►
From YouTube: CNCF Harbor's Community Zoom Meeting - June 14, 2023
Description
CNCF Harbor's Community Zoom Meeting
B
B
B
D
D
A
B
A
C
C
C
B
B
C
B
B
G
E
E
So
I
I
noticed
that
back
in
Amsterdam,
Harbor
announced
Cloud
event,
support
and
I
thought
that's
a
great
feature
to
have
for
a
registry,
and-
and
it
resonates
with
me,
because
in
the
NCD
events,
what
we
are
trying
to
do
is
to
bring
interoperability
in
the
continuous
delivery
space
or
software
life
cycle.
If
you
will,
that
includes
all
the
components
from
your
CI
CD,
but
also
artifact
Registries
and
deployment
tools,
etc,
etc.
E
It
makes
it
easier
and
also
having
this
common
language
enables
to
have
things
like
even
driven
workflows,
and
one
scenario
that
I
was
chatting
about
with
the
Argo
folks
is
that
the
image
updated
image
updater
feature
that
they
have
so
basically
today.
Our
argosity
is
a
continuous
delivery
tool
for
githubs
and
they
listen
to
a
container
registry
and
they
look
for
updates
on
a
specific
container
image.
E
E
And
so
that's
why
I'm
here
I'm
reaching
out
to
to
the
Harbor
community
I
think
because
I
wanted
to
propose
for
Harbor
to
support
City
events
so
that,
within
the
cloud
events
format
that
already
exists
as
an
alternative,
they
could
produce
CD
events
as
well.
That
would
bring
this
interoperability
feature
to
Harbor,
so
I
I'm
new
to
the
community,
so
I
hope
I'm
doing
things
right.
E
I
created
an
issue
to
get
started
and
to
provide
some
context
and
yeah
here
is
some
information
that
I've
been
talking
about.
There
is
this
picture
that
gives
you
an
idea
what
we
are
trying
to
do
with
City
events,
so
I
have
all
different
tools
for
using
City
events.
You
can
get
all
this
information
in
an
Evidence
store
and
build
nice
things
out
of
it,
and
you
can
also
use
these
events
to
to
trigger
your
workflows.
Like
I
was
saying
and
I
started
a
proposal.
E
E
B
E
And
yeah
so
in
terms
of
design,
so
there
is
one
event
that
City
Event
specification
covers
today.
That
is
meant
for
registry
artifact
registry
to
to
produce,
which
is
the
artifact
published
event.
This
is
an
event
that
is
produced
anytime.
There
is
a
new
version
or
a
new
artifact
published
into
the
into
the
registry,
but
we
could
add
more
on
the
city
event.
E
Side
and
I
would
be
happy
to
to
drive
that
work
and
I
already
opened
an
issue
on
City
Event
side
to
end
things
more
like
artifact
pulled
or
artifact
labeled
I've
seen
you
have
an
artifact
deleted
event.
Today
there
is
an
artifact
scan
that
we
might
add
as
well,
and
so
this
would
be
the
primary
the
first
goal
for
this
design.
E
There
is
also
a
possibility
to
support
consuming
events
and
then
so
the
the
idea
there
would
be
that
if
there
is
an
event
coming
into
Harbor,
a
CD,
for
instance,
from
a
testing
tool
that
executed
a
scan
on
the
artifact
or
perform
some
extra
testing,
then
that
could
be
used
by
our
book
to
label
the
artifact.
Accordingly,
that's
so
consuming
event
could
be
a
bit
more
challenging,
so
there
are
a
couple
of
options.
E
How
things
can
be
done
and
my
general
recommendation
would
be
to
start
with
the
producing
side,
and
also
there
is
a
more
clear
use
case
there
and
then
possibly
continue
on
the
consuming
event
side
of
things
yeah,
so
I
didn't
want
to
take
too
much
time.
