►
From YouTube: CNB Office Hours : 16/12/2021
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
we
should
be
live
now
and
we
can
start
the
session
just
a
reminder
that
there
is
a
document
attached
to
this
meeting.
So
please
sign
in
and
date
any
agenda
items
there.
A
And
that's
pretty
much
it
let's
get
started.
First,
one
is
the
user
variable
andreas?
Do
you
wanna,
like
I'm
guessing
that's
yours,
and
do
you
wanna
give
some
context
on
what
you
wanna
talk
about.
B
Yeah,
so
I
I'm
using
this
cloud
native,
build
pack
and
bass
builder
image
from
drop,
and
we
are
using
this
in
a
kubernetes
cluster
with
an
unprivileged
container
running
and
therefore
we
we
need
to
switch
to
a
specific
user,
the
one
running
the
container
and
in
this
issue
I
call
this
user
one,
two,
three,
four
five
or
one,
two,
three
four
and
there
are
still
switches,
uid
and
group
id
script
switches
for
the
life
cycle
and,
of
course,
there
are
switches
for
the
docker
docker
run
command
to
to
switch
to
a
specific
user.
B
But
if
this
user
doesn't
exist
in
etc,
svd
on
the
host,
this
is
you
will
welcome
with.
I
have
no
name
in
the
container
and
for
this
typically
one
passes
a
dollar
user
environment
variable
to
the
container
in
some
way
to
to
name
the
user,
as
well
as
some
dollar
home
variable
to
specify
the
home
directory.
A
B
It's
not
in
the
etc
folder
and
cannot
looked
up.
Yeah
and
some
build
packs
rely
on
those
variables.
I
think
it's
the
build
pack
or
something
like
this.
I
mentioned
this
an
issue
and
will
fail
if
this
variables
are
not
set,
they
use
a
go
routine
and
try
to
look
up
a
username
and
home
directory
or
something.
A
It
yeah
I'm
just
reading
through
the
issue,
and
I
so
I'm
guessing
you
were
able
to
like
get
through
this
issue
with
the
workaround
that
natalie
suggested
around
putting
the
variable
in
the
platform
directory
and
using
that
that's
correct.
Okay
and
the
the
the
thing
we
want
to
talk
about
is
whether
it's
okay
to
put
this
like.
So
the
life
cycle
strips
out
a
bunch
of
environment
variables
when
build
packs,
get
executed,
and
the
issue
is
I'm
guessing.
A
I
I
mean
what
natalie
did
suggest
would
seems
right
like
if
we
do
want
to
allow
this
variable
in
in
build
packs.
It
would
be
spec
change.
Currently,
we
do
strip
out
a
bunch
of
things
and
the
typical
way
to
pass
variables
to
the
build
pack
is
through
the
platform
and
directory.
B
B
Some
script
and
before
script
blocks,
you
can
specify
commands
executed
inside
the
container
or
image
yeah
and
that
they
are
I'm
calling
the
life
cycle
directly.
A
Yeah,
I
think
in
in
this
case,
what
natalie
is
suggesting
is
is
typically
the
route
I've
seen
other
platforms
take
so
both
pac
and
kpac.
I
believe
like
use
this
strategy
to
pass
environment
variables
and
because,
like
as
nightly
suggested,
you
can't
arbitrarily
pass
environment
variables
since
we
we
can.
We
it's
it's
just
for
us
to
strip
out
potentially
like
variables
that
might
contain
secrets
or
other
things
from
buildbacks,
like
sort
of
shielding
these
variables
from
arbitrary
user
code
and
logic.
A
A
I
I
don't
know
what
the
other
maintainers
would
think,
but,
like
personally,
I
believe,
whatever
platform
you're
using
should
provide
a
way
to
set
these
environment
variables
using
that
platform
directory
rather
than
us
changing
the
spec
and
allowing
some
specific
environment
variables
to
pass
through.
B
Yeah,
it's
hard
to
guess
what
natalie
in
detail
has
in
mind.
I
think
she
has
something
in
mind,
so
maybe
she
should
talk
and
yeah
on
the
next
tweaking
or
something
about
this.
For
me,
I'm
fine
with
the
work
around
for
now,
so
there's
no
hard
need
or
there's
no
yeah,
that
much
motivation
to
write
such
an
rfc.
