►
From YouTube: Kyma Prow Migration WG meeting 20181105
Description
Meeting notes: https://docs.google.com/document/d/1ljEAoCBJXlxx_ATPyvKZ1KoyFOSIBzEAOkN-2H-HhUY/edit
A
A
Okay,
welcome
everyone
on
the
next
FEMA
immigration
working
group
meeting
today.
I'm
your
host
and
some
women
will
take
notes.
Agenda
for
this
meeting
is
a
very
beginning
very
simple
today,
so
at
begging,
I
will
present
the
current
status
and
the
next
priorities
and
later
Jakub
will
do
some
demonstration
how
to
manage
secrets.
A
So
let
me
and
go
very
briefly
through
the
list
of
the
emerge
and
closed
for
requests
and
see
what
was
done
so
I
think
that
one
of
the
most
important
thing
was
finishing.
A
This
per
request
about
pro
press
submit
configuration
for
a
bidding
component,
so
currently
you're
a
P
layer
component
is
built
and
also
some
components
from
the
console
are
triggered.
Whenever
you
make
a
report
based
on
the
Comerica
story,
we
also
finished
full
requests
about
production
configuration
from
the
pro
cluster
and.
A
In
this
booty
quest,
we
defined
first
version
of
configure
and
plugins
IAM
and
also
tellus
ingress
was
configured
and
certificates,
our
provision
by
certain
manager,
and
we
also
were
working
on
running
my
integration
selectively.
So
previously,
communication
was
executed
whenever
you
create
a
pull
request
now
it
is
executed
on.
If
you
made
some
changes
in
the
installation
or
resource
directories,
and
also
it
is
executed
as
a
post
submit
job.
A
So
whenever
you
may
trade
to
the
master,
we
were
working
also
on
the
strategy
for
organizing
jobs
in
our
repository,
because
our
approach
was
to
they
put
division
of
jobs
in
one
directory,
and
now
we
defined
more
sophisticated
strategy.
So
when
you
go
to
the
Pro
and
jobs
directory,
you
can
see
structure.
So
we
can
see
that
we
have
two
repositories:
Council
and
kima,
and
for
kima
we
defined
one
job
for
component
UAP
layer
and
what
is
important.
A
A
A
And
and
to
be
honest,
that's
all,
let's
have
a
look
on
the
board
also.
So
currently
we
have
seven
issues
to
accept.
So
today
working
group
leaders
are
going
to
meet
and
I
accept
them.
We
have
two
issues
in
the
review.
Column
first
is
treated
by
me,
so
it's
great
proposal
for
release
process.
So
the
purpose
of
this
task
was
to
validate
if
our
approach
for
defining
job
definitions
for
components
apply
also
for
the
release
and
REO.
A
Oh
I
said
that
we
have
two
items,
but
we
have
one
on
the
item:
Thank
You
Magda
for
dynamic
changes,
and
we
also
have
five
issues
in
progress
so
about
static
analysis
tool
for
our
shell
scripts
of
inter
intra,
we
have
manager
switch
and
we
want
to
improve
the
quality.
It
is
also
issue
about
pro
thread,
modeling
and
so
I.
Don't
know
if
women
or
unrest
have
any
update
about
that.
A
For
example,
when
we
introduced
in
this
new
purity
of
the
job
config
files,
we
need
to
update
documentation
and
also
add
just
a
little
bit
scripts.
We
have
some
documentation
tasks
and
also,
finally,
we
we
should
start
working
on
defining
jobs
for
the
testing,
repository
and
and
other
and
follow-up
follow-up
tasks.
So
that's
all
from
my
side
now
hope
will
present
this
topic.
Yaqoob
already.
A
C
A
C
Perfect
so
yeah
I'm
Jacob
from
thoughts
I'm
here
to
brief
you
on
role,
management,
Pro
secrets,
management
and
yeah.
So
basically,
some
pro
jobs
require
sensitive
data.
We
came
up
with
a
procedure
and
just
let
me
walk
you
through
it
and
in
case
any
questions
arise.
Just
just
let
me
know
you
can
obviously
also
consult
the
page
you
or
seeing,
which
is
Pro
sequence
management,
industry,
infrared
PO,
underdogs
directory.
So
the
the
procedure
is
not
that
elaborated.
C
C
Just
let
me
step
back.
Okay,
so
does
the
list
of
pockets
of
for
the
purpose
of
this
presentation?
I
have
prepared
a
bucket
called
pro
meeting
demo.
This
is
basically
a
perfect
copy
of
the
bucket
that
is
currently
in
new
schema
Pro,
except
I've
added,
an
additional
item
which
is
si
and
Darsh
Timo,
don't
encrypt
it
again.
That's
for
the
purpose
of
the
presentation.
So
what
you
can
see
here,
our
service
account
keys
encrypted
using
the
kms
technology.
C
Kereama
stands
for
a
key
management
system.
You
can
access
it
either
from
your
but
firm
UI
or
from
from
the
console
and
okay.
So
we
know
where
we
should
store
our
secrets.
We
need
to
know
what
they
are
relate.
