►
From YouTube: Argo Contributors Office Hours Apr 7th 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
And
a
good
good
time
of
your
day,
everyone
today
is
yet
another
contributors
meeting,
and
I
see
that
we
have
few
items
on
the
agenda,
so
I
make
sense
to
share
the
screen,
so
everyone
could
see
what's
on
the
list
and
yet
before
we
move
to
agenda
the
first
item
as
usual,
is
anything
important
happened
during
the
last
week
in
issues
and
discussions?
B
Last
week,
yeah
so
from
my
site,
I
actually
checked
the
few
items
and
I
helped
few
of
them,
but
only
white
items
that
I
would
ask
for
help
in
our
slack
channel
guy,
with
the
name
rahman
asked
in
case.
If
he's
thinking,
some
application
in
rbcd,
his
world
applications
start
to
restart.
So
if
someone
who
familiar
with
inspiration,
argo
city
and
vault
and
all
these
things,
if
you
can
help
because
he
he
pins
me
directly
in
also
directly
and
say
that
this
problem
in
his
production
and.
A
Yeah,
I
guess
maybe
to
make
it
easy
to
find.
Maybe
can
you
add
a
link
here
in
you
know
in
the
working
document
I.
C
Yeah
from
issues
point
of
view,
I
think
we
have
received
many
issues,
but
most
of
them
like,
I
think
we
were
able
to
comment
and
some
of
them
users
have
to
get
back
so
yeah.
A
A
If
not,
I
will
have
to
go
just
down
the
list
and
I
I'm
on
pto
next
week.
Sorry:
okay,
minus
okay,
skipping
one
name.
E
A
Awesome,
thank
you,
okay.
This
is
done
so
we
can
move
on
and
the
one
item
here
I
know
what's
it
about,
I
think.
Basically,
there
is
a
pull
request
that
at
support
of
integration
with
traffic
in
algorithms
and
philip
added
it
philip.
Do
you
want
to
take
over
and
present
this
topic.
E
Maybe
let's
share
yeah.
I
think
I
can
share
and
maybe
show
a
little
demo.
Okay,
yeah
go
ahead.
Do
you
see
my
screen.
E
I
added
the
field
named
traffic,
routing
traffic
inside
the
field,
traffic
routing
and
the
field
traffic
contains
the
field
name,
the
traffic
source
name,
and
it
takes
the
name
of
the
traffic
source.
E
E
And
the
and
the
system
gives
the
desired
weight
of
the
new
application
version.
The
system
gets
the
canary,
stable
and
traffic
service
name
from
the
reliability
resource
manifest,
and
then
it
finds
the
traffic
source
manifest
using
its
name
and
set
the
desired
way
to
the
canary
service
as
it
forwards
the
traffic
to
the
new
application
version
and
set
100
minus
desired
way
to
the
stable
source
name
inside
the
traffic
source
service
manifest
and
may
call
to
the
recipe
server
to
update
the
traffic
source
manifest
in
kubernetes
storage.
E
E
E
E
E
A
E
A
And
unless
does
this
object
gets
its
own
host
name
within
kubernetes
or
like
how
something
would
access
that
service?
It's
more.
E
A
How
traffic
traffic
works?
I
guess.
E
So
ingress
road
take
the
entry
point
and
redirect
the
traffic
to
the
traffic
service.
Then
traffic
service
gets
this
traffic
and,
according
to
the
manifest
understand
to
where
it
should
redirect
to
the
stable
rollout
of
canary
rollout
and
reload
controller,
simply
change
the
manifest
of
traffic
service.
E
And
thanks
to
that,
we
can
see
that
the
the
weights
to
the
new
version
of
application
and
the
stable
is
changing.
G
How
does
it
work
when
the
weights
are
both
set
to
one?
Can
you
repeat
please
so
in
your
example,
you
have
weight
of
one
for
both
the
stable
and
canary.
G
E
Yeah,
it
is
simple,
the
initial
value
and,
as
I
understood
it,
will
be
like
a
50
here
and
fifty
percent
here.
G
Oh
so,
traffic
well.
E
Yeah,
so
it
is
simply
the
initial
value
when
rollout
controller
detects
that
we
created
the
resource,
it
see
that
we
said
the
traffic
routing
and
finding
using
this
name
after
that,
when
it
finds
he,
it
tries
to
make
the
to
make
the
desired
state
that
we
described
here
in
this
manifest.
