►
From YouTube: Argo Contributors Office Hours May 18th 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi
everyone
welcome
to
the
contributors
meeting
I'm
going
to
be
your
host
today,
I'm
Leo
and
starting
usually
by
triage
and
discussion.
Last
week
we
had
Alex
and
jaydeep
responsible
for
doing
triage.
I,
see
you
in
the
college
adip
and.
B
B
It
may
not
be
essentially
a
big
issue,
but
I
just
thought
it'd
be
good
to
shine
some
light
on
it
quickly,
the
first
one
we
got
this
from
one
of
our
customers
who
had
resourced
a
bit
and
found
this
issue,
and
it
looked
like
a
lot
of
people
are
facing
this.
B
The
gist
of
this
is
that
I
think
there
may
be
a
bug
in
how
we
handle
ignore
differences
for
those
fields
which
are
basically
arrays.
That's
the
common
denominator.
So
so
there's
a
lot
of
people.
Who've
said
that
they're
experiencing
this
issue,
they
all
kind
of
describe
their
own
experiences,
which
is
slightly
different,
but
the
common
denominator
seemed
that
there
was
some
unexpected
Behavior
when
they
were
configuring.
The
array
elements
so
like
either
like
jqbal
expressions
or
Json
pointers
for
specific
container
Fields.
B
The
common
complaint
I
picked
up
was
that,
if
they've
added
and
ignore
differences
for
a
specific
field
in
a
given
container,
I
think
even
changing
other
fields
for
those
same
containers,
I
think
which
should
the
expected
Behavior
would
be
that
those
changes
don't
get
ignored.
Those
also
end
up
getting
ignored,
maybe
there's
a
there's,
a
bug
we
should
be
looking
at
and
how
we
handle
ignore
differences
specified
for
within
arrays,
and
this
was
I
think
this
was
got
a
few
upwards.
B
So
I
just
wanted
to
bring
this
up
so
that
people
are
aware
that
this
is
something
that's
I
think
still
affecting
people
within
recent
versions
as
well.
A
Yeah
I
quickly
looked
at
the
issue
JD
thanks
for
for
describing
it
and
I
think
I.
The
pattern
that
I
found
in
everyone
that
replied
to
this
to
this
issue
was
that
they
were
using
GQ
path,
expressions
with
the
race,
so
basically,
apparently
yeah
you're,
probably
right
that
there
is
a
bug,
but
apparently
it's
related
to
when
people
configure
ignore
differences
with
a
race
yeah.
He
he
added
this
specific.
This
path
expression
the
acute
path
expression
this.
A
The
next
one
also
used
array
and
yeah.
This
also
uses
array
right,
apparently,
is
related
to
that.
You
see
array
again.
Yeah
in
this
case
stood
out
for
me,
because
this
is
different
in
this
case.
A
He's
using
manage
Fields
for
ignore
differences,
and
the
logic
I
know
is
different
in
this
case,
because
it's
going
to
be
using
the
the
manage
fields
in
the
in
the
resource
to
actually
decide
what
should
be
removed
from
from
from
the
div
before
applying
it
in
kubernetes
and
I
know
that
article
City
during
div
calculation,
to
display
in
the
UI
applies
a
different
logic
than
what
it
does
during
the
by
the
moment.
A
It
will
apply
in
the
cluster,
so
I
wouldn't
be
surprised
that
they
are
getting
a
difference
in
this
particular
case
here,
but
yeah.
It's
it's
I
think
there
are
two
bugs
one
when
managed
Fields
is
used,
maybe
there's
a
a
missing
piece
in
the
diff
logic,
and
the
other
thing
is
when
you're
using
Json
pointers.
They
like
this
way.
B
Right,
maybe
we,
okay
I,
think
that
makes
sense,
I
think
the
the
reason
I
stumbled
across
this
issue
is
also
our
customer
had
an
issue
with
the
managed
field
managers
yeah.
It
sounds
like
if
that's
two
different
issues,
then
we
should
clarify
that
in
on
the
on
the
issue
itself,
and
maybe
we
should
have
a
separate
issue
for
any
unexpected
Behavior
they're,
seeing
with
managed
field
managers
as
opposed
to
adjacent
pointers
or
JQ
plot
expressions.
