 Yeah, okay Welcome. This is our sandbox review meeting a very special edition so we can work through some of our backlog and please I'll hand it back to you All right anyone got any projects they want to Talk about initially or should we just start at the top and work our way through? Let's start at the top and work our way through with starting with fab edge fab name It's only four months old it's kind of It was started in July this year, so it's pretty new it does for a four-month-old project. I have to say it has a This you know a little bit of But it's just very new Yeah, it's got enough stars to make it onto the landscape now Yeah, I mean it's it's got it's got a good number of stars for a four-month-old project, but stars are easy to game So I don't know that I It's but it's got like 30 forks, which is so 30 people have pressed that But it's very new Yeah, and Yeah, I checked it's a website it seems open source by a small club provider a club vendor in China and They actually this project has a closed relationship with kubi age at least based on its documentation I'm not sure whether it's more like a solution for kubi age from my perspective And I'm not sure if this relationship is is a good for a independent project or it's more like a Ecosystem project of kubi age you guys know to check his documentation at least and at first glance it seems more like a solution Combined with kubi age. I think the roadmap mentions the plans to integrate with other age projects Let's see. Yeah, this year. I see that. Yeah, I do want to contribute is We'd like to let more people benefit in the project so we can We believe CNTF can help us to achieve it. That does slightly sound like Marketing I would like to actually prefer if they have support for More than one age solutions and then move to see and save I'm not sure if it was the current status for them, but it makes me feel safe if they have some Support for multiple age solutions as they claim they read me Yeah Either that or it decides it's part of kube edge Yeah How does something like kube edge cope with networking? Sorry what? I'm just wondering if there's any reason why Oh I mean I don't know enough about edge networking to it may be a bit of a Focus on On isolating networking which is some common in the IOT or edge I believe kubi edge has some native features regarding to this, but they're more like, you know Specialized focus on this field. Just like, you know kubernetes has Flannel, but there is a clinical which can bring more values to to the project. I think this is their focus and position That's why I think if you are, you know a more like the age focus the networking solution I hope that they can support multiple edge Edge control plan as they claimed instead of just one Yeah, yeah, I was I must say I would read I was struggling with this one a little bit so I I was I'm wondering if it might make sense to have the network Tag take a look at this Yeah, exactly Yeah Yeah, so Have the network tag take a look maybe ask them if they Believe they're a standalone project or should perhaps be part of kubi edge Or the third being maybe Also, they can help assess the technical merit and maturity as well I mean, I wonder if tag security might want to take a look to I mean I It's IP sake channels with certificate based authentication, but like how do they Distribute certificates and key. I mean, how do they do key management? That's the hard thing with IP sake is getting keys to The right place and things like that Yeah, so just I think that might be because that's more of a question of is that done right whereas I'm I'm still at the stage where I don't Yeah, okay. Yeah, okay. Let me start with that then. Yeah My rating actually makes sense for you. Um, yeah, but I mean don't don't put tag security in yeah, okay. Yeah, don't put tag security down yet Start with tag network. Yeah, I think yeah, we don't need to add the security requirement in as a gate for sandbox I think this is more like What is this adding to the cube native to the cloud native network landscape? Where are all my words? Okay, mixed up Yeah All right No call hosts Um, so it looks like there's some additional notes here. Is this since we spoke about it last week briefly? We didn't really get a chance to talk about it properly. Did we I'm still not convinced that we Well, sorry, I shouldn't have changed that on this screen I even go back Did anybody get a chance to try this? No, yeah, I would like to Okay, and they do Say that they have the same goal as telepresence, which is existing Sandbox project, but doing it in a different way I suppose that different approach is doing it in an IDE rather than on the CLI I don't think that's the only difference. No I think there might be some other architecturally if I need to take a look I think they've decided to present it in an IDE, but I'm not I'm not sure that that's the only difference there's quite a lot of choices that telepresence has made and has been, you know, it's been reworked a few times, but there's There's a whole lot of networking choices and things I think the biggest difference is listed in the explanation of alignment with existing CNC of projects filled Yeah Looks like they use the real cluster environment to test their changes versus telepresence creating sort of like a local environment That makes me think all sorts of questions, but not necessarily that need to be answered before Sandbox Any other comments or should we go on this one? Let's vote for Naples host What's the votes came through? All right, so the next one is Curve Distributed storage They claim that they are faster than self. I wonder what the tradeoffs are. I'm not a I'm not an expert in storage some curiously Yeah, and what is that based on faster? Meaning