►
From YouTube: Layer5 Community Meeting (April 23rd, 2021)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
There's
bishop
michelle
is
tasked
to
the
hilt
with
helm,
chart
automating
the
release
of
the
helm
chart
michelle
while
we're
getting
ready
any
any
initial
luck.
There
we're
going
to
have
to
actually
hear
your
voice
someday.
We
shall.
A
Okay,
we've
got
there's
a
healthy
collection
of
us
on
the
call
a
couple
of
people
missing
just
yet.
A
A
A
This
community
meeting
has
been
consistently
larger
than
istio's
community
meeting,
which
I
get
a
chuckle
out
of
a
little
bit
just
goes
to
show
how
much
all
of
you
are
doing
all
right
if
you're
on
the
call-
and
you
don't
have
your
name
in
the
attendee
list-
please
drop
it
in
if
you're
on
the
call
have
a
webcam
and
don't
have
it
turned
on.
A
Oh
nope,
except
I
just
want
to
call
out
tema's
name
nice,
to
see
you,
but
I
know
you've
introduced
on
this
call
before
so.
A
Okay,
announcements:
we've
had
a
number
of
people
join
this
week,
some
newcomers
just
to
help
everyone
get
familiar
with
with
some
of
these
folks.
I'll
call
out
a
few
that
I
recognize
or
if
I
do
boy
so
so
clausium
glass
cmr
is
on
my
hpe,
I
believe
she's
in
brazil.
A
I
don't
know
that
she's
on,
but
she
was
excited
to
join.
Her
focus
has
been
python
and
she's,
focusing
on
service
mesh
topics
at
hpe.
So
if
you
see
her
in
slack,
say,
hi
asuko
has
welcomed
a
few
folks
to
community,
I
believe
garfield,
maybe
more,
but
a
few
anyway
boy,
I'm
gonna
feel
bad.
If
I
don't
call
out
everyone
now,
we
did
have
a
our
first.
A
Security,
vulnerability
reported
and-
and
it
was
well
reported,
reported
confidentially
and
we'll
talk
about
some
of
its
specifics
later.
Other
announcements
are
kubecon.
Eu
is
coming
up.
It's
virtual
we'll
have
a
couple
of
sessions.
The
link
is
here,
I'm
bringing
this
up
because
of
a
couple
reasons.
One
is
that
well
there's
a
hundred
and
almost
50
of
you
that
have
helped
contribute
to
creating
layer,
5.
A
io,
and
it
continues
to
evolve
one
of
the
things
that
it
seems
that
we
need
to
improve
on,
and
so
I'm
looking
for
a
volunteer
is
well
when
you
go
to
layer,
five
io
community
events,
so
you're,
looking
at
the
events
that
we're
participating
in
places
that
you
all
go
speak
at
or
give
workshops
at,
or
what
have
you
meetups
that
you
run,
and
this
is
great-
it's
a
nice
consolidated
collection
of
some
of
those
activities.
A
I
think
this
doesn't
represent
all
of
them,
but
by
the
way,
if
you're
doing
something
like
this,
let's
get
it
listed.
The
the
the
help
that
I'm
hoping
someone
might
be
able
to
offer
is
a
little
bit
of
a
change
of
how
of
the
behavior
here.
A
So
if
you
click
on
one
of
these
events,
you'll
get
redirected
to
the
external
site
like
the
the
to
the
event
itself,
and
we
definitely
want
to
have
a
link
to
the
event,
that's
appropriate,
but
we
also
have
a
small
write-up
of
each
of
of
what
we're
doing
there.
A
A
Take
the
user
to
the
the
actual
page
on
layer,
5
io
that
describes
the
sessions
and
who's
talking
and
and
like
here's
another
example.
So
there's
an
istio
con
write-up
about
what
was
done.
There's
actually,
the
lab
is
out
there
and
what
abhishek
taught
people
and
those
are
great
resources,
but
they're
not
evident
on
the
events
page.
So.
A
All
right
moving
right
along
now.
The
second
reason
why
I
was
highlighting
kubecon
eu
is
because
one
of
the
sessions
it
covers
the
topics
that
that
are
discussed
within
the
cncf's
sig
network
special
interest
group
on
networking.
A
It
also
covers
the
things
that
we,
the
initiatives
that
we
advance
through
the
service
mesh
working
group
and
there's
a
number
of
you
that
are
on
this
call
that
have
joined
these
cncf
calls
and
given
an
update
on
on
the
initiatives
that
you're
engaged
in
and
what's
nice
is
that
you
know
the
the
initiatives.
The
our
initiatives
are
well
represented,
measuring
and
service
mesh
performance.