So
this
is
kind
of
the
basic
information
I
prepared
for
today
and
I
would
open
it
for
a
few
questions
that
you
may
have.
B
E
E
I
could
probably
imagine
that,
since
there
are
some
notification
formats
available
today,
City
events
could
be
an
alternative
one
but
yeah.
So
there
are
a
lot
of
details
and
design
discussions
to
be
well,
not
a
lot,
but
a
few
to
be
discussed
about
like
how
this
will
be
configured,
how
it
is
exposed
to
users
and
so
forth.
Right
so
I,
don't
know
there
are
what
kind
of
consideration
needs
to
be
taken
but
yeah.
So
what.
C
Yeah
yeah,
first
of
all,
thank
you
for
for
the
proposal.
So
so
can
we
could
you
have
to
open
the
new
proposal
in
the
Harvard
Community
repository
so
that
we
can
discuss
a
more
details
based
on
that
proposal
and
yeah
yeah
I?
Thank
them,
and
second
I
can
give
you
some
more
more
background
regarding
to
the
event
integration.
C
C
C
B
So,
to
sum
up,
if
you
can
translate
that
thing
to
Community
repository
proposal,
so
people
can
start
adding
ideas
it.
It
will
be
a
bit
more
messy
I
understand
your
initial
idea
to
do
you
think
I
can
do
it,
it's
a
bit
more
clear.
When
then,
you
create
the
actual
proposal,
but
then
we
are
losing
all
the
history
of
decisions
in
the
in
the
proposal
I'm
going
to
link
you
some
some
some
peers
that
were
implemented.
E
A
A
E
Yes,
exactly
so
that
that's
not
100
clear
to
me,
so
there
is
one
possible
use
case.
We
do
have
like
test
events,
for
instance.
So
if
you
could
you
wanted
to
delegate
certain
logic
to
external
testing
platform,
you
could
be
notified
that
a
test
suit
was
completely
reset
and
tests
were
executed,
then
add
a
label
to
to
an
artifact
as
a
reaction
to
that,
but.
E
A
C
Of
a
scenario,
so
we
only
set
up
on
the
events
to
the
other
like
cicd
system.
So
then
they
can.
They
can
compose
their
pipeline
by
consuming
the
events
that
sent
out
by
Harbor,
but
currently
Harvard
does
not
receive
any
event
from
any
outside
system
and
do
any
action
in
The
Harborside.
So
I've
I
personally
agree
that
we
can
step
it.
These
two
category
into
two
proposals.
One
is
introduced
a
CD
humans,
the
other
one
is
harder
to
consume
humans
from
outside
that
okay,
yeah.
E
E
Wanted
to
provide
both
use
cases
for
completeness
and
see
what
people
thought
about
them,
but
yeah
so
I'll
start
them
creating
a
proposal
for
the
producing
events,
and
we
can
maybe
create
an
issue
about
consuming
events
to
see.
Yes,
if
there
is
interest
in
this
at
all,
and
if
there
is,
we
can
maybe
discuss
how
you
could
just
like.
C
B
A
B
B
E
It
is
also
related
to
to
my
work
as
sipm,
so
there
is
interest
within
IBM
to
to
having
a
standardized
I
mean
we
we
do
offer
like
CD
services
on
the
cloud,
and
so
we
have
like
this
kind
of
pipeline
Runners
based
on
tecton
and
we
use
artifactory
also
at
IBM.
We
use
a
different
set
of
tools
and
it
makes
sense
so
we
use
cloud
events
today
to
collect
events
across
many
platforms
but
yeah.
E
So
there
is
interest
in
having
a
common
format
there,
and
we
have
interests
also
from
other
companies
like
web
Fidelity.
They
actually
they're
the
first
adopter.
They
produce
the
Jenkins
plugin
for
City
events.
You
have
interest
from
Apple
Apple
they're,
contributing
to
the
City
events,
because
their
devops
team
they're
interested
in
this
kind
of
tools,
yeah.
