 Hi everyone. Hi Victor. How are you doing? Good, good. Thanks. Good morning. Hi there. And we'll give it until five after and to get started. We do have a. Google doc with notes and where you folks can add their names. We appreciate it at any agenda item. Just posted to the zoom chat. Does anyone have any topics I'd like to add to the agenda? No, no, yet. All right. A couple of minutes, think about them. Hi everyone. Hi Oliver. Morning. Hello. All right, we can get started. Everyone. I'm going to close the link into zoom chat. I will share my screen. Okay. Let's see. So there's a. Microservice cloud. CNF. Paper about. One concern per container. Published. I don't know if anyone's seen this yet. It's recently. And it was really interesting. I can't remember whether it was on. Twitter or Slack somewhere. There was a. It was a good discussion of whether it was. An appropriate. Set of examples, but I think the general. Gist of it seems to deal with the. Problems. Go ahead. I think. A few weeks back. A couple of months ago. All right. Do you think that. Wherever you saw that discussion, would it be. Something. Good to link to. And. I think we have a. Related. GitHub issue here. I'm not sure what. Discussion you saw, but if there's some interesting. I agree we should. I'm trying to find it. All right. We already had a bit of a discussion just in the GitHub issue, which was. You know, many months old here. So if we can continue that, I think that'll be good. I just received a comment in my LinkedIn. Boss. And I encouraged the person to. Put the comment on. On these. Discussion. But it seems like he didn't. He didn't put that information. Oh yeah, maybe. Well, if you do find it, Tom. Would you drop the link into the issue? Yeah, we'll do it. So we don't have a poor request yet. For this one. Or a separate document, but I think. You know, this. Would be a big write up or material could be pulled. What do y'all think as far as. Moving forward and, and starting a draft on this. A Google doc that we could start writing a. Good idea. Yeah. I think it'll be a good thing to. Start creating. All right. Yeah, I don't think I created a Google doc for that one. I think it'll be a good thing to do. I think it'll be a good thing to do. I don't want to kind of jump on ahead. All right. I will, let me, let me go ahead and. Put that as something down here. And then we'll come back to it here in a few minutes. Three draft. Let's see. So this one is not upcoming. It's done. MWC Barcelona. Anyone have. Folks that went. Highlights or things to. Talk about. Delete that. Anyone go or have colleagues that went. Yeah, my boss went. His, his feedback seems to be along the lines of. It was the first one he was aware of where. Mobile devices. Wasn't the kind of headline event or focus. It seems to be. It seems to be. It seems to be quite often. MWC is focused on. You know, iPhones, Androids, et cetera, et cetera. But this seems to be. From his point of view, more discussion about. The sustainability of. In general. And also less. Discussion about six G than he was expecting. I saw a. Teleco TV or the telecom TV. Discussion. Where there was. It was around six G and five G. And. Where the focus should be. And it definitely seemed like a pretty strong. Split between that. Not just. Really getting five G. Fully deployed, but even. That there's a lot to explore left. On the one side and then a. Some folks feeling like. Almost like it just need to be jumped over and. And head right six G. So. If there's, I wonder if. Because of the. The split on how people feel about that. If it's. I mean, it seems like sometimes the conflict would have increased the discussion, but I don't know. Maybe there wasn't enough people that were willing to talk about it. To. Put this forward. Possibly. And it may also have been, you know, the expectation he had versus. You know, his, his expectation may have been that there was been loads of discussion about six G. And maybe there wasn't. I think the other, the other thing mentioned was there was quite a lot. Of discussion, especially around the phone stand about open run. And how that. Canon should be. Adopted. Scale. But again, that might have been just his view from where he was. Quite a lot of confidence. What about private 5G? Um, it's not something you mentioned, but I know that motor phone, for example, had the announcement about. Essentially private 5G on a Raspberry Pi. And trying to drive the cost of that down so that it's affordable for anyone. And fairly similar costs to a broadband router. He didn't sort of, he didn't mention it in his summary. Of things. He took away from the event. Was that announced at MWC? It was announced before MWC the week before. And so. You know, people may have been aware of it when they went to the stand. I can share a link. Yeah, that'd be great. I think it's like a proof of concept or a full product. I think it's turned a prototype at the moment. But I think the idea is that it's something that. We'll drive further. Link to it in the chat. That can be. Something interesting for us to explore. Reject all cookies. Lime micro systems. It's a miniature. 