So
if
we
set
the
thirty
percent
for
the
canary
allowed
it
changes
here
and
using
k9s,
for
example,
we
can
see
that
the
value
here
also
is
changing.
It
is
the
same
resource.
G
Okay,
yeah,
I
I
was,
I
guess
it
was
more
of
a
question
with
this
traffic.
Do
when
you
give
it
weights
that
don't
add
up
with
two
100,
because
I
didn't
realize
it
was
just
dividing
it
by
the
the
the
sum
as
a
denominator,
but
I
I
I
get
it
now.
Thank
you.
G
G
Yeah
yeah,
that's
what
I'm
suggesting
the
one
in
one
was
just
he
said
the
initial
setup,
but
if
you
put
one
in
one,
then
if
you
are
managing
this
traffic
service
at
with
argo
cd
and
it
would
present
a
diff
like
perpetually
a
perpetual
diff,
because
at
a
steady
state
it
would,
it
would
be
a
zero
100
and
zero.
F
Which
would
cause
some
sort
of
conflict
right
is
this
is
more
a
traffic
service
kind
of
question,
but
phillip,
do
you
know
if
the
the
weight
is
a
mandatory
field
in
this?
In
this
manifest?
Sorry,
I
I
don't
know
much
about
traffic.
E
My
monitoring
fields,
as
I
underst,
if
I
understood
you
correctly
and
my
money-
you
mean
that
if
I
will
change
this
field
in
traffic
service,
the
controller
should
detect
that
you.
You
asked
about
that.
F
No
actually
there's
a
conflicting
problem
here,
because
my
understanding
is
that
the
traffic
service
will
will
be
created
by
the
time
the
developer
is
deploying
their
their
application
right.
So
it's
part
of
their
their
application.
The
traffic
service
manifest
is
going
to
be
applied
by
whoever
is
responsible
for
applying
this
in
kubernetes,
but
at
the
same
time
when
the
rollout
starts,
rollout
will
also
be
updating
the
same
state
right.
F
So
now
we
have
a
conflict
with
the
desire
state
that
is
in
git,
which
is
set
one
one
in
your
example
and
the
values
that
rollout
is
updating
during
the
the
the
the
execution.
So
my
I
guess
my
question
is:
what
happens
if
we
just
do
you
know?
If
what
happens
if
we
just
remove
the
weight
from
this
from
this
manifests
and
what
would
be
the
the
traffic
behavior
in
this
case,
because
if
we
remove
the
weight,
then
we
avoid
this
conflict.
F
E
I
think
that
I'm
not
sure
I
didn't
test
it,
but
I
think
that
if
we
we
will
remove
for
the
traffic
source
simply
will
will
set
the
default
like
50
to
50..
I
I
think-
and
maybe
I
I'm
reading,
but
I'm
not
sure
about
that
if
we
won't
set
the
weight.
The
initial.
A
F
Exactly
I
was
thinking
about
that,
but
I
wanted
to
make
sure
that
this
is
a
required
field
or
not,
because
if
it
is
required,
then
I
guess
we
have
to
update
that
in
the
documentation
to
tell
the
user
what
to
do
in
this
case.
G
You're
you're
wondering
if
the
whole
weighted
field
is
required
right,
yes,
yeah
exactly,
I
think
it's
not
so
I'm
looking
at
the
spec
and
there's
there's
actually
three
fields.
G
I
think
there's
a
load
bouncing
field,
a
weighted
round-robin
and
a
mirroring
field.
So
to
answer
your
question,
I
think
they
they
could
have
a
traffic
service
without
a
whole.
This
stands
missing
completely
cool.
F
Well,
this
way
it's
easier,
so
cool
yeah,
maybe
something
we
need
to
think
about
when
writing
the
documentation
for,
for
this
feature,.
A
A
Awesome:
okay,
I'm
sharing
my
screen
again.
So
next
topic
is
alex
collins
and
ergo
city
extensions
proposal
that
didn't
get
much
attention
recently
alex.
Do
you
want
to
share
the
screen
or
is
it
okay?
If
I
show.