Other
companies
involved
like
SAS
Ericsson,
so
they're
looking
to
have.
A
B
The
the
other
part
of
my
question
is,
but
you
already
answer
that
if
we
go
and
Implement
that
thing
and
accept
it
into
Harbor,
we
are
also
looking
for
like
a
long-term
engagement
with
this
stuff
and
supporting
it,
because
it's
I
I
believe
it's
not
like
a
single
shot
kind
of
effort,
but
we
need
more
like
engagement,
long
term,
so
yeah
I
got
I
got
the
answer
from
the
rest
of
the
thing
that
you
just
explained.
So
thank
you.
B
B
G
G
And
today,
I
show
you
the
integration
with
the
vulnerability,
our
vulnerability
software
with
Arbor,
it's
pretty
cool
because
on
the
bus
we
just
have
one-sided
integration
with
with
pulling
some
images
from
Arbor,
but
today
we
can
show
our
in
our
CD
information
in
an
in
the
album
interface
and
I.
Think
it's
very
good.
B
G
Or
is
a
all
overall
application
or
tool
is
our
deploying
Docker?
So
we
like
this
technology,
yeah
very
much.
We
are
not
specialized
on
container
analysis
because
we
we
come
from
the
generic
infrastructure
management,
so
we
are
best.
We
manage
desktop
server,
Network
device,
industrial
device
like
PLC
and
something
like
that
and
the
contouring
image
is
just
one
part
of
our
scope
and
I:
don't
do
the
pre,
the
commercial
part
I
prefer
to
show
you
directly
the
demonstration,
so
our
tool
is
very
easy
to
understand.
G
G
It's
very
good,
it's
very
good
for
scissor
or
something
like
that
and
some
people
in
the
in
the
company,
but
not
for
devops
team.
It's
better
to
have
the
CV
information
on
a
tool
for
the
for
the
devops
team,
so
Harbor
is
great
for
that
I
just
had
we
have
implemented
the
three
RP
roads
to
integrate
with
rubber.
If
I
add
when
you
a
b
key
demon.
D
D
G
A
D
D
G
G
G
It's
already
image.
If
you
see
this
one,
for
example,
on
the
bar
on
the
end
of
the
page,
you
have
all
the
CV.
We
found
all
the
security
issue
on
the,
why
we
are
the
problem,
so
the
current
package
version
are
not
up
to
date.
So
it's
a
Debian
days
image.
You
see
that
we
miss
one
batch
and
we
can
show
you
all
the
list
of
the
all
the
information
of
the
CV.
G
If
you
want
more
details,
you
can
come
back
with
your
cyber
watch
instance
and
you
have
the
detail
advisory
of
the
of
the
ceiling
and
on
the
back,
you
have
also
the
list
of
your
wallet
it
has
set,
and
you
can
see
that
you
have
the
variable
images
we
scan
and
inside
the
vulnerabilities
of
cyber
watch.
You
have
the
same
information
as
we
found
in
a
harbor,
so
in
fact,
for
this
image
we
have
three
patch
missing
the
there
are
not
the
last
version
of
radius.
D
I
G
Okay,
so
in
one
side
we
pull
the
image
on
the
over
scanner
and
we
run
some
bash
or
shell
script
inside
to
extract
all
the
all
the
list
of
Technology
inside
the
packet,
the
docker
packet,
every
Debian
Deb,
or
a
very
software
like
ready,
server
installed
manually
on
the
robot
side,
we
call
all
information
on
the
internet.
If
you
see
this
CV
in
particular,
we
show
you
that
we
call
information
from
the
list
and
the
nvd
on
the
information
come
back
from
every
distribution,
Linux
distribution
like
Reddit
Debian,
or
something
like
that.
D
C
G
C
G
A
G
B
G
B
Sure
I'm
just
curious
if
someone
asks,
because
sometimes
people
ask
about
this
kind
of
Integrations,
for
example,
with
sneak
and
some
others
and
yeah,
for
example.