A
Okay,
yeah
yeah
I
would
I
could
take
a
look
at
this
I
I
was
involved
in
this
implementation
in
in
the
past.
Maybe
that
would
be
easier.
I
just
need
to
find
time
to
actually
practically
work
on
this
I'll
I'll
I'll.
Add
a
comment
after
this
and
I
received.
So
I
can
I
start
receiving
things
when,
when
people
add
more
comments
and
I'll
put
that
in
my
backlog
and
of
course,
if
someone
else
wants
to
take
a
look,
I
can
help.
A
A
But
if
someone
wants
to
pick
it
up,
I
can
work
together
and
and
help
with
that
as
well.
B
Yeah
sounds
awesome.
I
will
also
just
update.
I'll
just
add
a
comment
with
what
my
customer
said.
Also
just
so
there's
more
context
on
it.
It's
more
on
the
manage
field
managers
thing,
so
we
could
just
make
a
separate
issue
if
you
think
the
underlying
fix
and
cause
would
be
different
from
this
one
and
just
make
it
clear,
because
other
people
might
keep
adding
to
this
issue.
If
they're
facing
the
managed
field
managers
issue.
A
Yeah
I
don't
think
there
is
a
necessity
to
break
right
now,
as
we
already
have
history,
good
history
in
this
one
I
think
we
can
keep
it
in
a
single
issue,
I'm
just
saying
that
we
might
have
to
look
in
in
two
different
implementations,
one
for
managed
fields
and
the
other
one
for
for
Jason
for
the
Json
path,
expression,
which
is
a
slightly
different
areas
in
the
code.
B
Yeah,
the
second
one
smaller
in
performance,
slash,
I,
guess
scalability,
but
this
is
I
came
across
this
issue
and
I
went
through
it
and
this
this
particular
issue
does
a
good
job
of
kind
of
consolidating
all
of
the
reference
issues
that
they've
seen,
which
are
all
along
the
same
lines
and
have
stayed
open
so
far.
B
It's
mostly
on
unexpectedly
High
CPU
consumption
for
for
the
app
controller.
I
know
that
this
can
have
many
different
underlying
on
issues.
It
can
be
very
specific
to
the
environment
that
they're
running
August
CDN
and
how
many
apps
they're
managing
and
how
many
resources
those
apps
are
managing
Etc.
B
A
When
you
add
it
in
the
document,
I
quickly
looked
at
this
this
issue,
and
one
thing
that
stood
out
for
me,
was
the
comment
that
he
added.
Where
is
it
here?
A
I
guess
it
is
pointing
to
a
giant
mono
repo
that
gets
updated
every
couple
minutes
with
application
manifest
generated
by
Jenkins,
so
basically
he's
apparently
using
a
single
application
to
deploy
thousands
of
resources
in
a
giant
mono
repo.
A
My
point
is
Argo
CD
will
keep
pulling
from
git
every
three
minutes,
if
I'm
not
mistaken,
and
if
for
for
Argo
City
to
to
calculate
divs
and
apply
everything
every
if,
if
argosity
takes
longer
than
three
three
minutes
to
up
to
calculate
this
and
apply
everything
in
the
cluster
and
in
the
next
pulling
stage,
you'd
already
have
changes
to
apply
again,
it
will
keep
applying
forever.
So
it
kind
of
justifies
what
it
is
described
here.
A
I'm,
not
sure
if
there
is
a
configuration
article
to
expand
that
pulling
time
that
we
that
I
think
it's
repo
server
that
does
in
the
SCM
I.
Don't
remember
if
we
have
a
configuration
for
that,
but
if
we
do,
maybe
the
user
could
could
increase.
That
number
right,
instead
of
being
of
syncing
every
pulling
changes
from
git
every
three
minutes.
Maybe
he
could
pull
every
30
minutes
if
that
makes
sense
in
analyze.
If
you
could
make
things
easier
for
him,.
B
Right
that
would
also
do
introduce
a
pretty
big
delay
and
how
quickly
I
would
say
you
can
sync
the
desired
state
with
the
cluster
State,
though
right
I,
don't
know.
If
so,
do
you
think
the
that's
the
main
reason
for
why
a
CPU
user
just
spiking
up.
