 Good morning. Good morning. We'll wait until about five after to get started. You can add if you can add your name and any agenda items to the meeting that's be appreciated. Meeting that's been shared in the zoom chat. Right. Greetings everyone will get started. Does anyone have anything to add to the agenda? I'll repost it in the zoom chat. There we go. Please add your names to the meeting that's taking. I was reading something in the morning, because I didn't know much. So I just question it. We also go to your nomads. If you consider this working group. What do you think. What is the working group? I mean, project. Nomad. Nomad project. Nomad. Nomad. Let me post it in the chat. The article because it's talking about. About multiple interfaces. You've seen CNI plugins. Kind of the. All right. Sure. Anything else? We have two victors on the call today. Yeah. Victor. Welcome. Is this your first time on the call, Victor? Second, Victor. You're actually the first year. Yeah, first time. Where are you from? I'm an independent. I'm just trying to. I used to work at telecom. So. All right. So this is one of. CNCS talk. I'm an ish dose. Network function working group. And. Our focus. I guess the past year has been on around. Best practices and related context. So we're looking at telecom use cases. So this is. Telecom applications workloads is really what we've been. Primarily looking at, but that does extend into other things. Like. When you're looking at multi-interface stuff like this. Nomad that. Was just put forward. That it'll start. Looking at what could be referred to as a platform. Some in the Kubernetes. And then a framework. So you could think of it as. Applications that go from hardware all the way up. And larger platforms can be thought of as just a lot of applications that coordinate work together. But we've primarily been working on. The best practices use cases and discussing. Things around the workloads. So from telecom workloads standpoint. And then working back from there. There's some other initiatives. Probably the biggest one. If you haven't heard about it would be the CNF. Certification. From CNCF, which is. Taking. Test from another initiative called the CNF test suite. That are checking on. Application behavior and attributes work. Workload attributes. And then. So that's the main area. Then there's. I think. The intention. That we have. And I think a lot of the folks. Already are doing it on their own. Is doing it on their own. So that's the main area. So that's the main area. So that's the main area. So that looks at some that we think are essential. Like. Different different attributes that we think every. Everything should follow. And then. Some would be more of like bonuses and good behavior. Or maybe indicators that you're looking at practices. That you're looking at. That you're looking at. That you're looking at. That you're looking at. That you're looking at. Your own. Is to collaborate with other groups. So. Looking at stuff with then Linux foundation like. Anacet project. And then. Nephi. Nephi. Which is focused on automation. Of workload. Deployments. And the management of them. To some extent. And other orgs outside. Like Silva and other things. So. So. That sounds good. Okay. We'll just jump in. This is. We. Have a pretty open discussions. Anything could be added to the agenda. If. You think of any questions or. Yeah. Telecom. Sounds good. Okay. We'll just jump in. This is. We have a pretty open discussions. Anything could be added to the agenda. So. If. You think of anything or have. Colleagues or associates. I'd like to. Jump on and talk about stuff. Then. Please invite them. I think as we're moving towards. Holiday season for a lot of people. It's probably going to be a little light. So. Speaking of that. We're not going to have. Meetings on the 26th or the second of January. So. We're going to have. We're going to have. We're going to have. We're going to have. We're going to have one as the 19th. And Victor. Morales. You may be. Out that. Time. So I think. Colleagues on this call, by the way, or. Myself. Tom Kivlin. From Vodafone and Victor Morales from Samsung. So Victor. Um. I would prefer not to have it, but. I would prefer not to have it. I would prefer not to have it. I would prefer not to have it. I would prefer not to have it. I have plans to take some more vacation. On that day. And that day. You'll already be out. That's, that's fine. I think I'm going to be in for at least few days that week. So. Tom, are you going to be around. On the 19th of December. No. I will be. On. Okay, well, maybe, maybe we shouldn't have it. Let's see, Oliver, are you going to be out? I'm probably going to be here. Okay. Well, it may be light, I guess we can. I'm okay with continuing on the 19th. And if it ends up just being the two of us, we may, you know, in the call. In just a few minutes. All right. All right, let's see upcoming events in WC Barcelona as anybody know of any, anyone going or anything interesting specific. I don't know if we're going to attend that one. Private 5G and edge event. Edge summit. Is that going to be virtual or like. Sure. Listen, do you know about this one? Is that the telecom TV? I think that's telecom TV, actually. So that would be at least partially virtual if not fully virtual. All right, well, that's just kind of notice on that. Okay. I'm keep coming to you. The. Submissions for that are already passed. Bought native taco day. I was hoping to have the. That open already. Definitely want to get things open for that. So in January, now that we're. Towards the end of the year, I think it's. I don't know if there's a reason to try to force it in December, but I'll try to get. That open. We do need sponsors, which will help with. What, what it will actually