►
Description
This session goes over all the work currently being done to enhance the demo environments used for Workshops and Showcasing different GitLab Security Features. It includes a scalable notes application with a running MariaDB database. An application using the GraphQL API in the backend to manage vulnerabilities, Projects containing compliance pipelines, a Workshop using GitLab Pages and much more.
A
Good
morning,
good
afternoon,
good
evening,
good
very
early
morning
for
some
of
us
welcome
to
this
csr
enablement
session,
see
a
skills
exchange
as
we
call
it.
So
today
we
are
actually
honored
to
have
fernando
diaz
with
us
to
talk
to
us
about
enhanced
devops
devsecops,
actually
not
only
devops
but
devsecops
and
compliance
management,
demo,
environment,
and
I
guess
he
took
tootsie
away
so
twitch
is
not
going
to
advance
the
slide
for
us,
but
he's
going
to
help
us
with
that.
B
Yeah,
no
thanks
tabo.
That
was
a
great
introduction,
so
my
name
is
fernando.
B
I
work
in
technical
marketing
and
we
make
all
these
different
assets
that
we
can
use
within
marketing
to
really
showcase
git,
lab
and
and
its
benefits,
and
the
thing
I
wanted
to
go
over
today
was
an
environment
that
we've
created
and
where
we
continue
to
iterate
on,
and
this
is
something
that
we
use
for
different
things
like
showcasing
different
partners,
customers,
analysts
and
we
use
these
environments
to
kind
of
really
show
off
how
these
features
work,
and
this
is
something
public
facing
that
anyone
can
access
and
anyone
can
go
through.
B
I'm
in
the
process
right
now
of
building
a
security
workshop
that
can
be
used
from
anybody
to
learn
the
different
security
features
and
how
to
use
them
and
best
practices.
B
So
let
me
start
with
showcasing
you
the
demo
project,
what
we
have
so,
oh-
and
one
thing
I
wanted
to
add-
there
is
a
document
where
you
can
add
any
questions
that
you
have,
but
also,
instead
of
just
questions
as
you
as
I
go
through
the
demo
project.
If
there's
anything
that
you'd
like
to
see
in
it
that
you
haven't
seen
already
or
that's
not
included
in,
there
feel
free
to
feel
free
to
add
it
in
this
document,
and
it
will
be
something
I'll
consider
adding
to
the
demo
project.
B
Thank
you
so,
within
our
tech
marketing
for
our
tech
marketing
group,
I've
created
this
devsecops,
another
subgroup
called
devsecops
and
within
it
there's
gonna
be
two
things.
There's
the
workshop.
B
I
actually
used
to
work
at
ibm
down
the
street
breaker,
where
the
first
traffic
scene
was
recorded,
where
it
says,
stop
and
go
traffic.
It
was
actually
recorded
right
by
ibm,
and
I
did
work
at
ibm
in
the
past,
which
I
consider
to
be
in
attack
in
a
sense.
So
just
adding
a
little
bit
of
information
is
why
I
chose
that
name.
B
B
So
I
can
add
the
note
and
then
it'll
tell
me:
hey
has
been
added
and
then,
if
you
see
at
the
bottom,
this
hey
note
was
added.
So
in
the
past
this
was
using
a
sql
lite
database
and
I
can
only
have
one
container
running
because
since
it's
a
static
file,
there
will
be
problems
with
the
locking
between
two
different
applications
accessing
the
same
static
file.
So
what
I've
done
is
I've
gone
ahead
and
made
a
change
to
actually
use
a
maria
dv
back
end,
so
this
will
be
running
with
maria
db.
B
In
the
back
end,
it'll
you'll
be
able
to
replicate
it
and
scale
horizontally
and
make
multiple
pods
with
multiple
containers
in
them,
and
then
they
would
access
the
database.
So
I've
done
that
it
has
an
add
delete,
feature
and
then
I've
added
an
admin
login.