H
Yeah
sure
I'll
do
that.
I'm
just
thinking
how
to
approach
this
topic,
because
I
realized
I
haven't
addressed
a
couple
of
questions
that
people
had
against
the
document,
because
I
didn't
get
any
notifications
for
it,
and
also
the
topic
of
security
causes
is,
is
quite
a
large
topic.
H
I
don't
think
it
can
be
discussed
in
just
a
few
minutes,
unfortunately,
so
instead
I
thought
I
would
just
focus
on
the
use
cases
because
zooming
out,
I
think
that
that
is
what
is
important.
F
H
H
H
So
today,
an
argo
cd
extension
allows
you
to
embed
in
the
user
interface
a
a
react
component
and
basically,
when
you
click
on
a
resource
in
the
resource
tree
I'll
show
you
I
don't
I'm
assuming
it's
probably
not
installed
on
this
server.
H
Click
on
a
resource
in
the
resource
tree,
you
can
install
it
in
this
one.
I
think
so.
H
H
The
ui
component
is
loaded
into
the
user
interface
and
then
the
ui
component
is
effectively
passed
information
about
the
application
tree,
the
particular
node,
that's
selected
within
the
tree,
I'm
kind
that
kind
of
information.
They
can
basically
display
information
about
the
resource.
Now
this
is
kind
of
hidden,
unless
I
think,
unless
you
know
about
it,
you're
not
going
to
really
discover
it
because
it's
right
down
here
in
the
user
interface,
I
mean,
what
does
more
even
mean
I
don't
people
are.
Only
people
are
going
to
discover
this
and
everyone's
clicking
around
randomly.
H
So
I
think
that's
a
bit
of
a
bit
of
a
shame
and
I
think,
there's
opportunities
to
do
more
with
this,
so
my
thought
was
to
add
the
ability
to
kind
of
embed
widgets
in
additional
toolbar
icons,
and
here
that
that
would
allow
this.
I
call
this
application
status
panel.
H
I
don't
know
if
people
have
other
ideas
about
that
and
then
they
can
deep
link
into
some
other
side
panels,
the
resources
so
the
examples
I've
I
mean
I've
given
a
few
different
use
cases
and
I
want
to
kind
of
like
highlight
non-use
cases.
H
So
these
ones
I
can
use
in
this
two
I
think
quite
interesting,
use
cases
and
explain
why
in
a
second,
so
a
wavefront
extension
will
allow
me
to
bring
metrics
into
the
user
interface
from
wavefront
or
some
other
metric
facilities.
It
doesn't
really
matter
which
that
allows
me
to
understand
a
bit
more
than
just
is
my
application
in
sync
or
out
of
sync,
and
so
at
the
point
of
doing
a
sync
having
some
of
that
data,
a
bit
more
readily
accessible
to
me
would
be
quite
useful
as
a
user.
So
an
example.
H
I've
I've
raised
some
cpu
and
memory
metrics.
Let
me
just
a
bit
of
an
arbitrary
choice,
probably
not
the
choice.
I'd
actually
use
myself
and
then
clicking
on
that
more
button
to
dig
deeper
into
like
a
very
high
level
graph
of
that
information
and
have
that
graph
enriched
with
some
details
about
the
application
history.
So
I
could
show
a
metric
here
and
that
could
actually
then
show
me
when
the
application
was
released,
allowing
me
to
quickly
kind
of
visually,
see
what's
happening
to
my
application
here.
H
I'm
kind
of
this
is
kind
of
long
goals,
for
this
would
be
things
like
providing
huge,
wavefront
dashboards
or
embedding
the
whole
wavefront
in
the
user
interface.
That
would
be
a
mistake
to
do
and
simply
because
we
can
never
provide
flexibility
inside
the
user
interface
to
do
that.
One
of
the
nice
things
about
wavefront
is
that
you
can
go
in
there.
You
can
create
whatever
dashboards
you
want
to
have
whatever
data
you
have
available.
People
like
that
this
also
kind
of
hints
at
another
kind
of
use
case
around
highlighting
under
utilization.
H
So
this
data
behind
this
application
shows
this
application
is
quite
underutilized.
You
know
it's
reserved,
50
cpu
cores
and
is
using
six
and
it's
reserved
164
gigabytes
of
rams,
but
only
using
about
100
meg
of
ram
so
actually
kind
of
highlight
another
use
case.