be. Can we do virtual or not. We'll need to get sponsors for that. And telcos and public cloud summit. I don't know what this one is. Is this another top on TV? It is. Open ran summit. Was that also top on TV. Yeah. Or is this, this is open networking. Oh, and F. Oh, no, that's June. There's also one. That's interesting. There's one from. Oh, and F. Which will be in October. Oh, that's 2021. I'm kind of surprised that. That it's not all together. But I don't see any new events from. Anything else event wise. There's one called. I think it's like connected America. Any of all heard of that one. Yeah. It kept coming up and now I can't find it at all. Connected America. Anyways, I was, oh, it is on a, I think I was ignoring the year. Oh, thanks. Yeah. Oh, there we go. So. Are you all, is there anybody, you know, going to this one? It seems like it's, there's a lot of like government telecom. Rural, it's going to be big city. I saw some like the city of Detroit, other large cities. So it seems like there's going to be. Telecom vendors and. I guess. U.S. Telecom operators that are going to be at this. So it's curious. If anyone here has any. Knowledge or seeing that in the past. Tell us about nomad. Mr. Morales. I found that article because someone was asking, or what's having some issues to connect nomad with. With Calico. So from my understanding nomad nomad is like. Another proposal. To schedule containers and things like that. I haven't played around with nomad. But it's like the solution that has to go. Proposing to. The scale workloads as containers. And what I was surprised about. This is like they have. They seem to be. Already supporting this multi-interface. Features that we have in. Yeah. Yeah. I just, I was just wondering to, to know. The use cases and why they decided to. To be honest, I haven't. Read all these things about. This article, but I found. Quite interesting like. Why this is. Implementing this teacher. Yeah. To be honest, I'm not sure if eventually nomad is meant to be a really. Good alternative to. Or he's going to compliment what given this offering. In that sense. And one of the things that they continually. Mention about nomad is that they are following the. Google. Why paper. So, and, and they have done. They have done. Multiple tests to. Proof that supports a huge. Number of. Workloads. Using a. Green things like that. In terms of performance seems like a supporting more. But yeah, I'm not sure like. If someone is considered like nomad for hotel. Like a particular use case. Is nomad. Kubernetes. What, what is it? Anything. No, it's more like that's better. I think so. Like an orchestrator. So that's why I guess. You have to decide to choose. Or normal. But I could be wrong. I was just reading here is saying that no bad. There's a comment here on the, on the internet thing. Nomad is not based on Kubernetes. It's an alternative standalone platform. Makes sense. Hashy corpus kind of. Done that the whole time, build their own thing. All right. So let's see. So what do we have here? Going back. They're saying that they support the CNI interface. So they're doing something with. There's no reason to do all of this unless. They're building. It's a container orchestrator. At some point it's our container management or some, however you want to call it. It's, there's definitely some overlap with what Kubernetes. And they're saying the way that they're. Working. There's other ways of tying in networking directly with, if you're using Docker. There's other paths, but instead they're using the CNI interface. So they're. That's kind of interesting that they're. Doing this, which was a Kubernetes. Approach. Approach. Yeah. So, so the idea with Kubernetes is build a framework with. That's extensible. And there can, that was. Pretty early on, but. There was a lot of stuff that was still built in. And over the years, more and more and more has been. Organically turned into. Interfaces with. Standard definitions and stuff on how to work through them. But it was built on compatibility of working software. So that's kind of where CNI and. Storage interface and. All the other different pieces for plugging in. Different options like this. Came from and. But it's generic enough that. I guess it can work standalone. I presume they're probably not running. They're probably running. You know, either something directly built off of doctor, doctor and extended or. Something else. Hashy corpus built on their own. And they've made it compatible with that interface. I think that's pretty good. Demonstration of how Kubernetes has made itself. Very plugable down to core pieces. CNI is very close to the core of everything on Kubernetes. And the fact that you're able to take it and use it somewhere else. I think that's. A pretty good indicator of how well they've made things. Plugable. Anyways. This could be interesting to share. With. The multi interface. Or working group. I can't remember what it was multi interface over in Kubernetes. And then also the. The folks that are working on the. Multis. I'm not, I'm sorry, not multis the Intel CPU policy manager. Which is moving towards, I think. Essentially the same thing as CNI. For plugins. So the folks that are working on that are there's open. Cups. Enhancement proposals and Kubernetes for. Around policy management plugins and stuff to make it general purpose to where we can have other options just like this. I think it would be nice to have all of these types of ideas. It would be nice if someone. Takes a look at, you know, what's happening here. I don't know if they're going to be interested to come talk with us about their approach, but it seems like it'd be better to. You know, get input from them going right into SIG multi network. 