B
From
my
point
of
view,
there's
some
difference
between
some
random
user
provided
environment
variable
and
this
special
environment,
where
we
have
it's
often
used
in
linux,
unix
systems,
I'm
fine
with
with
all
those
environment
variables.
I
need
in
the
in
the
build
packs
like
bp
underscore
or
my
variable
underscore
whatever
going
through
this
platform
and
approach.
A
B
Others,
yeah
and
and
that's
for
for
reason,
for
good
reason-
and
I
think
the
user
environment
very
well
is-
should
be
treated
like
the
home
variable.
Okay,
especially
because
or
let
me
say.
B
I
I
wonder
how
how
one
is
running
the
life
cycle
in
an
unplugged
container,
and
I
think
this
this
should
not
this.
This
should
be
the
normal
case
and
should
be
fine
that
the
build
pack
has
the
possibility
to
resolve
the
user
in
home
directory.
B
In
my
case,
I've
I've
tested
this
locally
with
podman.
A
B
And
or
you
can
test
this
with
docker
as
well,
you
as
mentioned
in
the
issue,
if
you
file
a
docker,
run
and
provide
a
minus?
U
switch
for
user
group
yeah,
it's
the
same
for
doc
for
part
men,
yeah
and
that's
the
same
way.
Our
kubernetes
cluster
runs
containers
for
each
user
or
for
each
gitlab
pipeline,
there's
a
specific
user
and
typically
in
the
known
user
space,
so
there's
no
possibility
to
override
or
access
files
on
the
host
from
another
pipeline
or
from
another
user
to
separate
user
spaces.
This.
B
I
think
this
is
because
docker
shares
this
user
rights
with
the
host
and
that's
the
case
why,
in
the
docker
world,
always
this
user
thing
is
discussed
in
our
unprivileged
containers.
A
The
the
way
I've
seen
other
people
run
it
with
unprivileged
containers
is,
is
typically
through
a
platform,
as
I
mentioned
so
like
back.
For
example,
like
you
can
use
podman
to
run
this,
then
back
like
you
can
pass
command
line
arguments
to
back
to
set
environment
variables,
so
you
can
pass
something
like
minus
e
user
and
the
value
and
pac
does
exactly
what
natalie
suggested
over
there
with
putting
it
in
the
platform
directory
and
setting
up
volumes
and
other
things.
A
Similarly,
like
some
of
the
other
like
kpac,
which
is
a
kate's
native
platform,
does
something
similar
where
it
again
like
takes
the
user,
like
whatever
environment
variables,
that
the
user
wants
to
set
and
sets
them
in
in
the
platform
directory?
So
typically
this
the
way
other
people
go
around
it
is.
Is
they
don't
use
lifecycle
directly
and
they
just
go
through
the
platform
which
is
which
which
handles
these
common
use
cases
for
them?
A
But,
as
you
said,
there
are
like
certain
special
variables
like
the
proxy
ones.
I
I
guess
we
can
just
keep
our
discussion
and
recording
in
place
and
when
natalie
is
able
to
join
in
the
next
office
hours.
We
can
continue
this
thread,
but
I
I
would
again
like:
are
you
like
part
of
the
gitlab
platform
team
or
something
or
are
you
just
using
it.
B
No
I'm
an
employee
at
the
german
training
company
deja,
va
dp
sister,
the
I.t
sub
company
of
deutsche
bank,
and
there
we
are
actually
using
hiroquish
nowadays,
okay-
and
we
strive
to
to
replace
this
with
another
thing-
maybe
docker
farts,
maybe
native
build
packs
or
something
and
we
we
are
exploring
and
trying
out
several
things,
and
during
this
phase
I
yeah
I
I
tried
to
explode
native
stuff.
B
I
think
it's
possible
to
use
pack,
but
it's
not
that
the
way
I
think
it
should
work
because
it
like
you,
specified
an
image
and
it
spins
up
in
container
and
yeah.
I
can
spin
up
in
container
and
run
pack
inside
and
then
I
have
the
problem
with
the
docker
and
docker
stuff,
which
I
think
will
not
work
in
gitlab.
A
A
Conveniences
that
platforms
provide,
but
have
you
by
any
chance
like
already
tried
this
gitlab
like
there's
this
platform,
that
gitlab
has
that
is
built
on
top
of
pack,
I'm
not
sure
if
you've
already
like
tried
it
or
if
it's
not
applicable.