what I'm slightly concerned that the number of times they mentioned net ease, which I think is the commercial entity behind Is that true? No, net ease is more like a end user. They're developing games or entertainment Finances and they do have net ease cloud, but I don't see any relationship with this project with that cloud. So this is fine to me This might be a good project to have a present at the tag storage Yes, yes, I think so Yep Yeah, this is a very technical forecast Yeah, this is a very technical forecast thing. I think I really hope that Text already can take a look to see if what they are claiming is correct and to see if it's It's really faster than safe, of course And how it fits with other storage projects because we have a lot of confusion between how to explain the difference between our storage products Yeah, plus one of that Yep, yeah, agree. Okay All right The next one is Wait, cube armor Oh, I feel like I've come across cube armor I know I've come across cube armor Uses some system call handling library from some company called Aqua Security. That might be where you've heard of it from I wonder if they use Tracy. That's interesting That's what it says Okay, and it's using BPF LSM, which makes a lot of sense Well, the best use Any kind of LSM, which is kind of weird if they were just using BPF LSM The way I read that I think they're just Using the LSM interface I wasn't okay. Yeah, that would make sense I might be wrong though. Oh, yeah No, it looks like no, I think you're right. There's another one that does look as though it's also doing APARMA or an SE Linux Enforcement I suppose you can only focus William in their org as well Oh, yes, they're actually not Steve. Yeah They're following me around The presentation is very interesting too Yeah, I was Looking through that doesn't actually look all that old and it's got Yeah, 184 stars, which is something sure There is a credit that says Q-BARMA uses Tracy's system call handling functions developed by Aqua Security Right. Yeah They have a roadmap, but it's unclear where they are in the roadmap Unless that means Historical roadmap They said they're on release 1.0.1 and The roadmap talks about 1.1 and then 1.0 and then it says Q-BARMA roadmap for future releases I guess it's a statement of intent anyway I don't think I think from the roadmap they don't do all the things that they Having that presentation, but that's fair enough The top two contributors in the Q-BARMA, Q-BARMA repo are from Korea. It's just too bulk of the work, I guess There's one sentence in the why do you want to contribute that most of it I think is very clear and sensible But it says Acunox the founding organization behind Q-BARMA works on a product that specializes in runtime security engines for cloud native environments With all this CNTF seems to be the right avenue for Q-BARMA to reach towards Does slightly sound like well, I don't know why they're brought in Acunox the commercial organization into that Maybe they meant to make it more open and it's just not well articulated should we ask for clarification To get more contributors outside of the commercial Yeah, it's open source already, but Yeah, I mean it's it's looks like it's always been open from And I think they have been working with that policy working group for a while Whether that means they're actually getting contributions, you know from outside of Acunox. I'm not sure Yeah, I mean there's a number of contributors, but it's hard to tell where they're all from Yeah But was there a Like a contributors Or maintainers list I mean there's 20 contributors there is not a maintainers I think for sandbox it might be okay This increases the EBP of ecosystem We do some showing in the community stuff Yeah, any Any other comments or should we take it to a vote are we ready Moving on to Me target meta get To brave move to call any projects on the beginning was met right now This is what they did that before That right now they're going damn it This is quite an interesting idea to build a deliberately vulnerable infrastructure It is something you know Building vulnerable Building things to show vulnerabilities is sometimes a bit Painful and awkward so That's quite like the idea It's a very recent project with a very few contributors Ask them to go talk to tax security Yeah, I mean they they would be a good thing to present and maybe they'd find some more contributors If it's interesting I think that would be Does actually have I mean I know styles should be taken with a pinch of salt but 429 stars and yet only four contributors Yeah, 82 forks and only four contributors plus a people forks it without actually doing anything which is kind of weird Yeah, I think we need to also to check if this is a personal project or it's a company Based project I'm not sure about that because it seems that there is only one active maintainer Working on this project who claim to be a security researcher This is very unclear to me whether how he or his company can you know maintain this project in the long term At least based on this documentation I cannot get this information I can search it a little bit it's also you know even in Chinese is not very they're not they're not not a lot of content relating to that I must say I I love the idea of the kind of CLI that it describes in this read me I think that's great I think I agree with Harry that this is not You know this does basically look like one person and I'm not sure that's enough but this me targets CNV installed a CVE that's great Let's just yeah I think it's yeah it's a really interesting I just want to make sure it's you know a formal maintainer project instead of a personal project I search a little bit I found some blogging in Chinese and it's mentioned