 Greetings. Excellent. That's work. Excellent. Hello. Hello. One note tag network. Let me know that they are not going to be presenting this morning. So we will just skip them. They have been mostly like on vacation. So as expected for August. Sounds good. Happy to stage art. Give it two more minutes. You know, I think we are getting who we're going to get. So. I'll pass it back to you to go ahead and kick us off. Hi, everybody. Today is a September 6. And today we'll be going over some of the tag reports from our tags. So, there's your tech reports. Let's go with the stock storage first. I see both of them online too. Nice. Hello. Good. So. Quick updates on the projects. Keep FS was was approved. That's now in incubation. Open EBS. We are. We're looking at the list of maintainers and some of those challenges. There have been some really good updates from the maintainers and they're and we're we're expecting further updates in a couple of weeks. So I think I think we should be able to make more detail. It's actually October. The curve storage system have had presented. We recommend sandbox and the curfew we're going to reapply for that. And we also had a presentation from the Karina project, which is the CSI driver with with the ability to provision local disks via LVM, which is, which is kind of interesting. There are some other projects which have some similarities to it, but none in the CNCF so far. This looks, this looks particularly interesting. So we've, we've recommended that stay that they apply to sandbox. We have some, we have some ongoing ongoing discussions around the performance and benchmarking white paper which we're hoping to tidy up before the coupon timeline. And I did have maybe an open question around the cloud native disaster recovery. We had a few discussions around this. We, the paper is finalized and we've published it and we released it at the previous coupon, etc. But we were wondering if we if it would be a good idea to go through some sort of formalization by the TOC and have it published as a as a as a more formal CNCF white paper if that is appropriate. And I was kind of wondering what's the, what the process would be for that. I know, I know the, for example, the security tech had published a white paper which which kind of went through a TOC approval process we've never actually done that so I was just wondering what what you'd recommend for that. So, yes, one service desk to. I'm going to hope that like the coupon timeline is possible. But if it's not, I will let you know what is available. All right, cool. So we'll, we'll raise the service desk. Thank you. Amy, does this mean that the TOC has to go read the paper. I mean, technically the TOC should in fact read the paper as well but for being able to do like the whole like the look if you are ready for design, then we now bring it into service desk if you are not yet at that stage. Fine. So go ahead and send us a link. Alex on the TOC mailing list. That is fine. Thank you. So, simultaneously you can do the service desk to, you know, open up this request. Yeah. I would also add pre drafting a blog post can help CNCF staff and what the expected content is and what you're hoping to get out of publishing the paper. All right. That is an excellent catch. Thank you. Fantastic. All righty then. And then finally, we've had some interesting updates from a number of the different projects, including the test at CD and we also have an update from Longhorn a couple of weeks back. And coming up, we've got Rook at our next tag meeting and we're also trying to schedule a presentation from an update on cloud native Postgres operator, which is, which is from the EDB team. So, yeah, those, those are the things we're working on next. Thanks, Alex. I had a couple of questions. Starting from the top. Was the opening of an issue in CNCF talk, asking the question about the health, was it useful as a tool that we can do this for other projects when if and when needed. I think it was definitely very useful. We, we've had we've had discussions with the project team. And we also had a session with tag and the TOC sponsors. But having the TOC issue, I think really helped galvanize and formalize the response. So I think that that is actually a much better way of doing it. Thank you. And on the curve and Karina, I think the thing that we were thinking about was, hey, is it just a CSI or does it have a larger set of tools and things like that around that framework. And, and things around it or is it just a CSI? Like, I think that was one of the questions that we were having when we were looking at both. So, so curve is curve is a fully fledged storage system. There are a lot of, there are a number of sort of rough edges and it's coming up to speeds, but that's why we recommended sandbox. But it's, it's not just a CSI. Karina is, is a system to allow the configuration of local disks within within a Kubernetes cluster. So it is a useful tool for example, if you are configuring object stores or distributed databases that need local disks but don't need an external, an external storage system, for example. And it's, and it's therefore more than more than CSI includes all of those sorts