►
From YouTube: Harbor Community Meeting - Dec 16, 2020
Description
CNCF Harbor's Community Zoom Meeting
A
So,
hey
everyone
welcome
to
the
harper
community
meeting.
So
today
one
of
our
maintainers
will
present
the
system
level.
Robot
accounts,
let's
all
hand
it
over
to
volume
or
should
you.
C
Okay,
hello,
this
is
suji.
Can
you
help
me.
C
And
today
I
will
share
a
full
time
of
robot
account
with
you,
and
my
demo
has
two
parts
for
part.
One
part
one
and
I
will
show
you
show
you
how
I
show
all
the
crud
operations
on
hardware
ui
for
robot
account
and
for
part
two,
and
I
will
show
you
a
small
user
case
to
tell
you
how
to
use
a
robot
account
to
create
a
tag
for
artifact
and,
let's
start
with
part
one,
and
for
this
part
you
need
to
log
in
with
a
system
or
the
main
account,
and
then
click
click.
C
This
button
and-
and
you
will
see
this
page
and
as
you
can
see
in
this
page,
it
will
list
all
the
system
robot
account
and
in
my
hardware
it
has
two
two
robot
accounts
and
these
are-
and
there
are
some
important
property
of
the
robot
account
and
I
will
introduce
the
two
most
important
property
for
you
and
before
that,
let's
pay
some
attention
to
two
important
items:
the
robot
name
prefix
and
the
rope
the
token
expiration.
C
C
C
C
And
this
name
should
not
be
used
and
for
the
second
property
expiration
time
and
by
default
it
has
a
value
which
we
set
on,
confer
configuration
page
now,
of
course,
you
can
change
it
to
whatever
you
want
or
you
want.
C
If
you
want,
if
you
want
to
set
setup,
set
it
to
be
never
experienced,
expired,
usually
in
food
matters.
What
and
for
description
property
you
can
input
whatever.
C
C
C
Go
on
and
then
you
can
click
edit
button,
and
here
are
some
here
are
two
buttons
for
bench
for
bench
operation,
for
example.
If
you
have
a
lot
of
projects
projects
in
your
harbor,
so
it's
not
convenient
for
you
to
connect
one
by
one.
So
you
can
click
select
all
to
to
check
all
the
pro
checks,
and
this
is
a
and
this
is
different
from
cover
or
when
you
click
select,
or
it
only
covers
existing
projects.
C
If
you
want
to
cover
projects
about
test,
you
can
test
to
fill
to
to
find
out
to
final
projects
or
the
product
projects
about
test,
and
then
you
can.
Click
save.
A
Call
okay,
so
so
cover
all.
D
A
D
One
question
about
the
filter:
if
I
you
know
input
the
keyword
like
you
use
the
test.
If
there
are
more
than
you
know,
if
the
number
of
the
matched
projects
is
it's
larger
than
your
page
size,
so
the
selector
will
also
select
all
the
matched
projects.
Yes,.
C
C
And
sorry.
A
There's
still
no
way
to
to
retrieve
it
afterwards
right.
That's
that's
the
only
point
where
you
can
get
the
secret.
C
Yes,
yes,
if
you
forget
this
cigarette
and
don't
worry
and
under
the
action
drop
draw
button
and
we
have
four
other
functions
and
the
first
one
is
refresh
cigarette
and
just
choose
and
select
one
robot
account
and
then
click
this
button.
You
will
see
this
page
and
then
you
can
directly
click
this
button.
It
will
generate
a
new
cigarette
randomly,
as
you
can
see,
a
new
cigarette
here.
Okay
and
if
you
want,
if
you
want
to
set
a
if
you
want
a
specific
new
cigarette,
all
right,
you
can
enable.
A
E
Okay,
so
this
means
that
it's
not
the
jwt
tokens
anymore.
A
C
C
And
this
page
is
mostly
the
same
to
the
same
with
the
system
robo
account,
but
there
is,
there
are
some
different
points
and
the
and,
as
you
can
see-
and
there
is
a
next
neighbor
on
this
robot
account-
it
means
this
robot
account
was
created
in
private
previous
harbour
version,
and
this
robot
count
is
is
still
useful.
