►
From YouTube: Argo Contributors Office Hours June 1st 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
so
hello,
everyone,
one
more
time,
I'm
going
to
start
sharing
my
screen
to
show
agenda
to
everyone,
so
we
have
I'm
assuming
it's
from
ucan
from
you.
Then
the
issue
there's
feedback.
B
B
Stuff
to
bring
up
the
one
thing
I
wanted
to
call
out
Michael
Crenshaw
for
like
I,
don't
know
if
he's
on
some
sort
of
performance,
enhancing
drugs
or
something,
but
he
he
merged.
119,
pull
requests.
I,
don't
know
how
he
did
that
I
I
haven't
looked
at
him,
but
he
just
went
beast
mode
this
last
week
and
he
he
did
172
reviews.
He
was
averaging
like
30
a
day,
so
totally
insane
amount
of
contribution
coming
for
Michael.
B
There,
then,
as
far
as
issues,
this
actually
isn't
an
issue
that
was
created,
but
I
just
wanted
to
ask
kind
of
a
sense
from
the
group.
So
right
now,
Argo
2.7,
which.
B
Pasha
is
is
leading
up
and
working
on
WE
upgrade
to
customize
five
and
customize
five
I,
don't
know
how
many
people
have
used
it,
but
it
has
a
lot
of
breaking
changes
and
so
I
kind
of
I'm
not
sure
that
I'm
super
happy
with
the
way
that
customizes
doing
it,
because
I
would
have
expected
that
they
would
have
maybe
done
like
some
deprecation
warnings,
but
they're
not
doing
that.
So,
if
you
just
blind
upgrade
into
customized,
five
like
I
would
expect
a
bunch
of
your
apps
are
just
gonna
break.
B
They
won't
be
able
to
render
properly
anymore.
So
I
wanted
to
ask
if
maybe
we
should
hold
off
on
setting
the
default
version
to
customize
five,
and
maybe
even
introducing
like
some
sort
of
deprecation
warning.
I
really
think
that's
a
customized
thing
that
they
should
have
done
so,
but
I'm
I,
don't
know.
I
just
wanted
to
see.
If
anybody
had
any
thoughts
about
it.
B
C
Because
I'm
running
some
customized
views
locally
and
I'm
receiving
a
deprecation
notice
during
the
the
CLI
command
execution,
so
yeah
I
think
they
they
send
those
deprecation
notice
during
the
CLI
execution.
So
they
they're,
saying
hey
this.
This
attribute
is
going
to
change.
It's
not
going
to
work
anymore,
but
it
has
to
be
during
the
the
execution.
C
I
didn't
find
documentation
for
that.
Oh.
B
B
I
I
didn't
see
any
deprecation
notices.
I
saw
like
this
thing
is
broken.
Try
using
customize
fix
to
update
it
like
it
wasn't
like
hey.
This
is
still
working,
but
you
have
some
warnings
that
this
stuff
is
going
to
go
away
and
the
future
versions
it
was
like
this
stuff
is
is
broken.
You
should
fix
it.
B
B
Maybe
are
there
any
concerns
about
moving
to
customize
five
or
it
should
be
just
let
it
go,
and
and
people
will
understand
that
I
mean
it's
not
gonna
it
the
cause,
it
would
not
cause
anybody's
apply,
get
taken
offline,
it
would
just
break
their
updates
and
they
would
need
to
go
and
update
their
customize.
So
we.
A
Can
make
it
easier
to
so?
There
is
a
pretty
straightforward
way
to
stay
on
customized
four,
like
we
offering
people
to
use
in
its
container
and
just
simply
replace
the
binary
because
adversity
doesn't
it
didn't
kill
if
it's
four
or
five
it
just
use
customized
commands,
we
can
upgrade
notes.
We
can
literally
Kevin
patch
for
EPO
server
that
introduces
a
single
container
and
replaces
customize
five
is
for,
like
the
latest
stable
version
and
then
a
very
strong
note
in
upgrade
notes.
Saying
that
you
will
you
know
by
default,
you
get
customize
five.
D
A
A
C
I
thought
we
had
a
few
versions
in
repo
server
Maybe
I'm
Wrong.
Is
it.