A
A
He's
not
providing
the
application
he's
sinking,
but
he
says
he's
a
giant
mono
repo
that
gets
updated
every
couple
minutes
so
I.
B
Think
the
other
issue-
that's
also
been
discussed
in
one
of
the
I-
think
the
first
link
in
the
list
down
there
is
that
I
think
it's.
Obviously
it
has
different
levels
of
syncs
right,
l0,
L1
Etc,
and
some
of
them
are
not
supposed
to
be
very
resource
intensive,
but
I
think
in
maybe
they're
saying
that
in
their
case,
even
l0
sinks
or
everyone
thinks
which
are
supposed
to
be
resource,
light
and
resource
consumption
are
causing
a
big
spike.
Maybe
that's
some
point
to
take
into
account.
B
A
Do
you
maybe
want
to
bring
this
to
the
scalability
comedy
I
think
it's
a
good
cage,
maybe
for
them.
B
B
A
Okay,
yeah
it's
published
in
the
in
the
Argo
calendar.
It
happens
every
other
week
on
Wednesdays.
D
Sorry,
if
I'm
a
chairman
here
on
the
scalability
one,
the
scalability,
they
tried,
it
might
be
the
size
of
the
repo
and
the
size
of
the
applications.
But
they
tried
with
the
three
minutes.
They
have
the
data
with
the
three
minute
and
then
they
put
the
polling
in
the
row
to
six
minute
and
the
six
minutes
worked
pretty
good.
But
we
need
metrics
to
visualize
the
queue
and
see
if
the
queue
gets
cleared.
D
A
D
A
For
pulling
from
git
Christina
is
that
what
you're.
A
D
Applications
and
they
bumped
the
application
size
in
the
config
map
to
256.
and
it
boggled
down
Argo
CD
and
then,
when
they
pushed
up
the
from
three
minutes
to
six
minutes,
then
the
queue
was
getting
clear.
Then
you
could
see
the
metrics
that
that's
what
currently.
A
I
can
find
a
configuration
to
bump
this.
This
pulling
interval
I
think
it's
in
repo
server,
if
I'm
not
mistaken,.
D
Also
yeah,
the
benchmarks
were
against
separate
Ops
it.
It
wasn't
if
it's
mono
repo
or
multiple
repos,
it
was
just
the
size
of
the
apps,
so
they
tried
with
like
two
kilobytes
I
think
and
that
worked
just
fine
and
then
they
bumped
the
size
of
the
apps.
They
just
put
some
stuff
in
the
config
map
to
bump
the
size
of
the
apps
to
I,
think
256
and
that's
when
things
out
started
going
south
so
to
speak.
A
B
Right,
I
yeah,
so
I
guess
I
was
just
wondering
if
if
we
have
an
idea
of
what
the
benchmarks
would
be
for
like
a
model
ebook
because
I
think
that's
supposed
to
affect
performance
as
well
and
maybe
I'm
wrong.
But
I
remember
seeing
some
documentation
saying
that
if,
if
someone's
using
an
apple
Fabs
pattern,
then
there
is
a
higher
performance
penalty
than
if
they're
using
separate
apps.
B
A
D
So
the
first
one,
the
80,
sorry
98,
30
that
one
the
posting
hook.
It
runs
only
once
when
the
application
gets
successfully
deployed.
But
if
the
auto
sync
is
enabled
that
posting
hook
does
not.
E
D
So
that's
like
very
I,
don't
know
why
it's
happening,
but
it's
I
validated.
It
I.
Think
I
left
a
comment
on
this
one.
So
I
was
wondering
if
it's
on
anybody's
reader.
F
I
think
at
the
last
meeting,
Alex
M
dived
into
why
he
thinks
this
is
happening.
I'd
have
to
go
back
and
look
at
the
recording,
though,
to
remember
what
he
said.
D
D
All
right,
the
other
two,
so
sorry,
let
me
introduce
myself
I'm
Christina
I'm
with
AWS
and
I
am
on
the
terraform
blueprints
team.
We
do
the
AKs
blueprints
for
terraform
and
we're
trying
to
find
a
solution
where,
like
when
to
hand
off
things
to
our
goals.
So
when
there's
some
infrastructure
needed,
we
need
to
create
like
Ursa
and
whatnot
with
with
the
terraform
and
then
drop
in.
