►
From YouTube: CNCF Harbor's Community Zoom Meeting - July 12, 2023
Description
CNCF Harbor's Community Zoom Meeting
A
All
right
and
we're
recording
hello
everyone
Welcome
to
our
bi-weekly
community
meeting
for
project
Harbor
today
is
July
12th.
My
name
is
Orlando
I'm
the
community
lead
for
project
Harbor.
This
is
official
community
meeting,
just
be
nice
to
each
other
and
follow
the
code
of
conduct
with
that
said,
I'm
gonna
paste
it
into
the
chat
the
community
meeting
notes.
A
B
A
A
A
C
A
A
C
A
C
D
A
C
A
C
A
We
can,
we
can
definitely
do
that
in
that
account
or
we
can.
We
can
kick
off
like
a
AKs
or
setup
eks
I'm,
sorry.
So,
whatever
you
need
right
now
that
we
have
the
the
resources
we
can
utilize
them.
So
if
you
need
VMS
I
can
I
can
create
VMS,
and
we
can.
We
can
run
it.
I
prefer
if
we
do
that
in
some
automated
fashion
like
if
we,
if
we
want
to
do
tests
in
in
AWS.
So
that
means
like
we
need
like
three
machines
or
whatever
machines.
C
A
A
So
now
we
can
utilize
that
thing
and
actually
spin
up
some
VMS
to
do
testings
or
whatever
it's
we
needed
one
for
the
operator
we
needed
a
few
for
the
home
and
so
on
and
so
forth.
So
now
we
have
kind
of
playground
to
do
stuff,
which
is
cool
I,
think
so
we
have
to
use
that
and
we
bring
you
up
to
speed
with
the
discussion.
D
A
D
A
Anyone
anyone
I
was
that
that's
request
for
that
account.
Okay,
that
need
for
that.
Account
came
out
from
the
the
thing
that
we
needed
some
VMS
to
do,
Hampshire,
testing
or
or
actually
we
needed
a
cluster
to
do
the
helm.
Chart
testing
also
I
think
we
teach
Thomas.
We
discussed
that
or
so
I'm,
not
sure
the
the
operator
testing
as
well,
that
we
we
need
some
environment
there,
so
practically
everything
that
that
needs
testing
and
its
resources,
some
sort,
it's
a
it's.
D
A
So
yeah,
so
now
we
have
it.
We
just
need
to
find
a
way
to
set
it
up
and
have
fun
with
it.
That's
it,
okay,
great
and
and
for
me
the
most
obvious
way
is
by
creating
some
kind
of
repository
for
infrastructure.
That's
like,
for
example,
our
kubernetes
project
is
doing
it
and
and
run
GitHub
hashings
with
with
all
the
secrets
and
everything.
So
we
have
practically
just
hit
up
a
button
to
have
the
everything
set
it
up
or
destroy
it
or
normal
infrastructures
code
can
approach
nothing
special
yeah.
A
I'm
gonna
start
documenting
all
this
stuff.
It's
somewhere
and
I'm,
not
sure
this.
There
will
be
some
sensitive
data
like
the
AWS
account
number
or
who
has
access
to
it.
There
will
be,
should
be
some
accumulation
between
some
publicly
available
information
and
some
others
that
is
not
publicly
available
only
for
maintainers,
I,
suppose
yeah.
But
if
you
have
some
fancy
camera,
which
is
following
you.
D
A
E
E
E
E
F
E
Option
we
will
provide
the
most
dangerous
activity
and
amongst
the
dangerous
artifact,
usually
the
top
file,
dangerous
city
and
travel
file,
dangerous
artifact
and
also
currently,
we
are
only
implement
the
summary
by
System
level.
In
future,
we
are
going
to
implement
the
summary
by
project
level
so
that
when
we
click
that
each
project,
we
can
see
the
project
as
three
vulnerability.
Information
summary-
and
this
is
the
query
for
the
for
this
summary-
this
is
a
Secret
online
sequel.
E
E
E
To
minus
one,
and
the
response
is
the
same
as
the
response
content
is
the
same
as
the
query:
without
the
tune
count
option
and
the
only
difference
is
the
external
comp
will
exceeded,
we
are,
will
be
a
minus
one
and
in
UI
it
will
display
that
account
is
1000
plus
in
the
UI,
and
this
is
the
acquiring
conditions
for
such
vulnerabilities
and
the
country
we
can.
We
support
such
vulnerabilities
by
City
ID,
and
also
we
can
search
that
by
civility
levels
such
as
critical,
high
or
medium
that
as
such
and
research
score.
D
E
E
E
E
E
E
Under
the
pop-up
for
the
performance
consideration,
the
topic
typical
production
environment
may
have
more
than
10
000
artifacts
and
each
other,
and
they
have
170.
So
the
the
table
of
report
vulnerability
record
will
have
many
many
records.
So
we
need
to
consider
the
performance
popular
query.
We
need
to
refine
the
current
query
for
better
performance
and,
for
example,
index
for
these
tables.