A
Other
initiatives
that
sorry
other
initiatives
that
we
have
are
also
well
represented
around
the
patterns
that
we're
creating
and
we'll
talk
about
those
here
in
a
bit.
I
think
jubril
will
probably
talk
to
us
about
patterns.
A
Talk
about
s
p.
I
want
you
know
our
spec
anyways.
It's
almost
a
lot
of
it
is
about
your
stuff
talks
about
get
nighthawk
so
great.
So
it's
a
great
it's
a
great
update.
A
B
Okay,
so
hello,
everyone
over
the
last
I
don't
know
a
few
weeks
I've
been
working
on
a
sub
command
for
mercury
ctl,
which
is
the
list
command
which
would
basically
list
all
the
pattern
files
available
to
mercury.
C
B
A
D
I
have
one
question
that,
like
is
the
all
flag
appropriate
for
this,
like.
D
Pro
like
it
is
more
of
a
verbose
output
right,
so
I
think
maybe
a
verbose
flag
would
be
better
better
for
this
output.
The
second
output.
B
Yeah
definitely
lee
and
I
were
discussing
theology
and
I
wasn't
really
sure,
since
he
is
usually
opinion,
that
we
should
try
and
keep
things
consistent.
So
I'm
a
bit
torn
between
making
this
dash
dash
or
maybe
just
verbose.
D
Yeah,
like
in
other
places,
we
use
the
old
flag
for
listing
like
listing
every
patterns,
but
measuring
ctel
pattern
list
already
lists
out
all
the
patterns
so
having
an
all
flag
would
not
make
sense.
So
I
I
I
would
suggest
going
with
the
webos
clock
sure.
A
C
A
Guys
both
brought
up
the
right
like
the
guiding
principle,
is
consistency
and,
and
that
sort
of
overrule
like
even
in
the
face
of
well,
almost
sometimes
directly
in
the
face
of
a
poor
implementation
or
like
a
bad
user
interface,
or
what
have
you
an
unintuitive
user
interface
still
like
when
you
go
to
implement
something
new,
you
still
want
to
implement
it
consistently
bad
and
there's
quality.
In
that
consistency,
I
never
encourage
anyone
to
implement
something
poorly,
but
the
point
is
to
what
nubendu
is
saying
is
like
and
to
what
jubrillo
had
also
mentioned.
A
But
it
doesn't
mean
that
it
should
be
poorly
implemented
so
yeah.
So
let
me
let
me
think
aloud
with
you
all
if
I
could
so
so
verb,
so
a
verb,
a
dash
v
as
a
flag
for
ver
to
indicate
verbose.
That
makes
a
lot
of
sense.
There's
a
global
flag.
I
think
for
that,
where
it's
and
not
all
commands
have
sort
of
a
verbose
mode
so
to
speak,
but
if
they
do
there's
a
global
flag
that
is
applicable
now
the
when
we,
when
the
user
does
measure
ctl
pattern
list.
A
Well,
that's
that
that's
like
all
patterns
that
are
available
to
that
user.
That
presents
that
token.
That
whatever
is
whatever
token
is
inside
of
auth.json,
okay,
great
and
it's
fairly
concise.
It
gives
them
the
unique
identifier,
but
not
all
64
characters
or
or
28
or
whatever
it
is
gives
them
the
name.
But
in
an
abbreviated
way,
these
patterns
are
consistently
stored
as
a
form
of
yaml
or
as
json,
and
so
you
can,
the
user
should
be
able
to
get
them
out
either
way,
either
in
json
or
ammo.
A
But
when
people
list
it
they
don't
that's,
we
don't
necessarily
need
to
tell
them
the
file
name,
because
it's
not
really
it's
not
about
it
being
a
particular
type
of
format
or
file.
It's
the
fact
that
there's
a
pattern-
and
this
is
the
unique
identifier
there's
an
id
and
there's
a
name
and
and
and
so
people
don't
need
to
see
that
secondary
detail
like
the
file
extension,
because
it's
because
it
can
be
stored
as
json
or
yaml
and,
as
a
matter
of
fact
crush.
A
What
is
it
yaml
is
a
form
of
json
or
json
is
a
form
of
yammer.
E
The
pr
that
created-
and
there
are
two
machines
that
are
there,
we'll
be
discussing
this
rfc-
basically
we'll
be
receiving
the
design
spec,
but
in
the
new
year.
What
would
happen
is
that
the
pattern
names
won't
actually
have
the
yam,
because
it,
the
pattern
name,
would
basically
come
from
the
yamaha
itself.
That
is
whatever
you
have
named
your
parent
in
the
yamaha
file.