20, 20. I wonder if there's been anything that's already made it. Well, the way that I found it was based on. Let me share. Yeah. So one was seems like he was trying to. Interate those. Calico with a nomad. And. In that triple he was. Reference. Referencing to this article. And he was asking help on, on the CNI. Channel. No. Any, any guidance. Right. Yeah, I mean, it's an interesting topic, especially because usually with multiple networks and. I'm sure it seems like it is not the only one who are facing with that particular. Use case and. You want to. So I just want a particular, like the use case, like that use cases with something similar, what we have in this. Or like it's something different. Where's the use case this one. No, I haven't found it on it. Just start in the morning. So I haven't had time to. To take more. More details. Hey, well here's theirs. They, it looks like they actually have a use case. What they're trying to do as far as using. Wire guard. So they're. I don't, you know, I don't know why they're doing it. Monitoring traffic or you could have a wire guard. There's the libraries related. So that could get into. Like packet sniffers and other security stuff. Secure network. Between two is all right. So that seems like they're. Oh, okay. So there's specifically a wire guard. Device, virtual device. And then they're wanting to connect between the two. And run traffic. Have. Calico do the connections to run over. So that's interesting. So VPN connections over different devices. They're not talking about it, but it almost looks like you'd end up with a sidecar. I don't, I don't really understand if when you're coming up, why you would. Why you're needing to worry about another device. If everything's going through. Whatever's providing a wire guard tunnel. Interesting. Drop that there. Yeah, thanks. Christina. Whoever dropped these. So they, on the Intel CP policy management. This is the. Plug in. Was released. And there's a cap. I think there's a whole set of caps. And this is one of them. And then. There's going to be a discussion about updates to cubelet. That'll be related to this. One of them is. Today. At 1 p.m. Central. 11 a.m. civic. And then again on Thursday at 10 a.m. civic 12 central time. Some of that info has been posted in. CNCS public slack and the CNF test bed dev channel. They're wanting feedback. On the caps and the discussion. So if you have time or have anybody that's. Interested in. CPU memory policies, all that sort of thing are going to be. Related to what's happening with cubelet. Making it pluggable. For different. Options that could go in, including what Intel has and. And then what should be native. That'll tie right into what's available for the pods and everything. All right. Let's see. Best practice. Just kind of mentioning this to everybody else. You can read down and look at what we talked about before, but looking at. Ideas for. Best practices and related content that we could write about. Add and discussions. Docs and hopefully end up with. Some more published. Best practices. And. There's a whole set of them. There's a large doc. About. Applying lease privileges. I think it's linked out of the discussion. So go check out that. For a lot of content. Here and then even more once you get over in a Google doc for that. So security best practices. There's. A set of tests and they CNS certification. From. Essential test or 15 normal bonus test. There's the essential set. This whole document list all of them. The test suite has more than this. So this is. In one, oh, beta. What it was showing, but there's a lot more in the test suite. And there's now one, one beta. But. These are some possible ones. So we're looking at some of these. These are the test names, but. These are the flags that will. Make your containers less secure. So turning those off. Single process type. Talking about the practice, which is. Older than. Kubernetes for. Trying to split up. Applications and to your mock services have much services. So. This would be a macro service related practice and. Have your macro services. Running a single type of process. It may have like. Sub, if you're familiar with the processes. And how they work in Unix of. Sub processes or children processes. Would be of the same type. So you may have multiple processes. But they would be of the same type. So. If you're familiar with like mail servers. Or if you're familiar with them. Came out from IBM is called post fix. Another is Q mail, which post fix was based off of. Post fix broke. Up the different processes for handling mail as a large like. Mail service. I think IBM size. Company handling. Email. And you break them all up. So if any. Different ones have problems, bugs. You can use. Then you've isolated where the problems are. And recovery and stuff can be handled. Separately scaling anything else. There's a lot of different parts that affect that. Yep. So here's a whole set. Non root containers. That would be one where we already have published. Some of the things that we could look at. The environment. Your processes shouldn't be running under. The root or UID zero or the privileged user. Privilege containers is about pods. Actually running with the privilege flag. So these are some of them that we could look at doing. And we've listed some of those. The environmental sustainability working group. Is another area where we've talked about. They're going to be putting out some. They're going to be potentially having some best practices. They've released a. Sustainability document that outlines user stories, use cases. They're going to be putting out some. Continued from this with. Other documentation or a best practices as well. So. Working with them and looking at practices that we may want to. And then. Right up the best practices could