that it's coming from a company which name the Lu Mo It's basically a security company in China It's some it's looks like it's it is internal tool from them and then the open source that this is as far as what I can see but not a lot of information I think we may want to have them to give the presentation to explain more about the background and their motivation and their technology If all of those things are great. I think this is actually a good project I also think that the project from just one maintainer shouldn't be a blocker for sandbox because sandbox is a place where you can find more Yeah, yeah, correct contributors right and yeah and I also think it's a very interesting project but if they want to get more contributors This is probably like I see a lot of issues are filed in Mandarin for example and we chat is for communication so it should be probably more inclusive like maybe slack and issues in English Yeah, I wonder whether we should encourage them to go and talk to tax security Partly because I think there are probably a lot of people in that tag who the same as me love the idea of like oh I could just install a vulnerability like that that would be so useful And maybe that could encourage a bit more contribution maybe you know I feel like this is maybe one to sort of If they came back in a few months time with a few more maintainers I think this would be awesome I mean it yeah because it's something that needs ongoing maintenance to add more vulnerabilities and so on so it's question like how easy is it to actually maintain it over time and keep it up to date because it's not any use of it isn't maintained Completely yeah I pasted a YouTube video and that seemed nice too so I do want them to succeed. We should get them to talk to tax security right now. Yeah. All right. Is that right conveyor is the next one consoles migration tools. I feel like this is. Yeah, there are people who built entire businesses on doing this. We did that once it was terrible but We no longer have a business doing that it's much better. I mean I guess like is is migrating legacy things that a cloud native activity. I'm not sure it is. So I don't know a question if it falls within the scope. There is already a channel in Kubernetes like apparently. I think is kind of interesting. Definitely a concern of a lot of users. But again it doesn't really have a place where it fits in terms of the tags. Unless it's just data than it could potentially go to the storage say is they were working on It's more application migration I think so not just data. Yeah, maybe app delivery. But yeah, I think I think it's app delivery but I'm not sure that's why the question of Hispanic is I'm not sure that app delivery would necessarily want to be involved in it. I mean, I do like the problem. I do like the fact that they want to build a community around supporting people in their journey to cloud native which I think is in scope. I don't know. I think the community around that's more in scope than tools. Well I suppose if you need tools to move to cloud native and if the mission is to make cloud native computing and ubiquitous. Maybe this is part of that making things easier. One thing that's interesting under the similar projects they talk about there are a small number of tools that may overlap with conveyor projects. These would be welcome to join conveyor if they wanted to come to the CNCF. So, you know, some, some overlap. Is there any danger that this is a, you know falling into that bucket of opinionated. Yeah, to what extent is this the project in its own right or to what extent is it pulling in other projects. Well that's the thing that there are, there's such a variety of non cloud native applications that you that by necessity thing there are, you know, kind of an awful lot of things you might want to do. Yeah, I mean we, we, we actually spent a few years working on this kind of tooling and ultimately decided it was not worthwhile but maybe that speaks to it being better as an agent source set of tools then. Or does that devalue the business proposition for. Well, I mean, I definitely I mean I think that, well, we stopped doing it because it wasn't successful for the customers not because it didn't make us money. To be honest, but maybe maybe they've, I mean maybe they've found things that were better than the customers than we did. I mean, I'm, which I'm, you know, it's a red hat project I'm sure it's of value but to customers or it wouldn't have got to this stage but there's a, I don't know, there's a lot of, there's a lot of question marks just in my mind about the space as a, as a whole and the what and what you're telling what you're, what you're telling customers that's why I think the community part of it is perhaps the most valuable piece as people learn how what cloud native is and what they have to change and learn to make it work. Some of the projects seem to be very open shift specific. Is that right in here. It has a little bit of that flavor I don't think it's meant to be but that probably the origin leaks over a little bit. You know, they haven't specified anywhere that they wanted to be, you know, non specific to open shift anywhere. That would be my concern. Well, should we have SIGApp delivery look at it and see if it's something that given contributions to make it more non vendor specific it would be useful. It also doesn't say it is, you know, only to be used for open shift I think the intention is to open it up maybe just don't have the contribution. Yeah, it has inbuilt support for creating IAC artifacts for replatforming to Kubernetes slash OpenShift. Actually move to Kube is for replatforming from Cloud Foundry, Docker Compose, or Swarm, which is or Kube Amal to Helmchild so it's