of local management. So you see value in both of them outside of ES indeed. So, so for example, the local disk configuration as an example is a subset of the functionality of, of open EBS and something like 95% of open EBS users are mostly using that local disk configuration capability as an example. So, so I think it is, I think there is a big demand for it. And it's, and it's something that is almost like a, like a dependency for, for a number of other, a number of other projects. And what we're seeing is that even in cloud instances, we're now, we're now looking at cloud instances that have for example, lots of local NVMe disks as part of the configuration and, and end users want to be able to use those disks for, for their, for their stateful requirements, you know, whether it's things like a distributed database or an object store or whatever else they're configuring within, within the Kubernetes cluster. Okay, thank you. Any other questions from other TSE members, please speak up. Nice. Let's go to the next slide, Amy. Cool, thank you. Thanks Alex. Okay, next up is security tag. Who's around today? Emily, are you going to do this or is there some? I believe Andy is. Hello, I am indeed. Andy, please take it over. Right. So we have two new incoming efforts in security tag. One is a lightweight threat modeling guidance. The aim here is to provide a loose, but guard rails type frame framework for which to try and move more quickly through threat modeling a CNCF project as it comes into the tag. So far, this has just been appraising and looking at things that trailer bits deliver Kubernetes, various of the different mechanisms. We are also looking at in 950 the implications of zero trust for US government suppliers, and how that zero trust Biden mandates may expand out across the industry into different sectors. So some, some experience suggests that maybe academia or government adjacent places may come up against that sooner rather than later. Then we have been running a cloud native supply chain survey. We have tested this so far. So the idea here is the test is not to draw any conclusions, but actually the shaped survey, when it goes out more broadly. The goal is to get a good idea of the state of course supply chain security across all CNCF projects. So for example, if 80% of 80% of CCD systems are on a particular, let's say on Travis or on get actions that will then help to shape where we may look to form consultations and try and make supportive recommendations. And then we're looking to more generally integrate perhaps with CIG release. So make sure that we're adopting the same tooling. We're basically looking to find the pain points for supply chain projects, instead of working on the intention of a hypothesis of what people need. And the cloud native security controls mapping to NIST. That is pretty much what it says on the tin. We have a set of recommendations that we generated and to ensure that they line up with NIST. And then we have had a couple of presentations come through recently. One is Cubescape looking at general platform security for Kubernetes. And the other is a little bit more in depth from BLUX. We have shipped a multi-tenant solution. And this is kind of phase two of that approach. So reversed out some changes and taken us out from RFC. There is a reasonable effort required to make sure that this is done comprehensively, I would say. So still very much soliciting maintainers and contributors rather to that issue there. Nice. Thank you. So I had one question about the cloud native security controls mapping to NIST. Is it in a Kubernetes specific or is it, you know, doesn't matter what projects you're using? It occurs to me that the number on that issue might actually be wrong. But yes, so these are security controls for a cloud native system, including build and how it might be operated. So it is more abstract, but of course with a cloud native slant because of the nature of the contributors. Okay. So it's not just runtime. It is also like build time and dependencies and whatnot. Dim, it's based off of the cloud native security white paper that the group had presented on. They converted much of the content into actionable controls for cloud native projects and organizations to adopt. Okay. So is it like a check? Sorry, I should have read that. Is it like a checklist or is it actually, you know, code that will interrogate where it is running and tell you what to pick. It's more of a checklist. I believe the group had plans at a much later date to try to automate some of the checks and validation mechanisms of the recommendations from the paper. So without providing this initial mapping to NIST will be a huge benefit for a lot of organizations that leveraged NIST for auditing purposes. Now they can leverage our security controls that we're recommending as well. Okay. Thank you. Another question for this 950, you know, is it starting out as a set of recommendations based on, you know, what the government came out with, you know, on a checklist again basically. Right. Is that how you're starting that to look at that zero trust issue. The project is slightly a little nascent sort of issue rather. So we have not, we've