You
can
use
surface
in
one
place
to
use
a
potential
cost
optimizations
for
them.
H
So
that's
one
example.
Another
example
would
be
like
a
security
analysis
of
the
application
so
going
in
there
kind
of
warning
the
users
that,
if
syncing
your
application,
would
introduce
any
kind
of
security
regression
as
highlighted
by
some
kind
of
tool.
So
you
know
moving
from
moving
from
one
image
to
another.
The
new
image
has
some
security
issues
and
you
can
have
a
plug-in
in
the
user
interface.
That
means
every
user
of
argo
cd.
H
Has
that
information
to
hand
and
knows
that
they're
doing
a
single,
secure
regression
and
also
kind
of
like
highlighting
anything
else.
You
want
to
security
recommendations
as
well.
This
is
not
you
know,
a
lot
of
teams
do
this
further
left
in
the
pipeline,
and
that
is
obviously
the
right
thing
to
do
ultimately,
but
that
requires
you,
every
single
team
to
con
configure
for
every
single
application
that
security's
scanning.
You
know
you
have
to
vend
it.
H
That's
obviously
an
enormous
amount
of
work,
whereas
just
having
that
in
the
argo
cd
user
interface
and
it
kind
of
surfacing
that
information
to
users,
you
know
that's
a
very
you
can
just
do
that
in
one
place
and
then
every
single
user
gets
that
and
then
you
only
need
to
update
it
in
one
place.
There
are
a
few
other
use
cases
here.
I
think
you
could
do.
I
need
you.
You
need
to
avoid
this
kind
of
slippery
slope
towards
becoming
a
developer
portal.
H
I
think
argo
cv
is
not
a
developer
before
portals
application,
delivery
platform,
they're
very
different
things,
and
I
don't
I
mean.
Doesn't
I
don't
think
you
could?
Even
you
go
down
that
slippery
slope?
It
wouldn't
make
any
sense
at
all
actually
to
go
down
that
slippery
slope,
because
argo
cd
doesn't
know
about
the
rest
of
the
sdlc
for
your
applications.
So
I
don't
know
you
don't
want
to
go
down
the
slope.
You
can't
it's
not
practical
to
go
down
that
slope
either.
H
Okay,
so
so
there's
that
now
to
do
this
to
bring
these
features,
and
you
kind
of
need
to
do
two
things.
One
is
to
change.
How
ui
extensions
work
to
allow
you
to
extend
different
parts
of
the
user
interface
and
to
do
that?
You
need
to
change
the
way
that
they
they
are
loaded,
because
you
actually
need
to
load
ui
extensions
ahead
of
time,
I.e
when
the
application
argo
cd
is
loaded
into
the
browser
effectively,
rather
than
you
know.
H
Only
when
you
click
down
into
the
rollout
resource
or
whatever
other
resource
you
click
down
into
and
the
other
thing
is
you
need
to
be
able
to
get
data,
for
you
know
to
go
into
the
user
interface.
You
need
to
reach
out
to
another
system
to
do
that.
H
We've
discussed
two
options
for
one:
one
is
cores
ie,
allowing
argo
cd
ui
to
speak,
to
make
http
requests
from
the
web
browser
to
other
systems
or
the
other.
Other
alternative
is
to
allow
them
to
speak
to
argo
cd
but
argo
cd
to
effectively
proxy
through
to
other
systems
to
surface
that
information
and
there's
a
couple
of
kind
of
examples
of
doing
that
already
so
backstage
to
io
is
really
built
around
a
plug-in
system.
H
That's
kind
of
one
of
its
unique
features
and
you
can
install
a
plug-in
to
that
and
backstage
to
io
provides.
You
know,
provides
the
promise
that
your
plug-in
will
only
receive
a
request
that
has
been
authenticated
by
a
user
and
kubernetes
also
provides
api
extension
mechanisms.
The
one
that's
kind
of
sometimes
is
called
api
aggregation.
H
I
I
don't
know
much
about
this
api
aggregation
and
that
kind
of
you
know
hints
to
me-
that's
actually,
maybe
not
particularly
popular,
not
particularly
well
well
used
to
use
that
system.
