►
From YouTube: KubeVirt Community Meeting 2023-08-30
Description
Meeting Notes: https://docs.google.com/document/d/1nE09vQWcCTW-9Ohe9oCldWrE0he-T_YFJ5D1xNzMtg4/
A
All
righty
we
three
minutes
past
the
hour,
so
we
may
as
well
get
started,
welcome
everybody
to
August,
not
October,
August,
the
30th
2023
cubert
community
meeting.
Thank
you
very
much
for
joining
us,
as
I
said
for
those
who
have
just
joined.
If
you
could
please
pop
your
name
at
the
top
of
the
attendees
list,
it's
always
nice
to
know
who
attended
these
meetings.
A
Is
there
anyone
new
here
that
would
like
to
take
this
opportunity
to
introduce
themselves
and
by
new?
We
also
can
include
people
that
have
maybe
worked
in
this
meeting
before,
but
haven't
actually
introduced
themselves
and
would
like
to
like
to
do
that
now.
B
Hello
folks,
I
just
joined
actually,
so
my
name
is
Daniel.
Crook
I've
just
joined
the
cncf
staff
as
well,
so
helping
out
with
individual
projects
maintainer
satisfaction
as
well
as
tag
and
and
Toc
satisfaction
with
the
services
that
cncf
provides.
So
it's
my
first
Cube
meeting
so
happy
just
to
listen
in
and
see.
What's
what's
what.
A
A
A
We've
got
nothing
so
I
think
if,
if
either
Daniel
O'brien
on
the
line,
maybe
they
can
confirm
that
we
have
a
1.1
Alpha
that
was
tagged
last
week
from
memory.
It
was
a
tagged
on
the
22nd,
but
there
was
no
reason
not
to
tag
at
the
end
of
last
week.
C
D
That
the
someone
don't
want
it
to
be
tagged,
I.
A
Perfect,
thank
you.
Apart
from
that,
we
don't
have
anything
here
until
the
12th
of
September,
so
we
can
close
that
out
our
events.
This
is
a
little
out
of
date
because
the
cfp
to
Sri
Lanka
has
closed,
but
you've
still
got
a
few
hours
to
apply
for
the
kcd
Texas.
A
If
you're
in
the
area,
I've
also
got
kcd,
Denmark
and
open
source
Summit
Japan
for
people
who
are
able
to
make
those
and,
as
usual,
if
you're,
aware
of
a
of
an
event
or
a
conference
that
you
think
Cuba
should
be
part
of
or
you've
you've
put
a
CFB
into,
or
you
would
like
to
attend.
Please
let
me
know,
and
I
can
add
it
to
that
Wiki
and
we
can
promote
it
and
get
some
other
people
there
all
right.
A
So
the
only
thing
on
our
agenda
at
the
moment
is
our
Google
summer
of
code
mentee.
The
Tish
karatek
is
here
to
give
a
short
presentation
on
the
work
that
he's
been
doing
as
part
of
the
the
initiative
and
his
involvement
with
the
community
so
I'll
hand
over
everything
to
nitish.
E
Yeah,
hello,
hello,
everyone
I'm
currently
attending
my
undergraduate
studies
at
IIT
Varanasi
in
India,
so
yeah
I
hope.
My
screen
is
visible
and
yeah
I'll
be
talking
about
what
I
did
as
a
part
of
the
Visa
program
for
just
20
minutes.
E
So
yeah
this
project
is
about
generating
second
profile.
E
Second,
profiles
for
keyword-
word
one
supports
so
so,
if
you
want
to
know
like
what
second
place,
then
yeah.
E
F
E
And
so
containers
have
support
for
second,
so
they
allow
you
to
apply
a
second
profile
and
then
like
you'll,
be
able
to
restrict
the
list
of
systems
that
are
out
for
a
particular
container,
so
both
different
containers
Docker,
although
this
image
is
specific
for
doctors,
like
other
containers-
also
support
that.
So
it
helps
us
to
reduce
the
attack
surface
of
containers
on
pods
yeah
yeah.
So
we
also
have
support
for
say,
prompt
and
Cube,
but
as
well.