Let's
say
a
service
account
with
an
annotation
and
like
pass
it
to
Argo.
D
However,
there
are
sometimes
other
things
that
we
need
to
drop
in,
so
we
want
the
application
to
be
able
to
pick
up
a
config
map
or
a
secret
from
kubernetes
and
like
one
per
application
and
I
see,
this
issue
is
outstanding
and
whatever
we
do
for
our
goal,
we
also
have
to
do
working
for
Flex.
We
want
the
same
pattern.
So
here
the
config
map
and
secrets
has
been
open
for
quite
some
time
and
I.
Think
my
co-worker
Carlos
talked
to
somebody
at
kubecon.
D
Eu
and
I
was
just
trying
to
Bubble
those
two
up
and
they
said
one
is
dependent
on
the
other,
like
the
Argo
CD
522
is
dependent
on
the
Helm.
There
was
one
open
with
helm.
A
F
F
This
is
necessary,
but
not
sufficient,
so
Argo
CD
still
needs
a
way
to
like
take
advantage
of
the
new
dry
run
flag
and
actually
provide
Helm
access
to
the
external
cluster,
and
it
needs
a
way
to
do
so
safely.
At
cdcon,
I
had
a
conversation
with
I
think
Dan
Garfield
about
a
way
to
do
this.
That
is
reasonably
easy
to
implement
and
safe,
but
travels
Whirlwind
and
I've
forgotten.
What
that
conversation
was
so
I
need
to
talk
to
Dan
again.
F
D
Yes,
what
you're
saying
the
hell,
the
health
merch,
it's
not
the
only
one
that
we
need
to
move
the
52-20
5202
along
is
that
correct.
F
Because
Argo
CD
still
needs
to
give
so
we
run
Helm
template
to
generate
manifests.
F
We've
got
to
give
that
command
access
to
the
external
Helm
cluster
by
generating
a
cube,
config
or
passing
command
line,
arguments,
or
something
so
that
it
can
actually
perform
the
lookups,
and
we
need
to
do
so
in
a
way
that
doesn't
like
break
access
restrictions
for
the
project
that
we're
generating
the
manifests
for
otherwise
someone
could
do
Helm
lookups
on
all
kinds
of
secrets
in
the
destination
cluster
and
just
inject
those
into
their
app
I
had
thought
the
only
way
to
implement
this
was
to
also
Implement
project
level
service
account
impersonation.
F
So
basically
tell
the
users
hey
add
this
service
account
name
to
your
project
spec
and
we'll
just
use
that
service
account
to
restrict
the
lookups
and
just
trusts
that
they
craft
the
service
account
role
correctly,
but
it
I
think
it
was
Dan.
Who
convinced
me
that
there's
a
better
way
and
now
I've
forgotten
the
better
way.
D
F
Does
usually
I'll
ping
him
man
I
wish
I
could
remember
if
for
sure,
if
it
was
him
that
I
talked
to
anyway,
we'll
we'll
track
down
the
answer.
Project
impersonation
is
a
lot
of
work.
I
think
that
we
can
do
it
in
a
simpler
way.
A
Okay,
thanks
Christina
thanks
everyone
thanks
Jack
deep
for
working
on
the
triage
this
week.
So
now
we
have
to
elect
who's
going
to
be
responsible
for
triage
next
week.
Any
volunteers.
A
A
A
Blake
next
topic
specify
an
explicit
list
of
clusters
with
cluster
generator
yeah.
G
So
this
is
for
the
application
set,
so
at
work
there's
been
some
people
use
application
sets,
but
then
they
maybe
want
a
more
lighter
weight
and
a
lighter
way
of
specifying
a
specific
list
of
clusters
without
needing
to
put
in
labels
whatnot.
So
my
ideas,
that's
people
could
just
to
pass
in
if
they
want
to
just
pass
in
like
a
a
couple
of
clusters,
they'll
just
specify
a
list
of
of
URLs
across
the
URLs
which
will
match
the
which
will
match
the
cluster
attribute
in
the
cluster.
G
Secrets
and
I
have
a
proof
of
concept.
Basically,
where
what
happens
is
that
you
know
when,
when
the
cluster
generator
does
its
thing
it
will,
it
will
check
to
So
based
What
hap?
