 Good morning. Good evening. Almost good morning for you. Hello everyone. Give it a few minutes for folks to join. A drop in the meeting that's like in the same chat. Add name and Jim Adams. Good morning, Rich. Good morning, Taylor. Given folks some time to join here. That's about five after a drop of the meeting that's in. Have any agenda items. Was just after name. Does anyone have anything to add agenda item wise. All right. All right, so. The cube time Amsterdam schedule is live. And check that out. There's a lot of events going on. The cloud night of telco day. CFP's close this past Sunday. And if you got your CFP in and you're picked as a speaker, then you're going to get a. All conference pass. I don't include all the. The cube con and everything. If you have a, does anyone know about any specific cube con. Talks. That they recommend for the group. Does anyone here planning on. Going to keep con Amsterdam. I won't be, but I know other people from F5 are going to be there. Is that five going to be speaking. So are the engine next side. I think might be, I know they're going to have a booth there. I'm not sure if they're speaking. I'm not sure if that's. I did not know that. Incheon X. Merged or whatever with F5. Yeah. Five acquired engine next. I think. 2018. 2019 somewhere around there. So yes. The engine next is part of F5. Yeah. Let's see a. Log announcement. Right. Teen. So whenever probably talking all the way back in 2019. Okay. That's cool. Is it still. The core engine X team. Yeah. A lot of the core engine X people are still there. Absolutely. Yeah. I think Gus has moved on, but. A lot of the core developers are still there. It's. An interesting project, the way it's built and. Embedded. Languages that can be used. For the modules to expand on it. It's cool. So that there's going to be an engine next. All right. Well, we were thinking that. We would have, I guess I can add it down here. Seeing if a scene of working group. Informal. Birds of a feather session at. So this shouldn't be on a schedule. It would be more of. We're going to. Find an area and. Table, whatever just sit down and. Have a session maybe. Even have, you know, if anyone wants to present or talk about something for a short. Again, birds of a feather, just real short. Style. That coupon. So. Is. Do you think. That would be a ventures for. Any of the engine X folks. Or whoever is going to be there from F5. Yeah, I think so. I'm trying to get the. I think we're having a conversation. This week. About potential sponsorship. And so just. In addition to engine X, but also F5 as well. And so. Once I hear back from that, I'll, I'll let you know who's going to be there from the F5 side. Sounds good. Okay. I'd like to hear from y'all, like what would be something that. Is it important or. Motivates F5. That would be. Maybe something in the working group and then the. Broader telcom. CNCF. Initiatives. Look good. And this can be talked about for coupon, but. If there's something to go in there. And one thing that. I've been looking at with. The. I've been looking at with Dr. Morales and some other folks that be like. What's happening with FIO. The whole onboarding of CNF. And potentially some best practices that can come into this working group and go other places. Those are things that we could dig into. And ahead of time and maybe there. But if there's areas that F5 is looking at. Maybe something we haven't been looking at. We'd love to hear that feedback. Yeah, I think nephew is definitely. I mean, we're. We sit on the technical. We're we have one person on the technical technical steering committee of nephew. And so that. I think the. The intersection between. You know, this, this CNF working group and what they're proposing there would be of interest. The other project that got kicked off recently. Is also. Are you familiar with Sylvia. Yes, Sylva. Silva, sorry, Sylvia Silva. That's correct. And so I think that's, it's, you know. It'd be interesting as well. I think. That's kind of European led, but I still think what they're trying to do is. Is define a standard way of building a kind of a telco cloud environment and, you know, running CNF's on it. And so. I think understanding that intersection there is also interesting for us. We're not part of Silva right now, but we are definitely looking and keeping an eye on it. We're definitely interested in the silver and we've talked with some folks there. Some of them went to. The elephants one summit. This past year and we. Met up with some of those folks. Silva is using the. I think it's a lot of work from the CNF. Test suite and CNF certification. Part of it and part of. An etiquette. Yeah. The testing. RCT. Got it. Yeah. I saw the etiquette is references a lot of. The CNF. Test suite. That you guys have put together. So. Yeah. Okay. That makes sense. Yeah. Yeah. So there's, I guess, figuring out what are the. Differences that have people. If I think of like open source, why does someone fork? And it can be. Politics course. It can be someone just interested in understanding or maybe there's features missing and. What's your building? So. Yeah. Yeah. So that's what folks said. So that's Linux foundation Europe. But we're still those. Home. And. You know, there's something that they're wanting. That wasn't happening, it seems. From the other projects. And I know that there's. A lot of, you know, there's quite a few. Groups that are involved in that. And there's a lot of, you know, there's a lot of different groups within the orgs, but part of that, a phone is involved and. Help kick off. Silva. So. Yeah, definitely. And collaborating and. Whether we. Are a upstream project. Feeding stuff into those, which is fine. Because. We're. Providing for lots of different. Areas. I don't think that's okay. I think