C
Yeah
and
this
and
this
and
these
four
robot
accounts
are
normal,
a
normal
projector,
a
robot
account
and
for
its
name
property
it
has.
It
has
three
parts
and
the
the
prefix
and
then
and
the
project
name
and
the
a
plus
mark
and
the
robot
company
and
there's
no
project
properly,
because
this
pro
and
this
robot
account
are
only
cover
library
project.
So
there's
no
need
to
add
a
project
properly
here
and.
C
This
product
is,
is
the
same
with
system
robo
account,
so
I
will
leave
a
load.
You
call
this
part.
Okay.
I
think
this
all
the
crud
operations
for
road
account
and
let's
go
to
part
2
and
for
part
2.
I
will
show
you.
I
will
show
you
a
use
case.
I
will
use
this
robot.
This
robot
account
to
create
a
tag
for
artifact
and,
as
you
can
see
in
in
my
project
library,
it
has
artifacts
named
hello
hollywood
and
now
it
has
just
the
two
texts
test
and
latest
and.
C
B
Okay,
have
you
added?
I
did
later.
C
C
C
And
input
hover
one
two
three
four
five
here
and
then
the
body
I
change
the
name
to
demo
number
one
and
then
click
send.
A
C
B
C
Because
I
I
clicked,
I
have
already
clicked
this
button
so.
C
B
As
you
know,
do
you
want
to
show
the
show
us
the
the
result
in
harbor
website
we
can
see,
we
can
see
the
number.
C
C
D
D
Yeah
for
another,
I'm
not
sure
if
it's
a
is
a
good
solution,
maybe
you
know
no,
we
can
use
the
we
can
select
multiple
projects
or
the
cover
all
projects
or
select
all
button
right,
yeah
yeah,
maybe
it's
a
little
better
to
you
know
to
show
the
number
of
the
all
the
selected
projects
close
here.
D
D
D
Yeah
yeah,
I
can
show
it
in
the
button.
Oh
I
can
you,
you
know,
create
a
new
label
to
show
it
close
to
the
bot.
Maybe
yeah
you
know
a
little
bigger.
D
D
B
A
D
A
Curran's
current
selected
projects,
or
something
like
that
yeah
it's.
D
A
Yeah,
so
are
we
going
to
keep
a
legacy?
How
long
you're
going
to
keep
legacy
for.
A
Okay,
and
so
what's
the
behavior
after
say
2.4,
are
they
going
to
go
away
or.
A
Got
it
so
they're
they're
effectively
deleted
right,
because
I
mean
that
code
base
is
gone
so
yeah
we
have
to
write
some
documentation
in
the
2.2
release
telling
users
you
know
hey
it's.
You
know.
E
A
Think
the
back
end,
we
looked
at
it
before.
First
of
all,
it
was
difficult
second
of.
D
A
B
H
B
H
Well,
actually,
actually,
there
is
a
chance
in
the
first
successful
verification
of
the
legacy
over
the
count.
There's
a
chance,
you
transform
it.
Yes,
yes,.
H
H
A
Yeah
so
right
now
we're
thinking
about
just
giving
users
a
grace
period
agrees
like
a
release
or
two
for
them
to
convert.
I
don't
know
I
do
understand
the
concern
around.
You
know
deprecating
a
lot
of
these
robot
accounts
and
having
to
reconstruct
them
and
re-put
them
into
your
ci
cds.
So.
E
D
E
Guess
so
for
for
our
organization,
I
would
have
to
write
the
functionality
anyhow,
because
I
cannot
convince
hundreds
of
developers
to
to
do
that.
That's
that,
for
us
at
least
this
will
be
a
deal
breaker.
Then,
in
the
version
where
we
deprecate
this
or
where
harvard
decides
to
deprecate
this,
it's
gonna
be
a
huge
mess
and
I
think
for
every
other,
bigger
organization.
This
is
also
gonna,
be
a
big
issue.
B
Right,
but
if
we
decide
to
migrate
the
lexi
robbers
we
we
do
have
notified
user
to
update
their
password
because
the
after
the
transfer
information,
the
the
password
has
to
be
updated
to
the
new
new
format
or
password.
Inside
of
token.
B
Yeah
as
well
as
name
so,
this
is
actually
create
a
new
one.