much more specific than I thought. Yeah, I looked at it a long time ago I have not looked at it recently, to be honest. I could take a little bit deeper dive into it if you want. We could push it to the next time. That's, that's a specific set of things that you would arguably might say are or in fact already cloud native, they're just not Kubernetes, not generic, non. I do have a little bit of a concern where I see things like OpenShift Migration UI and OpenShift Migration Operator, you know, is it kind of the overall project is intended to make you or to make it easier for you to transition to a variety of cloud native platforms so far so good. But is it in practice, more advanced for OpenShift and is the end result there. You know, it nudges people towards OpenShift rather than Kubernetes. Yeah, I can see your concern there was. Maybe we push it back. I'm fine with that. Can we provide some clear guidance to them on exactly what they would need to do. I feel like just kind of saying hey this is too OpenShift specific might be too vague. I wonder if this is worth having a discussion in a TOC meeting really. Well maybe that's a big step. Yeah it might be worth inviting them to present and kind of understand what their plans are. Can we start with tag app delivery? Correct. It's consistent with the other project recommendations. And we can tell tag delivery what to look for right. Is it specific to OpenShift? Are there things that can be, that will work out of the box with regular Kubernetes, that kind of stuff. And 75% of the people associated with the org are Red Hatters. The MIG controller appears to just be for migrating between different OpenShift versions. Which is very specific and not at all what I thought this project was about. So in the meantime I think Erin can back channel also to the folks and say when they are talking, speak to it during their presentation to have Deluri Erin. Yeah I don't know given that I don't live there anymore, that I have any more information that I can certainly go find out. And make sure it's well understood or if it's even worth to get delivery but yes I will find out. I think to get deliveries right place to start and then go from there. All right. KTOP. K8. I assume we're okay to move on. So K8UP is a Kubernetes native application which works as a Kubernetes. Okay. Ketchup. Is that how you pronounce it? Ketchup. Ketchup. Very good. Oh yeah, they did say ketchup in their index page. Oh they do, yes. It's very confusing but it appears to be a backup. I think we're doing backups but the explanations are really bad. Similar to Valero, I guess. Yeah they're listed as one of the similar projects. The description in the spreadsheet really confused me because it doesn't actually say the word backup so yeah. I feel like they may have filled in the form in a bit of a hurry. They've said please explain how your project is aligned with our native ecosystem. It aligns very well with Kubernetes and persistent storage projects. And then explanation of alignment. We don't see any overlap with existing CNTF projects. I mean you could argue we ask the same question twice but. It seems to have picked up steam recently in terms of updates to the main repository. No, no, I was wrong. What had led you to say that and then. Yeah. I didn't scroll to the right side. 23 contributors. I don't know. Zurich. Oh yeah, VSHN is the DevOps company so I guess like a DevOps consultancy. That's interesting. Yeah as far as I can tell it looks like it only backs up PVC volumes. And correct me if I'm wrong James but I think Valero does like application level backup. So this seems like a more naive solution. No more than me. Valero does do application. Yes. They're both built on rustic yes. But I think Valero goes a step further and allows for I think vendors to be able to somehow specify. Vendor specific backups in addition to rustic. Valero is part of VMware right. Yeah I think last we talked to dims. I think they were considering. Yeah, I was supposed to get an update end of the year so I'll bring them back early December. Didn't Valero didn't a lot of people that contributed to that left VMware. I think it was kind of been a little bit of limbo if I remember right side. It looks actively contributed to the moment. Yeah. The team is staffed for sure. And even if you had attrition, it got back filled, or getting back filled. I think right now, they're trying to split it into two things. And one of which would come to CNCF. That was the last set of discussions that I had with them. So regardless of Valero I think this is something probably worth having tag stories look at. I think it's going to kind of an assessment on how it fits into the overall ecosystem. And I think it'll be similar to the other storage projects where we need to come up with a strategy for how do we position if we have multiple kind of projects in this space. So far we don't have any so I think it's worth at least talking to tag storage and having them present what the technology is. It's a differentiator from it is. It sounds like it's similar but less functionality instead of. Yeah, I think the challenge right now for us is we can't really point to Valero since it's not technically part of CNCF yet. Any hesitation I'm having right now is we seem a few times today to be saying oh we should get a tag to look at this. That does seem like we're setting a higher bar you know we seem to be slightly moving back towards the, you know, getting the tax to assess things before they go into Sandbox. Do we have a specific reason why we think this. I think in the previous cases we have had specific reasons where we need more information. But in this case I'm not quite sure what what it is we're trying to assess. I think we don't