B
So
you
can
log
in
you
have
basic
off
and
then
with
this
basic
off
you
can
go
ahead
and
reset
the
database
table,
and
this
is
gonna
and
the
way
that
this
ties
in
is
you'll
see
different
things
detected
by
our
vulnerability
scanners,
like
insecure
authentication,
because
password
was
just
for
letters
and
it's
actually
hard
coded.
So
our
secret
detector
will
find
that
and
we'll
actually
be
able
to
use
das
to
reveal
a
vulnerability
within
the
system
or
very
insecure
authentication.
So
that's
the
reason.
I've
created
that's
a
simple
application.
B
You
can
come
here
and
you
can
see
the
gitlab
yaml
and
you
can
see
that
I
deploy
the
database,
so
I
just
use
the
helm
chart
to
deploy
mariadb
and
then
I
deploy
the
staging.
So
I
have
a
staging
environment
where
I'll?
Actually
so
this
uses
the
kubernetes
agent
and
what
it
does
is
I'll
get
the
contacts
from
the
actual
kubernetes
agent
and
then
I'm
able
to
run
cube.
B
Ctl
commands
with
the
permissions
that
the
agent
is
given
so
you'll
be
able
to
do
different
things
like
this
home
upgrade
is
possible
because
of
the
contacts
that
I'm
using
and
then
within
here
you
can
see
all
the
different
templates
which
I
have
for
the
different
security
jobs
that
run
and
different
variables
that
I
need
for
das
to
recognize
what
it's
going
to
be
targeting.
B
So
if
I
look
at
a
merge
request
here,
so
I
created
a
merge
request
where
I
just
added
a
bunch
of
vulnerabilities.
So
I
added
like
made
the
permissions
on.
B
B
I've
made
a
return
to
500
to
check
out
the
api
scanning
and
I've
done
just
a
whole
bunch
of
different
changes
that
will
trigger
vulnerabilities.
So
if
I
go
here,
you'll
see
a
few
things
that
are
set
up
so
the
first
one
is
merger
across
approvals
and
if
you
haven't
seen
merchandise
approvals,
they're
a
way
of
kind
of
validating
code
and
allowing
others
to
review
code.
So
it's
kind
of
you're
enforcing
the
review
process
and
what
happens
is
if
you
have
a
vulnerability.
B
B
If
certain
criteria
are
detected,
so
one
would
be
the
vulnerability
check
which,
if
there's
any
vulnerability
detected-
and
you
can
kind
of
fine-tune
it
to
the
different
types
of
vulnerabilities
and
I'll
show
you
that
a
license
check
if
a
denied
license
is
detected,
there's
a
license
policy
and
if
there's
a
denied
one
detected,
then
you'll
need
someone
to
approve
and
same
thing
with
the
coverage
check.
B
If
coverage
happens
to
drop,
then
you'll
require
approval
in
order
to
get
this
committed
and
the
reason
why
we
do
this
for
coverage
is
working
in
the
open
source
community.
So
I
used
to
work
a
lot
within
the
kubernetes
community
and
in
the
past
openstack,
and
there
were
many
cases
where
merge
requests
would
not
be
reviewed
unless
they
actually
had
unit
tests.
B
That
would
check
that
will
test
your
function,
so
this
kind
of
enforces
that
even
to
another
level,
where
now
we
see
the
coverage
drop,
that
means
you
probably
didn't
cover
everything
with
your
unit
tests.
So
you
can
keep
iterating
on
that
and
then
you'll
be
able
to
actually
get
anyone
to
merge
it
if
the
coverage
didn't
drop.
But
if
the
coverage
did
drop,
then
you'll
need
specific
people
to
kind
of
go
through
and
actually
merge
and
they
could
be.
Maybe
you
didn't
understand
how
to
mock
a
particular
function
or
something?
B
Then
it
really
enforces
that
education
for
you
to
learn
and
go
to
other
members.
That
may
know
that
so
and
then
I'll
I'll
go
back
to
that.
