Date
Attendees
Proxies
Agenda
- Start the Recording
- Antitrust Policy
- Agenda Bashing (Roll Call, Action Items (5 minutes)
- General Topics
Questions for discussion:
1. Domain name for statistics collecting server.
2. Resources to deploy the server.
Source code:
https://review.opencontrail.org/#/c/52066
https://review.opencontrail.org/#/c/52077
https://github.com/progmaticlab/tf_stats_server
Minutes
- Action items
- Convert 5.1 blog announcement to release notes: Darien Hirotsuwill take this over from VM (Vicky) Brasseur (she/her)
- Tabling the question of TPC IP address; will be handled otherwise
- Deferring all Sukhdev items (he's traveling)
- Frederick Kautz: Network Service Mesh + TF
- Has been speaking with Will & Sukhdev (started in KubeCon EU 2019)
- Presenting slides (will send to Casey to get attached to the minutes)
- Problems solved by NSW
- network service discovery & connection discovery
- controller of controllers (even across organizations)
- 3 primitives: client, network service, connection
- Consumers: Want to request a service (for instance, a pod in k8s)
- Operator gets to define what that service is
- Basic service function chaining but enforced by policy & defined in a declarative way
- CNF/VNF vendor gets to declare both the connection mechanism and payload; clear contract
- Apply concepts from L4-L7 to L2 & L3
- No need to define IPs, routes, subnets and the like since they're all negotiated as needed
- Can swap out the data plane easily as long as there's something that knows how to do the conversion
- Have a reference architecture based on VPP but looking to add different data planes
- Instantiation of the interface is when the interface is requested
- Could be during pod creation, or in middle of pod's lifecycle
- Can create on the fly
- Security?
- NSM is looking into a security path now by way of Spiffe and Spire
- Each connection has a cryptographically secured identity
- RLB: Security policy…? TF has good and flexible security policy handling (matches well in k8s world). Can TF add value to NSM here?
- Dynamically take an intent-based policy and apply to the dynamically-instantiated interface?
- NSM current is focusing on identity
- These policies don't live in the data plane
- NSM having no control over what goes over the wire
- TF could be valuable for this
- Would rely on TF (or whatever) to pull identity policies
- Come see #nsm channel on slack.cncf.io
- Deprecation policy review
- CoC
- Usage reporting client
- Server that gets the stats from the container?
- Opt-in, anonymous usage reporting
- Can we get a server from LF?
- stats.tungsten.io
- TF CI design & improvements doc
Action items
- Type your task here. Use "@" to assign a user and "//" to select a due date.