be a, another area. And. The, there was a. Webinar from Calico talking about security policy best practices. Some of it specific to Calico. I think some of it could be more generalized as far as. Policy implementation for. Connectivity between pods and other things. And let's see. This is one. Victor put forward. And in our discussion. So. A CNS shouldn't depend on a specific kernel version on a host. There's projects like this node feature discovery. And some people are using it to look and. See what is the specific more details about a house. And. It's, I guess it's okay if a CNF takes advantage of. And. The additional information requiring it to function like not, it won't work at all is really what we're talking about. So if. A CNF comes up and it only works on one Linux kernel version, then we would say that's not cloud native. I see a duplicate one pro the one process type per container. We actually opened a ticket for that started writing some stuff out just to get that started. The liveness and readiness. We had a little disc a bit of discussions around this and related to. Telecom workloads and. What that could mean and best practices around that. So this is referencing that. The readiness checks of Kubernetes. Has for any pod coming up. Ideally those are being used to help. Communicate useful information from CNS. To each other and to the. Kubernetes orchestration. Declared of configuration. On the configuration side. Being declarative for all CNS. So there is a test around. Checking for statically configured network addresses. So that could be one. Sure, there's a lot that we could look at for configuration side. We could look into some of that. It looks like. Tom, you may have put something in here. Do you want to talk to that real quick? And then. Yeah. So when I mentioned about the. CNF life cycle stuff. It was. We've done a bit of work internally about. Just. Mapping out how we like. How we'd like to see CNS be. Managed. So, you know, quite a lot of details, probably a bit too much for a best practice, but. I think we could. We could maybe tweak the wording so it's less. An FEO specific and more. Kind of generic. So that. Kind of any orchestrator. Can. Perhaps meet the. Best practice. The idea is that we have a good idea then. How. The CNF is deployed. How it's configured. How it's scaled. How it heals. Etc. Etc. We try and. We try and sort of describe. If there are any prerequisites and. Kind of what the description of that use case is. Sounds good. It depends how. How much kind of detail we want to go into in the best practice and how. Kind of standard specific. We want to be. Things like. Tosco. What not. From the. Like use cases and user story stuff, I think it would be good to. Provide more context or more details and reference. Material at a minimum about. The different things out there that are related and then. We can narrow down as we come to. Best practices. Yeah. Let's see. So. The other related item would be. In the. CNF working group. Documentation. So the best practices. So. One of the, I guess primary things for us to get to a point of. Publishing best practices. So we did a little work to. Update this document. I think. Robbie. Is the AWS now. Originally put this one forward. And this would be the different categories. That we have right now. And with that, I'm going to switch over. We actually have a. A pull request to. Update the. Categories. And. The idea here is to. Get them. More aligned with. What's happening with the certification. And. Test suite. As well as simplifying a few of these. So. Here's the changes listed in this. And. I'm going to go ahead. Just to link it here. Oh, let's see. Where are we? Right here. PR. See enough. Yeah. All right. Removing hardware support. I don't think there's any test yet. Does work around hardware support would roll into. Other areas. Compatibility configuration. The. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. Compatibility. change the security state, microservice observability. I'll bring up the actual diff here. So this is what it would look like. There'd be, start with this compatibility and solubility upgradeability, which is a mix of this, mainly the first two, but you could think this could, this would tie in with a lot of the lifecycle as well, you know, the day zero onboarding a CNF, which includes both what's the compatibility with the environment and platform that a CNF is gonna be running on there and in, as well as compatibility with other CNF. So a lot of what's looked at previously was how does the CNF work when you onboard it in isolation versus how are you gonna bring it in and have it be interoperable with multiple CNFs, including across multiple vendors. So that's kind of what that's covering as well as upgradeability and I think compatibility comes back into this. How are you dealing with the ongoing maintenance of those CNFs upgrades to those? And then if they're running in a workload with multiple vendor CNFs and how are they working together? So I think all of that kind of ties in. Configuration ends up covering across a lot of different pieces because we're talking, when we're looking at the configuration, you can look at we're really saying that a CNF should CNFs deployment, implementation, management, it's all declarative. That can get into API as well. So that kind of ties in a little bit with compatibility but how do you communicate and talk to and configure it? So declarative APIs, declarative configuration we're talking about whether, whatever it may be, helm or anything else for the deployment, for upgrades, for the management of multiple CNFs, it's gonna cover a lot of areas and the whole life of the CNF. Microservices didn't change other than it's maybe it's number here. State security didn't