open source. Do that. And then where we can learn and pull stuff in because it would be good for. And. Feeding stuff directly into the. That's a scene to have telecom as well as any project. So if we get feedback to other. CIF projects to improve, then that's good too. So. If. If y'all have a. If you're involved with silver and have a. A good way to connect or whatever. Like to. Chat with you more about that. Yeah, we. Like I mentioned, we haven't, we haven't started to participate in silver yet, but I think it's, it's definitely. The area of interest for us. And, but if we do engage. Deeper. And get involved with silver, then. Yeah. We definitely talk to you about it. Okay. Maybe reach out to me about the. What's happening with that. Later. Okay. And maybe just, I'll throw out one other thing. Is. Something that we started to. Look at. From an FI perspective is. Are you familiar with the gateway. API. Working group out of the signet working. Yeah, there's a subgroup underneath that called gateway API. It's something that we're. We're starting to get involved with. Mainly because some of the. Our experiences of. Using. Maybe some of the limitations of Kubernetes networking in a telco environment. You know, there's different protocols that telco support that, that, you know, the standard Kubernetes networking doesn't. Support natively. And. It looks like there was. There's good work being done out of the gateway API to. You know. Kind of enhance or have a standard way of. You know. Configuring and defining. The objects related to Kubernetes networking. And that's what the gateway API. Is about. And the mental very focused on ingress. One of the things that we're. Looking to do is help. Also define some of the, the egress. Kubernetes egress networking. And. I think. I don't know if you met Phil. Who's one of our product managers. He wrote a document and kind of presented that to the gateway API. Working group last week. Talking about some of the. The egress networking. I can share that with you or point you to that. Because I think it's up on Google docs. If you're interested. Yeah, sounds great. Can you drop a link in this section here? Yeah, I'll do that right now. Do you know if. Those objects that they're looking at adding is related to the. Multi-network. Working group. Efforts to add. More support for. Expand the network objects that are supported there beyond the single interface. I think so. I mean, it seems like if. I mean, they're. I know that it's could be independent, but it seems like. Great. It probably is and should be designed to work independently so that you can take advantage of each. Like that. But building them together. Seems like you could have. More complex and advanced. Implemented. It seems like you could have more complex and advanced. Implementations that are using the. These Kubernetes objects and make it all native. Yeah. I mean, so some of the things that we've done around Kubernetes networking, you know, we use, you know, custom CRDs. Or, you know. You know, Defining that networking and it looks like the gateway API group are kind of more standardizing that and using. Using APIs. To define the networking objects. And so that's. We like the idea of having that more of a standard way of doing that instead of, you know, people building CRDs. And so that's why we got involved. All right. You can take a look at that document. Multi network side seems like it would be. Consuming the different, these different type of connections that could happen to those objects. Yeah. With the whole multi. On the, on the actual pods, having. If you're going to have multiple interfaces sort of just being on a flat network, if you need that, but you're wanting to set up the connections from something that standardized in the community instead of building the custom CRDs. So you have. Use it. The gateway, these new objects. And then you have. Multiple interface objects that are set up. It's interesting. How, so they, I guess the ingress probably. Something that's coming out now in the versions and the egress would be something that's. So yeah, ingress as well supported. You know, there's like, I think HTTP object. There's TCP. You know, I think they have some other protocols and. In the beta version for ingress, but. The ingress is really hasn't been. Looked at, I think it was interesting when, when bill presented this last week at the working group. There seemed to be a lot of interest or not a lot, but there was definitely interesting from people in the working group of wanting to look at the egress side. So there was definitely some support for it. So we don't have any pull request up on the issue side as far as. New ones go. I think we may have talked about this during the call. So this is just some. Clean up that needs to happen. So there's a agreement. There was an agreement on working on the CNCF glossary and trying to move some stuff in there. And while working with Victor last week, we were. On a best practice, but I'll get to you in a minute. We were thinking the term lease privilege and maybe some of the security. Items should move into the CNCF glossary or be added. So put this here. We already have. A whole. Document on lease privilege. So we could definitely reference that. This one is just one length, but we have a whole Google doc with a lot of content. But we keep referencing lease privilege and different security best practices. So that could be good. It's not there yet. And since you've done. And. I'll open this here a second. So. To get, we'd like to get more. Best practices published into the. Working group. Ideally, we'll have this, you know, filled out with a lot of different best practices. You can go and click and read. About each and we can point people. To this document, like as a starting