►
Description
Harbor Community Meeting - Americas Time Zone - March 25, 2020
A
Hello,
everybody
and
welcome
to
another
hardware
community
meeting,
it's
the
25th
of
march.
As
always,
this
is
a
recorded
meeting.
So
please
adhere
to
the
cncf
code
of
conduct.
I
have
a
few
updates.
I
want
to
provide
to
you
so
the
first
one
and
you
know
what
I'm
you
know,
what
a
small
so
folks
here,
I'll
I'll,
be
I'll
share
my
screen.
A
So
the
first
thing
I
want
to
talk
about
is
the
hardware
graduation,
so
in
our
roadmap
to
us
graduating
today
we
started
the
the
the
last
step
and
that's
essentially
getting
seek
security
to
approve
the
graduation
of
hardware.
If
you
guys
are
familiar
with
the
project,
we've
done
a
couple
of
things
lately,
not
lately.
A
As
a
result
of
that,
we
follow
this
issue,
which
is
issue
369
in
six
security,
and
today
it
was
the
second
level
of
presentations
with
the
team
I
presented
to
them
in
early
march
as
well,
and
now
we
have
a
whole
lot
of
folks
that
you
can
see
here
that
they're
that
they
that
they,
like
their
presentation
and
they're
volunteering
themselves,
to
come
in
and
participate
in
the
security
assessment
of
arbor.
A
So
so
you
can
see
here
that
that's
there's
a
quite
a
bit
of
of
folks
and
there's
actually
a
vmware
guide
that
could
have
a
conflicting
conflict
as
well.
So
we
identified
the
lead
security,
reviewer,
that's
andres,
vega
and
then
justin
campos
is
going
to
be
his
shadow
and
a
whole
bunch
of
observers
overall,
good
stuff.
A
A
If,
if
any
of
you
are
interested
in
security,
it
goes
through
everything
from
configuration
to
setup,
attacker
modifications
all
the
security
vectors
that
could
come
into
play
here,
how
we
secure
different
things
like
security
certificates,
keys
secrets
and-
and
you
know,
our
security
disclosure
process,
our
security
policy
and
and
things
like
that,
it's
a
good
read
if
this
is
something
that's
interesting
to
you
either.
If
you
have
comments,
obviously
post
them
on
the
document.
A
A
The
big
anchor
feature
of
that
release
is
the
oci
refactoring,
so
essentially,
harbor
becomes
oci
compliant
will
support
things
like
opas
operators,
images,
home
charts,
everything
managed
as
an
artifact
in
harbor,
and
then
all
of
the
different
features
of
hardware
will
still
work
so,
for
example,
if
you're
looking
about
scanning
tag
retention,
codes
replication,
all
of
that
will
work
and
has
been
verified
to
work
with
the
oc
artifact.
A
Some
other
features
of
of
2.0
that
basically
were
looking
into
is
the
integration
with
trivia
as
a
scanner
that
has
been
completed
so
now.
3V
is
the
building
scanner
for
hardware
2.0.
When
I
say
building,
I
should
say,
building
end
default,
clear
is
still
included,
but
trivia
is
not
the
default
and
the
aqua
team.
A
Just
this
week
announced
the
changing
in
the
licensing
for
trivia
to
be
apache2
so
that
they
can
enable
us
to
ship
with
trivi
there's
a
couple
of
blog
announcements
on
that
as
well
outside
of
oci
harbor
2.0
will
also
include
the
ability
for
all
the
hardware
components
to
communicate
with
each
other
using
tls.
A
This
is
another
requirement,
basic
security,
but
I
think
six
security
will
find
that
a
a
very
good
addition
to
harbor
so
now
be
beyond
the
the
front
end
for
harbor.
You
can
provide
harbor
with
a
certificate
and
all
different
core
services
can
communicate
over
ssh,
oh
sorry,
over
tls
and
then
the
last
part
of
harbor
2.0,
and
this
is
more
opportunistic,
we're
adding
some
web
hook
enhancements
so
think
of
more
events,
more
flexible
configuration
and
the
sending
notification.
To
slack
that
I
showed
you
guys
last
week,
and
I
don't
know
who
was
here
last
week.
A
You
missed
last
week,
okay
yeah.
So
last
week
I
showed
how
you
can
have
web
hooks.
Not
only
send
events
to
http,
but
they
can
send
events
to
slack
now
so
we're
hoping
to
productize
that
and
get
it
ready
for
hardware
2.0,
but
that's
opportunistic.
If
it
if
it
doesn't
meet
the
quality
bar,
it
might
not
get
in.
A
If
you're,
following
some
of
the
hardware
social
media,
like
our
twitter
account
or
our
even
slack
accounts,
we've
announced
the
hardware
operator
la
this
week
and
essentially
the
team
at
ovh
cloud
has
been
working
with
us
for
quite
a
while
now
to
develop
an
operator
on
top
of
harbor.