So
obviously
they
won't
unlisten
until
someone
is
actually
specifying
the
camera
in
the
pattern.
B
Yeah,
so
I
guess
that
makes
sense
I'll
clean
this
up,
and
another
thing
I
forgot
to
mention
is
in
the
issue
for
this
command.
Lee
requested
that
patents
also
have
like
use
the
user
id
is
displayed
so
right
now,
since
I'm
using
a
local
provider,
I
don't
have
a
user
id.
So
if
the
provider
is
set
to
none,
I
don't
bother
displaying
an
empty
user
id.
So
that's
another
feature.
I.
A
Guess,
oh
man,
what
I
missed
a
lot,
you
said
hey.
If
you
aren't
yeah,
I
guess
implicitly,
if
you
don't
present
a
token,
then
the
command
will
still
be
invoked,
but
it
will
assume
that
you're
trying
to
communicate
with
that
that
you've
signed
into
mastery
with
a
local
provider.
B
A
A
It's
kind
of
not
exactly
what
you
were
presenting.
It
makes
sense
what
you
presented
like
hey.
If
these
patterns
don't
belong
to
a
user,
then
you
won't
see
a
user
id,
but
as
a
follow-on
to
that,
the
the
majority
of
measures
endpoints
will
require
protection
or
will
require
a
token
to
be
invoked,
and
this
is
this
is
probably
one
of
those.
D
A
The
ui
allows
you
to
do
it
with
no,
you
know
without
presenting
any
so
that
becomes
yeah.
How
do
we
enable
it?
Maybe
it's
you
know:
how
do
we
enable
people
while
at
the
same
time
not
letting
them
create
security
issues
for
themselves,
because
we
would
be.
A
C
A
A
I
think
we
have
gibril,
do
you
mind,
checking
I
think,
do
we
have
an
open
issue
on
this
and
if
we,
if
we
don't
let's
file
one
and
it
requires
some
thought.
A
A
Oh
yeah,
so
do,
if
you
don't
mind,
maybe
you
can
look
for
it
as
an
offline
task
and
did
you
end
up
implementing
output
as
json.
E
I
had
a
question,
so
the
idea
is
actually
that
is
by
default.
You
get
around,
I'm
not
around.
Actually,
you
get
10
maximums
in
patterns
at
once.
So
if
I
have
eleven
patterns
and
how
much
detail
is
this
is
going,
I
mean,
is
it
going
to
show
only
ten,
and
what
about
that?
One
from.
E
E
Basically,
I
was
saying
that
if
I
have
11
valence-
and
you
are
invoking
the
pattern
of-
if
you
are
invoking
the
get
request
getting
here-
get
request
on
the
endpoint,
so
it
will
it
will.
It
will
give
you
back
only
10
parent
files
unless
and
until
you
have
specified
the
page
size
to
be
more
than
him.
The
amount
that
you
can
actually
request
for
is
25.
E
B
A
A
Yeah
good
as
we
do
that
as
we
look
at
that
to
navindy's
point
about
consistency,
if
the
endpoints
that
we're
that
mescheri
server
is
presenting
are
generally
implicitly
paginated,
maybe
that
will
help
drive
part
of
that
answer.
A
Okay,
so
by
default
we
would
be
returning
a
certain
number
to
10
or
so
and
then
and
who
crushes
your
thinking
is
from
the
user
experience
using
mastery
ctl
that
you
would
get
back
the
default
to
the
by
default.
Just
the
first
page.
E
But
yeah,
so
if
you
so,
if
you
haven't
specified
in
the
api,
you
would
get
just
10
results
and
if
I
had
11
or
maybe
26
or
something
like
that,
I
won't
be
able
to
see
them,
so
the
user
should
in
the
ui
it's
automatically
dealt
with
because
we
have
imagination
in
there.
Others
you
can
click
next
next
next,
but
for
mystery
video
there
is,
I
don't
think,
there's
such
a
construct,
yeah.
A
A
Thank
you
for
this
all
right.
The
topic
we
want
to
hit
next
is
well
is
from
is
well
as
ruth
I'll.
Just
let
I'll
let
you
introduce
the
topic.
F
Okay,
am
I
audible.
A
F
Okay,
so
one
of
the
projects
from
shikode
africa
contribution
program.
If
you
are
not
aware
of
that,
it's
it's
a
program
to
you
know:
diversify
open
source
contributions
right
as
regards
women,
so
they
are
five
is
participating
in
she
could
africa
contribute
on
and
that's
exactly
what
lee
is
projecting
now
you
can
check
that
out.
So
one
of
the
projects
is
the
community
handbook,
so
sometime
we
go.