What
would
what
I
would
like
to
say
is?
Is
that
you
know
during
the
time
during
generation
time
it
will
basically
look
up
a
hash,
the
hash
value
of
the
cluster
URL.
G
So
basically,
there
would
be
like
a
one-time
cost
of
generating
this
hash
as
a
label,
and
then
we
just
do
it
in
lookup
of
this
hashed
value
of
the
Clusters,
so
that
one
can
specify
just
a
list
of
clusters.
Basically,
I
don't
know
what
your
thoughts
on
that
it's
yeah.
That's,
basically,
that's.
Basically
the
proposal
I
I
can
flesh
it
out
a
bit
or,
if
there's
any
thoughts
or
concerns
about
this
yeah
feel
free
to
voice
them
is.
G
So
this
is
just
purely
like.
You
know.
This
is
purely
in
terms
of
like
okay,
just
just
specify
a
list
of
cluster
urls
people
don't
have
to
you
know
we
don't
need
if
they
want
to
just
Target
like
one
or
two
clusters,
they'll
need
to
specify
a
label
and
match
these
labels,
because
the
way
we've
done
it
at
work
is
basically
like.
F
Match
labels
I'm
pretty
sure
we
also
have
match
Expressions
I,
don't
know
why
it's
not
documented
here
of
selector.
Let
me
double
check
that
that
actually
is
a
thing
that
exists.
F
Yeah
selector
yes
match
Expressions
is
available,
so
the
key
will
be
the
name
of
the
the
parameter.
I.E
I
think
it's
server
for
the
cluster
generator
and
then
the
operator
will
be
in
and
then
the
values
will
be
the
names
of
the
or
the
URLs.
The
Clusters
you
want
to
actually
use
and
I'll
just
send
some
yaml
I'll,
send
it
on
the
application
set
channel
in
cncf,
select.
A
So
Blake
gave
me:
okay,
maybe
you
take
a
look
at
Michael's
suggestion
and
see
if
that
addresses
your
use
case
yeah
and
if
that
doesn't
maybe
come
back
with
this
proposal
and
maybe
explain
why
that
doesn't
doesn't
address
and
and
which
would
be
a
reason
to
to
pursue
this.
His
proposal
sounds.
G
A
E
E
It's
already
solved
because
it's
related
with
the
with
the
topic
about
scoping
the
application
set
into
the
project
so.
E
Yeah
from
my
side,
yes,
but
I
would
like
to
ask
related
with
this
about
their
proposal.
Maybe
I
have
to
add
to
the
to
the
agenda.
Are.
E
No
I
created
another
proposal
for
adding,
maybe
you
remember
last
week,
I
asked
for
creating
application
set
or
attach
the
application
set
to
the
to
a
project,
and
it's
for
for
discussing
or
maybe
for
so
for
notifying
that
is
there.
So
please
take
a
look.
I
I
will
work
on
this.
A
It
might
be
already
reviewed,
so
you
you
reply,
so
it's
a
matter
of
checking
back
your
your
replies
is
that
what
you're
asking.
A
Cool
thanks,
thanks
for
letting
us
know
all
right,
so
moving
forward
next
topic
proposal
for
adding
oci
support
to
Argo
City,
then
G,
not
sure
if
this
is
done,
Garfield
but
I
don't
see
him
in
the
call
is
someone
aware
of
this,
if
not
I'll
be
just
to
bringing
it
to
next
weeks.
F
Oh
oh
yeah
Dan,
so
we
should
add
the
ability
to
pull
OC
artifacts
and
generate
customized
benefits
to
Json
that
manifests
or
just
plain
manifest
right.
Now,
it's
limited
to
just
Helm,
so
Dan
and
Andrew
block
wrote
up
her
proposal,
which,
basically
just
said,
add
a
new
client
type
and
Define
how
to
specify
oci
artifacts
in
the
application.
F
Spec
I'd
like
to
see
us
use
some
of
our
bug:
Bounty
money
from
hacker
one
to
put
a
bounty
on
adding
this
feature
because
it's
non-trivial,
but
it
would
be
a
big
security
win
and
we're
working
with
hacker
one
to
try
to
get
that
done
and
cncf.