not moved forward to further to making a proposition. We may actually target a white paper as an output. This. So the same form is the precursor to the security controls mapping. But as it stands, this is yet to be presented. Thank you. And the last question for me is any of these things are being co-worked with the open SSF folks. No, all that is, although that is a matter of interest for us. We noted that the open SF have produced recently a supply chain security survey of their own. We're not quite at the same, at the same level because we're focused more deeply on the CNCF pieces there. But there are also some ongoing discussions as to how we can collaborate best with the SSF. I will drop that issue and I can take it back out again. But it's certainly a matter of interest for us. Yes. Thanks Andy. Any other questions from other TLC members. I think you had, you were saying something about the issue. No, it's just that the 645 it's, it's 845 and 635 somehow got merged into faith members. No worries. Okay, going once, going twice. Let's go to the next one. Thanks Andy. Okay, tag runtime. Hey everyone. We're short update from tag runtime. So, we've had some presentations in the containers and runtime space. At our last meeting, we had a presentation from Unicraft. This is basically tooling for Unicernals so being able to instantiate Unicernals and being able to debug them. So, a very interesting project. Looking forward to see what comes out of that. They're applying for sandbox and the CNCF. A lot of support from different organizations and pretty active community. Another project that we have on the schedule is Lima. This is Linux virtual machines, mostly for Mac. And basically, this is a project that allows you to create this virtual machines in a transparent way, just like you do with like Windows Linux subsystem. This is from the same folks that are maintaining the rootless containers. So, they're applying for sandbox and also excited to see what comes out of it. In terms of workloads, we had a project called Cure that's also applying for sandbox present and the project allows you to manage the reboot of Kubernetes nodes. This is pretty useful when running Kubernetes in production. So that you bring in all the nodes and make sure that the nodes are ready to be rebooted and allows end users to do maintenance of these nodes. For example, they want to upgrade the kubelet or they want to do any other operation or patching to that Kubernetes node. In terms of other projects that are related and we reached out open policy registries another project applying for sandbox. Obviously this project has a lot of overlap with tax security because it's open policies or managing open policies. But the interesting thing about it is that it's using the OCI standard, which kind of overlaps with tag runtime. So it manages the policies, just like Docker does with container images. And in terms of activities with the tag, we have the batch system initiative working group creation and that's in the public comment period. And that is ending this week and everything goes as planned. We'll have a vote for that. So hopefully we can get that created in the next couple of weeks. And we're also planning a KubeCon North America. It says EU and the presentation. There's a typo. So we are planning a run tag runtime session. Based on the presentation from unit craft. There's also interesting creating a working group to address unit kernels and maybe address some of the unit kernel standards. So that was very interesting to hear and excited to see the community gather and hopefully tackle some of the standards. And there's also a little bit of interest in creating a WebAssembly or WebAssembly runtime working group. That's all that I have for now. Any questions? Nothing from me as such. Any other TLC members? Okay, let's go to the next one. Thanks Ricardo. Thank you. Hello. Hey Matt. So, I guess I'll start with the most impactful one we have a new logo. So thank you to the, a very long belated thank you to the artists at the CNCF that came up with a bunch of animal logos. I think in the future, the next month or so, if we get to it, we'll have a blog post on why owls, but there's a lot of cool things about owls as an animal that overlap with observability. It sounds contrived, but it's not, I promise. Next, there was a TLC asked to help assess the health of the Cortex project. I've just recently updated that issue with some of the things that Alolita and I kind of brainstormed around last week. I won't go through all of it here, but in short, there's a number of adopters listed in the Cortex repo, I've listed them there. We're suggesting and recommending that, you know, each of them is contacted to see what their position is on the Cortex project. Are they still an adopter? Are they still running it? If they're not, and they've gone to Mimir, what were the things that drove that consideration and or, you know, what, what would they need to continue using the Cortex project? You know, this is stemming out of overall concerns around the longevity of it. The abandonment of the project by its maintainers shortly after it achieved incubation status and started to