
interest
or
if
other
folks
want
to
participate,
we
can,
you
know
invite
them
to
join
in.
A
Yeah,
that
would
be
awesome,
and
I
think
you
know
getting
those
eyes
on
whatever
docs
we
have,
as
for
viewers
will
definitely
be
awesome,
and
if
anybody
has
the
cycles
to
contribute,
that
would
be
super
cool
too.
B
Oh
sorry,
can
you
can
you
hear
me
yep
yeah,
yeah,
yeah,
okay,
sorry,
everybody
else's
video
has
disappeared.
For
me,
laura
can
you
just
add
your
email
address
to
the
doc
or
unless
somebody
else
knows
how
to
get
in
touch
with
her.
B
I
was
going
to
start
a
doc
for
actually
writing
the
documentation,
but
if
you
wanted
to-
but
I
was
thinking
more
about
like
the
proposal
of
what
we're
going
to
do-
which
we
just
tash
is
saying
then
want
to
circulate
to
the
different
cigs.
B
A
Cool
okay,
well
great
meeting
everybody
lovely
to
see
everyone's
faces
after
such
a
long
time
and
yeah,
maybe
I'll
make
a
pull
request
and
try
to
change
this
to
once
a
month
instead
of
every
two
weeks,
but
dealing
with
the
community.
Repo
is
one
of
my
least
favorite
activities.
So
I
might
it
might
take
me
a
little
while.
D
E
Sure
that
would
be
great,
so
that
would
be
two
weeks
from
now
or
one
month
so.
B
Cool
help
me
off
I'll
I'll,
be
up
by
then,
so
I
won't
be
attending
the
next
meeting.
So
if
you
wanted
to
push
it
to
like
mid-january,
people
might
be
going
on
vacation
in
mid-december.
Like
me,.
A
A
Okay,
I'll
look
at
the
dates
and
suggest
something
to
chow
chow.
Are
you
in
the
are
you
in
the
slack
channel.
E
Yeah,
I'm
I'm
not
sure,
maybe.