But
this
is
a
PR.
F
The
proposal
is
a
PR,
the
proposal
yeah
for
sure
and
then
someone's
got
to
write.
The
code
yeah
sure
makes.
A
Sense
cool
so
you're
saying
that
you're
gonna
be
bringing
this
to
the
the
hacking
event.
Michael.
F
So
we
get
money
whenever
someone
reports
a
cve
and
get
the
big
sale,
we
get
a
cut
of
the
bounty,
so
like
cargo
CD
as
a
project
has
money
now
and
we
need
to
get
access
to
that
money
like
get
a
bank
account
and
figure
out
how
we
can
grant
bounties
to
people
to
write
features
once
we
do
all
that
I'm
gonna
advocate
for
attaching
a
bounty
to
adding
this
feature.
Oh
I
see
on
what
you.
F
A
Sense,
that's
a
cool
one!
Thanks
thanks
Michael.
Is
it
okay
to
move
forward
to
the
next
topic?
Yep?
That's
it!
Okay!
Do
you
think
we
need
to
bring
it
back
to
next
week's
discussion
or
you
consider
it
done.
A
So,
are
you
planning
to
drive
this
Bounty
idea
in
the
the
with
the
maintainers.
A
All
right,
cool,
great
stuff,
let's
see
yeah,
we
have
10
more
minutes
and
two
more
topics.
Let's
see,
Joseph
are
you
in
the
call?
Yes
hi.
A
I
spoke
with
you
a
little
bit
this
week
right,
so
let
me
click
the
link.
Yeah
go
for
it.
H
Yeah,
so
the
the
enhancement
proposal,
I
wrote,
is
a
pretty
straightforward,
so
the
application
controller
currently
supports
our
multiple
SCM
providers
already,
including
GitHub,
gitlab,
Azure
and
I.
Think
one
more
but
anyways
the
sem
provider.
Service
interface
is
a
super
simple.
It
has
just
three
functions
to
to
to
override
and
and
then
we
can
hook
it
up
with
additional
provider.
H
H
There
are
two
like
the
the
the
functions
since
the
interface
is
so
simple.
I
just
need
to
like
summarize,
like
two
two
keys
in
the
design.
One
is
that
AWS
core
commit
doesn't
have
a
repository
hierarchy
as
other
SCM
providers
like
they
are
grouped
by
some
sort
of
organizations
or
like
a
kid
lab
groups
or
Etc
that
we
can
allow
users
to
discover
repositories
or
filter
responses
based
on
their
groups,
so
for
AWS
commit
I'm,
proposing
to
use
AWS
tax
to
to
do
the
filtering.
H
So
basically,
users
will
provide
an
optional
list
of
tech
filters
that
and
then
we
use
AWS
Resource
Group
tagging
API
to
filter
on
the
Pokemon
report
reports.
So
this
is
a
pretty
standard
way
of
discovering
AWS
resources.
H
H
Set
a
common
pattern
is
to
mount
a
secret
to
I
can
provide
a
secret
in
the
in
each
application
set
and
then
other
CD
will
read
out
the
secret
and
use
the
secret
to
call
the
target
provider,
but
for
AWS
I'm
I'm,
just
following
the
standard
practice
of
AWS
sdks.
That
application
set
controller
itself
needs
to
have
AWS
identity
provided
by
either
like
environment
variables,
AWS
compute
files
or
like
a
kubernetes
port
identity,
so
in
in
my
case,
I'm
using
like
a
eks.
H
So
it
comes
with
a
im
Rose
for
service
accounts,
so
I
associate
a
role
to
the
service
account.
H
The
application
set
controller
is
using
then
application
set
controller
can
choose
to
discover
its
local
repositories
using
its
Port
identity
without
specifying
the
row
or,
if
user
wants
to
discover
repositories
in
a
in
a
different
AWS
account,
they
can
specify
the
row
so
that
application
set
controller
will
use
its
own
identity
to
assume
the
role
and
then
discover
the
repositories
in
a
different
account,
so
that
that
is
just
really
like
just
the
two
keys
in
this
design.
Otherwise,
the
the
implementation
is
very
similar
to
other
SCM
providers.
A
Cool
thanks
thanks
Joseph
for
the
for
the
Pres
for
the
explanation.