E
So
this
PR
over
here
is
the
one
that
support
for
Safe
Company
Cube,
but
from
using
this
feature
gate,
it's
called
yeah
keyboard,
circum
profile
you'll,
be
able
to
specify
your
second
that
allows
you
to
list
what
are
the
ciscals
that
will
be
allowed
for
a
particular
record.
So
in
our
case
that
will
be
word
launcher
mode,
so
yeah
this.
This
PR
allows
us
allows
us
to
do
that,
and
this
project
is
sort
of
like
an
extension
to
that
particular
to
that
PR.
We
can
say
that
and.
F
E
The
problem
with
that
was,
it
was
also
mentioned
to
this
payroll
itself.
So
the
thing
is
that
currently
we
are
using
default
profiles
default
profiles
provided
by
cras,
so
but
those
will
not
be
accurate
because
it
will
depend
on
the
workload
of
the
Pod
as
to
like
what
are
the
systems
that
needs
to
be.
You
know,
blocked
or
what
or
the
Cisco
that
needs
to
be
allowed
right,
so
yeah
it
might
block
necessarily
systems
are
allow.
One
of
them
is
calls
so.
F
E
The
reason
like
that
why
it
will
not
be
United
solution
for
us,
so,
for
example,
if
we
take
crio
denies
user
fault
to
Ft
as.
E
Yeah
they
allow
it
so
this
this
sort
of
shows
the
difference
between
the
different
container
regions
and
how
they
treat
differences,
calls
so
yeah,
and
the
solution
for
us
is
to
trace
the
Cisco
that
are
made
by
the
workmanship
fraud
from
the
starting
to
till
its
end
and
then
like.
E
Since
we
have
a
functional
test
suit,
like
we
can
sort
of
imitate
what
the
workload
operations
will
be
till
it
ends
and
then
like
they
can
use
that
to
generate
a
you
know,
a
pretty
accurate
second
profile
for
the
work
launch
support,
although
one
thing
to
note
here
is
that
this
still
will
not.
So
this
will
actually
depend
on
how,
like
the
worker,
that's
going
to
be
running
inside
the
virtual
support
right.
E
So
it's
essentially
going
to
be
dependent
on
the
VM,
but
this
particular
project
is
out
not
like
it's
not
so
that
consider.
That
is
not
taken
into
consideration
with
this
project.
So
we
are
only
considering
whatever
systems
that
are
made
by
the
virtual
support
from
the
time
it
starts
and
then
like
it.
E
So
we
are
basically
using
a
constant
export
of
the
way
to
figure
out
like
what's
just
called
server,
2017,
so
yeah,
and
if
we
look
at
the
ways
to
some
ways
to
trace
this
codes
like
there
are
a
bunch
of
tools
available
out
there,
so
we
have
SPF.
We
have
this
big.
We
have
you.
E
E
Profiles
have
this
field
called
action.
They
can
say
that
so
that
allows
it
that
sort
of
depends
like
what
what
that
particular
profile
is
supposed
to
do.
That
means
like
if
I
have
a
deep
if
I
have
an
action
and
then
like
I
have
a
list
of
systems
there.
Then,
if
that
action
is
to
block
them,
then
it
will
block
it,
and
if
the
action
is
still
all
of
them,
then
it'll
allow
those
resources
calls.
E
So
with
that,
like
we
have
this
action
called
a
log
action,
so
essentially
what
it
does
is
that
it
will
just
whatever
this
is
a
list
of
ciscals
that
are
mentioned
in
the
profile.
It
will
lock
those
it'll
lock,
those
to
the
you
know,
audit
file
or
the
login,
whatever
the
default
so.
E
Yeah,
so
one
thing
note
here:
it's
very
it's
very
easy
to
implement
and
we
don't
actually
have
a
lot
to
maintain
here
when
we
use
this
approach.
But
the
problem
is
that,
like
the
information
that
we
are
going
to
be
getting
in,
the
logs
are
pretty
limited.
We
won't
have
access
to
things
like
physical
arguments,
which
we
might
be
interested
in
when
we
are
when
we
want
to.
When
you
want
to
have
more
control
over
how
we
are
going
to
filter
the
yeah
and
yeah.
E
There
might
be
some
difficulties
in
distinguishing
between
different
parts,
because
the
thing
is
like
when
you
have
a
when
you
have
when
you
have
the
same
circum
profile
applied
to
two
or
three
different
parts
and
then
like
they'll,
all
be
sending
the
log
messages
to
a
single
file,
and
we
won't
really
have
I
mean
we
can't
have
do.