have any projects that fit this space or strategy in terms of storage and that's why we'd like the definitive like, but I agree that it we are definitely saying that more than normal on the sandbox fall. I mean, no king makers why don't we have this sandbox have this project and if other projects want to join the sandbox or incubation to that. Yeah, that's fair. This is a does appear to be a well maintained long standing project with three users, unlike the ones we referred earlier which were very weird concerns whereas this just has been around for a long time seems to be seems to have users. Well and maybe Valero never applies. I'd hope that wouldn't be the case but we can't make it the same we can't we can't just maybe they get encouraged to apply because we put something else in and and they're now late. I mean, Well certainly you know this project shouldn't be at a disadvantage because some other project hasn't applied yet. Yeah, that makes sense. Yeah. All right any other comments or should we take this one to about, are we doing for time. You've got five more minutes. I don't think we're going to get through the whole list, but yeah no we're definitely not going to get through the whole list but at least we've made some progress. Last call for any particular projects that we want to bring up that we think we could get through in five minutes. Cube RS please. Cube RS there we go Rust, Kubernetes client and control runtime. Wonderful. So the background here is we were looking to start a client, a Kubernetes client, you know, generated client for Rust. And apparently this was already there so during the process of hey let's open a new repository let's see who's interested in trying to gather people. So, these people showed up saying hey we already have some stuff. And some of the things that we are doing is already used by Crosslet and other places so why don't we just do that. And then they were debating on whether coming to CNCF or joining the Kubernetes API missionary and they realized that it is better to have an independent project so there's a lot more focus from the CNCF side on that ecosystem and what they are doing specifically. So that's the background. Can you elaborate a little more. Sorry I was going to ask can you elaborate more on what kind of the benefit of going with a CNCF project versus a Kubernetes sub project in this cases. So, if they are part of like the CDAPM missionary, CDAPM missionary sub project, you know, they don't really have an identity, right, because it's like hidden deep in Kubernetes hierarchy. So they want to like bump up the usage of Rust in CNCF and be the core which will be used by other Rust projects in CNCF. Crosslet was the example that they were going for. So it's generated code, Kubernetes API, plus on top of that they are doing the controller runtime equivalent as well. So it's used by Linkete. Yes. And they also use this project as they only over Rust project. So I actually agree with Deems, although this kind of thing looks like it's another version of Kyco but it's really not focused on Kubernetes API machinery itself it looks more like the ecosystem benefits and integrations with the other existing CNCF project and the upcoming new project that's why I also think it's better for them to be a CNCF project rather than a Kubernetes project. I don't think there is actually real value if they are sitting in a Kubernetes Sieg because Kubernetes Sieg occurs on Kubernetes API machinery itself, instead of the wider ecosystem. We are having a terrible time getting people to all the different language libraries, even with an API missionary, you know the Python one is still going on fine, you know Java, Brendan comes wise, no one then to update stuff, but I think it's good to have this set of people in a championing Rust in CNCF. I think the only concern I have with that is we have I pasted a link to the Kubernetes clients, GitHub work, all the other languages have something there. And so if we have like a one off that's completely independent and a standalone thing that has challenges around, you know, discoverability and just consistency. Any thoughts on that. I'm not too worried. They also generate code. They do it slightly differently from the open API schema so and they already have users so it's not like we are starting from scratch. There isn't anything existing. In fact, it's the other way around right if we start something, and we don't really have people to back it up, then it becomes like a shell of something, and which is going to be competing with Cuba is and Cuba is going to be there right. Sounds good. There'd be no reason why there couldn't be a kind of like, almost like a redirection underneath that list of Kubernetes client that point them to keep our ass. Yeah, that would be great. And just so it lowers the cognitive overhead if somebody hits that endpoint. That would solve the discoverability issue. And was was there any. I mean is this sort of the will of the Kubernetes steering committee as well that it should be. The steering committee is not making a call here. This was a decision by the Cuba as folks. We offered them the choices and they picked one. And so they're not nobody's going to feel upset or that we're breaking the Kubernetes. Correct. Yeah. I just want to add actually this library is already listed in the community manager client in this page with the old name which is a clocks, who be ours, which is exactly this new this project with a new name. So I think it's fine. Right. Yeah, there's long discussion I posted the GitHub you are to 792. Any other questions or should we take that one to vote. I think that's all we're going to have time for today, but at least we made pretty good progress on our backlog, I think.