I'll.
Come
back
to
that
to
the
merger
press
approvals.
But
for
now
you
can
see
that
with
these
vulnerabilities
that
I
added
you're
gonna
pick
up
a
whole
bunch
of
different
potential
vulnerabilities
and
maybe
for
fine-tuning
it
next
time,
I'll
put
less
because
it
just
it
might
be
a
little
bit
overwhelming.
But.
D
B
If
you
go
to
security
scanning,
you
can
see
just
all
the
vulnerabilities
detected
and
they're
separated
by
the
different
scanners
so
and
you
can
see
that
secret
detection
coverage
causing
api
fuzzing.
They
detected
no
vulnerabilities
because
what
this
does
is
it
scans,
the
diff,
but
within
the
main
branch
and
the
vulnerability
report
you'll
be
able
to
see
everything,
that's
in
the
main
branch,
but
this
will
just
detect
the
stuff
that's
been
introduced
in
the
diff,
so
you
can
see
that
it
was
detected.
B
The
content
type
header
wasn't
present
and
here's
the
request.
The
response
and
it'll
give
you
some
evidence
as
to
what
url
was
hit
and
then
it'll
give
you
a
solution
so
makes
it
really
easy
to
see
how
to
resolve
an
issue.
B
So
seeing
that
let
me
so
all
this
has
been
set
up
within
the
project
and
you
can
actually
replicate
this
and
do
all
this
using
the
security
workshop
which
I'll
go
to
then
I'll.
Give
you
just
a
little
sneak
peek
of
that.
B
But
if
I
go
back
to
devsecops
and
I
go
to
the
devsecops
workshop,
so
there'll
be
three
items
here
which
will
which
will
allow
you
to
perform
separation
of
duties
and
the
security
scans
that
we've
gone
through.
So
if
you
go
to
this
workshop,
so
just
just
to
let
you
know
it's
still
a
work
in
progress.
B
It's
let's
say
about
80
complete.
I
can
say,
but
there's
still
a
lot
that
I
need
to
add
to
this.
So
just
you
know,
it'll
be
it'll,
be
complete
within
the
upcoming
weeks,
but
just
to
kind
of
show
you
a
little
bit
of
what
I've
been
working
on,
so
you'll
be
able
to
come
to
the
site
made
with
gitlab
pages
using
hugo,
which
is
a
google
templating
engine,
and
what
you'll
be
able
to
see
here
is
you'll,
see
workshop
and
you'll
see
all
the
prerequisites
needed
to.
B
Actually,
you
know
get
started,
so
this
is
using
gke,
so
I'll
go
over
actually
creating
a
cluster
and
what
I'm
working
on
now
is
making
these
animated
gifs
of
like
the
process.
So
I
just
need
to
do
more
zooming
and
enhance
the
quality,
but
the
whole
idea
is
that
everything
is
going
to
have
an
animated
gif.
So
you
can
follow
the
steps,
one
two
three
four
and
then,
if
you
expand
this
you'll,
be
able
to
see
it
in
action
me
performing
it
in
an
animated
gif.
B
So
I've
been
working
on
adding
these
gifs
to
all
the
sections
where
you
need
something
so
like
here,
there'll
be
another.
One.
That'll
show
how
to
create
the
group
how
to
clone
the
sample
project
right
now.
It's
just
the
static
instructions,
so
it'll
go
through
everything
setting
up
the
project
setting
up
the
security
scanner,
so
you
can
learn
more
about
our
security
standards
here
and
what
they
do.
And
then
this
will
show
you
how
to
add
the
templates
to
that's
website
setting
up
merge,
request
approvals,
license
policies,
etc.
B
So
it
goes
through
everything
that
you
need
to
get
started
with.
Dev,
stick
ops!
All
the
main
features
so
adding
vulnerable
code.
So
what
I
just
showed
you
there
with
the
vulnerable
code,
actually
show
you
how
to
create
that
and
what
to
add
and
how
to
view
it.