In
your
case,
I
posted
a
link
to
that
in
the
zoom
chat,
but
I'll
also
post
it
in
the
in
the
agenda.
B
Yeah,
I'm
aware
of
this
gitlab,
auto
devops
feature
we're
not
using
this
yeah
will
be
possible,
depends
on
the
specific
setup
you
you're
running
gitlab.
There
are
thousands
of
ways
and
yeah.
B
Maybe
it's
fine
if
you
get
if
you
use
git
lab
auto
devops,
but
the
back
end
running
the
containers
is
different
from
the
one
we
use.
We
use
a
kubernetes
cluster
as
backend.
A
B
Gitlab
provides
several,
they
called
it
runners
for
those
platforms
and.
C
A
I
mean
running
the
life
cycle
directly
is
like
completely
fine,
it's
it's
just
that
I
was
just
trying
to
figure
out
if
there
was
a
better
platform
experience
that
could
be
provided,
because
there
are
also
other
things
that
platforms
tend
to
do
like
fetching
your
source
code,
applying
the
project
descriptor
and
like
project
descriptor.
Things
include
like
removing
certain
files
or
including
certain
files,
before
they're,
passed
on
to
the
output,
build
image
or
setting
environment
variables
or
executing
inline,
build
packs
and
other
things.
A
So
I
was
just
trying
to
figure
out
if
there
was
a
way
you
could
also
get
all
of
these
other
features
of
build
packs
that
are
not
available
directly
in
the
life
cycle.
A
But
if,
if
you're
not
interested-
and
this
is
a
very
specific
use
case,
then
I
think
we
can
definitely
like
think
about
adding
these
variables
to
the
to
the
list
of
variables
that
are
allowed.
I'll.
Make
a
note
that
lifecycle
already.
A
Is
there
any
other
way?
I
can
help
you
or
is
there
anything
else
you
need
help
on.
B
Now
I
can
add
some
link
from
a
blog
which
helped
me
a
lot
from
code
centric.
I
think
it's
also
a
german
company
we
and
we,
I
think
we
do
yeah
pretty
much
the
same
stuff
and
also
I
would
mention
that
I
think,
there's
some
gap
between
the
spec
and
the
implementation.
B
A
C
A
A
C
A
Wait
thanks,
I
think,
follow
your
topic
is
up
next.
C
Okay,
I
I
didn't
write
a
very
nice
question,
because
I
it's
pretty
much
a
session
that
I
just
had
this
morning
and
I
would
like
to
elaborate
it
with
you
before
I
even
place
it
here
if
it
ever
makes
sense.
So
my
my
question
is
like
when
you
do
a
pack
build,
you
have
several
steps
and
you
can
actually
include
a
a
push
of
the
the
docker
image
which
it
will
be
generated
to
the
container
repository
right.
C
It
could
be
any
any
kind
of
container
repository,
so
my
question
would
be
along
the
lines
where,
after
this
deployment
is
there
any
step
that
I
could
work
out
on
a
file
that
will
be
triggered
where
I
could
make
a
custom
script.
A
A
I
mean
like
not
directly
through
back,
but
if
you
use
like,
if
you're
using
some
shell
script
or
some
ci
cd
platform
you
should
be
able
to,
you
should
be
able
to
run
like
workflow
steps.
I'm
I'm
not
sure
if
I.
C
Yeah
no,
I
was
just
wondering,
like
let's
say
I
have
this
week.
I
asked
on
a
question
on
the
on
the
slack
channel,
where
I
I
need
to
make
like
a
crown
that
will
trigger
one-off
tasks
right
so,
like
imagine
like
a
a
job
scheduler
where
you,
you
can
have
a
kind
of
a
custom
test
that
will
be
triggered.
So
if
you
have.
C
Like
a
kubernetes,
you
can
schedule
those
tasks.
If
you
use
ecs,
you
could
use
an
event
bridge
for
scheduling
on
one
of
tasks.
My
question
is
along
the
lines
like
let's
say
I
have
a
contract
for
a
chrome
tab
file
on
my
project
on
the
root
or
whatever,
like
a
dot
com,
tab
file
and
after
I
push
the
image
I
could
in
this
use
case.