We
can
do
some
work
around,
but
it'll
be
a
hearty
stuff.
E
It
will
be
a
happy
thing
to
do
so
because
of
that
it'll
it'll
be
a
little
bit
difficult
for
us
to
distinguish
this
calls
made
by
different
parts
so
yeah.
So
this
is-
and
we
also
have
this
tool
called
case-
Trace.
E
E
Into
the
you
know,
container
runtime
life
cycle
and
then
like
do
some
stuff,
so
we
have.
Essentially,
we
have
free
start
post
start.
So
what
did
also
do?
Is
that
like,
if
you
have
Nancy
of
the
container
on
time
and
then
like
before
it
starts
the
content
process?
It
allows
us
to
run
something
just
before
that,
so
this
will
also
give
us
access
to
informations
like
the
process,
ID,
PID,
namespace
of
the
container
process
and
stuff
like
that
and
a
bunch
of
other
stuff.
E
So
this
might
be
something
that
we
can
use
to.
You
know
get
rid
of
the
issue
that
we
had
just
with
the
case
space,
the
synchronization
issue
so
yeah,
so
this
might
be
a
solution
for
that
so
and
yeah,
one
of
the
one
of
the
tools
or
one
of
the
projects
that
made
use
of
that
is
this
project.
E
So
it
makes
things
of
I'll
share
the
link.
E
You
know
figure
out
like
what
is
the
the
particular
point
of
time
where
the
content
before
the
container
starts
up.
You
know
what
is
the
processity
and
what
the
process
is
going
to
be
and
then,
like
you
can
start
tracing
right
after
the
Pod
starts.
So
that's
for
the
different
discounts
but
yeah
one
problem
with
this
is
that,
like
it
doesn't
have
only
CRA
crio
supports
this
continuity,
and
other
implementations
do
not
have
support
for
this,
so
that
is
that
will
be
a
limitation
for
us.
E
Although
its
scope
is
beyond
this,
but
still
like
we
can,
we
can
make
use
of
Falco
to
Texas
calls
for
us,
so
yeah,
it's
robust
and
well
tested,
and
there
are
no
compatibility
issues
and
the
issue
that
we
had
with
our
approach.
Other
approaches,
those
are
not
there
with
qualco,
so
yeah
Falco
was
a
better
solution
compared
to
other
things.
So
we
decided
to
use
calcul
and.
F
E
Like
there
were
some,
there
are
some
other
issues
as
well
with
the
approaches
that
are
not
that
important
as
compared
to
what
I've
taught,
but
those
are
all
documented
in
the
documentation.
I
have
written
in
the
problem
and
I'll
channel
into
that
soon,
but
yeah
yeah.
E
E
D
E
You
can
see
yeah
a
pretty
detailed
description
of
the
research
that
we
have
done
and
how
yeah
how
it's
been
implemented
and
instead
of
dog
supporter,
you
will
be
able
to
see.
I
have
I,
have
more
dogs
describing
the
things
that
are
desktop.
E
And
so
yeah,
so
we
decided
to
build
a
tool
that
basically
makes
use
of
Falco
to
generate
to
yeah
yeah
and
then
automatically
generates
a
compropelled
for
that
particular
part.
So
we
decided
into
not
limited
to
the
cubeworks
use
case,
but
also
to
make
it
generalize
so
that,
like
other
people,
can
do
something.
So
so
the
basic
architecture
looks
something
like
this.
E
We
have
a
CLI
client
and
we'll
have
these
components
that
will
be
deployed
inside
each
nodes,
so
little
bit
about
the
product
name
and
sets,
and
so
this
component
has
an
API
server
running
inside
of
them,
and
so
that
will
be
the
point
of
control
for
a
point
of
communication
between
the
CLA
client
and
the
API
server,
and
we
have
so
the
way
it
works.
Is
that
like
as
soon
as
the
as
soon
as
you
deploy
it
like?
E
It
will
start
configuring
the
Falco
inside
your
node
and
then
like
it
will
make
sure
that
it's
make
sure
that
it's
ready
to
trace
right
and
once
we
Center
request
once
we
send
the
request
from
the
client
to
start
pressing
a
particular
pod,
it
can
yeah
I.