B
B
We
want
everyone
to
be
able
to
perform
these
workshops,
everyone
to
be
able
to
see
these
features
and
kind
of
go
at
it
on
their
own
pace
if
they
want
so
that
this
is
the
reason
why
I've
created
this
and
it
was
inspired
by
kelsey
high
towers
kubernetes,
the
hard
way
where
it's
a
bunch
of
different
md
files
and
they
go
over
the
process
of
setting
up
kubernetes
from
scratch,
and
I
kind
of
wanted
to
do
something
similar
where
it's
public
facing
and
anyone
wants
to
come
in
and
learn
about,
get
lab
security
features
can
do
that.
B
You
know
within
their
within
their
own
time
and
at
their
own
pace
so
and
then
other
other
things.
I'm
working
on.
There's
a
little
contribution
guide,
which
just
tells
you
how
to
contribute
a
development
guide
which
I'm
working
on
re-adding
the.
What
is
it
the
sqlite
database?
So
I'm
I
want
to
add
an
option
for
you
to
be
able
to
actually
use
the
sqlite
database
and
what
will
happen
is
you'll,
be
able
to
run
this
locally
as
well.
B
So
that
way
anyone
can
just
work
on
it
and
add
different
features
and
push
them
up
and
be
able
to
run
the
code.
So
there's
that
and
then
I'm
also
gonna
add
an
architecture
diagram
on
how
this
works
so
and
then
there's
going
to
be
other
topics
as
well,
which
will
include
on-demand
scans
dependency
listing
the
graphql
api.
So
this
is
a
work
in
progress,
but
it's
gonna
pretty
be
finished
pretty
soon.
A
B
Let
me
go
to
general,
and
I
promised,
since
I
promised
I
was
going
to
go
over,
merge
request
approvals,
real
quick.
This
is
where
you
set
it
up,
and
just
so
I
can
show
you
the
vulnerability
check.
You
can
see
that
you
can
what
these
are
the
items
that
require
approval,
so
you
can
require
approval
for
any.
B
Types
of
scans,
any
type,
any
branches,
any
statuses
and
how
many
vulnerabilities
you
allow
and
as
well
as
those
severity
levels,
so
you
can
really
fine-tune
this
to
meet
your
needs
and
add
different
groups
and
different
users
to
see
who
can
improve.
So
if
you
need
a
bunch
of
different
people
that
can
approve,
then
you
can
do
that
as
well.
B
B
B
So
what
you
do
here
is
you
either
add
a
framework
or
you'd
edit
an
existing
framework?
These
are
ones
I've
created,
so
gdpr
compliance.
Let's
say
I
created
a
gdpr
compliance
job
which
I
want.
I
want
to
set
what
our
gdpr
compliance
policy
is,
then
what
I
do
is
I
give
it
a
name.
I
give
it
a
color
description,
but
the
most
important
part
is,
I
point
at
a
compliance
file,
so
I
can
point
at
the
compliance
gdpr
yaml,
so.
C
B
Pointing
to
a
project
that
developers
from
this
team
don't
have
access
to
only
the
compliance
officers
and
security
team
has
access
to
this
project
and
I'm
pointing
at
a
file
within
that
project.
So
let's
go
to
that
project
and
I'll
leave
this
open.
Just
so
you
can
see
so
go
to
devsecops
and
go
to
in
attack,
so
it
was
in
tech
marketing
doubt:
stick
ops,
intake
partners,
compliance
files,
so
partners,
and
it's
in
this
one
compliance
files.
B
So
now,
if
I
go
back
to
partners-
and
I
go
to
a
partner
with
the
actual
label
of
gdpr-
which
is
this
label
here,
which
tells
us
to
run
this
file-
I
can
click
on
it,
and
I
can
see
that
oh
there's
another
gitlab,
ci
ammo
here,
so
developers
have
access
to
this
one.