5G base station. Yeah. And then it was demonstrated. So he was, maybe he wasn't. Doing the demonstration. Maybe he wouldn't part of that demonstration. Hey, my boss. No, he wouldn't have been. I think that there's. A lot that we can explore. On the whole private 5G side and there's overlap into. On the Kubernetes edge, of course. A lot of the different groups. There's. Some overlap where we could look at best practices, maybe the. Even. It shrinks things down like onboarding of CNS. What are you doing on the edge? It starts getting focused on. Smaller areas. Rather than a workload that may have. 30 different. Pieces. Of course you can have those in a. Private 5G, but the private 5G, you may have. Have it spread out. And for specific. Areas. That's providing service. Are you directly involved with that group? No, no, no. So that will be it. That will have been done. R and D center and Malaga. Part of all. Particularly linked to. Kind of. I'm more involved in the mobile core. Cloud stuff. Which I know is linked from a functional point of view, but. It's a very different. Some part of business. Understand. I think. Something like that could be. An interesting thing to. Demo and talk about it. At telco day. Yeah, it would have been. A bit late for this upcoming one, but. Yeah. I'll see if I can find out he's involved. I'm. Making aware of this group. Yeah, because I tend to agree with you. It'd be really interesting to see how. Some of the core functions have been shrunk. To the point where they can run on a Raspberry Pi. Compared to the. Dimensioning that we see in the. Mobile call for a. Kind of country-wide deployment. Yeah. Yeah. Being able to limit the context could. Allow us to focus in on one area and talk about. Benefits and other things. I mean, of course. Then you can talk about caveats and other stuff, but. Being able to at least have the dialogue in a more. Focused area. I think. Has been helpful in the past. Move them some things forward. Okay. Anyone else have anything about MWC. About. Another topic. So. Oh, it's. Trying to figure out, because there's two projects. That's going to be related. Talk about a lot. One is Linux foundations. Magnum project. The one was open. Networking foundations. Ether. Project. Five G implementation. Five G. So. What's the. How does it work together or the independent competing? What is the difference between the two? I heard the magma project and what was the other one. That's open. Do you have access to the dog? Yeah. Paste in the chat. All right. The audio is a little muddy for me. I don't. It may just be on my end. Oh, yeah. It's my laptop. Probably. I probably need a new laptop. No worries. USP. External mic can. Help extend the life of those. An older. An older laptop. Yeah. Oh, and. All right. Yeah. So both most is to about. Five G. Five. Five G. So. How do they work together? Trying to get to. This is. Weird page. Is this. Magma. So it's not a, it's not LFN. I think it's just a top level LF project. Magma. Is this the one that you're referring to? Although this is the community page. Yeah. Oh, it is. Yeah. Okay. Magma project. I'm having a hard time getting to the. There it is. Again. Magma core. All right. I haven't really heard much about this since. Um, You know, you know, you know, you know, you know, you know, you know, you know, you know, you know, you know, you know, you know, you know, you, you know, I think on my leave it was getting going. Meta face book. Donation originally. The main thing that I recall. So I, I think magmas, 5g core. I didn't know if they're doing any, like of course, any of these pieces like Tom was saying. They could be shrunken down. And you cut up pieces to edge, but I didn't think they were. doing more of the core mobile core and this this part I thought was one of the big things that they were doing the way that the Federation and the way that the different components in the core talked they don't all use 3GPP interfaces some of them actually use GRPC for talking and taking advantage of that for some of the features. Have you seen something that's more specific to private 5G for magma? I know both are pretty active projects so magma is from Facebook and actually it was actually kind of a clone of the OMHC project. The OMHC? Yeah so it's more so because OMHC is for kind of common only and magma is like so it'd be more general as computing. I don't know about any type of collaboration between the two projects Ather and magma I'm sure there's people that are with companies that are working on both I don't know you know about any overlap. So just from a telecom use case perspective are they quite overlapping each other? Oh they're doing different things. Was that a question? I missed a missed part of that. Yeah it's a question I was wondering what because they do both for private 5G but I don't know what their OMHC is core. So for the magma access my work project so I don't know how much overlap they have between the two projects. All right maybe something to look into. We are regarding the like the CNF certification best practices use cases interested in digging more into private 5G so definitely are going to be talking more and more with projects so and oh and the open networking we want to try to talk more with them and see what they're doing especially if this is a newer project so exploring newer ideas and up into that if you know anyone or then we want to try to encourage them also to get involved with what we're doing. All right let's see going back quickly connected America private 5G there's a lot of events this year that are the 5G related and looking at the topics like this big 5G event Tom Victor y'all planning on going or know anybody that's going to be going to this 5G it looks like a fairly big event I mean MWC is humongous of course but this one seems to be a pretty big event T-Mobile, AT&T Verizon and so