C
For
instance,
I
will
just
go
on
the
on
the
chrome
tab
file
with,
and
they
they
container
get
the
times
that
I
need
to
schedule
the
the
profile
steps
that
I
want
to
trigger,
and
I
would
just
go
to
kubernetes
and
add
that
or
to
ecs
and
add
that
or
if
it
doesn't
make
any
sense,
and
it
would
be
a
very
external
thing
that
I
could
do
on
my
outside
on
the
on
the
ci
part
of
it,
but
I
would
still
have
to
to
go
through
a
project
file
for
that.
A
I
think
in
general,
like
our
platforms,
just
have
been
self-contained
to
building
container
images,
and
we
hope,
like
our
hope,
is
that
you
can
use
some
other
ci
cdo
workflow
orchestration
platform
to
do
anything
you
want
before
giving
us
the
source
code
or
after
the
image
is
processed
and
pushed
out.
A
A
Is
it
possible
to
have
like
a
post,
build
binary
that
does
some
cleanups
in
the
image
before
it's
pushed
out,
so
things
like
a
post
build
binary
could
like
there
might
be
artifacts
left
by
a
certain
build
back
in
the
output
layers
or
workspace
directory
that
you
might,
you
might
want
to
clean
up
after
all,
the
build
packs
have
done
processing.
So
that's
where,
in
the
past
post
build
has
come
up,
but
I
think
like
if
it
if
it
goes
beyond
the
buildbacks
api
and
it's
like
the
generic
workflow
or
ci
cd
thing.
A
A
Like
there
is
a
techton
task
and
you
can
possibly
automate
it
using
tecton,
so
if,
if
you're
using
tecton
to
build
your
images,
you
can
then
also
use
tecton
to
trigger
other
things.
After
the
build
is
done.
That's
that's
potentially
like
that's.
I
think
the
only
ci
cd
like
integration
apart
from
git
lab
that
I'm
aware
of
oh
there's,
also
circles
here.
Sorry.
C
Yeah
yeah,
I
I
believe
it's
any
like
a
github
actions
code
build
from
aws
would
do
the
same
yeah.
I
was
just
wondering
if
that
would
make
make
any
sense
to
have
a
final
step
after
the
the
the
image
has
been
published
to
the
to
the
container
repository.
But
I
don't.
I
don't
think
in
a
second
thought
that
it
makes
sense
because
it's
it's
like
when
you,
you
publish
the
image
to
the
repository.
C
It
is
not
yet
running
right.
It's
only
there
waiting
for
a
redeployment,
so
it
would
be
very
dangerous,
maybe
to
to
set
a
new
crown
or
any
new
thing
before
the
workload
is
actually
replaced
right.
So
I
was
looking
here.
How
heroku,
for
instance,
does
that
and
it
has
a
kind
of
add-on
for
crown
job.
So
maybe
I
should
look
on
a
similar
approach
to
have
a
kind
of
external.
Even
if
I
can
add
a
chrome
type
file
to
the
project,
it
would
be
a
post
deployment
stepping
instead
of
a
post,
build
step.
A
C
Yeah,
okay,
so
I
will
not
even
place
my
question
there
because
I
don't
believe
it
makes
sense.
A
No
worries
happy
to
help.
There's
like
I
I
I
originally
thought
you
were.
You
were
asking
about
the
other
post,
build
stuff
that
the
inside
the
build
container
that
has
come
up
in
the
past,
but
yeah.
I
think
most
of
the
other
users
of
build
prices
have
seen
like
just
use
some
other
platform
to
like
once
they've
created
an
image
with
buildbacks.
They
use
whatever
they
like
to
do
the
deployments
or
tests
or
whatever.
C
C
Okay,
so
I
really
appreciate
you
coming
on
a
last
minute
notice
and
hopefully
we
didn't.
A
Not
at
all
happy
to
help
any
way
I
can.
C
Okay,
yeah
and
I'm
happy
to
be
here
to
I'll
try
to
participate
more
times,
not
with
questions
but
trying
to
be
more
present
on
these
hours.
A
A
Great,
if
that's
it,
for
the
agenda,
I
think
we
can
call
it.
A
Same
happy
holidays
happy
new
year,
I
think
we'll
probably
be
conducting
the
next
office
hours
on
on
the
new
year.