►
From YouTube: OpenShift Release Update and Road Map - Karena Angell (Red Hat) OpenShift Commons Gathering 2021
Description
OpenShift Commons Gathering 2021
OpenShift Release Update and Road Map & demos
Guest Speakers: Karena Angell (Red Hat) and Christian Hernandez (Red Hat)
https://commons.openshift.org/index.html#join
A
All
right
so
today
we're
going
to
dig
into
some
of
what's
going
on
in
4-9
last
week.
If
you
watched
it,
the
openshift
product
management
team
went
through
a
whole
session
on
what's
new
in
4-9
and
it's
over
two
hours
long.
So
you
know
this
weekend
getting
your
pjs
and
you
know,
grab
some
popcorn
and
watch
that
so
today,
we're
not
going
to.
A
We
don't
have
time
to
get
into
all
of
that,
so
we're
going
to
cover
a
few
key
areas
and
rob
zumski
helped
with
this,
and
if
you've
watched
the
other
openshift
comments,
we
already
did
a
recording,
but
rob
is
online
if
you're
watching
this
on
the
live
stream
or
you're
in
hoppin.
Right
now
he's
there
answering
questions
and
I'm
also
on
the
openshift
product
management
team,
I'm
karina
angel.
A
A
A
You
need
tools
to
manage
your
whole
cluster.
Your
you
need
tools
for
the
multi-cluster
management.
You
need
a
container
registry
to
store
all
your
artifacts
and
your
applications
and
your
security
and
getting
your
configuration
and
compliance
checks
across
your
fleet
and
then
there's
this
routing
leg
layer.
So
your
global
ingress,
your
egress,
your
load,
balancing
your
service
mesh
and
then
bringing
that
into
the
cluster
itself
and
getting
encrypted
tunnels
between
all
of
your
clusters.
A
So
they
can
talk
together,
and
this
goes
all
the
way
down
to
the
node
layer
where
you're
actually
interfacing,
with
the
hot,
with
the
hardware,
so
you're
doing.
Hardware
offload
your
super
fast,
telco
type,
workloads,
your
gpus,
your
other
machine
learning
tools
and
it's
all
backed
by
multi-cluster
storage.
Your
backups,
your
disaster
recovery
and
all
your
storage
needs
are
met
across
the
entire
fleet.
A
A
So
this
is
simplified
fleet
management
and
it's
key
for
managing
all
of
your
clusters.
There's
a
bunch
of
cool
things
under
the
hood
for
cluster
provisioning.
It's
through
a
project
called
openshift
hive.
Now
that's
another
open
source
project.
A
A
So
replicated
between
a
sec
all
right
under
the
hood,
it
uses
projects
like
argo
cd,
which
we'll
talk
more
about
later
open
policy
agent,
which
we'll
also
talk
about
more
later,
as
and
thanos
for
metrics
and
observability
now.
Another
great
thing
that's
happening
upstream
is
all
the
work
with
the
cluster
api.
A
This
is
a
project
out
of
a
working
group
in
the
kubernetes
community.
That
says
it's
designed
to
fill
the
gaps
and
tools
like
for
like
cube,
adm,
so
cubadium,
it's
a
cli
for
bootstrapping
coupe
clusters,
and
it
turned
out
to
be
not
as
declarative
as
you
need
for
doing
infrastructure
as
code
workflows.
A
So
this
is
this
was
going
to
this
wraps
around
cubadium
and
provides
a
better
tool
for
that.
A
A
lot
of
that
upstream
work
is
being
baked
right
into
openshift.
First
there's
a
cluster
creation
in
acm,
so
advanced
cluster
management.
Today
you
can
boot
new
clusters,
that'll
automatically
inherit
all
the
role-based
access
control,
governance,
security
policies
that
you
have
across
your
entire
fleet.
It
sees
a
new
cluster
shows
up.
It
automatically
applies
all
of
that
policy.