Of
course
you
have
to
have
access
to
the
kubernetes
api,
so
I'll
be
interested
in
that,
if
anybody's
ever
heard
of
people
using
that,
because
I
I've
not
doesn't
mean
it's
not
the
case
just
I
mean
I've
not
heard
about
that.
H
A
I
have
a
comment,
no
not
a
question.
I
I
feel
like
we're
kind
of
discussing
like
two
big
changes
here.
One
is
the
ability
to
have
more
ways
to
extend
ui
and
second,
this
api.
A
Maybe
I
think
both
of
these
are
kind
of
part
of
extensions
feature,
but
I
I'm
pretty
sure
we
will
be
discussing
those
separately
yeah
yeah,
it's
like,
and
then
I
know
that
that
all
the
things
that
about
ui
we've
discussed
those
before
and
and
that
was
kind
of
I
mean
it-
was
not
planned,
but
I
think
everyone
who
cared
about
extensions
wanted
this
in
the
past
already,
so
we
wanted
some
way
to
have
application
level
extensions
so
that
you
load
extension
ahead
of
time
like
as
soon
as
you
open,
ui
extensions,
already
loaded
and
yeah,
and
the
only
reason
why
resource
specifics
extensions
are
loaded
on
demand
is
because,
potentially
you
can
have
a
lot
of
those
and
it
kind
of
doesn't
make
sense
to
load.
A
H
Yeah
I
I
yeah,
I
mean
I
mean
all
my
analysis
is
on
this.
It
assumes
that
we
want
user
interface
extensions
right,
but
I
wouldn't
be
scared
of
revisiting
that
question.
You
know
some
of
the
feedback.
I've
got
from
people
and
you
know
when
you
look
at
the
security
model,
is
like
argo.
H
Cd
has
a
great
deal
of
power
compared
to
any
other
kubernetes
application,
because
if
you
breach
the
user
interface,
which
you
could
do
from
a
browser
that
had
installed
a
plugin
written
by
a
hacking
group
which
specifically
targeted
targo
cd,
if
that
would
happen
you
have
you
know
you
have
an
attacker
within
your
browser,
able
to
use
the
apis
that
you're
able
to
use
and
delete
applications.
So
you
know
there
is
you
know
there
is
a
there.
Is
a
supply
chain
attack
there
that
already
exists
for
extensions,
so
that
is
just.
H
H
H
Yeah,
because
me
and
myself
and
mike,
have
discussed
this,
it's
kind
of
like
a
great
deal
of
detail
recently.
So
just
to
kind
of
summarize
those
two
approaches
cause
essentially
you're,
you
say
to
the
user
interface.
It
is
acceptable
to
make
the
requests
to
servers
that
are
not
argo,
cd,
that's
essentially
what
you're
saying,
whereas
the
proxy
approach,
you
say
you
can
only
make
requests
to
argo
cd
from
the
user
interface
and
then
that
you
know
that's
the
main
difference
the
the
the
anecdotally.
H
I
don't
know
if
people
will
agree
or
disagree
with
this
core
security
misconfiguration
is,
you
know
you
know,
top
10
off,
swap
issue
and
cause
is
seems
to
be
anecdotally,
quite
easy
to
misconfigure.
H
Now,
if
we
combine
that
facts,
we
assume
that
it's
easy
to
misconfigure,
that
some
percentage
of
users
will
misconfigure
their
core
setup
when
they
use
this
and
allow
that
ui
extension
to
reach
into
other
systems
incorrectly,
and
it
shouldn't
be
allowed
to,
and
the
fact
that
you
then
also
need
to
your.
Your
plugin
needs
to
be
able
to
figure
out
where
to
speak
to
in
a
proxy
situation.
It
just
speaks
to
the
same
hosts
and
ports
as
argo
cds.
H
There
is,
there
is
no
configuration
zero
configuration,
but
in
a
core
scenario
every
instance
of
argo
cd
for
every
organization
needs
to
be
configured
so
n
instances
times.
N
organizations
need
to
be
configured
so
the
chance
of
security
misconfiguration
is,
I
think
it
goes
from
small
to
basically
guaranteed
you're
guaranteed
some
misconfiguration
somewhere
at
that
point.