Does
an
idea
to
you
know,
bring
a
curated
resources
for
like
an
abc
of
the
community
of
the
f5
community.
F
So
for
the
past
three
weeks,
three
menses
have
been
working
on
this
and
it's
not
yet
done
right.
It's
still
like
almost
done
like
70
percent,
but
this
is
like
a
sneak
peek
and
you
know
they've
been
actually
that's
in
the
presence
of
abiola
and
nissan
and
good
news.
F
The
three
men
is
working
on
this
and
mentors
are
anita
and
myself
so
they've
been
actually
working
on
this
for
three
weeks
now,
and
you
know
it's,
it's
been
a
learning
experience
for
them
and
it's
going
to
be
up
for
you
just
so
you
know
it's
everyone
in
the
community
is
allowed
to.
You
know
make
suggestions
right,
even
though
it's
not
100
ready.
So
please
you
can
go
through
this
and
you
know
make
review
and
make
comments
on
things.
You
think
we
could
improve
on
right,
so
yeah.
F
A
Time,
wow
it
takes
a
while
to
describe
all
the
things
that
are
going
on.
That's
impressive.
This
is
this:
is
it's
fantastic,
so
ruth
just
to
so.
I
think
a
couple
of
things
that
you're
mentioning
so
anisat,
good
news
and
abiola
have
been
charging
forth
on
this.
A
Getting
have
been
producing
this
and
then
so
about
a
week
left
it's
a
sneak,
peek
a
sneak
peek
today,
but
is-
and
I
think
you
were
saying
this-
is
it
appropriate
to
for
us
to
put
a
link
to
this
sneak
peek
to
this
early
draft
in
the
community
meeting
and
begin
to
solicit
some
early
feedback,
or
is
that.
A
Yeah
I
was
long-winded
as
usual,
which
is
to
say:
is
it
appropriate
for
us
to
put
a
link
to
this
sneak
peek
to
this
early
draft.
F
Yeah,
you
should
maybe
put
it
as
suggestion,
so
we
don't
yeah.
So
people
can
make
comments.
Yeah
put
the
link
for
a
suggestion
yeah.
So
people
can
make
comments.
A
Thank
you
for
that,
ruth
and,
and
ruth
if
you
have
to
you,
might
have
a
conflict
coming
up.
So
if
you
have
to
drop
nice
to
see
you
today,.
A
Okay,
oh
I'm
sorry
what
was
next?
Oh
aditi,
we
adida
you've
got
some
things
to
share
today.
G
Hi,
so
I
basically
wanted
to
discuss
with
the
community
my
my
most
recent,
the
pr
I'm
working
on
currently
and
it's
obviously
helped
by
abhishek
and
naveendo,
and
it's
about
measuring
operator
life
cycle
management.
So
I'll
just
share
my
screen
in
a
bit
I'll,
just
walk
you
all
through
the.
G
G
Yes,
so
basically,
it
started
out
by
working
on
the
stop
sign
so
when,
when
we
run
measuring
ctl
stop
now
it
it
invokes
these
three
operator
files
operator,
broker
and
mesh
sync
and
deletes
those
the
corresponding
resources
and
now,
for
the
start,
part
for
the
start.
Side
of
the
life
cycle
initially
start
did
not
invoke
these
resources
and
it
did
not
download
these
either
so
now.
The
first
thing
I
did
was:
I
changed.
The
download
manifests
function
and
I
download
these
I
have
centralized.
G
I
have
centralized
the
urls
and
the
locations
similar
to
the
other
measuring
parameters
after
downloading,
so
the
download
is
referred
to
in
fetch
manifests.
I
believe
so
that
downloads
these
after
that
I
I
applied.
These
manifests
using
the
apply,
manifest
function
as
usual.
G
This
kept
the
abstraction
in
the
start,
function
the
same
and
did
this
all
in
the
background,
so
this
is
applicable
for
system
start
system,
restart
and
system
channel
switch,
so
one
one
long
term,
one
one
potential
long
term
addition
or
abhishek
had
mentioned
to
me-
was
that
we
could
maybe
version
these
operator
files
and
maybe
add
a
parameter
to
config.yaml.
G
And
if
I
would
like
it,
if
the
community
could
give
me
some
feedback
or
you
know
any
questions
or
anything
of
that
sort,.
D
So
one
open
question
that
we
had
mentioned
that
we
should
publish
these
yamas
to
scoop
or
brew,
and
and
so
like
to
answer
to
that.
Basically,
we
won't
be
able
to
do
that
because
we
are
already
basically,
we
need
to
make
version
every
manifest
of
the
operator
file,
which
will
directly
be
in
the
repository.
We
can
fetch
it
from
there.