E
Can
the
the
API
server
like
we
will
spin
up
of
alcohol
process
that
will
start
pressing
that
particular
part
and
the
results
will
be
stored
in
the
data.json
file
and
then,
once
you
start
tracing
it,
we'll
collect
all
those
information,
like
all
those
lots
from
different
nodes
and
then
the
CLA
client
will
process
those
and
generate
the
appropriate
second
profile.
So
this
is
the
architecture,
that's
actually
very
simple
and
yeah.
E
If
you,
if
we,
if
you
take
a
look
at
how
it
that
you
look
so
so,
I
have
recorded
a
demo
so.
C
We
can
say
here
the
okay,
second
generator
Reaper.
C
E
It's
all
about
now.
Are
you
able
to
see
the
that.
E
Okay
so
yeah,
basically
here
I
have
a
cluster,
that's
running
a
qubit,
and
so
this
is
one
of
the
components
that
I
showed
in
the
diagram.
We
have
the
system,
spacer
chord,
that
will
that
will
be
managing
things
that
are
happening
each
other
and
we
have
a
pretty
normal
cluster
that
we,
that
is
spun
up
with
the
make
cluster
of
command.
E
So
yeah
one
thing
is
that
like
as
I
mentioned,
so
we
have
so
the
we
haven't
figured
out
a
way
to
away
for
the
CLI
client
and
the
component
is
going
to
be
running
inside
the
cluster.
We
haven't
figured
out
a
way
for
them
to
communicate
with
each
other.
So
right
now,
for
the
time
being,
we
have
used
for
port
forward
to
allow
to
facilitate
that
thing,
but
yeah.
So
that's
why
we
have
this
property
company
here.
E
So
here
I'm,
basically
running
the
CLA,
client
and
I'm,
saying
tray
start
and
I'm,
giving
the
so.
E
Yeah
I'm
giving
I'm
I'm
telling
you
to
start
tracing
a
pod
with
the
label
cuber.io
and
the
value
of
that
label
should
be
word
launcher,
but
it
essentially
starts
pressing
the
word
pencil
box
and
now
yeah
I
just
wait
for
a
minute.
E
So
yeah
what
I
did
after
that
was
I
started
a
dma
ephemeral.
E
I'm,
creating
a
virtual
missing
instance,
a
simple
one
to
yeah
to
see
if
it
starts
raising
those
CIS
calls
made
by
this
particular
work
from
support.
E
So
now
I
wait
till
sometimes
so
that
it
starts
it
starts
making
success
calls
that's
a
part
of
the
startup
process.
It
also
makes
such
discounts,
so
those
will
also
be
recorded.
So
we
should
be
able
to
see
them
so
I'm,
just
waiting
till
here.
E
So
now
I've
I've
stopped
training
and,
as
you
can
see
like
it
started
it
generated
the
second
profile
using
the
list
of
physicals.
That
word
concept
made
that
particular
Port
made
till
the
moment.
I
stopped
breaking
so
yeah.
This
is
a
pretty
basic
second
profile
that
is
generated
so
way
that
we'll
be
able
to
make
use
of
this
is
to
will
start
tracing
once
our
one
server
Transit
part
starts
and
then,
like
we'll
start
running
tests
on
that
and
then
like
yeah
till
it
till
the
test.
E
End
will
be
iterating
that
and
then,
at
the
end
like.
If
we
stop
it,
it
will
be
we'll
have
the
list
of
just
calls
and
then
it
will
have
the
generatives.
They
come
profile
for
that
support.
So
maybe
this
can
be
integrated
into
the
cact
pipeline
and
for
every
release.
Maybe
we
can
add
yeah.
It
automatically
generate
the
second
profile
for
support
and
yeah.
E
So
yeah
that
was
a
demo
and
obviously
like
there
are
a
lot
of
things
to
improve
on
this.
This
is
just
a
sort
of
0.1
version
of
that
tool,
so
yeah
so
for,
for
example,
like
we
need
to
support
for
filtering
based
on
physical
arguments,
so
yeah
we
have
so
we
have
this
called.
So
we
have
the
ability
to
add
the
argument.