get some critical mass and the lack of ability or the potential lack of ability for customers to have vendor supported Cortex, you know, enterprise grade support. We're suggesting that, and we need to confirm some of this with the existing project maintainers that, you know, there could be some logistical assistance that's needed to help with community development and the project itself and some other potential needs there there. I guess what we're asking from the TOC here is, you know, should we ask you guys or we'd like to ask the folks on the TOC that have connections to some of these companies professionally or otherwise, if there's some avenue to kind of have the TOC or us reach out to these people the right way without it being ad hoc. So that's one place that we could use a bit of guidance. Would you like me to go breath first or do you want to? Let's talk about this a little bit. So what I would suggest is we can, you know, with our little time you kind of like taking a lead on a Google Doc, we can draft an email out to possibly the GB folks. We're just targeted at the GB folks and let's come up with a text and, you know, three or four of us if we can, you know, write draft the letter, then we can send it to them to see if anybody bites, right? Yeah, and to be clear, we haven't formally started reaching out to these adopters, you know, on paper, you know, we have had some conversations with with people. Yeah, that either show up at the tag or that we're personally professionally connected with but but formally this effort hasn't really started. We wanted to do it the right way. Yeah, I tell this to everyone, let's do our homework and then we ask for help. Then we can ask for better help. Right. So let's do that. Super. Okay. One thing to an interesting milestone happen over the month of August. You know, it was a kind of a quiet month generally as with many of the tags, but on the open telemetry profiling efforts. This is the effort to add profiling as a fourth signal type to open telemetry. And you know, joining logs, metrics and traces as formal signal types that has roughly two months or so a little over two months of biweekly meetings sponsored by the tag and Ryan Perry and some others that are passionate about this. You know, it kind of kicked around a document for a couple of months and that's now one wound up as an open telemetry enhancement proposal, an Otep, similar to KPs. I'll put a link in the slides and last, last meeting, two weeks ago, Liz Fong Jones came and talked about hybridized signal types and different ways to view them and why profiling is important. So that was sort of a timely talk, but that that Otep is up there now for comment from the community. It also has the support of TC members for most hotels. So, so, you know, this has been a nuanced effort that's been almost a slow moving but moving slowly enough so that we can get sufficient critical mass from from folks that are that are interested that can help drive it so Yeah, it's a, I'm optimistic about its future. Next, there's a collaboration that we've proposed between tag security and tag observability around how to model packages package formats, you know, so, you know, npm RPM, etc. As well as CV ease and other vulnerabilities out of organizations like NIST and the like for the landscape graph project. The supply chain working group out of S tag is undertaking some of that and has a similar graph based project underway that we're that we're chatting about so so there's some overlap there and a potential collaboration details are the links. And lastly, we had an LFX internship approved joint, joint, the joint internship. I'm one of the mentors as is Lee from tag network. And it's really it's looking at incubating and developing an on an ontology for Kubernetes resources that has a lot of a lot of different applications for observability and tools. That can help us kind of understand what we've created and how to observe them. So we're pretty excited about it just launched yesterday. And we have an intern that's been working with layer five for some time. And she's awesome and going to start soon too has to do with shackle owl and some of the other some of the acronym soup that I've put there. But that's just launched as well and we'll run for the next three months. Sounds awesome. Let's make sure they get visibility. For example, we can ask for some time on the Kubernetes API mission we can calendar and go talk to them. So that will be a good way for, you know, they turn to show, you know, showcase their work. What was the process for CIG API missionary. Sure. Cool. Yeah, I'll follow up if you have a direct contact. Otherwise, I'll just cold call them. Yeah. Thank you. Any questions from anybody. Once. Yeah, let's go to the next one. Thank you, Matt. Thanks. Hi, everybody. So our big, our big announcement for this month has been our website redesign. So this has been a lot of work, books like Carolyn fence like along with some people at the CNCF to bring the contributor site in line with kind of the broader CNCF website website design. So if you haven't looked at it recently have a look it looks, it looks really fabulous. Another, another bit of big