forth going. This is in May. I don't know anyone going I think it's unlikely that someone from home ago just because of the location. All right some of the topics if I check it out it could be interesting enough that there may be enough discussion and with y'all having like demoing a product and there may be a reason for yeah I don't know except there's a remote option as well. Yeah sounds good MWC we would have liked to had some presence from like CNCF there were a few people that went to MWC in the EU but a larger presence and maybe even I don't know if it's demoing a table maybe even something conversations to tie people back to the working group but considering something for the MWC North America and see what was the other one the Telcom TV they're doing events all the time that we've been in the past especially before COVID had a lot more conversations there was some like interviews and stuff with books from the yes it was like the Telcom user group and other stuff that I think helped bring people in so we should consider some of the stuff that they're doing and this is one of them the Telcos and public cloud summit may be too late to submit anything or have a conversation but they have other events which I think we should look at and I'm going to jump back down related to that for KubeCon EU. Victor had put forward having a birds of a feather session a while back and I think that would be a good idea. Tom are you going to be at KubeCon EU? I'm planning to be yes. All right I think we should set a time and start marketing the session that the informal session it's not going to be listed so we'll need to tell people about it ahead of time and then of course we can mention it during cloud native telco day I don't know when we want to do it I can try to find a see if I can find a room or anything ahead of time but it could be just a hallway find a table or something that we stand around or sit at but how much time would we want do we want to just meet for a be available for more like a office hours working time or do we want to set something more like a working session like a CIG multi or I guess it was a working group the multi interface working group or they did that at KubeCon and had a I think that they had like an all day type of thing but we could do a working session and actually you know work on writing at practices or digging into a topic or whatever what's what are people interested in for this do we have some topics that we have one to discuss in that like I mean in case there's not too much in the brainstorming I mean I was thinking about like for example proposing um to discuss about the the scope of the group like if we are going to consider onboarding or the best practices in that particular area during the session time or ahead of time Victor as far as during the session time brainstorm and research or what are you saying no uh besides brainstorming probably just having some backup topics to discuss other few things just in case there's no one initiating the like a I don't know icebreaker or something like that yeah I think for the the working session I think we'd have to have a very clear um scope or set of objectives I think from um so for example when I was involved in an account we used to have working sessions at the um what they call the developer and testing forums and I think some sessions were quite open and let's review this document and see what updates we should make and they they sometimes didn't flow very well and it took a long time to get people to kind of get involved whereas if if you if we started with a there's this particular section or this particular best practice that we want to work on um and I think it kind of focuses people's minds a bit and so I I think it got more engagement in the approach all right um well do you have any I think that sound that ties in with this have topics ahead of time yeah I'm gonna do it like this um possible topics so best practice drafts which we have some but we could create them choose practices ahead of time cncf glossary choose glossary terms ahead of time we can do that as well um length of time so two hour working session I'm just putting that forward I'm I'm considering this like brainstorming on what do we want Oliver is there any folks from matrix going to be there I don't don't think so at this time most likely for North American stead um anyone else here Muhammad or Victor Lou y'all coming or know anyone that'll be there all right I don't know if we can depend on having a remote capability if if it seems possible then we'll turn something on to allow remote I guess I'll just put that in um I'm just going to put yes for their centrist does anyone have any other do it it seems like if we're going to do a work in session we need two hours but anyways put whatever forward the shorter one longer one half day does anyone have any thoughts on that like time I think two hours is a minimum um I think if it's any longer than that we need to build breaks in our sleeper uh I think it depends on how much top how many topics we want to cover really and also the type of the audience right I think you work with another person yeah I don't know if you're not finding I would unless we decide that um unless we decide we didn't want anyone to bring something else I'd be willing to have it maybe even like four hour um half you know half day or whatever and then we could call it like a it's almost like an office hours it could be birds of feather whatever however we want to talk