E
I
mean
filter
based
on
the
arguments
given
towards
is
called
in
the
second
profile,
so
we
have
the
ability
to
do
that
as
well,
and
we
have
tested
that
Talco,
which
Falco
will
be
able
to
get
the
list
of
get
the
CIS
called
arguments
as
well.
That
information
is
also
available
so
we'll
we
can
make
use
of
that
and
we'll
be
able
to
implement
this
particular
feature
in
the
tool
and
yeah.
So
there's
one
so
with
the
deployment.
E
It
is
different
on
the
OS
distribution,
for
instance,
like
we
have
different
so
for
Centos,
a
streamate
like
we
have
different.
E
Yeah,
so
so
installation
process
is
a
little
bit
different
for
a
different
OS
distributions
so
essentially
because
the
package
manager
is
different
for
different
distribution.
So
that's
the
that's
the
main
reason
so
we'll
have
to
have
different
Docker
images
for
different.
E
We
can
add
a
feature
where
we
generate
the
second
profiles
based
on
the
VM
definition.
We
try
to
predict
like
what
that
what
the
system
that
will
be
making
the
VM
will
be
making
based
on
its
definition,
yeah
or
yeah,
or
the
configuration
of
keyword,
that's
yeah,
that's
different
contact.
So
that's
a
different
topic.
It's
out
of
the
scope
of
this
project,
but
also
these
are
some
a
couple
of
improvements
that
we
can
make
and
so
in
the
reposit
itself.
I
have
issue
where
we
interactive
progress.
So,
okay.
E
So
yeah,
that
was
what
I
wanted
to
share
and
we
have
the
link
to
the
project
docs,
which
is
essentially
the
same
thing.
I've
already
shared
the
link,
and
we
also
have
the
link
to
the
proposal
that
he
made
I'll
be
sharing
that
as
well.
A
That
I'll
just
reiterate
again:
does
anyone
have
any
questions
for
the
teachers.
A
Thank
you
very
much
yeah
and
if
anyone
does
have
any
questions,
feel
free
to
throw
them
into
chat.
There's
a
bunch
of
people
saying
thank
you,
and
also
you
can
find
him.
I
presume
on
our
slack
Channel.
A
G
Yes,
so
I
cannot
see
your
sharing
screen.
Okay,.
A
G
G
Yes,
I
I
mentioned
this
issue
in
the
last
week's.
G
Community
Conference
weekly
meeting
but
I
haven't,
got
any
feedback
on
this
and
also
I
I
I
want
to
thanks,
Daniel
and
brand
helped
me
to
merge.
The
bootstrap
Legend
see
PR,
and
now
we
have
matiak
bootstrap
Legend,
see.
D
G
G
I
have
make
some
investigation
on
in
it,
but
I
send
this
project
to
my
or
IP
group
to
review.
If
we
can
make
contribution
to
this
project,
they
have
some
concern
because
they
think
this
project
may
have
some
depend.
Cumu
dependency
and
may
relate
it
to
some
IP.
G
So
I'm
not
allowed
to
make
contribution
to
this
project
for
now,
so
I'm
not
sure
if
we
can
build
the
arfin
Alpha
Pi,
which
tests
surely
manually
to
make
conformance
test
box
on
arm
64.,
oh
or
we
have
to
wait
like
we
get
the
permission
to
make
contribution
to
the
Alpha
Pi
Builder
tooling
project
then
uses
the
processity
pipeline
to
build
the
arm64
version.
G
Alpha
Pi
virtual
machine
I'm,
not
sure
if
I
can
get
the
permit
and
how
long
I
can
get
the
permit.
D
C
G
Here
we
have
20
tests
in
conformance
tests
after
I
skip
or
Alpha
Pi
test.
We
only
run
eight.
We
only
have
eight
pasta
on
mc4
and
the
curve
test
are
skipped.
D
G
F
G
A
D
G
Okay,
I
can
give
it
a
try,
perfect,
okay,
and
there
are
also
we
have
initial
enablement
of
conformance
tests.
So
do
you
have
time
to
review
it.
C
C
A
So
then,
how
it
you
don't
need
us
to
look
at
ten
three
zero.
Three
now,
yes,.
C
A
But
and
Lulu
this
is
the
one
you're
gonna
look
at.