news. So we have proposed an additional co-chair. So Catherine Paganini. So if you have not already voted on that please do Catherine has been an active participant in the tag for a year and a half or so she's authored some resources, and she's been doing a bunch of our tag outreach. And so we think that she's an excellent, excellent counterpoint to the skills that that Josh, and I have as co chairs and so we think that she brings kind of a nice balance to the tag so if you haven't already voted please do on the contributor growth side we have a few things that have been going on so I know Abrams from the Kubernetes project has been working on a non code contributor guide. With the idea that you know they're revamping and expanding this guide and the idea is to take it beyond just Kubernetes and make it applicable to lots of other CNCF projects. So he's been working on this both within the Kubernetes project and then he's also been bringing it into the into the tag so we're hoping that we can expand that and and put together a nice a nice guide for projects to use. We also have a few folks like Carolyn Vince like and hippie hacker who've been working on community infrastructure with the idea that we can use GitHub actions for some lightweight prow like functionalities so you can slash approve slash LGTM without installing all that is proud which is a bit of a beast. So we think we can do a lot of this with GitHub actions so we have a little team spun up who are who are working on that and it's looking looking really promising. So we know that then we can help other projects within the CNCF use this is these GitHub actions as some proud like functionality. We are also working with CNCF so this is something that Catherine has been driving is a contributor survey. So one of the things that we realized so we, we have lots of experience within the tag, getting new new people on board getting new contributors but we've tended to focus a lot on getting new contributors so people who are not necessarily experienced open source contributors. And, and we think maybe we have some gaps we're trying to better understand the challenges that maintainers and other contributors are facing. So that rather than just guessing about what resources we think the projects need in order to improve their contributor experience. So we're hoping that this will give us some data and make sure that we're putting together the resources that the projects need so we're hoping that this will give us some ideas for, for other challenges and other things that we can we can help with as a tag. The mentoring working group is off to an excellent start, they were recently approved, and they've kicked off their meetings. And, you know, they've started running, running some programs and the New Zealand team. This has been led a lot by J till Emma, and he's been participating in canvas expo on diversity and tech so the idea is to get more women, working in working in technology and getting them contributing to open source projects through things like the CNCF mentorship program. So that's that's a really interesting project that's, you know, coming out of New Zealand with the idea that we can create that other places. Within the governance working group, we've been continuing our mission to help CNCF projects improve their governance. So recently we assisted both the operator framework and the Falco project and updating their governance models. And that's been, we hope that that's been a helpful use of our use of our time within the tag, and then just our regular reminder that as you're talking to projects as you're reviewing proposals annual reports and things and when you provide feedback to projects about being to improve governance or grow the contributor base, reach out to us or have the project reach out to us where we're happy to help we set aside time and just just about all of our meetings so that we can, you know, address project questions and project needs so we're, we're here to help. Thank you for that long winded response any any questions for tech group at a strategy. Thank you. So I was curious about activities in q upcoming club con. Do you have, you know, that's where all of us like meet each other right so is there any specific you're planning for that. So we have a few things going on there so our, our update in the maintenance track is going to be around mentoring since that's our newest working group and we haven't talked about that recently at a cube con so we'll have that maintainer track session on mentoring. We also have a project kiosk. So we'll be staffing it I believe in the mornings for for half the day so that's where people can come. Talk to us take contributor strategy and we can answer their questions and and help them out so those are, I think the two biggest things we have going on and keep con sounds good like that's where we'll direct people for sure thank you. Thank you. Any other questions for dawn. Okay, I have a question, I have a question so for the GitHub actions, our functionality. Can that be added to the tag repos and the ask and how can we engage with the group working on that so that we can make it happen. Yeah, I would say if