I
yeah
I
think
this
touches
some
security
aspects
that
we
need
to
make
sure
we're
getting
it
right
things
you
describe
about
AWS
permission
to
to
reach
AWS
API,
that's
something
that
wasn't
there
and
now
we're
introducing
with
this
proposal.
A
Yeah
I'm
just
saying
that
it
would
be
great
to
have
a
good
look
in
your
implementation
to
make
sure
that
we're
not
letting
Escape
any
major
security
holes
in
the
code.
But
that's
my
only
bigger
concern.
I
I,
like
the
feature
I,
think
it
makes
sense
and
I
looked
in
your
code,
looks
looks
pretty
good.
You
took
good
attention
to
documentation
and
testing,
which
is
great
thanks
for
that
and
I
think
next
stage.
A
Now
is
really
moving
forward
with
reviewing
your
PR
and,
as
I
said,
I
think
we
need
to
take
a
a
little
bit
a
little
bit
of
care
when
it
comes
to
security
and
in
terms
of
AWS
strategy.
H
Yeah
so
I'm
just
using
the
AWS
golden
SDK
V1
that
already
exists
in
our
GoGo
module,
so
yeah
I
didn't
add
any
additional
dependencies
as
part
of
my
PR.
C
No
everything
you
described
is
basically
best
practices,
I
think
for
AWS
as
far
as
using
irsa
and
assuming
the
roles,
the
only
thing
that
you
would
probably
not
support
and
I
think
it's
so
well.
No
because
AWS
picks
it
up
via
everything
was
bought
on
from
the
off
I
think,
at
least
without
having
looked
at
the
pr.
A
Cool
well
thanks
thanks
Joseph,
for
for
your
for
for
explanation.
Any
any
other
comments
on
on
this.
Anyone
wants
to
take
a
peek
on
reviewing
his
PR,
quick.
F
Note
we've
got
similar
requests
for
Azure,
devops
and
I.
Think
maybe
another
provider
or
two
the
situation
we've
gotten
into.
Is
that
we're
adding
providers
that
the
Argo
CD
core
team,
like
doesn't
have
access
to
testing
environments
or
aren't
super
familiar
with
I?
Think
that
using
the
new
plug-in
generator
feature
that
I'm
testing
right
now
may
be
a
better
route
in
the
future?
F
That's
not
to
say,
I,
see
any
reason
not
to
merge
this.
It's
just
in
the
future.
We'll
make
it
easier
for
folks
to
unblock
use
cases
like
AWS
code
repositories.
F
We're
literally
doing
a
proof
of
concepted
into
it
this
week
and
I
the
code's
behaving
really
really
well.
It
just
may
change
over
the
next
few
days
as
we
make
a
few
tweaks,
but
it
I
think
it'll
be
in
2.8
and
it'll
be
in
great
condition.
Sure.
F
I
think
it
does
yeah
I
mean
if
a
bunch
of
code
has
already
been
written
for
this
I.
Don't
I
don't
want
to
ask
anyone
to
rewrite
all
that.
You
know.
C
A
Okay,
good
timing,
Joseph
so,
and
you
already
provided
a
nice
PR,
so
the
pr
is
out
I
guess
at
this
point
is
a
matter
of
reviewing
it.
He
provided
docs
I
quickly
looked
at
it,
but
I
would
ask
better
review
in
terms
of
security
just
to
make
sure
everything
is
covered
properly.
A
All
right,
so
we
have
three
more
minutes
well
again,
thanks
again
Joseph
moving
forward.
We
have
three
more
minutes.
You
think
is
enough
for
for
you
to
present
this
one
or
you
prefer
to
move
it
to
next
week.
B
Again
so
this
is
kind
of
a
last-minute
Edition
anyway,
I
haven't
yet
created
any
issues
or
proposals,
so
this
is
I,
wasn't
sure
if
it's
needed,
but
I
can
just
give
a
quick
background
for
this,
and
then
we
can
decide
if,
if
this
needs
fulfill
Edge
proposal,
but
basically
this
is
something
I
came
across.
While
I
was
working
on.
My
image
of
data
PR
trying
to
I
came
up.