Is
that
robot
for
the
luxury.
E
Yeah,
I
I
I
understand
the
issue.
Maybe
we
can
also
take
this
offline
and
put
it
into
a
discussion
in
github,
but
I
I
just
see
that
for
bigger
organizations
with
hundreds
and
even
thousands
of
robot
accounts,
this
is
this
is
going
to
be
a
mess.
H
E
B
And
it's
the
within
project
you
have
to.
You:
have
a
unique
name
for
your
robot
within
the
project,
but.
E
Okay,
then,
then,
I
will
just
see
how
what
comes
to
mind
that
I
will
put
some
comments
in
in
the
current
discussion
threads
about
this
on
github.
A
Great
thanks
any
other
questions
related
to
this
new
system.
Our
robot
accounts.
E
I
have
a
question
regarding
the
permissions:
can
I
what
permissions
are
there?
There's
like
the
rest,
api
permission
and
we've
seen
that
with
the
tagging
create
tag
creator,
but
there
is
no
yet
and
rest
api
permission
or
something.
E
Would
it
maybe
be
an
option
to
to
open
this
up
for
for
the
system
operator
to
decide
what
possible
api
routes
this
robot
account
can
access
or
what
options
are
given
to
the
user
to
select
these
two?
This
these
ten
permissions
are
predefined.
E
Exactly
because
right
now
we
have
a
workaround
where
we
just
inject
users
by
hand
or
by
some
automated
process
into
the
hardware
database
and
then
connect
them
to
the
oedc
metadata.
So
they
can
log
in
using
the
oec
identity
provider,
but
would
of
course,
be
nice
to
have
this
natively
supported,
and
these
robot
accounts
look
like
great
option
to
do
that.
A
Yeah,
so
we
didn't
want
to
open
up
too
much
access
right.
We
didn't
want
to
give
robots.
You
know
system
on
permissions,
yeah
of
any
kind,
because
it's
not
it's
only
necessarily
supposed
to
be
just
for
you
know,
automation
and
improving
your
cv.
So
you
know
people
are
asking
about.
Can
I
use
a
robot
to
create
a
robot
account?
Can
I
get
you
know
ap
access
to
that.
F
A
I
think
you
know,
at
least
within
this
set
of
functionalities
right
what
you're
suggesting
could
work
right
on
a
certain
heartburn,
since
maybe
the
system
only
wants
to
give
the
ability
to
push
or
pull
or
to
only
pull
even
without
push
access,
but
with
a
different
set
of
permissions
on
different
instances.
E
Of
course
it's
a
great
it's
a
great
set
of
permissions
for
the
first
release,
but
maybe
if
the
community
comes
comes
back
and
and
sees
that
there
are
has
to
be
more
permissions
that
are
commonly
used
inside
ci
cd
pipelines
right.
E
A
A
Is
you
know
right
at
the
first
release?
So
definitely
you
know,
please
add
your
comments
and
we'll
take
into
consideration
for
the
next
iteration.
E
That
that's
great,
that's
that's
scalable
cool.
H
A
Yeah
all
right,
I
just
wanna,
you
know
I
see
daniel-
is
on
here
daniel
from
aqua.
G
Yeah
definitely
this
looks
cool.
I
will
have
to
play
a
little
bit.
Is
this
built
available
or
is
all
the
code
is
already
meshed
on
the
master,
because
I'm
interested
in
particularly
this
permissions
on
these?
For
the
plugable
scanners
and
this
deployment
security
checker
all
right,
we
had
some.
E
G
G
Yeah,
it
looks
you
know
cool.
As
I
said,
I
just
need
to
play
a
little
bit
more
and
and
then,
if
I
have
some
feedback,
maybe
I
will
reuse
the
discussion,
but
overall
it's
it's
really
great
and
a
great
demo,
and
I
think
I
understand
the
scalability
problems
that
you
have
just
discussed,
but
you
know
for
the
permission
standpoint
to
what
we
need
for
the
plugable
scanners.
This.
This
is
enough.
A
Okay,
yeah,
I
don't
know
if
this
is
merged
master,
but
it
will
get
a
bill
to
you
for
sure.
A
Yeah,
that's
all
we
have
applying
for
the
demo
portion.
