►
From YouTube: Argo CD and Rollouts Community Meeting Aug 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay
good
morning,
everyone
and
welcome
to
the
August
2022
Argos
CD
and
rollouts
community
community
meeting
I'm
your
host
for
today,
Jesse
I'm,
a
maintainer
of
the
Argo
project,
and
today
we
have
two
top
picks
I.
Believe
one
is
some
security
updates
on
Argo
CD
and
the
second
will
be
Argo
rollout
21.3
release.
A
That
is
imminent,
just
a
reminder
that
the
Argo
product
adheres
to
the
cncf
code
of
conduct,
and
so
please
be
courteous
and
respectful
during
this
meeting
and
this
meeting
is
being
recorded
and
will
be
uploaded
to
YouTube.
Finally,
if
you
have
any
agenda
items,
issues
or
discussion
topics,
please
feel
free
to
add
it
to
the
the
Google
Doc.
A
A
B
Let's
see,
let
me
share
made
some
slides,
so
a
lot
of
security
stuff
has
happened
since
2.4
was
released
and
actually
even
before
that
a
little
bit
I
just
want
to
talk
about
some
of
the
most
exciting
stuff.
That's
happened.
B
Let's
see
before
talking
about
2.5
I
want
to
look
at
some
work.
We've
done
resolving
some
cves
these.
This
is
statistics
counting
stuff-
that's
happened
since
2.4
was
released
and
that
sixth
number
is
mostly
stuff
that
came
from
the
Ada
Logics
audit
of
all
four
Argo
projects
that
was
funded
by
ostif
and
sort
of
facilitated
by
cncf.
So
we
found
resolved
six
CDs.
One
of
them
was
pretty
serious,
a
9.0
cbss.
It
took
us
typically
about
45
days
to
resolve
these
and
I.
B
Don't
know
if
that
sounds
like
a
long
time
for
folks
or
a
short
time
for
me,
I'm
pretty
happy
with
that,
because
we've
built
a
lot
of
quality
control
process
into
making
sure
that,
like
the
patches
are
available
to
vendors
when
they
need
to
be,
and
we
communicate
the
patch
as
well,
the
maximum
was
70
days.
That
was
for
one.
It
was
a
lower
severity
and
we
let
it
go
a
little
bit
longer.
So
I
like
these
numbers,
it's
well
within
the
like
90
day,
cut
off
bits.
I,
think
security.
B
Researchers
typically
use
to
make
sure
that
you
know
people
are
actually
responding
to
reports
so
new
stuff
for
2.5.
The
first
one
isn't
really
a
feature
like
in
the
software.
It's
just
making
things
more
visible,
so
our
policy
about
keeping
up
to
date
with
dependencies,
making
sure
that
we
aren't
shipping
things
with
cves
has
been.
We
don't
release
anything
that
includes
cves
of
high
or
critical
severity
as
evaluated
by
sneak.
B
We've
done
a
good
job
with
this
in
the
most
recent
release
and
with
particularly
going
and
JavaScript
dependencies,
but
we're
trying
to
get
to
100
compliance
when
it
comes
to
images
as
well
that
we
ship
like
proxy
Dex
redis.
We
want
to
make
sure
that
those
images
as
they're
referenced
in
our
default,
like
customized,
manifests,
are
up
to
date
and
don't
have
any
critical
or
high
vulnerabilities.
So
it
used
to
be.
B
So
now
all
of
that
is
automatically
updated
and
written
to
our
external
facing
documentation,
so
that
not
only
we
have
a
place
to
look
at
a
quick
summary
of
where
all
of
our
releases
are,
but
the
community
does
and
they
can
point
out
if
we've
missed
something.
So
that's
available
right
now
in
the
latest
docs.
If
you
just
pull
up,
read
the
docs
click,
this
drop
down
and
choose
the
latest
and
go
to
operator
manual
security
sneak
scans.
B
You
can
see
this
page
in
each
of
these
links
goes
to
like
the
full
sneak
report
for
that
particular
dependency
or
setup
dependencies,
so
love
that
one,
a
couple
of
Community
contributed
fixes
or
improvements
were
34
fathom
below,
where
Justin
improved
our
Network
policies
for
some
of
the
newer
components
of
Argo
CD,
like
applications
said,
and
the
notifications
controller
that
stuff.