But
you
see
that
there's
no
gdpr
job
or
anything
on
there.
B
So
how
do
we
enforce
separation
of
duties?
Well?
You'll
see
that
the
last
pipeline
run
actually
contains
all
the
scans
and
the
gdpr
job.
So
here
you'll
see
we're
compliant,
so
that
puts
together
separation
of
duties,
and
you
can
actually
see
that
the
file
that's
run
is
the
file.
That's
managed.
The
pipeline
that's
run
is
the
pipeline,
that's
managed
by
the
security
team
and
compliance
officers,
but
the
developers
don't
have
access
to
modifying
that.
B
So
no
matter
what
they
modify
within
their
project
they'll
never
be
able
to
modify
their
the
pipeline,
that's
being
run
because
they
don't
have
permission
to
that.
So
that
allows
for
separation
of
duties
and
compliance.
You
won't
be
easily
able
to
skip
compliance
and
just
merge
something
in
and
then
add
it
later,
because
you're
verifying
compliance
at
each
step
at
each
commit
so
and
that
the
instructions
to
that
will
also
be
within
the
workshop
and
that
will
be
included
on
there
as
well.
B
D
B
Correct
make
sure
that
okay,
okay
right,
thank
you,
the
developer
won't
be
able
to
touch
that.
That
will
be
something
that
will
be
enforced
by
an
either
a
project
owner
or
a
project.
Maintainer.
B
E
Fernando
just
piggybacking
what
alejandra
asked
if
a
maintainer
owner
did
remove
it,
even
though,
because
they're
not
usually
the
security
compliance
persona,
is
that
I
mean
that's
allowed
right,
so
I've
had
customers.
Ask
me
you
know,
what's
preventing
them
from
doing
that,
even
though
they're
maintaining
and
owning
that
project,
I
guess
you
would
just
look
at
your
audit
log
and
you
could
point
it
back
and
maybe
run
a
report
or
something
to
catch
those
incidents.
B
Yeah,
so
no
so
this
would
be
kind
of
it's
based
on
the
company
right.
The
company
will
have
to
make
a
policy
a
a
physical,
like
paper
policy
of
how
we
work
and
what
we
do
and
yeah
within
the
audit
report
or
compliance.
So
let
me
show
you
that,
actually
so,
when
I
go
here
and
I
go,
do
my
compliance
report-
you'll
be
able
to
see
if
different
merge
requests
are
compliant
and
what's
not
so
you
can
see
here
that
there'll
be
an
approval.
B
Status
there'll,
be
at
least
one
rule
does
not
adhere
to
separation
of
duties
and
assume
the
pipeline
will
has
passed
or
not.
So
you
can
see
that
within
there
and
you
can
see
like
hey.
Are
things
actually
compliant,
but
the
real
way
of
knowing
was
what
you
said.
The
audio
event
so
you'll
be
able
to
see
that
label
was
removed
and
you'll
see
it
on
the
audit
events
and
you'll
be
able
to
see
who.
B
So
you'll
be
like
hey:
don't
do
that?
That's
against
our
policy,
but
in
the
future
so
right
now
we
only
have
like
the
different
roles
which
are
the
developer,
the
the
maintainer,
the
owner,
etc.
E
B
Be
a
maintainer,
but
you
might
not
have
access
to
doing
that
and
this
is
a
feature
that
we're
actively
working
on
as
well,
so
there'll
be
some
changes
to
that
in
the
future.
But
for
right
now,
it'll
have
to
be
pretty
much
word
of
mouth
and
trust
within
you
know.
Within
the
team
saying
hey,
if
you're
an
owner
maintainer,
don't
don't
don't
take
off
the
label?
We
need
that
for
complaints.
A
So
fernando,
I
guess
you
know
also
in
line
with
that.
If
somebody
wanted
to
create
another
compliance
report
say
for
example,
for
you
know
ccpa,
you
know,
would
they
have
to
edit
in
that
project
or
create
a
separate
project
where
they
track?