A
You
can
also
manage
the
full
life
cycle
of
all
your
openshift
clusters,
so
that
software
upgrades
scaling
out
the
cluster
managing
other
things
like
that.
Another
really
cool
feature
is
cluster
pools.
So,
just
like
we
have
a
pools
of
machines
worker
machines.
You
can
have
pools
of
clusters
that
you
can
claim.
A
A
A
So
it's
important
to
know.
What's
going
on
how
many
resources
are
you
using?
Have
I
claimed
too
many
resources?
Am
I
using
too
many
that
are
reserved
and
not
actually
in
use?
So
we
have
built-in
dashboards
for
that
see
the
networking
arena.
So
this
is
really
key.
A
A
A
So
that's
really
cool
and
the
cncf
submariner
project
is
the
backing
technology
here.
So
go
check
that
out
too.
If
you
want
to
dive
further
in
all
right,
quick
road
map
for
multi-cluster,
some
key
items,
so
the
new
cluster
switcher,
you
can
move
in
the
ui,
you
can
move
between,
seeing
all
your
clusters
and
then
dive
further
into
a
single
cluster.
If
you
need
to
debug
or
change
the
configuration.
A
A
A
The
future
replacement
for
pop
security
policy
is
much
much
simpler.
So
if
you're
used
to
more
complex
policies,
you'll
want
to
look
into
open
policy
agent
or
opa
or
kyverno.
So
oppa
right
now
is
supported
in
acm
through
a
plugin,
see
something
else.
That's
going
on
upstream,
where
it
intersects
kubernetes
and
linux
is
the
username
spaces,
so
username
spaces,
that's
something
that
works
with
sc
linux.
It
protects
the
container
context
on
the
operating
system
on
the
operating
system
node.
A
A
A
All
right,
so
we
talked
about
advanced
cluster
management.
Now,
let's
talk
about
advanced
cluster
security,
I'm
sure
you've
seen
all
the
announcements
on
acs
so
advanced
cluster
management
and
advanced
cluster
security
together
with
openshift.
This
is
a
offering
called
openshift
platform
plus,
if
you've
already
heard
a
lot
about
that.
A
A
The
left
right
depends
on
what
screen
I'm
looking
at
starting
with
advanced
cluster
security.
So
you
have
your
security
and
your
operations.
Folks,
your
sac
ops,
if
you
will
those
folks
have
a
very
focused
role,
they're
looking
at
threats
that
are
happening
right
now
in
the
cluster,
so
real-time
security
incidents,
as
well
as
automated
things
like
scanning
for
compliance
and
vulnerabilities
auditing,
your
network
policies-
they
can
do
all
of
that
through
advanced
cluster
security
and
then
affect
the
number
of
openshift
clusters
across
the
entire
fleet.
A
A
And
then
your
security
folks,
they
may
want
to
affect
some
of
those
same
cluster
configs,
and
they
can
do
that
through
advanced
cluster
management
as
well
as
deploy
out
our
quay
registry.
So
developers
can
scan
those
things
at
build
time.
So
one
of
the
cool
things
is,
you
can
scan
your
containers
at
build
in
acm
and
then
scan
it
again
at
runtime
as
you're
going
through
acs.
A
A
A
A
So
this
right
now
is
available
in
tech
preview
for
four
nine,
so
that
we're
working
towards
gaining
that
and
if
you
have
feedback
on
your
sandbox
containers
again
reach
out
and
this
lets,
you
run
your
third
party
or
your
untrusted
code.
A
We
hope
to
get
that
fip
certified
by
the
second
half
of
next
year
and
fips
sure
we
all
know,
but
it's
a
us
government
standard
security
standard
all
right
and
last
user
name
spaces.