B
That
was
all
we
locked
down
the
network
restrictions
on
everything
else
a
while
back
and
these
just
needed
to
be
caught
up
after
we
integrated
application
set
and
network
controllers,
so
super
helpful
stuff.
There
that's
useful
to
avoid
like.
If
someone
does
compromise
one
Argo
CD
component,
they
can't
move
around
easily
among
Argo
CD
components.
B
Next
thing
is
POD
security,
standard,
restricted,
I'm,
not
actually
super
familiar
with
the
Pod
security
standard,
I
believe
it's
something
that's
published
by
kubernetes
and
there's
a
tool
with
the
key
Verno
CLI
I
believe
that
can
validate
that.
Your
manifests
adhere
to
that
standard.
Joe
bow
beer
made
sure
that
our
manifests
were
compatible
with
PSS,
restricted
and
I
just
listed
the
things
that
that
actually
ended
up
changing
in
our
manifest
so
really
appreciate,
Joe's
time
working
on
that,
so
that's
manifests.
B
B
We
want
to
make
sure
that
tenants
aren't
able
to
poke
around
to
the
repo
server
and
see
other
tenants,
stuff
and
Sim
links
have
been
one
way
that
that
might
have
been
possible,
so
we've
sort
of
batted
these
down,
as
we've
noticed
different
features
allowing
Sim
links
and
finally,
not
from
State
Farm
AKA
Jake
contributed
a
fixed
it
just
completely
disallows
out
of
bounds.
B
Sim
links
in
any
repository
that
you're
going
to
use
an
Argo
CD,
it's
possible
to
disable
that
if
you
really
need
a
SIM
link
that
points
somewhere
outside
of
your
repo
Roots,
but
you
really
shouldn't
do
that.
Just
trust
the
check
another
enhancement
this
provided
is
previously.
We
made
sure
that
the
eventual
destination
of
assembling
was
not
outside
of
your
repo
route.
B
You
say
you're
not
allowed
to
look
anywhere
else
at
the
river
another
one
contributed
by
Jake
is
enabling
TLS
on
our
bundle.
Decks.
Instance,
by
default.
This
is
something
several
people
had
asked
for,
and
Jake's
had
some
time
and
and
whipped
up
the
solution.
Real
quick,
it's
not
a
hundred
percent
perfected,
like
we
still
have
to
disable
cert
validation
because
we're
using
a
self-signed
cert
on
decks,
but
at
least
things
are
encrypted
and
that's
a
huge
step
forward.
B
We
also
now
have
the
ability
to
let
you
build
your
own
certificate,
enable
certificate
validation.
So
then
you
have
a
completely
trusted
connection
with
Dex,
and
so
you
can
still
disable
it
if,
for
some
reason,
it's
important
to
not
have
TLS
enabled
between
decks
and
the
Argo
CD
API
server.
A
second
thanks
to
Jake
and
I
should
point
out
that
he's
employed
by
Cobalt,
and
he
told
me
that
Cobalt
does
not
differentiate
between
working
on
internal
products
and
working
on
open
source
software
that
they
use.
B
So
he's
had
a
bunch
of
time
to
work
on
this
stuff
and
I.
Think
that's.
You
know
a
really
awesome
way
for
Cobalt
to
treat
their
open
source
software,
and
then
final
enhancement
I'm
really
excited
about
this,
because
it
solves
a
problem.
I've
been
thinking
a
lot
about
lately,
which
is
trying
to
protect
namespaces
from
applications
doing
bad
things
in
a
like,
really
sensitive
namespace,
for
example,
the
Argo
CD
namespace,
the
cube
system
namespace.
B
They
cannot
deploy
to
these
places
and
Blake
Pederson,
contributed
that
fix
and
was
really
patient
through
a
lot
of
iteration
trying
to
figure
out
the
best
way
to
implement
that
the
way
it
works
now
is,
if
you
specify
anywhere
in
your
destination
rules,
you
have
an
exclamation
point
and
then
a
string
which
is
a
glob
pattern
if
any
rule
matches
something
with
a
deny
exclamation
mark
at
the
beginning,
you're
not
allowed
to
deploy
to
that
destination,
and
you
still
have
to
match
at
least
one
other
allow
rule.
B
B
So
that's
the
five
new
things,
I
hope
we've
got
a
little
bit
of
time.
If
people
want
to
ask
questions
about
anything
that
I've
talked
about
and
yeah
just
huge
thanks
to
the
community,
and
there
are
a
bunch
of
people
like
core
contributors
who
worked
on
fixing
the
cves
that
I
didn't
think
explicitly,
but
you
know
who
you
are,
and
that
was
a
lot
of
words.