You
know,
ccpa
compliance,
that's.
B
C
And
it's
it's
relatively
modular.
This
is
actually
a
really
good
practice.
So
what
I
typically
recommend
customers
do
is
have
three:
they
might
have
a
ccpa
like
like
framework
gdpr
framework
and
then
a
ccpa
and
gdba
pr
framework
that
then
inherits
from
the
ccpa
and
gdpr.
B
Yeah
exactly
that's
what
a
lot
of
people
do:
they'll
they'll,
create
the
file
and
then
they'll
and
they'll
use
the
template
of
the
other
file
to
then
load
it
and
another
good.
A
good
practice
would
actually
be.
Let's
say
we
want
the
developers
to
test
stuff,
but
we
also
want
that
file
to
run.
You
can
also
have
the
gdpr
job
then
go
ahead
and
inherit
whatever's
also
in
the
project.
So
it'll
run
multiple
things
at
once.
B
So,
let's
say
in
the
gdpr
job:
we're
only
running
a
job
that
scans
the
hardware
inventory,
let's
say
right,
but
we
still
want
the
developers
to
work
and
deploy
their
application
and
run.
You
know
the
certain
things
that
they
need
to
run
on
it,
but
we
can
always
use
templates
to
then
tell
that
job
to
run
its
stuff,
but
then
also
go
ahead
and
run
the
stuff
that
the
developers
have.
B
So
next
thing
I
wanted
to
go
over
and
let's
see
how
we're
on
time.
Okay,
we
got
some
time.
Okay,
so
next
thing
I
wanted
to
go
over
was
so
there
is
this
thing:
the
kubernetes
yacht
club,
and
what
this
does
is
it
just?
It
deploys
certain
things
so
it'll
deploy
the
ingress
controller,
it'll,
deploy
an
application,
and
it
uses
the
kubernetes
agent
to
do
that.
I'm
planning
on
adding
a
lot
more
information
on
this
and
in
the
future
and
add
this
to
the
notes.
So
I
remember
because
I
got
to
do
it.
B
I
want
to
make
a
home
chart
for
the
for
the
kubernetes
agent.
B
I've
been
asked
this
before,
and
I
want
to
work
with
some
of
the
team
members
to
make
a
home
chart
because
right
now,
what
we
do
is
we
provide
you,
the
yamls,
but
you
have
to
deploy
them
yourself
and
like
run
different
commands
yourself
and
I
think
the
helm
chart
would
make
it
way
easier
to
deploy
the
kubernetes
agent,
but
essentially
it's
an
operator
that
runs
on
your
kubernetes
cluster
and
it
just
listens
on
a
particular
folder
that
you
get
within
the
configuration.
B
So
if
I
I
have
github
set
up
and
then
it's
going
to
go
to
tech,
marketing
devsecops
in
attack,
miss
get
ops
and
it's
going
to
deploy
everything
in
the
deployment
yaml.
So
this
is
the
miss
get
ops
project
and
it's
also
going
to
go
into
the
compliance
files
and
go
to
the
deployments
folder
and
deploy
everything
on
there.
So,
if
I
go
back
to
in
attack-
and
I
go
to
partners
and
I
go
to
compliance
and
deploy
and
go
to
deployments,
it'll
deploy
everything
in
this
file
because
that's
what's
what.
D
B
Yeah
so
it'll
deploy
everything
on
here
and
I'll
show
you
that
in
just
a
minute
within
the
kubernetes
cluster
and
everything
that's
running
in
it.
But
let
me
just
continue
before
going
into
that,
so
the
vulnerability
reporter
is
another
thing
that
I've
created
that
uses
the
graphql
api.
There's
a
blog
on
this
I'll
see
if
we
can,
if
I
can,
post
a
link
to
it,
but
I
have
a
blog
showing
how
to
use
the
graphql
api
to
manage
vulnerabilities.