A
We
talked
about
this
already,
but
once
this
lands
upstream,
we
want
to
bring
it
out
of
the
box
into
openshift,
so
for
all
the
applications
that
are
running
in
openshift-
and
this
is
especially
helpful
for
openshift
builds
and
if
you
want
to
use
the
quay
registry
by
design,
they
are
third
party
untrusted
code
and
are
just
by
nature,
and
we
want
to
protect
those
as
much
as
possible,
so
further
focus
on
security,
all
right.
That
is
what
we
have
for
security.
A
All
right,
we
talked
about
platform
level
and
management
level.
Automation
earlier,
what's
also
being
driven
across
openshift
is
workload
and
development,
automation
and
standard
standardization
of
how
your
applications
are
delivered
automatically
through
your
workflows.
A
Now,
there's
a
lot
of
innovation
that
is
happening
upstream,
it's
not
on
the
side,
but
what
I
really
want
to
mention
is
the
get
ops
working
group
where
christian
is
right.
Now
I
haven't
seen
a
few
there.
He
is
thanks,
so
christian
was
just
there,
but
the
get
ops
working
group
is
it's
a
very
active
community
and
just
kind
of
exemplifies
what
upstream
is
and
just
multiple
companies
coming
together
to
focus
on
get-ups
and
anyway.
I
want
to
mention
and
that's
through
the
application
delivery
technical
advisory
group.
A
So
if
you
want
to
get
involved,
go
join
that
so
argo
cd
is
one
of
the
most
popular
projects
in
this
area
and
that's
the
upstream
for
openshift
get
offs
and
argo
right
now
I
mean
there's
continual
support
for
helm,
customize,
other
tools
that
are
really
popular
and
consolidating
those
features
into
the
user
interface
previously
and
still
now,
there's
all
the
different
interfaces
that
you
have
to
switch
between
and
now
they're
being
consolidated,
see
another
thing
so,
for
example,
since
customize
42
has
been
pulled
in
now,
you
can
specify
that
helm
should
include
crds
when
inflating
a
chart.
A
Argo
cd
has
also
moved
to
project
scoped
repositories
and
clusters,
and
what
this
means
is
that
it
makes
it
easier
for
developers
to
continue
working
without
having
to
reach
out
to
your
cluster
admin
or
needing
your
global
configs,
and
another
key
enhancement
I
didn't
put
it
on
here-
is
the
application
application
sets.
That's
part
of
argo
cd.
A
I
know
christian
is
very
excited
about
application
sets
so
and
with
application
sets,
you
can
create,
modify
and
manage
multiple
applications
through
your
templated
automation.
So
previously
you
can
only
do
that
through
a
single
repo
or
name
space.
All
right,
techton
techton
is
the
upstream
for
openshift
pipelines.
A
And
with
this
continued
focus
on
dev
cyclops,
so
security
running
theme,
so
there's
support
for
your
rootless
images
and
your
experimental
hermetic
execution
mode.
So
that
removes
the
networking
so
that
you
can
go
ahead
and
test
it
without
worrying
about
it.
Just
isolates
it
more
and
makes
it
more
secure
all
right.
A
One
last
note
on
techton
they're,
also
doing
a
lot
of
work
on
advanced
error
handling
and
making
it
easier
to
debug
your
pipelines.
If
something
happens
so
again
that
maturity
for
the
project,
keda
keda,
is
really
interesting.
So
this
is
kubernetes
event
driven,
auto
scaling.
So
that's
what
cada
stands
for
this
is
event
aware,
autoscaling.
So
currently,
with
auto
scaling
with
your
hpa,
it's
focused
on
cpu
memory.
A
However,
cada
has
this
concept
of
scalars,
and
what
this
means
is
that
now
you
have
different
triggers
such
as
that
you
can
set
up
such
as
a
sql
query,
so
that's
cool
or
a
stream
or
how
many
messages
you
have
in
your
queue.
So
you
have
these
different
triggers
that
you
can
set
up
to
scale
your
application,
also
exposing
your
cloud
events
so
cloud
events.
A
A
So
there's
a
lot
of
work
being
done
there.