G
D
C
A
Where's,
mr,
I
think
it's
is
it
ani
where's
the
niche
he's
he's
not
on
today,
but
cool
that
this?
Might
you
know
what?
Maybe
is
it
okay,
if
we,
if
we
put
a
pin
in
that
this
discussion
until
the
toward
the
end
of
the
call,
because
I
think
it'll
unravel
a
little
bit,
there's
prior
art
here
and
there's
some
specific
reasons?
Why
I'm
asking
for
a
slight
change,
not
not
necessarily
immediately
in
the
logic
that
actually
it's
not
there's
only
one
small
change.
A
I
think
in
the
logic
that
you
had
had,
but
there's
a
need
to
open
up
like
three
or
four
other
issues,
and
I
can
give
a
better
verbal
explanation
of
that.
A
G
A
Nice,
that
is
good,
really
important
piece
of
logic
change
by
the
way
so
for
everyone
that
is.
A
For
most
folks,
you've
heard
of
the
mystery
operator,
and
some
of
you
have
interacted
with
it,
and
but
it's
one
of
the
when
you
deploy
meshri,
it's
a
component
that
gets
deployed
into
the
connected
kubernetes
cluster
and
it's
kind
of
a
silent
deployment
like
it's
just
a
piece
of
infrastructure
that
helps
measurey,
communicate
with
kubernetes
and
and
what
a
dd
is
doing
is
making
sure
that
as
mescheri
server
is
established
and
spins
up.
A
They
might
be
pleasantly
surprised
that
mesherie
is
already
aware
of
it.
Like
has
well
pardoned
my
language,
but
has
cardinal
knowledge
of
kubernetes
right
as
they
enter
into
mesherie's
ui
for
the
first
time
and
what
a
what
a
refreshing
and
pleasant
user
experience
that
is
so
so
it'd
be
very
important
like
to
get
meshary
operator
out
there
as
quick
as
possible.
A
I
I
didn't
realize
we
had
fat
headed
contributors,
but
I
guess
I
guess
some
that's
what
happens
with
big
brains,
so
truth.
A
A
So
this
is
a
great
yeah
yeah
these
right
here,
yeah
exactly
so,
then
ruth
gave
her
update
all
right,
so
next
up
well,
next
up
was
just
for
the
most
part.
For
me,
I
wanted
to
call
out
the
fact
that
there
are
a
number
of
design
documents
out
there,
one
one
two
three
four
five
designs:
flight:
six,
because
p
you
cheated
and
put
out
two
geez
all
right,
no
wait!
How
many
does
that
make
yeah
six?
Okay,
there's
a
little
anyway.
A
Needless
to
say,
there's
a
lot
of
specs
and
just
like
adida
was
asking
for
some
feedback.
The
the
same
thing
needs
to
happen
on
the
specs.
People
need
to
exercise
their
noodle
exercise,
your
your
brain
over
the
specs.
A
A
It
will,
if
you're
around
here
long
enough.
Inevitably
that
won't
be
true
that
you,
you
will
have
something
to
offer
on
all
of
them,
because
you'll
have
context
for
it.
You'll
you'll
you'll
have
you'll
begin
to
form
an
opinion
as
well,
but
on
each
of
them
a
lot
of
them,
especially
the
mesri
ctl
ones,
part
of
what
they
are
is
a
user
experience,
and
if
your
fingers
touch
the
keyboard
or
touch
the
mouse,
then
you're
a
user,
and
you
experience
things
and
you
can
offer
up
a
perspective
on
what
feels
good
to
you.
A
Okay,
cool,
I
don't
know
that
we
have
oh
yeah
with,
especially
with
the
time
that
we
have,
that
we
had
that.
The
intention
was
to
necessarily
present
these
and
and
go
through
them
in
detail
and,
as
a
matter
of
fact
like
we
should.
But
we
should
really
only
go
through
these
in
detail
after
everyone
has
had
a
chance
to
place
comments
and
like
do
an
asynchronous
review,
and
so
this
to
me
looks
like
a
great
agenda
for
measuries
meeting
on
wednesday
is
to
try
to
chew
through
as
many
of
these
as
we
can.
A
A
A
You
know,
have
knowledge
of
that
exploit
and
just
did
a
great
job
of
writing
it
up
and
documenting
it,
and
so
that's
been
passed
along
to
all
of
the
maintainers.
A
A
Part
of
growing
up
is
well,
I
don't
mean
to
offend
anyone,
but
this
just
from
my
perspective,
some
of
the
boring
stuff
on
things
like
security,
I
mean
extraordinarily
important
things
security
itself
and
so
that
we
had
published
a
procedure
by
which
people
should
report
vulnerabilities
should
they
find
them-
and
I
thought
this
page
would
never
be
wouldn't
be
used
for
a
long
time,
but
it
was,
and
so
the
vulnerability
was
reported
here,
and
so
so
what
a
great
thing.