B
So
what
this
does
is
I
just
created
like
a
little
go
application
web
app,
which
looks
like
this
and
it'll
just
say,
submit
a
vulnerability.
So
this
is
something
useful.
If
you
want
to
make
a
hackathon,
let's
say,
and
you
or
you
want
to
some-
you
want
to
make
a
hackathon
where
you
tell
users
find
vulnerabilities
and
submit
them
because
we're
creating
this
process
to
make
our
code
more
secure.
So
we
want
vulnerabilities
any
vulnerability
that
you
find
submitted,
so
it
uses
the
graphql
api.
In
the
background,
so
I
can
say
insecure.
B
B
B
But
you
can
you
can
modify
this
more
to
have
more
information,
drop-downs,
etc.
I
just
made
it
simple
to
get
started,
but
if
you
use
this
vulnerability
reporter,
you
can
run
it
with
your
access
token
and
your
project
id
and
you
can
go
ahead
and
just
create
vulnerabilities.
So
it
kind
of
shows
you
how
to
use
this
and
if
I
go
to
let's
say
gitlab
blogs,
I'll,
just
google
that
just
come
here
and
under
security
using
the
gitlab
graphql
api
for
vulnerability
reporting.
B
So
I
have
that
set
up
here
and
you
can
you
can
do
this
with
a
curl
with
a
curl,
so
you
get
the
project
id
and
then
you
can
just
perform
a
curl
and
you'll
get
the
data
and
you'll
get
the
idea
of
the
vulnerability.
B
But
then
I
want
to
step
ahead
and
actually
allow
you
to
import
this
project
and
use
that
api
in
the
back
end,
and
this
is
a
golang
application
and
I'm
using
that
api
in
the
backend
and
I'm
sending
a
request
to
the
graphql
api
to
actually
create
a
vulnerability
with
the
data.
That's
given
within
the
reporter
within
the
data.
That's
provided
here
so
and
you
can
fine
tune
this.
You
can
add
more
stuff
to
it.
You
can
feel
free
to
clone
it
and
use
it
as
you
as
you
want.
B
I
mean
it's
under
the
mit
license,
so
feel
free
to
play
around
with
that.
So
that's
another
project
that
I
have
within
here
and
yeah
between
that
and
the
security
workshop.
Those
are
some
of
the
things
I've
been
working
on
to
really
show
all
these
different
features
and
everything
within
gitlab.
So
I
just
kind
of
wanted
to
bring
this
out
there
and
know
that
the
public
has
access
to
this.
They
can
modify
it.
B
They
can,
you
know,
add
any
anything
that
they
want
to
recommend
and
do
and
we'll
continue
to
enhance
this,
and
I
want
to
kind
of
to
have
the
team.
Everyone
do
a
similar
thing
for
the
different.
So
right
now,
I'm
working
with
with
my
team
to
kind
of
add,
more
architecture,
diagrams,
add
more
information,
get
it
used
within
different
use
cases,
not
just
security.
We
want
this
to
be
also
for
git,
ops,
for
ci,
cd,
etc,
etc,
because
it
really
showcases
a
lot
of
stuff
that
enterprise
customers
really
really
want.
B
So
I'm
going
from
there
that's
the
majority
of
what
I
have
and
then
let
me
show
you
once
you
integrate
the
cluster
and
do
everything
I'll
show
you
what
you
should
have
running
on
your
cluster,
so
that'll
be
the
last
step.
So
let
me
just
get
my
terminal
ready.
B
B
So
I'm
on
my
cluster
and
if
I
get
namespaces
you'll,
see
the
different
namespaces
that
are
created
for
me
to
deploy
stuff
so
they'll
be
the
partners,
the
misc
namespace
ingress.
So
I
pretty
much
deploy
a
whole
bunch
of
different
things.
The
english
controller
we
used
to
be
using
gitlab,
managed
apps,
but
now
we're
kind
of
moving
away
from
from
that
and
we're
actually
installing
it
from
the
local
source.