A
We
have
ability
to
have
many
multiple
versions,
but
because
you
know
everybody
needs
like
100
megabytes
within
to
to
blow
the
image.
That's
right
by
default,
it's
just
one
binary
and
possibility
to
add
more
when
it
is
it's
200
users
I'm
curious,
then,
did
you
hear
from
any
customer
like
real
customer
who
basically
run
into
customized
issues
and.
B
I
I
haven't
had
any
any
customers
upgrade
to
two
seven
that
if
I
did
but
I
I
run
my
own
server
off
of
the
latest
to
see
what
breaking
changes
are
there
and
I
was
like
wait.
We're
up,
like
literally
all
of
my
applications
aren't
rendering
now
what's
going
on
and
I
had
to
go,
look
into
it
and
update
all
my
manifests
so
that
they
applied
patches
with
differently
than
what
I
was
doing
and
customize
four
and
three.
E
A
B
You
know,
unless
somebody
has
really
strong
objections
to
it,
but
I
think
we
just
your
point
that
customize
is
always
doing
breaking
changes
is
well
met
and
it
might
be
something
that
we
think
about
creating
an
issue
to
make
it
easier
to
tell
which
versions
of
stuff
are
running
in
our
go
by
default.
B
A
A
B
Oh
I
should
give
a
shout
out
to
ashida
too,
because
you
did
17
PR
reviews,
which
was
huge.
That's
a
lot
of
PR
reviews
and
especially
to
see
you
jump
up
and
start
doing
that.
So
thank
you
so
much
for
making
that
big
effort.
Thank.
D
A
Thank
you,
awesome,
okay
and
actually
I.
Had
a
question
against
to
Michael.
I
also
saw
a
bunch
of
the
most
pull
requests
and
I
glanced
at
some
of
them
most
of
them.
It
was,
you
know
something
that
was
supposed
to
be
immersed
long
time
ago.
I'm
curious
was
there
any
appears
that
you
feel
will
dangerous
and
could
break
stuff
so
something
that's.
E
Of
stuff
around
application
sets
so
I
fully
expect
to
run
into
a
few
bugs
there
as
far
as
really
Central.
So
Blake
Pederson
put
up
a
PR
to
basically
move
the
place
where
we
check
Helm
dependencies
and
their
compatibility
with
projects
to
the
repo
server
from
the
API.
F
E
The
intention
being
to
produce
better
error
messages,
but
someone
who
is
running
this
can
hit
an
issue
where
an
app
that
previously
wasn't
getting
an
error
is
now
getting
an
error.
So
we
might
end
up
having
to
revert
that
if
Blake
isn't
able
to
get
to
the
bottom
of
it
before
2
8,
but
otherwise
nothing
particular
to
focus
on.
E
Yep
one
other
thing:
I've
moved
through
a
lot
of
dependent,
Bots
stuff,
which
means
they're
more
dependent,
Bots
PR's
coming
in
every
morning.
A
lot
of
UI
upgrades
are
stuck
because
we're,
like
you,
know
two
three
major
versions
behind
on
some
UI
dependencies.
E
A
Okay,
I
guess:
that's
it
about
issue
I
think,
and
we
have
one
topic
from
Blake.
So
there's
a
proposal
to
use
name
as
a
ID
for
clusters.
And
let
me
let
me
check
a
click.
Is
here
yeah.
D
F
To
scope
cluster
Secrets,
somehow
I
had
a
slight,
shall
we
say
debate
with
this
dude
in
terms
of
how
it
could
be
implemented,
but
the
gist
of
it
is
being
able
to
have
cluster
Seekers
scope
more
narrowly
than
than
on
cluster-wide,
because
there
are
issues
with
basically
what
happens
if
you
have
multiple
cluster
secrets
on
the
same
API
URL,
it's
well,
it's
deterministic.
In
the
sense
it
will
just
return
the
first
one,
but
that
is
not
a
desirable
one.
F
F
Cluster
name
I've
figured
that
we
can
do
something
that's
simpler,
which
is
basically
like
if
we
were
to
annotate
a
cluster
C
group
of,
say,
namespace
and
then,
if
the
namespace
is
present
cost
secret,
then
we
can
return
a
more
narrowly
scoped
cluster
secret
than
you
know
where
we
can,
each
where
we
can
have
separate
our
back
settings
and
such
the
I
guess.