Cada
is
being
productized
into
openshift
and
that's
going
to
not
land
for
a
little
bit,
but
we're
doing
a
lot
of
work
upstream
on
that
as
well.
All
right,
hey
native.
A
And
the
k
native,
the
openshift
serverless
team
really
drives
a
lot
of
work
upstream.
So
there's
so
much
going
on
so
k
native
functions,
the
openshift
serverless
team
donated
the
all
the
work
being
done
on
functions
to
k-native
and
to
the
k-native
sandbox
they're,
also
driving
a
creation
of
a
functions
working
group.
So
if
you're
interested
in
serverless
functions
go
get
involved
upstream
and
also
they're
putting
a
lot
of
effort
into
there's
a
function,
repository
directory
that
has
all
kinds
of
runtimes
and
templates.
A
And
then,
let's
see
apache
kafka,
the
eventing
team
has
done
a
lot
of
integration
work
with
apache
kafka
upstream,
so
there's
so
much
going
on
integrating
those
as
well
and
for
serving.
A
All
right
so
what's
happening
right
now
again,
I
want
to
talk
about
so
workload,
automation
as
well
as
cluster
automation,
workload,
automation,
all
that
work
being
done
upstream
for
your
git
ops
and
your
pipelines.
That's
all
coming
downstream,
also,
integration
work
with
advanced
cluster
management
and
a
lot
of
off
cluster
automation,
so
more
integration
with
ansible.
A
Also
talked
about
the
scaling,
dynamic
scaling
of
using
cada
is
the
backing
technology
and,
under
the
covers
it
uses.
The
horizontal
pod,
auto
scaler
so
puts
a
wrap
around
that
and
by
default,
the
pod
otter,
scaler
uses
cpu
and
memory
utilization
to
auto
scale
and
cada
just
expands
on
that.
A
A
Right
now
definitely
want
to
highlight
you
can
manage
up
to
a
thousand
clusters
in
a
single
hub
and
that's
just
amazing.
That's
a
lot!
That's
a
lot
of
clusters
so
started
this
by
saying
that
you
know
we
see
that
a
lot
of
customers
are
are
using.
You
know
10
20
100,
it's
even
up
to
a
thousand
so
and
even
more
they're
testing.
A
A
All
right,
the
some
highlights
on
the
automation
roadmap,
all
right
again,
continuing
to
build
on
all
the
work
being
done
upstream
for
techton
and
get
ups
or
argosy
and
tecton
all
right
and
integrating
further
with
techton
hub.
So
it's
easier
to
pull
the
workloads
and
or
the
workflows
in
from
tekton
hub
and
a
lot
more
pipelines
as
code
use
cases.
A
A
Serverless
again,
the
cada
integration
talked
about
cada
before
and
that
will
be
probably
more
in
the
looking
at
411
and
beyond
time
frame
to
bring
that
into
openshift
serverless.
But
it's
on
the
horizon
and
that'll
be
k
native
and
k
to
complement
each
other,
so
that'll
be
great,
bringing
that
into
openshift
serverless
advanced
cluster
management.
A
B
B
B
B
All
right
just
look
good.
Should
I
make
a
little
bigger,
maybe
just
a
scouch
okay,
there
we
go
so
actually
by
the
way,
it's
great
to
see
everyone
here.
It's
it's
a
little
awkward
right
to
to
be
back
at
conferences
after
you
know,
so
so
long
not
being
at
conferences
and
seeing
everyone
in
3ds
is
is,
is
actually
really
cool.
It's
a
little
weird
where
I
guess
we'll
get
over
the
awkwardness
as
the
week
goes
and
it'll
you
know,
it'll
be
really
cool.
B
Actually,
a
quick
shout
out
to
gurish
grish
is
someone.
I've
worked
at
for
a
long
time.
