Skip to end of banner
Go to start of banner

06-15-2022 TSC Meeting Minutes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Meeting Recording

Meeting Chat File

Attendees & Representation. Please add your name to the attendance table below.


Attendees

Name

Company
Eric TiceWipro
Microsoft
Jason Niesz Walmart
walmart
Dhivya R walmart
Cindy Wan Microsoft
Walmart
Satya Pradhan Walmart
Atul Prajapati Walmart
















LF Staff: LJ Illuzzi

Agenda

Minutes/Updates

  • Make repo config into the json config and support local file
    • Where is the json .cfg?
    • The comments are the only docs we have for the config.
      • Would be nice to have a doc for this
  • When should PRs be approved how many approvals needed?
    • 2 separate from the submitter
  • `Monitoring the expiration of TLS certs.
    • Added configurable warning
    • 30 day warning by default
  • Running L3AFd on Azure VM.
    • use port 8080
    • clone l3afd repo run go install
    • Use port 7080
    • Change the port
  • Roadmap and Release schedule Initial
    • Release will increase our badging score
    • What are the big rocks?
      • mTLS
        • Trust based on CA
        • Trust if it's signed by CA and matches pattern
      • define repos per eBPF package
        • Atul working on this now
      • Security RBAC - Read only user vs. Admin.
    • Having L3AFD running on an Azure VM in Windows and Linux
    • Running rate limiting and XDP root on Windows
    • Signed eBPF programs(?) - Stretch goal.
    • Multiple repo support.
    • mTLS - key should never be in the source code or a cfg.
      • Could be in a separate file that only the l3afd user can access it.
      • Use cloud services for prod.
      • Every time we generate a new token.
      • Client can use the token until we regenerate
      • Sign token for read user then that is part of the hash
      • the role is signed in the token.
      • If we have a token with the assigned role then we can auth and validate the user.
      • Use local file store for dev and cloud provider option for prod.
    • Timeframe:
      • 1-2 months
  • Thoughts about release cadence
    • Every 2-3 months(?) - too aggressive
    • Let's try 6 months for starters.
      • Eventually go to quarterly
  • Long term roadmap
    • Chaining semantics
      • Cilium has their own semantics
      • Standardize XDP dispatcher
        • Have multiple progs attach to interface on XDP
        • Approach is impossible on the TC side
          • Testing now.
        • lib XDP convert into golang
        • directly call APIs from l3afd
        • Newer version of prog with mult eBPF progs attached in priority
        • l3af chaining and Cilium not compat.
          • Should we change our semantics?
            • tracking progs and maps
          • Should be seamless in kube environment
        • desktop apps for l3afd
          • Running on service
    • Looking at using core. (Linux Kernel)
      • write eBPF progs to leverage core semantics across different kernel releases
      • Move everything to latest libBPF
      • Move to latest libBPF APIs
    • Package signing

Action Items

Future Agenda Items


  • No labels