place, here's. Where you can go. Some of the wording and scope of how we talk about the group I need to change, but the point has always been. Having. Having somewhere we can. Point colleagues and peers and other people that were reading in the community and saying, here's the. Best practices that the community is a whole networking cloud native, everybody that we're saying, Hey, these are good things to adopt. So as part of that. Effort. Victor Morales, Samsung and I were working on this. Best practice. So it's a draft. We have a link here. We're wanting to get some feedback and we'd like to get this. And. Into the. GitHub and we're going to start working on some other ones, but. We already have the best practice about not running. Cross not running. Processes as the. UID zero or privilege user route. In containers. And this is kind of related. So this is. At least privilege type of best practice. So don't run the containers or. POD as privilege, which would be all the containers in the pod. So this is referring specifically to the privilege flag. We've. We've filled in the different sections. That would go in. Kind of leaving it in a semi. Mark down. Format. So it's simply we're saying best practice. Don't run your containers as privileged so that. If. They have a bug, they're compromised or whatever reason. They will have. Less likely access to any house resources. And. Talk a little bit on the motivation. What are our goals. Non goals. So. We're not covering everything. There's always other. Ways of doing these things, but what are we covering in this one? So this is specifically about the privilege flag being set to false. And then go into why it's problematic and. The linking to other areas to talk about that a little bit. So this is non system pod types. So. Cube. Cube. There's other. System pods that are going to have their running privilege. We're talking about a best practice for most. Pods. I'm a CNS. And the pods and containers should run. Non-privileged. And. To give more context, we're linking over to. These are a set of user stories. That were published. By some security folks that's been working with us. Supply chain attacks. And specific sub. Sub cases where if they have. Privileged privileged container, what would happen in those. I see that it says non-route. Add a comment. Change to refer to. Update that. This is talking about how. If you have a deployment methods like Helm or. Whatever it is that's going to pull in lots of different images. And specifically those images having different pod definitions. Some of them may have privileged flags set to true. So you may be building a product or your CNF. That has. A lot of different sub pods. And yours may not have privileged set to true, but you need to make sure and check. Are the other ones if it's unexpected. And of course, some of them may need. To be running privileges. So the system pods will be. An example, but also stuff like. Side cars. Communicating. At a training privilege. We actually have a. A write up in the working group about. How to communicate. A good. Method. Some good practices for communicating. That you're essentially not following the best practices. So you're telling your consumers of the CNS. And they can make decisions on what to do. And then there's a related. Item about. Raising privileges. So there's different things that can happen. Where a pod could actually go from. Unprivileged privilege. Those are something we probably need to address somewhere. Maybe in a different. Best practice or something or. A write up that we. That we reference. But that's something to keep in mind. And then we have a lot of references here. Including all the discussions that we've done. The least privileged document we probably need to publish. In. In the docs section or somewhere. Since it has a whole lot of content. And then just links to. Where a lot of folks have talked about essentially this best practice. And then some alternatives. Right now we just have a pretty simple. Our back. Five fine grain. Policy management. And. The other part would be if, if we're talking about a best practice, is it something that. We think we can test or is it just a concept and an idea. So this particular best practice. We know it's testable. We can actually. Look and see. We can do static analysis and say. Do the definitions. Have. The privilege flag set. True or false. We can also look at the running. Containers and the manifest via the Kubernetes API. So this one's testable. We can do static analysis and say. Do the definitions. We can also look at the API. So this one's testable. Which means. If you're a developer and wanting to check your. Building a product and have a part of your CI or. You're an operator and doing onboarding for a CNF. You could test this. Any questions. Or comments. Right. Well. Y'all can share this with folks. If you'd like to get any feedback. Add stuff, modify whatever. We'll get a pull request in. And then try to get it. Published soon. Working on some other things. We. Do have in mind to have some best practices on the onboarding side and looking at highlighting. The best practices are commonly or maybe already are that. That is a rich if y'all have insight into. Any best practices there that could be something. Just. List starting with like a list here's some things to look at. Would be good. And if anyone has ideas for their best practices. You appreciate it. All right. Does anyone have anything else. CNF test suite certification has a technical working session on Tuesdays tomorrow. That is, let's see. That's it. It's 715 Pacific time. For those that would like to join and talk about anything on the technical side of the certification test suite best practices. Otherwise, we'll see you next week. Thanks everyone. Have a good one.