The
challenge
there
would
be
would
be
caching,
but
I
think
this
would
be
a
much
in
my
opinion.
I
think
it's
I
mean
it's
would
be
a
bit
simpler,
I
mean
I.
A
A
A
Basically,
we
could
say
there
is
one
read-only
account,
so
okay,
I
can
I
think
I'm
describing
kind
of
competing
idea
to
this
proposal.
There
is
another
way
to
reduce
scope
is
to
have
let
user
use
one
account
that
has
cluster-wide3
permissions
and
then
separate
accounts
to
make
changes.
A
So
basically,
this
way
it's
safer
to
have
visited
only
permissions
and
only
you
know
limited
permissions
to
make
make
changes
and,
but
obviously
I
do
not
know
if
it
would
solve
use
case
that,
and
the
person
is
trying
to
solve
is
this
proposal,
so
it
kind
of
has
advantages
and
disadvantages.
In
this
case,
it's
the
most
like
people
can
just
create
account
literally
scope
to
a
namespace
and
connect
it
to
the
shelter,
go
CD
and
use
it
to
just
manage
the
stamp
space,
but
it
has
performance
implications.
F
Yeah
I
mean
for
me
it's
more
of
the
the
goal
in
this
case
than
this
proposal.
I
don't
know
if
I
don't
know
if
you
can
scroll
down
to
see
what
I
debate
or
what
I
had
suggested,
but.
F
A
I
feel
like
there's
no
proposal.
There
is
a
GitHub
issue
for
it
and
I
would
need
to
you
know,
search
for
it,
but
I
guess
keyboards
is
to
use
account
in
personalization,
for
when
we
apply
changes,
so
basically,
Argo
CG
would
need
to
just.
We
could
have
multiple
service
accounts,
so
the
idea
was
to
have
a
convention
where
we
could
say
look
for
service
accounts
in
a
managed,
namespace
and
use
its
permissions
to
apply
changes
and
idea
is
to
kind
of
are.
A
We
still
have
got
level
permissions,
but
it's
less
management
paying
for
argosity
administrator,
because
you
no
longer
need
to
duplicate
our
back
in
in
Project
permissions.
Instead,
we
can
kind
of
just
reuse
existing
our
bug
that
stitching
can
manage
cluster
yeah,
and
so
now,
when
I
set
it
loud.
I
feel
I
see
how
it's
kind
of
it's
maybe
two
different
issues.
It's
kind
of
about
security,
but
I
feel
like
this
proposal
is
to
actually
give
our
cdlers
permissions
and
the
The
Proposal.
That
I
was
describing.
A
It
was
about
the
simplifying
algorithm
management,
so
kind
of
try
to
instead
of
asking
admin
to
manage
projects
and
set
project
settings.
Instead,
we
could
pointer
with
CD
to
existing
system
account
and
it
would
try
to
impersonate
this.
This
account
and
use
you
know
just
make
changes
on
behalf
of
the
of
the
content.
If
something
is
not
allowed,
it's
you
know,
kubernetes
will
reject
I
guess
now.
I
have
a
formulated
question
to
this
deal
to
the
author
of
this
proposal
and
I
will
just
ask.
A
F
That
seemed
a
bit
bigger
and
scope,
but
I
was
counting
on,
but
for
sure
that's
I
could
get
some
response
from
this.
Thanks.
A
Great,
and
did
you
have
any
so
I
guess
one
goal
is
so
you
want
to
get
attention
to
this
proposal
and
was
there
anything
else
like?
Did
you
want
to
discuss
anything
else
of
the
proposals?
It
does
no.
F
A
A
A
C
I
just
wanted
to
bring
up
a
topic.
I
noticed
that
in
master
Branch,
our
CI
jobs
are
broken
because
of
some
license
check
so
I'm,
mainly
a
merely
questioning
if,
if
that
range
is
expected
to
break
with
that
check,
if
it
is,
if
we
can
just
remove
that
check
from
the
branch
and
the
other
problem
is
when
I
click
the
the
details
link,
he
directs
me
to
a
login
page
fosa,
something
so
is
this
the
expected
Behavior
as
well,
so
folks
that
are
familiar
with
that
CI
setup.