change. The scaling primarily is going into these areas if it makes sense to go somewhere else. We want it to be scalable. I think that has to do with how it's, configuration for how do you respond to its need to scale and other things. So those tie in with a lot of these other items. Observability and diagnostics didn't change and then resilience again is rolling into these which has been communicated in multiple ways. Like what are we talking about? Availability is the service availability. You may have components that are going down but it's staying available. Resilience is how it can respond and repair itself or be repaired in different ways. Reliability would be related. And then along with that, with like merging of some of these, the descriptions were merged and updated. So you can see this one's updated. Some of them remain the same. This was just changing the name. There we go. Questions, like to get this one merged ASAP because we do have other updates to actually add more content to these sections. Questions, comments? Well, I think it's good so we can proceed to move it or? Yeah. I mean, if everybody can start giving thumbs up on this call would be great. And I really mean everybody on the call. You don't have to be listed in the reviewers. You can go give a, it looks good to me, LGTM or plus one or whatever right in the comment. Oh, it looks good to me. It's very clear. Oliver, thank you. Can you add a plus one on the, into the? Sure. Thanks. Both victors. Just separate that. Yeah. Thank you. You dropping yours in Oliver. You did it. Thank you. Yep. I'm going to go ahead and merge it. Squash and merge, delete that branch. Next one, which should be related. We'll see if it actually merges now. It's not going to merge. We need to, I don't know if you noticed whenever I was in there, but the, some of the best practices that are listed or maybe all of them, they were just, oh, they're gone. Okay. So what we had before emerged was some examples of best practices that don't actually exist. So we want to start adding them. So listening has created a poor request to add the best practice is sender security. This is the non-root when I mentioned that before. So that one's pretty straightforward. Oops, put it there, put it there. All right. And I don't know if I can resolve conflicts. It probably has to do with the names, the changes here on where things are. Yeah, that's what it is. So let's say state security, reference scaling. And it looks like all of that can be deleted and then it's, that looks right. Well, so we have security and adding, adding the non-root and then after security of the observability. Anyone see any problems with that? Otherwise, I'm going to commit. I think I merged the fix the conflict and merge them. Yeah, that's good to me. All right. I'm going to mark as resolved, sign off. And now I'm going to add my own review. Thanks, Tom. Thanks, Victor. Oliver, Victor L, you can add yours. I think we have an S, the three of us approve on this one. Add it in, it's been published. So we're not really saying, do we like it? I'm going to add it. But anyone that wants to do a plus one, appreciate it. So it's in the comment. All right. Let's see, what is this one? You're doing a, it just looks like you're updating some grammar. Yeah, that's all it is. All right. Just a nitpick. That's good. Appreciate it. All right. So I'm not going to look good to me on my own. I've committed that one. Cool. I'm going to hit it again here. So thumbs up. What, what this is for everyone else. This is communicating a little bit more clearly. What are we doing? Primary goal for the group is to provide a set of cloud data and then Kubernetes best practices for network applications and then actually give a link. This is right in the read me as the idea. So that when anyone comes and they go, what are we doing? They say, it looks like you're doing best practices. Where are they trying to find the best practices? Been a little difficult. You can go over this folder and if you look all around then eventually you'll find it. So this is to make it a little easier and we send them directly to that document which we just updated. So in the top of the read me. So if you're talking with someone or they're asking what does the working group do? Hopefully they can find their way. Taylor, you're by my suggestion. It's a mythic, it's just... On this one? Yeah, it's sort of like using a hyphen, it's an asterisk. I don't see a suggested edit. Interesting. Yeah, same, nothing here. Oh, okay, okay, my fault. Can you do another request? Oh, you did it already? Yeah, I forgot to kick that. I'll do it. All right, fine, you're marked down lent person, linting person, that's right. All right, I'm good, it's merged. I'm gonna go ahead and squash and merge. Thank you everyone. So I'm gonna go back here, let's take a look. So that means ideally, I'd probably say link people to right here. If you're telling anyone about the working group, I can see, here's where we are. I've already think that maybe this paragraph and this paragraph need to be updated. There's a little redundancy, but at least you can see pretty quickly that here's the best practices. I think that'll get people over, they can come here and we can start getting stuff published with first and then the security one and ideally we'll get some more in place. Through next quarter would be kind of the plan as we are working through some of these and maybe in Q1 we'll have some more ready and published. Thanks everyone, have a good week. I will be on the call on the 19th for anyone that shows up and then the next one will be in the new year in January, not second, so the week after the second. Okay, for me, happy holiday for anyone. Yeah, happy holidays. Happy holidays. Cheers. Cheers.