you're interested in making it happen reach out to us in the tag contributor strategy slack channel that's probably the best way to get ahold of us. The short answer to that is that right now this is not quite ready to use. I think we're going to pilot it within tag contributor strategy so that we can we can use it find out what what's working well what's not before we roll it out. Yeah, it's not broadly but they are definitely looking looking for help so I would encourage anybody that wants to help out with those those GitHub actions and that that functionality to ping us in the slack channel. Sounds good. Thank you. Hi, anybody from tag app delivery. Yeah. Hi, I'm Jennifer. Yes, we were mostly on vacation and me with COVID during last month, but we are back now and the one of our new things that Josh, we invited Josh Gavin to be tech lead with us and we certainly mail it to to see so I think there's a both team progress and I think a look would be great. He's been doing a lot of work and not the content like blog posts and engaging really well the like cooperative working group and our multi Tennessee chats. And now it's on cube con we have a booth and also project presentation. Sorry. I mean, I skipped. So there's projects presentation coming in our tag on our tag meetings, cover on our phone dotio. And yes, and tag activities on a cube con in October is we have a project meeting. We're going to post the agenda ready and going to post on our blog by next week. It's going to include our like an overall date. We're going to be using user use cases and also talk about the operator white paper version to multi Tennessee to end the call for people to come to our booth for projects that are and want advice on sandbox. So it's like, sorry, applications, and also get presentations from sandbox projects for people to be able to come and have like a, like an overview of what's going on now. We are we are arranging that. So by the next meeting will have some page to share with you. Yeah, and we'll be on the on the booth, ready to help people giving feedback and also Q&A from some working group people we are checking who is going to be attending, but cooperative delivery and multi Tennessee. We will be able to answer questions there as well. That's it for us. Do you have any questions. Sounds good. Jen. Thank you. Any questions from anyone for tag delivery. Okay. Thanks, Jen. Thank you. All right, we've got a current rundown of projects in here. Any questions and even people won't be able to talk about anything missing. Yeah, actually, if it's something missing, please try it at me because like yesterday was a holiday. I did try to be able to like, you know, make sure the slides looking good. Alright, so nobody come off of. So, Amy, Emily, we sent out an email about. Pause for some of these things. So, do you want to wise what what we were thinking. So, because KubeCon is usually an event where a lot of folks are talking a lot of the same leadership folks and primary contributors to projects we want to ensure that everybody had enough time to present or to prepare their presentations for KubeCon. Including any TOC members that are involved in any ongoing reviews. So we're trying for the first time a freeze on graduations for six weeks prior to the conference ending shortly after the conference. I believe, Amy, did we finalize anything about in-flight reviews? The one that's in-flight right now isn't quite ready yet. We're holding with the ones in voting and because we're all here on a recorded call, that one has passed the vote. We are just trying to be able to get all of the pieces together. Spiffy Spire has passed the vote. It's just we're waiting to announce to be able to get everything together. So, we want to ensure that everybody is having time to perform the proper level of due diligence on these projects and provide the appropriate level of input that they are wanting and not missing because they're focused on their presentations for KubeCon or other activities. James, did I miss anything else? No, that's it. That's good, Emily. Thank you. Any questions from anyone on the pause or any other matters? Okay. Thanks, Bob. We actually even get time to be able to do like proper questions. Like, go team. There might not be any questions, but we had time for it. Yeah, the usual question I'll end up asking if nobody's asking anything is like, are there communication breakdowns between liaisons, TOC members, people coming in with projects, applications, please surface them up. So, let's try to work on it together. I know that we have some things in progress. So, see the CNCF TOC issues, and you will see some of the older issues that we were talking about like, hey, how do we do better when sandbox projects ask for what do they need to do to get in kind of thing. If you see anything else, let's talk about it on the Slack channel, or if we need to bring it to this forum and talk about it formally, we can do that as well. So, other than that, I don't have anything else. So, TOC members, please vote for the two people. I think it's Katherine and Josh. Yeah. Okay. That's it from me. Thanks a lot, everyone. See you next time. Bye all. Thank you. Bye bye.