A
E
C
A
E
A
while
back
because
it's
something
that
cncf
was
pushing
for
I,
think
it's
good
to
have
it,
but
I
think
that
we
should
just
like
actually
go
through
the
licenses
and
see
if
we're
out
of
compliance
with
anything,
because
that's
just
a
good
thing
to
do.
E
C
A
But
I
kind
of
I
agree
with
Leo
I
had
the
same
impression
like
it's
good
to
have
it
check
if
we
intend
to
fix
it
soon,
but
it's
been
seven
months
so
now
it
looks
like
yeah,
it's
kind
of
yeah.
It
just
makes
me
nervous
like
every
time,
I
open,
I,
see
a
bunch
of
this
red
crosses
in
the
argosity
history
and
I
would
vote
to
disable
it,
and
then
you
know
and
maybe
prioritize
to
go
through
licenses
and
basically
like
when
we
feel
like
we're
really
going
to
fix
licenses
in
like
next.
E
A
D
To
have
a
background
on
it,
so
I'm
Christina,
I'm
with
AWS
and
currently
we're
working
on
the
terraform
blueprint
for
eks.
So
we
have
this
issue
where
we
want
to
hand
off
at
a
certain
point.
We
want
to
hand
off
the
work
to
Argo,
but
Argo
needs
some
resources
on
AWS
side,
sometimes
depending
on
what
we're
installing,
let's
say,
Carpenter
or
like
almost
anything
that
could
meet.
There's.
Let's
say
our
workflows
needs
an
S3
bucket.
D
We
need
terraform
to
create
that
bucket
and
then
hand
it
off
to
Argo
what
we've
done
for
different,
like
what
different
organizations
have
done,
sometimes
they're,
okay,
with
putting
that
like
committing
it
into
GitHub
Helm
values,
so
they
sometimes
committed,
but
most
of
the
time.
This
contains
an
account
ID
or
some
parameters
that
they're,
not
okay,
putting
in
GitHub,
even
though
they're
not
a
secret
they're,
still
not
okay.
D
So
we
were
looking
into
a
way
to
do
this
and
one
of
the
ways
we
that
kind
of
came
naturally
was
like
how
about.
We
just
drop
these
values
in
a
config
map
and
then
hand
it
to
the
application
in
the
cluster
which
everybody
is
okay.
With
but
the
functionality
doesn't
exist
and
also
the
other
requirement
for
us
was
whatever
works
for
whatever
the
solution
is,
it
has
to
work
for
actually,
both
our
goal
and
flux
and
flex
does
have
this
functionality.
So
we
found
this
proposal
here.
D
E
Yeah
and
I
I
put
up
some
resistance
to
this
proposal
at
first,
because
it's
basically
the
same
functionality
as
Helm
lookup,
just
implemented
at
the
Argo
CD
level,
and
if
this
feature
is
limited
to
just
Helm,
I
think
that
our
effort
would
be
better
spent
on
supporting
Helm
lookup
via
project
level
service
account
impersonation,
because
project
level
service
account.
E
Impersonation
is
a
feature
that
people
want
for
things
besides
Helm,
it
would
just
benefit
the
project
overall,
but
if
we
can
make
this
work
for
customized
Json
at
plugins,
then
I
think
it's
really
valuable
and
makes
sense
to
implement
it,
instead
of
or
in
addition
to
look
up,
support
and
I
added
a
comment
at
the
end
on
one
way
that
I
think
we
could
make
it
work
for
all
all
Source
types.
E
It
may
be
on
the
main
page,
instead
of
being
on
the
div
comments.
Basically,
my
suggestion
was
use.
The
existing
environment,
variable
replacement,
feature,
move
the
dynamic
parameters,
block
up
and
out
of
the
helm
block
and
just
write
the
value
from
a
dynamic
parameter
into
an
environment
variable
which
can
be
interpolated
anywhere,
that
build
environment
variables
can
already
be
interpolated.
A
I
really
like
it
too,
because
I
I
was
as
there
was,
you
know,
going
through
a
proposal.