D
A
D
E
A
E
G
G
B
G
A
G
A
A
Okay,
thank
you
Jordan
again,
okay,
so
next
on
an
agenda
out
of
the
making
sure.
Oh
it's
discussion,
topics
about
the
kubecon
Chicago
with
Stephen.
We
still
haven't
applied
for
any
of
this
stuff
that
I'm
showing
the
kiosks
or
project
meetings
I'm
just
wanna.
Last
time,
sure
sync,
with
with
everyone
that
there
will
be
presents
there,
like
volume,
you're
planning
to
be
there
right,
yeah.
D
D
D
A
D
A
A
B
A
Yeah
I'll
do
that
another
update,
okay,
that
should
be
in
the
update
section
but
I've
created.
Maybe
you
saw
that
on
the
maintainers
mailing
list,
I've
created
a
new
zapier
account
under
the
cncf
harbor
maintenance,
email
address
and
I
use
that
to
sync
whenever
we
have
new
recording
into
Zoom
to
be
automatically
uploaded
to
YouTube,
so
that
password
the
same,
that
user
will
be
into
the
future
shared
LastPass
account
for
the
project.
If
you
want
to
use
it
for
some
other,
like
automation,.
A
Because,
right
as
of
now,
it
was
it
is
under
the
account
of
Jonas
but
yeah
having
it
on
private
accounts
is
not
it's
not
good,
so
I
decided
to
migrate
it
to
our
own
account,
which
will
be
inherited
by
whoever
wants
to
take
care
of
the
project
in
the
future.
If
something
goes
differently
that
we
anticipated
right
now,
so
yeah
yep,
my
my
operations
site
is
kicking
in.
So
sorry
for
that
and
yeah
I'm
on
community29
release,
update.
G
All
right,
thank
you.
We
are
in
the
FC
stage
up
to
the
night
and
the
plan
date
of
FC
stage
is
the
July
17th.
But,
however,
since
we
there's
some
updates
on
the
security
harp
proposal
like
a
stone
and
just
pretend
we
did
some
API
chain
as
well
as
some
UI
change,
so
they
we
would
like
to
require
more
one
more
week
for
the
code
implementation.
So
we
would
like
to
today
at
the
FC
state
for
one
more
week.
D
G
A
D
A
Folk
provided,
as
we
discussed,
I
addressed
that
to
cncf
they're
super
happy
with
the
update.
If
we
find
it
like
useful
for
us
and
we
if
we
like
it,
there's
no
restrictions
from
their
site.
How
how
to
deal
with
that
so
I'm
happy
with
the
look
so
I
think
we
can
unblock
that
thing
and
everyone
can
vote.
A
G
B
G
A
Are
yeah
yeah
I've
opened
I
can
relate
if
you
want
me
to
to
the
cncf
service
desk
ticket
that
I
asked
them
ISD
was
that
marketing
slash
whatever
Bureau
with
cncf
and
they
they
took?
They
took
a
look
at
the
at
the
changes
that
it's
fine,
it's
as
long
as
it's
work
work
for
us,
it's
not
violating
any
like
branding
or
project
kind
of
marketing,
oriented.
B
A
B
A
Holidays
in
at
least
in
that
region
of
the
Earth,
where
I'm
living
our
project,
so
at
some
point
one
is
I
want
to
take
some
some
days
off,
so
I'll
be
looking
for
some
volunteers
to
take
care
of
the
community
meetings
at
some
point.
Our
output
dates
for
the
next
one.
So
if,
if
someone
can
take-
and
just
do
that
thing
that
I'm
doing
so,
it's
not
a
big
deal.
A
A
B
A
A
B
A
Yeah
so
yeah,
okay,
thanks
for
that,
I'll
put
the
dates
for
the
like
until
the
September
for
for
the
meeting
that
we'll
need
someone
else
to
take
care,
I'll
be
around
with
the
for
the
release.
So
we
can.
We
can
work
out
some
some
blog
posts
and
some
notifications
around
the
release,
but
I'll
be
I'll,
be
I'll
join
around
the
release
date,
so
we
can
figure
this
out.
A
A
A
G
Yes,
I
can
make
a
quick
update
if
you
want
during
the
last
Arbor
operator
community
meeting,
we
mainly
talked
about
the
release
of
the
1.4
operator
version
that
will
manage
2.6
above
version.
Our
goal
is
to
release
it
before
the
end
of
summer.
We
try
to
to
visit
for
the
end
of
July,
but
at
worst
it
will.
It
will
be
end
of
August,
so
that
is
our
main
Target.
Today.
G
A
A
By
the
way
I
have
to
publish
the
last
last,
recording
is
still
pending,
so
I'll
do
that
now,
actually,
after
the
call.
So
if
someone
is
interested,
Can
can
take
a
look
at
the
recording
what
was
discussed
last
time,
cool
all
righty.
Thank
you
very
much
for
attending
today.
I
hope
you
have
great
rest
of
the
day
or
have
a
great
evening
and
talk
to
you
in
two
weeks.