I
wanted
to
mention
that
we
are
deprecating
claire
on
the
2.2,
so
you
know
you
only
you're
only
going
to
be
able
to
install
with
trivia
as
a
default
scanner,
but
you
can
still
install
claire
as
in
you
know,
third-party
scanner
through
our
plugable
interrogation
services
framework,
so
deploy
it
pair
it
through
the
plugable
integration
service,
configuration
page
within
harper,
and
then
you
can
still
use
it
that
way.
A
Right
we
were
looking
at
deputy
charm
museum
in
2.3,
because
there's
some
performance
issues
right
and
it's
not
worth
you
know
investing
into
solving
that.
Basically
because
we
already
have
that
functionality
through
our
oci
registry,
and
it's
just
it's
not.
You
know
worth
it
to
maintain
two
separate
to
have.
You
know
two
to
be
able
to
post
your
charts
into
different
places
and
the
functionalities
are
not
a
parody
right.
You
have
much
more.
A
There
are
a
lot
more
functionalities
available
to
home
charts
managed
as
oci
artifacts,
just
like
docker
images.
So
I
think
we
were
looking
at
deprecating
it,
maybe
in
213.4
we're
going
for
2.3
now
because
of
some
of
the
complications.
A
So
if
you
know
you're
still
going
to
be
using
charts,
please
start
to
invest
from
using
charm
museum
and
just
use
helm3
to
push
directly
to
our
ocr
registry
right.
There's
a
lot
of
documentation
on
that
on
the
harper
website.
G
Alex
this
is
diane
from
aqua
again
just
to
follow
up
on
this
announcement.
That
claire
is
gonna,
be
not
gonna,
be
a
default
or
pre-installed
scanner,
but
also
I'm
wondering
you
know
we.
We
still
have
the
scanner
adapter
for
clear
right
which,
as
far
as
I
remember,
is
only
compatible
with
clear
version.
2..
G
I've
recently
seen
that
there
is
a
clear
version
4..
So
what's
the
plan
for
maintaining
the
adapter?
Do
we
still,
even
though
it's
not
like?
Let's
say
it
won't
be
installed
with
hardware
right?
Do
we
still
want
to
maintain
or
keep
it
up
to
date,
or
would
it
be
more
responsibility
for
the
vendor,
which
is
currently
red,
hat
or
ibm?
I
I
lost,
who
is
maintaining
clear
now
but
yeah.
I
hope
you
get
my
point
right.
A
A
Yep
yeah,
there
are
two
different
issues.
I
haven't
really
thought
about
it.
I
haven't
looked
at
the
latest
claire,
but
I
know
that
they
made
something
they
made
some
major
improvements
to
the
ladies
claire,
and
so
we're
probably
going
to
keep
supporting
it
and
look
to
you
know,
keep
up
with
maintaining
the
the
clear
adapter.
G
Yeah
good,
so
that's
that's
good
information,
so
yeah,
because
I
thought
that
we
there
was
kind
of
an
agreement
with
the
maintainers
that
maybe
they
will
want
to
host
it
and
integrate,
because
this
is
usually
how
the
from
my
standpoint
should
look
like
that,
like
the
vendor
would
like
to
integrate.
On
the
other
hand,
we
should
we
should
also
book
some
time
and-
and
you
know,
do
the
spike
see
how
how
or
if
there
is
any
difference
in
the
api.
G
Maybe
it's
just
you
know
version
bump
and
we
don't
have
to
change
anything,
but
I
I
think
you
know
they're
bumped
up.
I
think
they
skipped
version
three
there's
a
version
two
and
version
four
of
claire.
Well,
maybe
that's
something
I
I
can.
I
can
look
into
to
see
how
it
differs
and
what
is
you
know?
What's
the
effort
to
to
keep
it
right,
because
other
than
that
we
should
clearly
state
which
version
of
glare.
G
We
support
right,
because
I
can
imagine
people
installing
claire
the
latest
version
with
a
pretty
old
adapter
and
then
we'll
have
to
address
those
problems.
A
Yep,
that's
a
good
point.
I
don't
think
we.
A
F
F
G
Yeah,
so
I'll
do
the
spike
and
share
what
I
found
in
in
slack
channel.
So
everyone
can
see
okay,.