I
kind
of
I
was
trying
to
think
of
a
way
to
make
it
possible
to
you
know:
access
those
values
everywhere
and
I
see
how
you
know
kind
of
this.
This
would
work
that
would
cover
all
use
cases
I'm
curious,
should
it
be
done
on
an
application,
Level
or
a
system
level
I,
just
and
I
guess,
or
even
a
project
level.
A
A
Resources
and
algae,
City,
namespace
and
I
think
there
need
to
be
some
list
or
even
even
you
know,
outside
of
new
spaces
and
outside
of
harvesting
in
space.
So
that's
like
a
lot
of
power
and
I
guess
we
we
must
be
restrict
it
somehow
and
I
I,
don't
know
if
it's
already
mentioned
in
the
proposal,
but.
A
E
Eon's
suggestion
was
enforce
the
applications
project
rules
on
the
resource
ref.
E
D
E
And
view
its
contents
via
the
UI,
then
it's
fine
to
give
them
access
to
the
dynamic
parameter.
I
pointed
out
that
that's
not
entirely
true
for
Secrets,
because
the
API
does
obscure
secrets.
So
I
think
that
we
would
want
to
both
enforce
project
restrictions
and
have
some
sort
of
admin
level.
Opt-In
for
allowing
users
to
access
Secrets
via
Dynamic
programs.
C
I
I
just
have
a
question
regarding
to
this
approach,
so,
if
you're
providing
the
the
config
map
as
part
of
the
of
the
application
resource,
so
does
that
mean
that
we
have
to
generate
manifests
into
face
because
first,
we
need
to
retrieve
the
the
values
and,
just
later
we
need,
we
will
be
able
to
provide
the
values
to
to
to
replace
right
on
the
generated
manifest.
So
how
is
the
manufacturing
narration
logic
would
be
accommodated
to
to
address
this.
This
scenario.
E
Both
the
controller
and
the
API
server
would
have
to
add
logic
to
do.
The
parameter
fetch
before
it
sent
the
Manifest
generation
request
to
the
repo
server.
So
we'd
have
to
fetch
these
values
and
pass
them
as
parameters
to
the
repo
server
generate
manifest
call.
C
E
C
Oh
I,
see
is
okay,
so
and
that
wouldn't
work
for
vanilla
manifests.
Then.
E
Correct
because
vanilla
manifests
have
yeah,
there's
no
parameters.
Yes,.
A
I
have
a
question
for
Christina,
so
the
wood
and
I'm
trying
to
understand
in
your
use
case.
Would
it
be
okay?
So
do
you
expect
that
let's
say
someone
created
a
S3
bucket
and
then
want
to
and
developers
don't
want
to
commit
the
value
into
git,
which
is
expected
so,
but
in
this
case,
do
you
expect
that
config
map
should
exist
in
a
control,
plane,
cluster
or
in
an
end
user
managed
cluster?
Oh,
it
doesn't
matter
for
you
and
you
know
one
way
or
another
way.
D
My
concern
here
is
that,
like
two
concerns,
one
of
them
is
like
there's
a
limit
on
the
config
map
and
as
the
applications
in
the
project
grow
we
can't
fit.
We
might
run
into
the
limit
of
like
how
larger
config
Mac
can
be
I,
think
it's
like
256
or
something
kilobytes.
D
So
that
is
one
of
the
concerns.
The
other
one
is
like:
how
would
we,
let's
say
a
a
project
depending
on
how
you
think
of
a
project?
Maybe
a
project
income
encompasses
like
their
stage.
Prod
environment
and
I
need
different
parameters.
I
guess
we
can
still
get
the
key
value.
What
it's
going
to
be
messy.
D
Yeah,
thank
you,
but
the
the
the
size
of
the
config
map
is
larger
concern
here,
because,
depending
on
how
many
applications
you
put
in
a
project,
you
might
burn
out
the
space
real,
quick.
A
I
mean
you
still
could
split
into
multiple
config
Maps
like
nothing,
stop
from
referencing
multiple
kind
of
config
Marks
here,
okay,
it
kind
of
makes
things
a
little
bit
harder,
because
now
I
I
mean
we
have
two
competing
options.