So,
just
as
a
refresher
to
me,
what
did
we
say?
A
A
The
list
is
used
to
provide
actual
information
to
close
measuring
partners
or
to
to
use
maybe
update
this
language
a
little
bit.
But,
oh
I'm,
sorry,
it's
the
list
itself
is
to
disseminate
that
to
maintainers
and
to
others
that
can
help
fix
the
or
even
to
those
that
are
running
mystery.
If
they
need
to
know
about
the
vulnerability
early
before
it's
publicly
disclosed.
A
A
Yep,
so
at
some
point
we'll
disclose
the
details
of
the
issue
and
as
and
when
that's
done,
there
should
be
a
fix.
That's
already
been
previously
released.
What
we
would
be
encouraging
users
to
do
is
upgrade
at
the
time,
so
this
is
a
great
way
of
exercising
the
process,
the
procedure
and
the
process,
and
it's
a
very
low
risk
vulnerability
or
it's
no
one
is
exploiting
this
today.
The
wang
I
wish
he's
not
on,
but
is
just
is
a
security
researcher.
A
A
But
what
I
mean
to
say
by
that
is
that
there,
probably
there
aren't
a
lot
of
other
people
trying
to
do
the
same
thing,
I'm
trying
to
actually
hack
into
actively
running
measuries,
which
so
it's
good
that
he's
discovering
those.
Now
before
that's
the
case,
that's
great.
A
Another
quick
topic
was
that
of
that
of
a
blog
post,
that's
being
drafted.
Now
I
mean
it's
this
one
here.
This
is
a
quick
screenshot
of
what
the
blog
post
is.
So
you
know
if
you've,
if
you've
been
out
to
meshrey.iho,
there's
like
a
single
blog
post
entry
out
there
and
it
talks
about
how
mesherie
is
compatible
with
and
interfaces
with,
smi
this
project,
smi
and-
and
that
was
a
while
ago,
when
that
when
smi
was
announced,
smi
helps
us
smp.
A
It's
my
spec.
The
this
project
has,
it
has,
I
think,
two,
two
or
so
blog
posts,
so
we're
gonna
put
up
its
third
blog
post
about
how
mesherie
is
used
to
provide
conformance
to
to
do
run
tests
and
make
sure
that
any
system
that
claims
compatibility
with
smi
actually
has
compatibility
and
utkarsh
had
recently
well
published
the
results
of
those
tests
on
mesheridae,
I'm
realizing.
Now
that
we
don't
really,
I
don't
think
we
really
have
a
a
link
to
these
results
and
I
could
be
mistaken.
A
So
is
your
service
mesh
smi
compliant
cd
testing,
smi
conformance?
So
this
takes
us
to
meshes
docs,
that's
appropriate,
but
I
don't
think
that
we
have
a
link
to
the
test
results
anywhere.
So
actually,
that's
another
item,
another
issue
that
we
need
to
open
like
somewhere
on
the
in
the
site.
We
need
to
have
a
link
to
mastery.io
smi,
because
these
are
the
results
that
people
will
frequently
reference,
and
that
might
mean
that
we
would
want
to.
A
A
Next
topic
is
from
abhishek
on
get
nighthawk.
D
All
right,
so
there
is
a
quick
update
on
the
progress
with
the
get
nada
project.
D
All
right,
so,
basically,
we
we
have
been
successful
in
publishing
the
get
rid
of
artifacts
on
this
particular
repo
that
is
called
get
nighthawk,
where
you
can
find
all
the
artifacts
that
have
been
built
in
their
respective
releases.
D
D
So
in
order
to
do
that,
I
had
started
by
compiling
the
compiling
the
nighthawks
protobuffers
to
protocol
buffers,
basically
which,
which
are
of
three
components
here
and
for
in
order
to
do
this,
I
had
a
little
bit
tweaks
on
both
the
nighthawk
repository
as
well
as
on
the
unwired
repository
to
in
order
to
generate
these
protocol
buffers.
D
D
After
doing
that,
I
created
a
small
client
package
which
basically
wraps
up
the
grpc
client
of
of
this
protocol
buffer.
Basically,
the
idea
is
that
mesh
three
server
would
connect
with
nine
dock
client
on
the
network,
server
binary
with
using
grpc
as
a
protocol
and
and
yeah.
So
basically,
the
current
changes
are
based
on
that
and
the
progress
is
that
all
the
changes,
apart
from
the
mystery
and
opacity
is
being
done,
and
it's
hopeful
to
be
done
in
a
couple
of
days.