So
that's
the
main
reason
I
think
cause
is
less
secure
again
with
argo
cd
at
the
server
api.
H
And
the
extension
service
in
the
proxy
scenario
only
needs
to
allow
ingress
from
the
argo
server
so
that
ingress
route
can
be
secured
from
the
argo
server
to
the
extension
in
the
cause.
Example,
of
course,
the
extension
now
needs
to
allow
ingress
from
anywhere
that
the
ui
extension
can
be,
which
will
be
any
browser
with
inside
your
corporate
vpn
at
that
point,
so
you
have
to
open
up
that
ingress.
So
these
are
the
these
are
the
two
or
three
different
reasons
I
think
I
can
reasonably
say:
cause
is
less
secure
than
proxy.
H
The
flip
side
of
that,
of
course,
is
it
moves
the
security
issue
into
a
single
place,
which
is
the
argo
server
and
you
have
to
address
all
the
security
issues
there.
That's,
I
don't
think
that's
a
bad
thing.
I
think
it's
a
good
thing
rather
than
having
loads
of
different
places
to
get
security
wrong.
You
just
have
one
place
to
get
it
very,
very
wrong,
but
that
I
mean
that's,
I
think,
that's
a
better
position
to
be
in
it's
quite
hard
to
explain.
H
Then
I
don't
have
a
good
diagramming
tool
to
to
try
and
build
diagrams
to
explain.
I
feel
really
struggled
to
explain
it
to
people.
You
know
good
ways
to
do
this.
I'd
love
to
know
about
that.
H
J
H
So
but
that's
the
attack
surface
of
the
extension
surface,
which
I
mean
if
you
look
at
the
system
as
a
whole
in
terms
of
the
whole
attack
surface,
it's
both
argo
cd
plus
the
extension.
It's
those
two
things
combined,
give
you
your
attack
surface,
that's
bigger
in
the
cause
scenario,
because
the
argo
server
attack
surface
is
unchanged,
but
the
extension
service
service
has
a
larger
attack
surface.
So
the
overall
attack
surface
is
increased
by
cause
versus
proxying
versus
doing
nothing.
A
A
It
provides
no
kind
of
features
for
user
for
users
to
pass
parameters
safely
and
that
that,
as
a
result,
we
kind
of
the
config
management
plug-in
creator
had
a
vulnerability,
so
I
think
it's
already
kind
of
available
publicly.
It
was
not
like
a
real
vulnerability,
but
it
was.
A
So
the
creator
of
that
extension
wanted
to
explain
to
users
how
you
can
kind
of
bypass
all
the
additional
arguments
to
to
help
and
just
suggest
it
to
you
know,
use
environment,
variables
and
kind
of
on
the
fly,
create
the
shell
command
and
that's
not
safe.
So
even
though
so
it
so.
I
think
this
example
is
kind
of
close
to
the
extensions
example,
so
we
kind
of
gave
no
help
to
the
extension
config
management.
Plugin
creator.
A
Okay,
no,
never
mind,
but
idea
that
if
we
do
not
help
users
to
make
it
secure,
they
will
do
it
in
an
insecure
way,
which
is
even
worse.
So
if
we
have
some
control
we
you
know
we
can
improve
it.
At
least.
H
I
don't
haven't,
I
mean
I
haven't
even
talked
about
that,
but
there's
loads
of
other
issues
around
authentication
with
calls
yeah,
I
mean.
How
does
the
extension
service
know
that
the
request
it's
getting
is
authorized?
H
If,
if
it's
got
argo
cd
sending
a
request
to
it,
then
it
can
have
an
authorization
from
the
argo
cd
server
saying
I'm
argo
cd
and
you
can
go
yes,
you
are
because
you've
got
the
token
if
that
comes
directly
from
the
browser,
and
you
have
n
extensions.
You
now
have
end
times
that
problem,
because
every
one
of
those
extensions
needs
to
correctly
implement
that
security
and-
and
you
can
get-
I
mean
it's-
a
foot-
guns
left
right
and
center
as
well
as
what
it
is.
H
I
think
it's
just
very
hard
to
get
right.
I
mean
that's
just
not
to
say
that
this
is
I.
I
don't
think
you
should
offer
the
cause
approach
as
an
alternative.