B
There's
a
demo
sort
of
halfway
inspired
by
some
of
the
talks
he's
had
with
his
customers,
where
we
talk
about
how
openshift
acs
acm
it's
all
better
together
right
and
so
I'm
kind
of
kind
of
go
through
a
work
workflow
to
talk
a
little
bit
about
how
you
can
integrate
acs
and
all
its
functionalities
into
openshift
and
into
acm
and
into
pipelines
to
kind
of
just
see
how
you
can
have
that
security
integrated
all
in
so
here
I
have
acm
right
so
advanced
cluster
manager,
I'm
supposed
to
say
red
hat,
advanced
cluster
manager,
sorry-
and
so
here
I
have
a
list
of
my
clusters
again.
B
It
has
like,
if
you
worked
with
acm
before
you,
should
see
that
there
is
my
my
local
class.
I
keep
forgetting.
I
have
the
monitor,
but
I'm
so
used
to
looking
this
way.
As
you
can
see,
I
have
the
local.
This
is
the
whole
local
hub
cluster
there's
a
little
test
cluster
here.
This
is
actually
which
one
I
really
think
is
really
cool
about.
Acm
is
that
this
actually
test
cluster
is
be
in
my
home
lab
behind
the
firewall
and
acm
is
still
managing
it.
B
So,
for
those
who
have
like
things
like
disconnected
clusters
or
their
gap
clusters,
acm
can
still
work
in
a
model
where
you
can
still
have
that
secured
right.
So
this
is
literally
this.
It's
a
server
sitting
under
under
my
desk,
but
I'm
also
managing
this
cluster
called
cluster
two-
and
I
can
from
here
it
gives
me
certain
information
about
the
the
cluster.
B
You
know
what
version
that
there's
an
upgrade
available
that
that
there's
nine
nodes
in
this
cluster
is
actually
pretty
big,
because
you'll
see
why,
in
a
second
looks
like
there's
an
issue
being
identified
here
that
wasn't
there
yesterday,
so
I
won't
click
on
that
and
then
you
can
actually
go
to
the
cluster
here
itself,
and
this
is
open
one
of
the
managed
clusters
here
there
we
go
and
part
of
this
installation
is
that
I'm
actually
running
acs
right.
B
So
just
like
anything
with
openshift,
just
like
the
the
the
entry
point
for
anything
in
openshift
right
is
the
operator
hub.
You
go
to
the
operator
hub,
it's
there
right,
and
so
this
is
advanced
cluster
manager.
I've
already
pre-installed.
It
pre-set
it
up
here
and
I
kind
of
want
to
go
through
just
a
little
bit
about
acs
in
general
right
so
so
see
here.
This
is
a
dashboard.
At
first
glance,
you
can
see
that
I
have
some
system
violations
right.
I
have
zero
critical.
I
have
165
high.
B
You
know
I
have
all
of
these
at
a
glance
I
can
see.
What's
what's
going
on
here,
I
can
see
my
top
riskiest
deployment
and
you
have
to
kind
of
keep
in
mind
with
security
and
especially
with
acs.
This
is
all
relative
right,
so
risky.
It
just
means
relative
to
what
it
finds
right.
So
I
have,
since
I
have
zero
critical
risky
doesn't
necessarily
mean
critical
or
it
just
means.
These
are
the
the
top
offenders
of
what
you
have
here,
and
it
shows
you
the
list
of
those
deployments.
B
I'd
like
to
take
a
look.
This
is
this
is
my
favorite
page
by
the
way
of
acs
when
I
first
started
working
with
acs,
I'm
like
I
wish
I
had
this.
B
You
know
back
in
openshift,
3
and
openshift
two
sort
of
thing.
I
I
like
seriously
right
so
here
you
can
see
the
top
violation
is
that
someone
accessed
a
secret.
The
seeker
just
happens
to
have
the
cube
admin
password
so
that
it
raised
that
as
a
as
a
violation
right
and
right
now
it's
set
up
just
for
just
to
note
it
right.