So
thanks
so
much.
A
Thanks
so
Michael
Can
are
all
of
these
available
in
2.4.8
and
above.
B
So
all
the
CDE
fixes
are
into
for
some.
You
know
wherever
they
were
released
in
that
series.
The
remaining
features,
so
the
sneak
scans
are
visible
now
in
the
latest
docs.
The
rest
of
these
will
wait
for
2.5,
because
they're
big
enough
changes.
We
want
to
make
sure
we
don't
do
that
on
a
patch
release.
A
A
All
right,
so
next
agenda
topic
was
about
the
Argo
Rolex
1.3
release
that
we're
working
on
releasing
very
soon.
We
already
have
a
rc1
for
that,
so
these
things
are
ready
to
be
tested,
though,
and
I
think
that
is.
Is
it
exactly
me?
Yeah.
C
Let
me
see
my
share
so,
like
Jesse
said,
we
released
the
RC
about
five
days
ago
for
one
1.3
of
Virgo
rollouts,
just
some
quick
kind
of
overviews.
There
was
13
new
features,
16
bow
fixes
and
18
chores
we
had
22
contributors,
11
of
which
were
new,
are
doing
their
first
commit
just
going
to
kind
of
go
over.
Some
of
the
you
know,
top
four
bigger
features,
one
being
ithio
traffic
mirroring.
C
Basically,
what
that
allows
you
to
do
is
during
you
basically
can
have
a
step
in
your
workflow
that
will
turn
on
traffic
mirroring
to
the
canary
at
some
percentage.
It's
kind
of
a
nice
feature.
It
allows
you
to
basically
test
out
your
Canary
without
affecting
the
end
users
at
all,
because
it
when
it
mirrors
traffic,
it
doesn't
care
about
the
responses.
C
There's
some
nice
benefits
about
that
it
makes
you
know
easier
to
compare
production
traffic,
air
rates
and
and
and
the
canary
air
rates,
and
things
like
that.
It
allows
the
analysis
queries
to
also
become
more
stable,
because
traffic
patterns
are
similar
and
if
you
have
like
a
low,
Traffic
Service,
you
know
that
mirroring
is
going
to
keep
those
those
percentages
a
little
bit
closer
together.
C
C
C
Some
kind
of
common
use.
Cases
of
this
is,
you
know,
sending
a
particular
subset
of
your
users
to
your
Canary
traffic
that
you
know
on
the
server
you
set
some
header,
and
then
you
know
you
can
you
can
basically
Target
subsets
to
your
Canary
deployment.
You
can
also,
as
a
developer,
have
a
special
header
that
you
set,
so
you
can
do
some
spot
checking
within
your
Canary
real
easily.
C
C
We
also
added
Philip
added
traffic
support
as
a
as
a
router
as
a
traffic
router.
It's
pretty
easy
to
use.
You
just
basically
need
to
create
the
traffic
service
and
then
specify
the
the
Traffic
Service
resource
in
your
rollout
object.
C
So
that's
nice
to
have
the
last
one
that
we'll
talk
about
here
is
influx.
Db
is
now
and
officially
or
is
now
a
supported,
metrics
provider
jmet
contributed
this.
It
basically
allows
analysis
templates
to
query
inflex,
DB
kind
of
here's,
an
example
here.
The
the
new
portions
of
the
analysis
template
that
allow
you
to
query
influxdb.
A
A
Okay,
thanks
Zach
for
that
update,
so
those
were
the
two
items
we
had
on
our
agenda.
I'm
gonna
check
one
last
time
to
see
if
there
was
any
other
things
brought
forward
on
this
I
don't
see
anything,
but
does
anyone
else
have
any
other
topics
they
want
to
bring
up
for
this
meeting.
A
Okay,
I
don't
see
anything,
but
if
there
are
Argo,
CD
or
roll
out
specific
technical
discussions
that
there's
a
contributors
meeting
happens
tomorrow
at
8
15
a.m,
Pacific
and
then
the
workflows
happens,
bi-weekly
on
Tuesdays
at
at
10
yeah,
10
A.M
other
than
that
I.
Think
that's
a
wrap
for
today
and
we'll
see
you
tomorrow
at
the
contributes
meeting
or
next
month
on
the
community
meeting
thanks.
Everyone.