So
if
your
job
requires
another
service
account,
let's
say
we
need
to
provide
it
to
the
pro
cluster
and
lets
us
just
go
to
the
service
accounts.
I've
been
here
and
you
can
see
that
I've
created
a
and
a
a
service
account
which
is
called
as
a
dart
demo.
I
have
also
generated
a
key.
C
C
C
Basically,
you
can
use
the
ones
that
have
been
already
provided,
which
is
FEMA
procuring,
containing
kheema
Pro
encryption
key,
but
it
is
up
to
you.
You
can
just
go
with
with
whatever
you
need.
You
can
create
your
own
keys
and
key
rings,
but
please
remember
that
earrings
cannot
be
deleted.
So,
okay,
so
once
we
know
our
keyring
and
our
encryption
key,
we
can
just
basically
encode
our
our
yep.
Our
service
account
key,
and
once
it's
been
done,
we
need
to
upload
the
key
to
the
bucket
and
that's
basically,
what
you
can
see
here.
C
C
Okay,
so
let
me
just
show
you
what
it
looks
like
okay,
so
that's
my
Pro
cluster
you
can
see.
There
is
a
job
that
failed
are
probably
test.
I!
Guess!
Ok!
So,
let's
find
out
if
our
secret
is
here,
it's
called
as
a
eight
dot,
slash
Jesus
on
the
slash.
It's
it's
a
si.
C
C
Our
yep,
our
service,
account
key
yep,
so
that's
it,
but
guys.
You
need
to
remember
that
if
you
want
the
pro
to
install
I
mean
yeah
to
setup
your
secrets,
you
need
to
specify
its
name
here,
so
this
script
is
called,
create
GCP
secrets
as
dot
SH.
Whatever
comes
here
in
this
array,
will
be
copied
and
turned
into
a
secret
Bernardi
secret
on
your
pro
cluster.
A
A
A
B
B
I
created
a
pull
request
in
the
community
repo
to
document
a
bit
of
the
findings
and
I
am
currently
creating
a
pull
requests
to
trying
to
document
that
MVP
landscape
for
now,
so
that
we
haven't
can
agree
on
what
we
want
to
achieve
really
for
that
MVP,
and
we
should
see
that
we
also
maybe
create
document,
and
it's
already
for
the
for
the
pipeline-
that
we
agree
on
what
we
really
want
to
achieve
from
that
MEP
perspective.
I
think
that's
important
threat,
modeling
I
think
there
was
just
an
authorization.
B
We
talked
a
lot
about
it
and
you
just
think
what
were
the
findings?
That's
the
end,
so
we
agreed
somehow
and
if
I
can
assure
that
we
can
always
recreate
the
that
cluster
configurations
and
we
require
only
a
few
admin
user
at
the
end
to
get
access
to
the
whole
cluster,
then
that
would
be
really
perfect
so
that
we
have
just
a
group
of
few
admin
users
and
anonymous.
B
It
would
be
really
the
best
situation
right.
So
that's
a
regular
developer
has
no
need
to
access
the
cluster.
That's
the
end,
because
if
he
wants
to
change
the
configuration
he's
going
through
the
source
code
and
then
it's
getting
applied
automatically
passing
tests
whatever.
That
would
be
the
best
and
would
be
nice.
If
you
can.
She
said
for
MVP
and
in
combination
with
that.
B
So
there
was
this
issue
of
that
in
the
team
approach,
a
Google
project
that
by
default
somehow
there
are
a
lot
of
people
who
are
owner
in
the
group
and
then
with
that
they
have
automatically
access
to
the
cluster
right.
So
that
can
be
an
issue
because
there
can
be
people
getting
access
to
the
cluster
who
are
not
in
relation
to
pro
at
all.
E
There
there
are
some
more
action
items.
I
was
thinking
to
create
some
issues
actually
for
them,
for
example.
One
thing
is,
we
need
to
increase
the
number
of
bytes
we
are
using
for
the
webhook
tokens.
We
are
going
to
be
using
20
and
secrets.
Here
are
people
they
want
us
to
improve
it
to
32
bytes
and,
for
example,
one
other
thing
is:
we
need
to
be
rotating
the
tokens
from
time
to
time,
at
least
at
off-boarding
two
people.
We
need
to
have
a
procedure.
We
need
to
define
a
procedure
for
rotating
tokens
as
well,
simple.
B
A
So
currently
you
have
to
issue
similar
to
what
you
said.
So
first
one
is
about
static
analysis
of
the
shell
scripts
and
the
second
one
is
about
defining
jobs
for
the
testing
for
repository
and
after
only
after
passing
some
jobs,
it
couldn't
be
merged
to
the
master
master
branch,
but
we
haven't
thought
about
having
I
don't
know
additional.
B
B
A
If
now,
I
would
like
to
remind
you
that
we
have
also
a
traditional
meetings
on
Tuesday
and
Thursday
at
8
a.m.
when
we
every
active
contributor
should
also
join
that
meeting
on
that
meeting,
who
we
are
talking
about
the
current
progress,
so
what
we
have
done,
what
we
plan
to
do
if
there
are
any
blockers,
we
discussed
four
requests.
So
please
remember
about
that.
It
happens
at
a.m.
a.m.