A
That
essentially
manages
can
manage
multiple
hardware
stacks
and
can
do
some
of
the
basic
lifecycle
management
for
hardware
like,
for
example,
creation,
updating
deletion
of
hardware
and
then,
more
importantly,
it
can
do
that
for
harbor,
core
notary
chart
museum
docker
registry,
the
ui,
but
it
will
not
control
things
like
postgresql
or
redis,
or
some
of
the
object
storage.
A
So
I
think
of
this
as
a
version.
One
core
scanner
for
hardware
and-
and
you
know-
that's-
been
contributed.
It's
part
of
the
hardware
project
repos
right
now
and
welcome
you
to
go
and
try
it.
I
think
it's
it's
a
it's
a
foundational
step
in
improving
how
we
deploy
hardware
out
there,
a
customer
environment
and
how
we
manage
the
hardware.
So
we're
very
appreciative
of
the
of
the
team
at
ovh
cloud
for
doing
that
work,
and
not
only
did
they
finish
that
work,
but
now
they
are
a
big
part
of
our
hardware.
A
Community,
pierre
and
and
his
team
are
both
maintainers
now
in
harbor
so,
and
they
basically
will
help
us
kind
of
through
the
next
phase
of
of
basically
enabling
the
operator
pattern
on
hardware.
We
also
have
three
community
members
that
are
helping
build
an
operator
on
top
of
this
ovh
operator
that
will
install
postgres,
redis
and
other
components
in
an
aj
fashion,
the
sorry,
by
the
way,
on
the
names
earlier
it's
pierre
and
jeremy,
so
I
messed
up
on
the
name.
A
A
So
the
core
operator
is
what
ovh
cloud
has
basically
developed
and
contributed
to
hardware
and
that's
going
to
handle
some
of
the
basic
hardware
components
like
the
core
services,
as
well
as
the
lifecycle
management,
and
then
the
cluster
operator
is
going
to
come
in
and
take
advantage
of
postgres
and
redis
and
min
io
and
other
things
to
enable
a
complete
lifecycle,
management
of
an
entire
hardware
installation
in
a
kubernetes
cluster.
A
Looking
at
this
from
an
architecture
standpoint
when,
when
you
look
at
hardware,
then
basically
this
gets
to
define
and
deploy
all
of
those
different
controllers
that
basically
become
the
building
blocks
for
the
different
services
or
core
services
in
harbor.
So
our
persistent
storage
could
sit
on
a
mini
io
instance.
A
From
an
open
stamp
standpoint,
we're
at
this
point
right
now
that
we're
right
here
after
the
second
kind
of
swim
lane,
so
it's
ovh
operator
has
been
open
source.
The
base
version
has
been
contributed
and
the
hardware
team
has
been
working
on
improving
that
and
the
next
step
is
getting
that
one
to
do
release
time
and
then,
as
well
as
continuing
to
work
on
the
hardware
cluster
operator
that
I
just
mentioned.
A
That's
basically
where
we
are
right
now
and
that's
it.
That's
all
the
the
content
that
I
had
for
our
meeting
today.
Any
questions
or
concerns.
A
The
other
one
that
you
can't
do
that
so
by
the
way,
if
any
of
you
have
missed
a
couple
of
meetings
in
the
past,
we
did
showcase
trivia's,
a
building
scanner
and
it's
in
the
recorded
conversa
in
the
recorded
presentations
for
under
the
cncf
hardware
playlist
on
youtube.
So
if
you
go
to
our
go
hardboard.io
actually
speaking,
since
we
have
a
brand
new
website,
I'm
going
to
go
back
there
right
now
and
show
you
that
so
going
back
to
our
website
here.
A
If
you
go
to
go
at
the
beginning
of
the
website
and
you
go
under
community,
we
have
our
playlist
on
youtube,
so
you
can
catch
up
on
on
on
that
presentation,
where
daniel
from
aqua
presented
3b
as
a
built-in
scanner.
Now
I
want
to
show
you
guys
one
more
thing,
and
this
was
added
literally
yesterday.
A
A
We
have
a
shy
bunch
today,
tiana.
I
know
that
your
team
is
looking
to
to
integrate
hardware
into
your
stock
that
you
guys
are
working
on.
Would
you
be
able
to
kind
of
take
a
look
at
our
operator
that
we
have
just
open
source
and
see
if
that's
something
that
could
create
more
flexibility
into
the
lifecycle
management
of
what
you
guys
were
looking
to
do
with
hardware.
B
B
B
Depends
on
the
scale
for
small
scale
deployments
yeah
we
just
use
docker
routing,
either
with
swarms
native
load,
balancing,
that's
naive,
load
balancing
or
we
use
just
direct
port
mapping.
If
it's
really
small
scale
for
a
larger
scale,
we
put
something
like
engine
x
in
front
yeah.
A
All
right
there's
no
questions
no
concerns.
We
can
probably
give
everybody
back
10
minutes.