Sneak
also
doesn't
have
like
the
three
integration
to
like
the
same
way
as
3v
is
doing
it
just
asking
for
the
records
to
be
honest
and
out
of
curiosity,
no
nothing
else,
yeah
all
right.
C
I'm
singing
this
because
we
want
to
do
a
implementation
or
or
enhancement
on
this
pack
and
to
provide
a
master
minorities
to
introduce
more
capability
for
multiple
scanner
like
we
can
support,
s-bomb
or
licensed
scanning
yeah
yeah.
The
things
like
that
so
so
I
would
like
to
see.
If
someone
can
give
us
some
feedback
so
then
we
can
based
on
this
feedback
to
to
make
better
a
design
yeah.
So
if
you
want
some
problem,
just
let
us
know.
Thank
you.
Okay,
thank.
A
G
G
For,
for
example,
for
Debian
packages,
we
don't
see
the
any
CVS
are
not.
They
are
not
patchable.
So
it's
when
our
side
effect,
because
we
don't
want
to
lose
time
for
our
customer
with
unsolving
problems,
and
this
in
our
site.
For
us,
can
we
do
with
the
CPE
from
the
NBD,
like
the
the
radius
part
in
this
image.
G
But
for
3v
that
I
say
I
have
tested
this
program
three
years
ago,
so
I
don't
think
it's
a
really
a
good,
but
at
in
the
past
the
main
problem
of
this
type
of
scanner
is
that
you
use
only
the
CPE
and,
for
example,
if
you
see
this
CV,
for
example,
you
you
have
a
minor
patch
for
Debian
and
you
can
and
if
you
use
only
data
for
come
from
the
nvd.
You
have
just
this
part
of.
G
B
J
B
J
All
right,
so
I
will
make
a
very
quick,
introduce
myself
first
I'm
Lucas
at
working
at
TNG
technology
technology
consultant,
but
I
will
not
sell
you
anything
today.
Only
one
pull
request,
which
is
for
free,
I
erase
the
pull
request
like
a
month
ago,
because
I
started
implementing
some
Google
application
against
the
go.
Harbor
and
I
use,
go
client
and
I
found
it
very
useful.
J
J
It
consists
mainly
of
a
make
file
where
you
can
from
the
Swagger
definition,
create
the
go
SDK
and
what
I
did
is
I
bumped
it
to
the
latest
version,
and
you
see
that
there
are
many
many
files
removed,
and
this
is
because
the
from
what
I've
understood
this
Legacy
and
and
the
other
older
Swagger
Jason
Swagger
yaml
files-
they
don't
exist
anymore.
So,
instead
of
assist
version,
2
and
version,
2
Legacy
there's
only
version
two
left,
and
this
is
more
or
less
everything.
I
did
in
this
pull
request.
J
I
Yeah
so
I
invited
Lucas,
because
I
think
it's
would
be
a
valuable
discussion
to
see
that
we
can
provide
a
bit
more
love
to
the
Google
client
library
to
go
to
the
Google
client,
especially
updating,
because
the
the
other
background
is
that
for
the
CLI
client
that
we
or
actually
is
currently
working
on,
he
has
also
discovered
a
problem.
The
go
library
or
the
go
client
and
specifically,
is
I.
I
I
C
C
I
I
I
Yeah,
so
you
see
Lucas,
we
need
to
update
if
we
update
the
go
client
here
right.
We
need
to
make
sure
that
the
clients
who
are
using
the
go
client
are
also
have
the
opportunity
to
update
as
well
right.
So
we
need
to
kind
of
not
synchronize
it,
but
you
know
they
push
it
somehow
Downstream
and
telling
them
to
use
the
new
go
client
Library
so
that
they
can
update
their
code
if
they
need
to
if
they
want
to
yeah.
So
how
should
we
progress
with
the
pr.