This,
I
think,
as
an
alternative,
because
you're
offering
nothing
but
not
not
exactly
not
support,
ui
extensions
and
I
think
that's
an
entirely
valid
option.
If
security
is
is
of
primacy.
A
H
But
I
mean
today's
ui
extensions
are
low
risk
because
they
only
get
loaded
when
you
click
on
a
particular
resource.
A
lot
of
users
are
not
going
to
do
that.
You
know
that
that
I
know
that
probably
wasn't
intentional,
but
that
actually
makes
them
more
secure,
because
that
limitation
actually
makes
them
more
secure
and,
as
I
said,
I
don't
think
people.
I
think
you
guys
know
that
not
I
don't
think
from
what
I've
heard
they're
being
used
a
lot.
So
so
so
they
don't
get
loaded
a
lot.
They
don't
get
used
a
lot.
H
I
don't
think
any
real
issues
exist
with
them
today,
because
they're
kind
of
not
really
used
very
much.
The
question
is,
you
know,
do
we
you
know
ultimately?
Do
we
want
to
support
ui
extensions
in
you
know
full
ui
extensions,
with
a
lot
of
flexibility
to
do
to
do
different
things
or
or
not,
and
I
think
I
think
it's
an
entirely
valid
question,
because
you
know
you
said
if
you
breach
the
user
interface.
H
If
a
hacker
attacker
breaches
the
user
interface,
I
mean
they're
in
an
extremely
strong
position
to
cause
a
lot
of
problems
like
it
kind
of
terrifies
me.
If
I'm
honest,
you
know
as
soon
as
I
knew
I'm
running
argo
cedar
like
well,
nobody
in
the
organization
is
allowed
to
install
any
browser
extensions
because
it's
too
risky
for
allowing
people
to
have
browser
accessories
running
inside
an
organization.
Yet
people
do
that.
I
mean
it
seems
perhaps
a
bit
dysfunctional.
H
It
seems
crazy
to
me
when
you,
when
you
dig
into
it
and
what
I
want
to
do
I
mean
this
is
this:
is
the
this?
Is
the
challenge
to
explain
in
in
text
how
the
security
works?
I
think
very
difficult.
So
if
anybody
knows
any
methods
to
kind
of
diagram
this
stuff
I'd
be
interested
about
that.
H
The
way
that
I
think
about
it
is
you
just
figure
out
what
happens
when
a
particular
software
component
is
breached
and
you
describe
what
that
attacker
can
do
once
they're
inside
the
argo
cd
server
or
inside
the
you
know,
configuration
mention
plugin?
What
can
they
do
at
that
point
and
that
tends
to
be
quite
instructive,
even
if,
even
if
you
can
find
reasons
they
couldn't
get
in
there.
I
So
a
couple
notes,
one
of
them
kind
of
related
security,
the
other
not
on
the
security
one.
It
would
be
nice
to
know
if
there
is
somebody
who
is
eager
and
willing
to
start
writing
a
plugin
or
an
extension
so
that
we
can
keep
their
use
case
in
mind
while
designing
it,
and
I
think
that'll
help
us
think
through
security,
a
lot
having
something
concrete.
I
The
second
point
is
it's
just
escape
me,
so
I'm
gonna
have
to
write
it
in
chat,
but
yeah
good
good
to
have
a
concrete
use
case.
G
H
I
I've
kind
of
like
shown
you
two
one's,
definitely
an
idea,
the
security
one,
because
there
are
other
basically
but
the
the
metrics
one
surfacing
application
metrics
in
the
user
interface,
which
is
not
so
different
to
health
checks.
If
you
think
about
it,
that's
the
that's
the
specific
use
case,
I'm
looking
to
solve.
B
I
I
H
A
H
D
A
To
be
honest,
I've
got
feeling
that
it,
the
real
use
case,
will
really
help
us
to
move
forward
like.
If
we
get
one
real
use
case,
then
we
can
just
focus
on
what
it
takes
to
implement
this
use
case,
and
if
it
needs
proxy,
we
should
consider
proxy,
if
not
that's
my
opinion.
Based
on
today's
conversation.
D
So
alex
alex
collins,
what
do
you
think
actually
so.
H
Let's,
let's
take
it
offline,
have
a
chat,
I
think
we're
out
of
time.