about it and market it but the the way that I originally saw birds of feather it was open because people come in and forward whatever topic they want and it could be five minutes or 10 minutes or whatever but you're not going to have you know hour long presentation but it was all ad hoc but that's more of how we want to market this if we say that we're going to be there and we're open to people putting stuff forward fine but we can have topics chosen and and then get going and and you know whoever is available but have it more of if we know that we were there like an office hours then if people show up you know come in and they want to talk about something then we can start digging in so if we did that we can work have a working session but we could also have maybe more material ready to talk with people that are new to the working group and you know any of the cloud native stuff that we're doing um and by that I mean it could force us to prepare some stuff that's more of who are we what are we doing so we had already talked about this being one of the areas that would be nicer to send people to to get started on here's here's one of the things that we're doing we're trying to publish a list of best practices and being able to communicate stuff so cleaning things up and then have it ready to talk about might be able to even have it like as a this is me thinking through it but if it was like a open office hours we can do a working session on the working group but do it coincided with maybe cnc of telco office hours or something like that and have there's someone that one of the folks on the certification testing team that's does a lot of the qa and um talking with people working through issues is interested in trying to help as um more more of like a workshop type of thing so we could have an area where if someone's interested in looking into the certification or using the test suite as a tool or talking about what we're doing in the working group then they can just come in so we just do it all as one big thing what do y'all think of that um yeah I think that makes sense um I think it broadens the appeal if we did if we did it in that format would you would you would you say it would be a longer session well that's where I think it could be like the a half day yeah and we just say someone's going to be available um of course we can still decide we definitely want a working session because we want to move forward on the glossary you know but you make you go we're going to do an hour on that or two hours whatever that's fine but we could say for half a day we're going to have someone available from the working group to talk and someone available for the certification and it's just like here's a place we don't have a booth specifically or anything but I'm I'm sure we could tell even if we did something like this we could even tell probably talk with like the cncf main booth and say if anyone's asking about telco then send them over here yeah um I guess we could even consider this is all this is consideration a whole day so one whole day but you know we'd want to make sure someone's there so you kind of treat it like a booth but an area where we're maybe doing like working session someone comes up and they go hey I'm interested in you know what y'all are doing in these groups and we go okay right now we're working on a best practice and maybe they we just go we're going to be doing this for the next hour do you want to we can talk while we're doing it I don't know something like that yeah I think that makes sense we might be able to ask some cncf projects to come over and just chat about what they're doing and relate it to telco as as well and then if you know maybe someone gets decides hey I'll hang out and they get involved either with best practices or conversations with other people that come up yeah that'd be cool all right I'm thinking not on telco day seems like the logistics of anyone trying to do manage it and do both or whatever at the same time I'm not on the coach or board but it seems like that could be too much to try to do both um I would say another day myself does anyone disagree telco day is half the day I mean theoretically we could do like a two hour session or something or a half day but yeah good question I think the the benefit of doing it so it depends where the people are traveling on the morning of telco day yeah that's a good the risk of doing it on the Wednesday Thursday or Friday is it's a jam packed schedule anyway but then also if it's a half day people drop in and out that might make it easier I think probably evens for me about whether it's done on telco day or not um I gotta be happy either way I'm certainly available either way well I'm gonna jump forward does anyone have anything else that they think is very important or can I focus on the full request and other items that we have all right if you have a topic that we didn't get to um you can write it in as to talk about next time or just add it to the agenda please for next time don't want to miss anything that that's what I want to talk about let's see okay so think yep this is only says one full request so this is a full request this is for best practice proposal for not turning on the privilege flag for containers in your pods so you're seeing us so this is related to a security and um specifically stuff like supply chain attacks where a container may either have a bug or an exploit intentional where um someone could gain access to the container and then try