This
could
so
the
question
here
is
which
cluster
is
referenced
here?
Is
it
cluster,
where
obviously
heating
or
is
its
application
cluster
now
I'm
realizing?
It
seems
like
Michael,
you
meant
the
managed
cluster
right
and
I
was
thinking
about
control,
plane,
cluster.
E
Correct
yeah,
so
this
would
be
pulling
from
the
managed
cluster,
and
that
had
been
my
assumption.
I
may
be
wrong
that
that
was
yawn's
intention,
but
I
think
that
makes
sense
like
if
we're
going
to
apply
project
I.
Think
yawn
must
have
meant
a
managed
cluster,
because
if
we're
going
to
apply
project
rules
that
only
really
makes
sense.
If
you're
talking
about
the
managed
cluster
yeah.
A
A
You
know
if
anyone
really
want
to
use
the
time
parameters
that
kind
of
getting
data
from
the
control
plane
cluster
then
I,
guess
it
could
be.
Then
we
can
later
introduce
Dynamic
parameters
on
a
project
because
yeah
the
M
can
trying
to
find
a
compromise,
because
I
see
how,
in
some
cases,
you
maybe
want
to
just
manage
dynamically
different
parameters
in
in
the
in
place.
A
In
some
cases
it
could
be
in
a
managed
cluster,
and
so
we
could
use
the
same
semantics
so
Dynamic
parameters,
but
in
in
application
that
means
manage
cluster
on
the
project
level.
It
means
control
plan
and
it
kind
of
sort
of
secure
with
permission,
questions
and
I
guess.
Another
biggest
question
here
is:
do
we
think
secret
should
be
allowed
as
well
here.
A
A
And
I
think
we
we
I
mean
I
I,
don't
think
anyone
would
be
happy
to
just
expose
those
videos
I
think
we
would
have
to
try
to
hide
it
in
looks,
don't
show
it
in
the
UI.
Consider
it
a
secret.
So
to
be
honest,
I
would
say,
don't
allow
it
because
you
know
if
value
is
stored
in
a
secret,
it's
stored
there
for
reason.
It's
sensitive
with
you.
A
I
feel
like
if
we
allow
secrets
here,
I
I,
just
I,
already
see
how
it
causes
a
lot
of
questions
and
I.
Think
then
the
proposal
would
take
forever,
because
we
can
never
agree
on
how
we
handle
values
from
Secret
if
we
limit
it
to
config
Maps.
Only
if
we
basically,
if
we're
assuming
that
values
reference,
then
Dynamic
biodynamic
parameters
are
not
sensitive
and
it's
fine
to
just
throw
it
in
the
UI.
It
makes
things
a
lot
easier.
So
that's
that's
my
proposal
too.
C
A
A
At
least,
to
make
some
progress,
I
I,
just
I
remember
this
is
not
the
first
approval,
not
the
first
attempt
to
make
it
possible
to
reference.
You
know,
values
from
kubernetes
objects
and
last
time
we
really
stuck
because
once
we
get
into
security
stuff-
and
we
start
thinking
about
you
know
where
those
videos
might
be
shown
and
then
just
the
logs
so
everywhere
in
replay
server
we're
trying
to
print
which
values
we
use
for
manifest
generation,
and
we
would
have
to
start
you
know,
cleaning.
A
The
data
is
that
trying
to
hide
secret
values,
same
thing
in
the
UI
yeah
and
that
so
basically,
it's
splitting
into
two
steps
would
make
it
easier
to
make
some
progress.
A
Or
I
guess
yeah,
so
I
I
want
you
to
just
try
to
document
to
this
discussion
and
yeah.
Just
put
it
here.
So
I
can
see
and
we'll
be
pleased
to
hear
he
get
feedback
from
many
people
in
in
The
Proposal.
Also,
if
you
don't
mind,
I
will
attack
you
Christina
and
and
Michael
and
Leo
right
and
feel
free
feel
free
to
you
know
correct
me:
if
I
got
something
wrong,
but
I'll
do.
A
A
Okay,
school
I
guess
we
are
done
here
and
we
had
just
run
out
of
time.
So
I
know
we
have
one
more
topic
better
by
attention,
but
we'll
have
to
discuss
it
next
time.