B
I
was
trying
to
think
about
how
to
make
it
support
apps
in
your
name
spaces
and
that's
when
I
realized,
I
think
the
current
way
of
configuration
that
we
have
for
apps
in
any
name
spaces,
maybe
a
little
bit
problematic
to
make
it
accessible
to
other
components
if
I'm,
not
wrong,
I
think
the
way
we
specify
this
now
is
just
a
list
of
namespaces
that
we
pass
to
the
app
controller
as
an
argument
as
a
command
line,
argument
and
I.
B
Think
and
then
we
separately
added
to
the
project
I
think
if
I'm
not
wrong,
but
the
way
it's
set
up
now,
I
think
it's
hard
to
expose
that
list
of
non-controllably
name
spaces
that
are
being
managed
by
an
instance
to
components
that
are
not
react.
Control,
for
example,
so
the
image
updater
needed
to
know
which
name
spacer
needs
to
pull
applications
from,
for
example.
B
Currently
there's
no
access
to
that
information,
because
it's
kind
of
isolated
within
the
app
controller
so
to
tackle
that
I
was
wondering.
Maybe
it
would
make
sense
to
kind
of
elevate
that
information
into
a
config
map,
for
example,
if
that
list
of
namespaces
there
are
non-controlled
plane,
namespaces
being
watched
by
a
specific
August
CD
instance
is
stored
in
say
the
Argo
cdcm.
B
So
that's
a
name,
that's
a
config
map
that
would
be
accessible
to
not
just
the
app
controller
but
image
updater
and,
like
maybe
notifications
or
any
other
workloads
that
may
need
access
to
that
information
in
the
future.
So
that
was
the
idea
I
had
and
I
was
I,
wasn't
sure
if,
if
you
are
aware
of
any
requirements
from
any
of
the
other
project
like
apps,
that
are
notifications,
that
could
benefit
from
that.
F
We
would
need
to
decide
if
we
wanted
to
be
hot
reloaded,
because
if
so,
I
think
that
there's
like
a
Watcher
in
the
application
controller
that
have
to
be
torn
down
and
built
back
up,
may
have
to
do
something
similar
in
the
application
server.
If
we
don't
hot
reload
it
that's
relatively
easy.
We
just
change
the
primary
source
of
config
I
would
caution
that
in
like
the
image
updater,
so
it's
a
list
of
blobs
and
I
think
it's
kind
of
security
sensitive.
F
So
you
don't
want
your
image
updater
to
expose
information
about
applications
which
are
outside
the
allowed
namespaces.
So
just
make
sure
that
it's,
you
know
interpreted
the
same
way
as
it
is
in
the
application
controller,
but
yeah
I
think
it's
a
reasonable
change.
I
think
a
PR
is
fine.
I,
don't
think
it
needs
a
full-on
proposal.
A
Okay,
I
agree:
maybe
an
issue
briefly
described
describing
what
you're
you're
doing
and
then
a
PR
fixing
that
issue
basically
I
agree
with
Michael.
B
C
B
Moving
it
to
the
CM
would
be
a
reasonable
thing
to
do.
Cool,
okay,
awesome
and
the
the
thing
you
mentioned
about
hot
reloading,
so
is
that
a
decision
that
the
community
would
need
to
be
need
to
agree
on,
or
is
that
just
something
that
you
know
whatever
is
in
the
pr
is
up
for
review
type
thing?
Yeah.
F
I
think
the
latter,
if
folks,
have
an
issue
with
it
or
if
it
looks
like
it's
going
to
be
breaking
in
any
way,
we'll
just
get
feedback
then,
and
if
you
know,
if
we
need
to
add
something
to
the
release
notes,
we
can
I
think
we
should
probably
try
to
make
it
backwards
compatible
but
yeah
as
long
as
we
document
it
well,.
B
Yeah,
that's
another
thing:
I
was
worried
about
whether
this
would
be
a
breaking
change
or
not.
Okay,
I
will
first
try
to
create
an
issue
and
then,
if
needed,
I
could
bring
it
back
up
to
discuss.
But
thanks
for
entertaining
that
real
quick.
A
Okay-
and
we
are
two
minutes
over
I
guess
this
concludes
our
today's
contributors
meeting
thanks
everyone
for
attending
and
see
you
next
week
later.
Thank
you
thanks.
Everyone.