A
Have
you
hooked
it
up
such
that
you've
been
able
to
run
a
test,
receive
statistics
and
have
those
shown
in
the
ui
or
capture.
D
A
Good
just
to
react
just
to
re-clarify,
have
you
done
it?
Have
you
have
you
seen
them
in
the
ui.
D
A
Questions
comments
some
other.
A
Technical
leader
there
is
presenting
get
night
a
part
of
get
nighthawk
at
servicemeshcon.
So
right
you
know
I
had
kubecon
as
well,
and
so
we
will
want
to
make
sure
that
he
has
the
latest
copy
of
the
logo
for
that
project,
which
had
recently
changed
and
anita
was
helping
make
sure
that
that's
disseminated
everywhere.
H
I
mean
it's
nice
that
you're
doing
disclosure,
but
what
is
the
purpose
of
usually
we,
a
disclosure
is
made
because
of
you
know
the
dispersion
of
a
personal
information
right,
and
so
I
was
wondering
what
is
the
personal
information
on
on
measuring
and
how
it
might
impact
the
people
who
use
the
misery.
E
I
don't
answer
first
about
the
sql
injection,
so
I
have
read
the
report
and
basically
I
found
where
the
issue
exactly
where
issues
are,
and
so
there
are
two
places.
I
will
be
pointing
out
right
now
where
they
are,
but
there
are
a
few
places
where
we
substitute
user
input.
Definitely
those
substitution
can
be
avoided.
So
that's
what
I'd
be
doing
or
if
someone
else
is
going
to
create
trivia,
but
right
now
we
substitute
them
directly.
We
can.
E
We
won't
do
extensive
standardization
because
that's
not
actually
needed.
If
I
would
give
more
details,
then
it
would
be
pretty
apparent
that
those
are
but
yeah.
Definitely
where
the
subscription
happens
there,
not
much
of
sanitization
is
needed.
All
we
have
to
do
is
to
just
make
sure
that
right,
the
inputs
that
we
are
expecting
only
they
are
coming
in,
so
that
that
would
be
the
fix
and
regarding
what
information
can
be
exposed
so
because
it's
sql
injection,
so
a
user
can
given
any
sql
query.
E
So
they
can
kind
of
go
down
the
database
and
can
perform
query
on
behalf
of
whatever
users,
so
if
they
have,
if
they
are
not
even
normal
users
and
if
they're
trying
to
run
sql
query,
which
they
may
not
have
a
permission
to
otherwise,
because
that
permissions
would
be
managed
by
machine
server
or
some
some
other
authentication
authorization
mechanism.
So
basically
they
would
be
able
to
bypass
that
easily.
So
they
can
just
go
rope
on
the
database,
be
it
a
machine,
server
or
remote
providers
without
actual
risk.
H
Thank
you.
I
just
wanted
to
say
something
so
the
the
thing
is
there
are
more
than
sql
injections
right,
so
you
you
have
the
other
other
vulnerabilities,
like
you
know,
if
you,
if
you
input
something
larger
than
what
what
the
input
input
field
is,
it
will
overwrite
existing
fields
and
that
could
turn
out
to
be
other
things
right.
H
So
I
I
was
thinking
you
know
if
you
identify
all
the
inputs
in
measuring
where
something
is
coming
into
the
input
and
then
if,
whenever
there
is
an
input,
if
you
have
one
function
that
vets
any
kind
of
input
into
any
it
may
be
overkill
in
terms
of
performance,
I
don't
know.
Maybe
this
needs
to
be
our.
H
I'm
I'm
sure
we'll
start
about
it
got
more.
E
A
So
the
video
that
I'm
playing
is
a
short
recording
of
the
vulnerability
and
in
some
respects
like
this,
is
a
disclosure
of
the
vulnerability
before
a
fixes
out
and
at
this
point,
like
it,
measury
isn't
well
or
users
haven't,
reported,
meshi
being
used
to
run,
reliably
run
their
entire
business
yet,
and
so
like.
The
risk
of
exposure
here
is
very
low.
Actually,
the
the
disclosure
isn't
it
wouldn't
or
it
won't
be
or
isn't
about
anyone's
personal
information
that
there's
no
there's
there's
none
of
that
that
has
happened.