to gain access to the host running the pod so trying to restrict the access when you're talking about bugs and stuff you may have problems in the container that just inadvertently cause more host problems so if it's not running privilege and a related thing if it can't escalate to have privileges then you're going to add more protection when you're forced to use unprivileged containers then you have to be more thoughtful in your design of the microservices which can end up leading you to other practices around um best practices that we'd put forward around CNS and related to I'd say microservice design that's most compatible with Kubernetes and a cloud cloud environment some environments require you to drop privileges this says root privileges um Victor maybe I don't I were we supposed to update this this might have been from the non-root yeah we we've got it from there I I mean I think it's true that on SE Linux by default you're not going to be running privilege containers but I think that would be a different statement here so that needs to be updated anyways uh goals here non-goals we have the overall proposal so when you're creating a pod set the privilege flag policy to false a little bit more expansion on why this is a good idea a reference link directly on the proposal to the kubernetes talks about that um this is related to non-system pod types so system pods are going to be expected some of them to have privileges same set of user stories are relevant to the non-root best practice is relevant here and similar caveats about pulling in upstream dependency so upstream containers you're however you're pulling them in like helm the definitions may pull in an image that ends up having a privileged pod definition so that's something to look at if you're doing integrations and deployments and stuff like that and it could be examples or could be situations where you do want a pod to have privileges the invoice sidecar cube proxy for example so there may be something there and I think that would be related to separation of concerns applied to security it ends up affecting that so if you're splitting that out here's where we're going to need privileges then it means your your entire cnf won't be privileged but just one aspect that helps with debugging and isolation and other things and this is the privilege escalation so if you have a non-privilege container but it could be escalated you may not even intend for it to be escalated but if there's some type of bug or something there may be a way for the container to try to escalate its privileges so you can actually deny those sort of things so that's a related item to look at we get a bunch of references around not running containers with privilege flag set true a lot of different places cloud providers and vendors alike the alternatives and it is testable so that's an important thing with best practices is this something we can actually test easily and fill the confident that it's being followed or not followed and this one is testable and it's actually included in the cnf test suite so we know it's there and it can be tested and otherwise all right so i think other than maybe this one it seems like it's ready to go we just need more reviews and some thumbs up approval but does anyone have any comments thanks tom i don't know why it didn't give you a check mark oh no it did it so i need a few more check marks or we don't even have to have them over here in the reviewers you can add a lgtm oliver i'm going to add to you if someone wants to be a reviewer then if you post a message in here then i will see your name and i can add i have to actually go and add you as a add the role or whatever but i can do that but if you do just a lgtm or and that's sufficient for approval and this one victor l victor lu we lost moham oliver have you had a chance or anyone at matrix to look this one over yes if you i think you just refresh i'm not sure if you're getting it or not should have gotten no i will refresh all right thank you well it's just spinning so we'll see how that goes i'm going to post this in the slack we need we need more more people on this i do it here i don't even know i don't think here works channel i think they've turned off all of that all right well um we're at time i guess the last thing here to say is there's a some other best practice proposal issues that are here if you take a look at these and i've got them started forgot who put the template in i think lucina and somebody victor tom somebody but and it's appreciated that makes it nice to get started so some of these practices we've talked about in the past and we just didn't have issues so i put those in for some of these to get started added some references some initial content and then i tried to create i'm hoping i did it for each of them but create a google doc and share that i think it's just anyone can comment so even random people on the internet if they had suggest edits i think it's how it'll come across so we can approve or delete or whatever but we'll see how that goes and initial summaries there we base this on another practice so the red is just something more of example and we can delete that but it has some initial content and i've done that for each of them so we can continue if there's any of these that are interesting then just jump in maybe i even need to tag it with something else to get more people but it does have the best practice proposals all right thanks everyone thanks sailor thank you see you next time