B
You
can
set
it
to
either
block
it
or
you
can
set
it
to
it
to
fire
off
alert
to
page
of
duty
right,
hey
someone
access
the
secret,
you
know
it
access
it
multiple
times.
This
is
not
a
big
deal
because
it
was
me
accessing
the
secret,
but
this
is
actually
a
really
cool.
This
is
probably
like
one
of
my
favorite
things
is
is
like.
I
wish
I
had
a
way
to
just
it
notified
me
when
someone's
accessing
something
in
my
cluster,
some
of
the
vulnerability
management
here,
yeah
there
we
go.
B
So
this
gives
you
an
information
of
the
top
riskiest
deployments
right.
So
here
there
is
an
application
called
price
list
that
jason-
I
don't
know
if
he's
around
he.
He
helped
me
build
it
a
long
long
time
ago
and
he
made
fun
of
me
because
I
misspelled
purse
list
when
I
first
built
it,
but
anyway
this
tells
me
the
image
that
I
got
scanned.
There
is
the
top
riskiest
components
here.
B
It
tells
you
that
it
which
cve
and
if
whether
it's
fixable
or
not,
so
basically,
you
can
have
information
that
tells
you
hey,
you
know,
hey
you
need
to.
You
know,
rebuild
this
image.
You
need
to
make
sure
this
image
is
updated.
You
can
go
back
to
your
developers
and
say
hey.
You
know
we
found
these
vulnerabilities,
I'm
not
gonna,
we're
not
gonna
deploy
this
out.
You
know
we,
it
could
be
as
simple
here
there
are
a
bunch
of
rpms,
so
it's
just
as
simple
as
a
dnf
update
on
the
image.
B
So
but
it's
this
is
like
my
top
riskiest
one,
because
I
think
I
built
this
like
a
two
years
ago.
I'm
not
sure
one
last
thing
is
the
network
diagram,
which
I
also
really
really
like
as
well.
You
can
see
the
network
flows,
for
example.
B
Here
I
want
to
choose
okay
dude,
so
this
shows
the
network
flows.
It
shows
what
is
connecting
to
what
here.
This
is
an
ingress
network
flow.
You
can
do
things
like
list
network
policies
and
you
can
actually
do
things
like
a
simulate,
a
network
policy.
B
So
you
don't,
you
can
see,
what's
gonna
block
what
without
it
actually
doing
it,
and
you
can
actually
do
that
workflow
here,
so
you
can
actually
see
at
a
glance
how
everything
is
connected
to
everything
else
and
what
is
allowing
access
to
what,
as
you
is,
let
me
bring
back
that
page
this
one
right
here
is
like
it.
It
says
these
these
workflows
here,
it's
kind
of
anomalous.
Why?
Because
it's
wide
open
to
everyone
right,
so
the
stack
rocks
right
away.
B
Sorry,
acs,
acs
right
away,
tells
you
that
hey
this
traffic
is
wide
open
to
everyone.
You
may
want
to
take
a
look
at
it
and
then
you
can
simulate
again
in
the
network
policy
simulator.
So
this
is
all
great.
B
This
is
all
great
tool
for
for
an
admin
right,
a
great
great
tool
for
security
practitioners
or
having
containerized
workloads
coming
in,
but
really
what
I
want
to
show
is
that
how
you
can
integrate
it
in
your
pipelines
right
so
you
know
the
karina
was
talking
about
argo
and
tekton,
that's
kind
of
like
the
world,
I'm
in
right
now.
Here
I
have
an
application
right,
that's
deployed
with
argo
cd,
oh
by
the
way,
if
I
go
back
to
acs.
B
Actually,
acs
sees
that
it's
an
argo
application
right,
so
it
actually
there's
that
integration
there,
so
just
really
quick,
but
back
to
the
demo
app.
So
there's
a
there's,
a
demo
application
here
that
is
built
using
pipelines
and
deployed
using
argo
cd.