C
A
You
without
everything
that
you
needed
help.
A
A
This
was
a
bad
correcting
something
to
do
with
user
defined.
A
F
A
Oh,
would
you
like
to
quickly
cover
what
this
message
is
about.
F
Yeah,
so
basically,
there
have
been
recent
reports
of
when
people
are
trying
to
force
stop
their
stuck
VMS
it.
It's
not
actually
immediately
halting
the
VMS,
so
it
gets
stuck
in
the
terminating
state.
F
So
itamar
was
looking
into
this
and
essentially
the
way
that
the
grace
period
argument
Works
in
the
vert
CTL
stop
is
different
from
how
it
works
in
Cube,
CTL,
and
so
essentially,
the
idea
is
to
update
the
description
of
the
grace
period
flag
to
more
accurately
reflect
its
actual
behavior
and
then
currently
the
force
flag
and
the
grace
period
flag
are
redundant.
F
So
we
propose
modifying
the
force
argument
so
that
the
user
can
specify
Force
argument
if
they
want
to
fully
immediately
kill
the
VM
rather
than
started
a
graceful
shutdown
of
the
VM.
C
A
So
if
anyone
has
comments,
questions
or
dissent,
there
is
a
email
thread
and
an
issue
linked
there
for
you
to
voice
those
opinions.
A
The
other
one
was
again
kind
of
a
raising
awareness
of
Pei
checklist.
A
It's
a
series
of,
as
he
reinforces
non-enforcing
checklist.
A
This
is
the
things
that
are
good
to
think
about,
but
in
they're
not
mandatory,
and
you
do
happen
to
have
one
which
so
we
can
look
at
the
checklist
in
the
wild
from
Jed,
and
so
it's
here
under
the
special
notes
and
above
the
release,
note
yeah,
all
the
all
the
I
guess,
peripheral
things
which
can
often
get
left
by
the
wayside,
because
you
get
kind
of
get
Tunnel
Vision
on
the
piano
that
we're
reviewing.
A
This
is,
of
course,
good
for
the
author
to
think
about
the
reviewer
to
think
about
if
they
approval
to
think
about
and
I
think
as
well
conveniently
this
Pia
doesn't
have
any
attention
on
it.
Chad
on
the
call
Jed.
Did
you
want
us
to
look
at
this
now
or
are
you
still
waiting
for
David
to
come
back
to
you.
H
Yeah,
no
anyone
could
look
at
it.
I
don't
fully
understand
the
rate
limiting
system
on
the
cues,
but
there's
there
was
definitely
an
issue
there
where
we
multiplied
by
10
dot,
Second
Twice,
which
means
instead
of
seconds
you
get
years.
It's
pretty
bad
I,
don't
know
how
it
works
today
with
that
thing
being
years
instead
of
seconds
but
yeah
I
I.
This
is
an
obvious
issue,
so
I
fixed
it,
but
we
probably
need
to
look
at
this
code
more
closely,
because
what
I'm
trying
to
say.
A
All
right,
158
yeah,
is
everyone
on
the
call
that
that
might
be
able
to
help
with
this.
A
Yep,
so
that's
all
for
the
mailing
list
review
and
the
bug
scrub.
We've
only
got
one
bug
that
I
could
see.
A
And
our
producers,
who
take
care
of
the
bugs
and
the
piaz
make
sure
that
this
particle
is
I,
think
they're
very
short.
Yeah
we've
got
a
repeated
error
for
this
person,
installing
Cuba
1.0.
A
As
anyone
familiar
with
this
era
and
might
have
might
be
able
to
help
this
user.
A
Mean-
and
that
would
be
an
assumption
of
mine,
but
you
know
what
they
say
about
assumptions
yeah.
D
D
A
All
right
I
can
follow
that
up
or
outside
it's
me,
so
I
don't
taking
everyone's
time.
A
Have
anything
last
minute.
A
Alrighty,
thank
you
very
much
everyone
for
joining.
Thank
you
very,
very
much
for
nitish,
for
presenting
about
the
gsort
project
and
thanks
again
for
everyone
who
takes
care
of
the
the
bugs
and
the
pull
requests
and
the
reviews
have
a
lovely
day
have
a
lovely
weekend,
and
we
will
see
you
next
week
thanks.
Everybody.