A
C
J
J
B
B
F
Yeah
I'm
asking
as
a
harbor
user
I'm,
not
as
a
contributor
or
developer
and
I'm,
not
sure
if
I'm
of
if
this
is
the
right
stage,
to
ask
this
question.
But
I
have
opened
an
issue
a
couple
of
weeks
ago
and
just
want
to
ask
you
if
you
can
point
me
just
in
the
right
direction
to
go
further
with
this
issue.
F
B
F
D
A
F
Is
better
so
so
yeah?
It
was
yeah
quite
some
time
ago
and
we
still
using
in
Harbor
with
chart
Museum,
hopefully
not
not
too
long,
but
we
are
still
using
one
with
chart
Museum
and
we
have
one
project
within
our
Harbor
instance
which
cannot
be
accessed.
You
can
either
pull
images,
push
images
you
can
delete
it
via
a
portal
or
API.
You
yeah,
it's
it's
not
usable,
so
to
say,
and
we've
gotten
a
screenshot
here
where
we
receive
in
500
HTTP
500.
F
F
Maybe
it
should
work
again,
but
so
so
we
are
not
really
experienced
with
redis
and
how
it
interacts
with
horror,
and
since
we
cannot
reproduce
reproduce,
reproduce
this
or
replicate
this
in
our
test
instance,
we
have
to
do
this
in
production,
so
we
are
a
little
bit
cautious.
You
know-
and
we
are
asking
so
if
we
are
using
if
we
are
searching
in
our
redis
database,
for
the
keyword
chart
we're
receiving
these
results.
F
D
D
F
C
I
C
F
C
C
D
F
C
F
F
As
I
described
in
the
last
meeting
so
with
the
So,
currently
our
teams
receiving
their
Helm
charts,
classic
ham,
charts
Upstream
via
our
implementation
of
artifact
Hub
in
Harbor,
right
so
they're,
using
their
bitnami
and
kubernetes
charts
and
so
on,
and
for
this
iteration,
which
ends
on
July
for
our
team,
we
are
planning
to
deploy.
The
oci
Hem
chart
proxy
from
that
in
in
our
production
system.
So
we
are
testing
right
now.
It
seems
very
good,
but
I
have
this.
F
F
This
is
our
goal
yeah,
but
we
cannot
do
this
right
now,
because
a
lot
of
teams
using
classical
hand
charts
so
to
say
in
their
own
projects
and
in
a
central
project,
and
we
need
to
support,
chart
Museum,
I
think
for
at
least
one
or
two
months
or
three
months
yeah.
Once
we
have
a
good
alternative
with
the
hand
proxy,
which
seems
quite
promising,
then
we
go,
then
we
can
upgrade
to
2.8,
which
is
our
goal.
F
Yes,
yes,
thank
you.
We
will
use
it
and
we
will
give
this
to
to
in
the
hands
of
our
internal
teams,
but
for
the
Upstream
charts,
because
the
teams
should
not
download
on
their
own
from
their
own
environments,
charts
from
from
every
instance.
So
we
have
this
one,
a
single
proxy,
which
is
our
Hardware
instance,
and
for
that
we
need
an
alternative,
and
this
is
the
hand
proxy
yeah
yeah
and
it's
running
in
our
test
instances
and
it's
doing
its
job
padding.
It's
quite
good
here.
B
Thank
you
hope
that
will
fix
your
issues
within
two
minutes
after
the
hour.
So
one
last
thing
this
Sunday.
Yes,
this
Sunday
is
the
end
time
for
the
cfps
for
kipcon,
both
kubecons
China,
so
Shanghai
and
Chicago.
So
if
you're
planning
on
applying
for
a
talk,
don't
forget
the
end
date.
If
you
need
my
help
to
review
or
give
you
ideas
on
your
talk,
your
abstract,
please
do
contact
me,
so
we
can
work
it
out.
Yes
with
him.