A
The
disclosure
is
just
a
security,
a
security,
an
up-and-coming
security
student,
a
hacker
is
like
smashery
and
is
trying
to
find
issues
and
report
vulnerabilities
and
build
up
their
portfolio
of
how
they're
a
good
hacker
and-
and
so
sql
injection
is
like
one,
a
very
common
exploit
thing
to
exploit,
and
so
they
were
just
you
know,
running
tests,
and
then
they
found
an
exploitable,
an
area
to
inject,
to
do
sql,
injection
and
reported
the
issue,
and
so
so
so
what
I
was
saying
before
about
like
the
process
by
which
we
would
publicly
just
disclose
the
vulnerabilities
and
things
would
be
like.
A
The
reason
that
it's
confidentially,
like
is,
is
because
the
the
the
normal
process
would
be.
Oh,
hey,
there's
a
bug
here.
Someone
could
exploit
like
here's
an
example.
I
don't
know
if
it
was
like
a
year
ago,
and
this
actually
relates
to
what
we
were
going
to
talk
about
with
respect
to
jubril
was
talking
about
the
nun
provider
and
the
use
of
a
token
there
to
retrieve
you
know,
information
about
patterns.
It's
like
hey.
How
do
we
have
to
have
a
conversation
to
figure
out
where's
the
line
between
making
mesherie
highly
usable?
A
It's
always
the
line
for
security
like
usability
and
security
generally
on
two
opposite
ends
of
the
spectrum
and
there's
some
line
in
the
middle.
Where
it's
you
know
it's
secure
enough,
and
then
you
you
try
to
make
it
as
usable
as
possible
and
the
so
the
example
here
like
an
example
here
is
kubernetes
has
a
ui.
It
has
a
simple
dashboard
and
by
default,
when
you
deploy
kubernetes
well,
this
was
the
case
a
year
ago,
by
default,
when
you
deploy
kubernetes
it
it
operated.
Various
it
it's
more
or
less
would
operate.
A
Kind
of,
like
mescheri
does,
with
the
none
provider,
which
is
just
if
you
install
measuring,
pointed
at
your
cluster
and
you
expose
meshrey's
ui
to
the
outside
world,
and
you
you
make
you
make
that
ui
available
externally
on
a
public
url.
A
Well,
then
people
can
go
to
it
and
they
can
say
well
I'd
like
to
sign
in
as
none
and
then
they
can
start
to
mess
with
your
infrastructure.
Deploy
service
meshes
and
things,
and
so
it's
like
hey,
don't
do
that,
don't
don't
expose!
You
know,
turn
off
the
none
provider
if
you're
going
to
expose
it
and
then
that
way
you
force
people
to
sign
in
and
those
people
that
you
sign
in
you
trust
and
accept
you
know.
But
people
don't
do
that,
like
you
know
necessarily
all
the
time.
A
So
you
want
to
ship
something
that's
secure
by
default
and
the
example
is
that
the
kubernetes
dashboard
is
not
operated
in
a
very
similar
way
and
people
were
exposing
it
a
lot
of
them.
You
know
spinning
up
clusters
and
leaving
them
open,
and
so
there
was
a
lot
of
bitcoin
mining
going
on
unbeknownst
to
you
know:
kubernetes
operators,
because
they're
just
left
there
on
you
know
their
unprotected
dashboard,
publicly
open
and
so.
A
Yeah,
so
it
wasn't
so
this
yeah
this,
this
security
vulnerability
isn't
about
people's
personal
info.
No
one's
personal
info
has
been
is
at
risk.
A
Cool
and
then
yeah
vj,
like
as
we
one
of
the
things
that
we're
I'm
hopeful,
that
meshri
will
benefit
from
as
it
potentially
enters
into.
The
cncf
is,
is
the
same
thing
that
a
lot
of
software
projects
need
and
they're
like
docs.
Well,
we
won't
benefit
from
docs
there.
I
don't
think,
but
just
some
of
the
common
common
infrastructure
that
every
project
needs
like
a
security
assessment.
A
A
Is
it
ready
for,
like
linkery's,
run
by
nordstrom
and
heb
and
like
there's
a
long
list
of
adopters
and
users
over
time,
you
know,
like
the
cncf,
had
sponsored
a
fuzzing
project
by
an
external
consulting
firm
to
help
do
a
security
assessment,
another
one,
and
so
you
can
see
the
security
audit,
that's
publicly
published
where
they
go
through,
and
they
do
the
same
thing
that
this
this
user,
that
we
were
just
showing,
what
they're
doing
they
go
through
and
run.
A
A
A
Good
so
last,
oh,
oh,
we're
two
minutes
over!
So
very
briefly,
one
more
minute
yusuf,
mr
youssef
jk,
welcome
to
the
community
thanks
for
jumping
on
today.
D
Yeah,
hello,
everyone:
how
are
you
all
doing?
My
name
is
yusuf
and
I'm
from
india.
I
see
a
lot
of
indian
folks
out
here
so.