B
If
I
go
to
the
here,
we
go
the
pipelines
here,
so
I
have
a
pipeline
here
this
this
pipeline,
built
that
application
and
deployed
that
application,
but
part
of
the
building
process.
I've
integrated
with
acs
to
where
it'll
run
the
security
checks,
while
it's
building
and
it'll,
either
block
or
it'll,
allow
the
the
the
the
build
to
continue
fully
to
deployment
around.
As
you
see
here,
I
built
it
initially,
it
went
through
I've
added
a
few
more
security
checks
to
the
acs
integration
right.
B
So
we
because
we
want
to
see
it
fail
right.
So,
let's,
let's
start
this
build
process,
so
this
build
process
kind
of
kicks
off
takes
a
little
bit
because
if
you've
worked
with
pipelines
that
actually
goes
and
grabs
a
persistent
volume
first
as
a
workspace,
so
you
can
use
it
as
a
workspace
to
do
the
git
cloning
right
here.
So
there
is
a
there's,
a
git
clone
that
happens,
there's
a
deployment
check,
meaning
there's
that
security
scan
that
happens
using
acs
and
then
the
deployment
happens
afterwards.
B
So
let
me
put
the
logs
here.
So
this
takes
a
little
bit
there.
It
goes
so
it
does
the
git
clone
and,
as
you
can
see
here,
let
me
see
if
I
can
expand
this,
make
it
a
little
bigger.
B
We
do
all
this
with
uis
and
in
the
end
we
just
like
terminals
right
so
here,
as
you
can
see
when
it
went
by
really
quick,
looks
like
I
have
a
bunch
of
violations,
the
initial
violation,
I
guess
for
my
name
space,
there
was
no
violations,
because
that's
all
that
was
set
in
the
initial
run
and
it
looks
like
I
have
some
cves
that
I
need
to
fix.
B
So
there's
there's
like
the
version
of
curl
the
version
of
a
busy
box
right
and
various
other
violations,
so
it
sets
the
overall
status
to
fail.
B
So
once
it
fails
here,
I
go
back
to
the
details
page
and
go
back
to
the
pipelines.
Runs
it
didn't
actually
finish
and
it
didn't
actually
deploy
it,
but
it
stopped
right.
It
stopped
short
of
deploying
the
application.
As
you
see
here.
It's
still
on
that
same
version,
and
this
is
how
you
can
use
acs
within
your
pipelines
to
kind
of
stop
this
at
the.
I
can
stop
it
at
the
source
right,
just
like
literally,
if
you're
talking
about
the
git
clone
does
the
scan
it
could
do
an
image
scan.
B
It
can
do
policy
scans
from
your
yaml
file
right
so
like
if
you're
doing
a
git,
ops,
workflow
and
you're,
storing
your
yaml
and
git,
you
can
actually
scan
those
and
make
sure
it's
to
compliance
right,
compliance,
meaning
whatever
you
set.
The
rule
sets
that
you
set
for
your
environment,
so
so
that's
the.
I
think
I'm
almost
at
10.
B
yeah
good
timing,
so
that's
it
from
from
a
high
level
that
you
can
show
how
you
can
not
only
use
acm
to
deploy
multiple
clusters,
but
you
can
also
use
acs
to
manage
the
policies
on
those
clusters
and
then
also
integrate
your
pipelines
from
a
developer's
standpoint
from
a
developer
workflow
you
can
developers
can
then
be
notified
early
and
often
when
a
violation
exists
or
whether
they
need
to
update
not
have
it
further
down
right.
B
You
don't
want
that
further
down
in
your
process,
where
you
know
you're
delaying
a
deployment
of
your
application
because
there's
a
security
violation.
They
have
to
rebuild
and
redo
the
whole
process.
You
scan
that
early
and
often
and
be
alerted
early
and
often
and
have
it
fully
integrated
into
one
platform.
So
yeah
with
that,
thank
you
very
much
and
I'm
not
sure
who's
up
next
stu
he's
coming
here.
Yep.