B
So
I
the
yaml,
that's
there
in
the
deployment
file
for
ingress
nginx
will
be
the
latest
official
one
and
then,
if
I
do
cube,
cto
get
pods.
B
Okay,
so
you'll
be
able
to
see
the
echo
application.
B
This
is
this
won't
be
on
there
mariadb
the
notes,
application
that
I
have
and
there's
two
running
the
reporter
application
and
then
you'll
see
the
ingress
controller
and
everything
that
it
requires
to
run,
and
these
are
just
other
stuff
that
are
on
and
you'll
see
the
chat,
keys
and
hypno
app
that
were
the
partners
on
the
partner
name
space.
So
that's
everything
that's
running
on
there
and
it
doesn't
really
take
up.
B
You
don't
need
really
that
big
of
a
cluster
to
to
really
get
started
doesn't
take
up
that
much
memory
to
run
these
applications,
so
you
can
have
one
of
the
smaller
clusters
and
you'll
be
able
to
run
that
from
there
so
yeah
so
far,
so
any
questions
I
wanted
to
open
up
the
the
last
portion
of
this
for
questions
or
suggestions
to
the
application,
and
we
can
take
notes
on
just
things
that
we
could
change.
B
A
Yeah,
I
think
adrian
you
want
to
expound
on
your
answer
to
the
premium
features
and
capabilities
yeah.
D
So
that
there
was
a
question
fern
from,
I
think
one
of
the
partners
saying
that
you
know
this
is
great.
This
is
showcasing
ultimate,
but
in
europe
they
observe
that
a
lot
of
customers
are
currently
interested
in
premium,
so
potentially
trying
to
move
from
core
up
to
premium
etc.
So
do
you
have
any
plans
to
prepare
a
project
that
showcases
specifically
premium
features
and
capabilities?
You
know
probably
outside
of
this
particular
security
compliance
one,
you
know.
Is
there
any
any
initiative
at
all
within
within
your
team
on
that
front?.
B
So
we
did
a
lot
of
videos,
content
that
showcase
moving
from
premium
to
ultimate,
but
also
from
basic
to
premium,
and
I
honestly
don't
have
plans
for
that
right
now,
but
I
think
it's
a
great
idea
because
I
think
it
makes
sense
to
have
a
stepping
stone
like
hey.
This
is
what
happens
when
you
get
with
ultimate
hey.
This
is
what
happens
when
you
go
to
premium,
and
these
are
the
features
that
you
have
so
I
think
that
in
the
future,
it's
definitely
likely
for
something
like
that
to
come
about
right
now.
D
And
I
answered
in
there
it's
something
that
on
the
partner
side,
we
are
looking
looking
at
doing.
We
want
to
run
hands-on
workshops.
The
the
initial
one
would
be
in
effect,
you
know
why
ultimate
from
a
technical
perspective-
and
we
have
been
toying
with
the
premium
after
that,
so
that
might
come
from
our
side
as
well.
B
Perfect
and
yeah,
and
if
you
need
like
advice
on
a
workshop,
I
mean
this
is
just
something
that
you
can
just
use
and
kind
of
change
it
to
to
your
needs,
but
it's
available
there
and
it's
free
for
anyone
to
use
so
by
all
means,
go
ahead
and
and
clone
it
and
do
whatever
you
need
with
it.
So
I'm
happy
to
share
the
stuff.
I've
worked
on.
A
B
B
You
can
always
you.
A
Know
talk
to
adrian
and
some
of
the
folks
in
in
emea
and
the
the
us
and
let
them
know,
and
then
I
will
definitely
take
that
into
consideration
all
right.
Thanks,
fern
awesome.
A
It
and
thank
you
partners
for
attending
and
for
participating
and
asking
questions.
Hopefully
we'll
see
you
on
another.
You
know
cs
skills,
exchange
session
in
the
near
future,
yeah.