►
From YouTube: CNCF Harbor's Community Zoom Meeting - July 12, 2023
Description
CNCF Harbor's Community Zoom Meeting
A
All
right
and
we're
recording
hello
everyone
Welcome
to
our
bi-weekly
community
meeting
for
project
Harbor
today
is
July
12th.
My
name
is
Orlando
I'm
the
community
lead
for
project
Harbor.
This
is
official
community
meeting,
just
be
nice
to
each
other
and
follow
the
code
of
conduct
with
that
said,
I'm
gonna
paste
it
into
the
chat
the
community
meeting
notes.
A
B
A
So
I've
added
a
few
stuff
and
Belgian
at
it
as
well.
So
some
of
this
from
my
side
submitted
everything
that
you
folks
wanted
to
have
for
the
cubecon
channel,
the
the
kiosk
and
the
maintenance
media
internet's
truck
talk,
there's
no
project
project
meeting
session
for
China.
Don't
know
why.
A
A
So
we
can
store
that
and
and
have
it
for
the
future,
not
to
ask
again
Jeffrey
from
from
cncm.
So
hey.
A
C
A
That's
part
of
that's
part
of
the
same
effort
came
out.
We
we
have,
we
have
account
already
created
within
AWS
and
now
with
this
one,
we
can
create
the
keys
and
then
deploy
whatever
we
want
and
we
need
so.
A
That's
just
like
a
follow-up
question
and
I
said
this:
how
you
think
you're
gonna
trade,
these
VMS
I,
can
create
these
VMS
for
you.
If
you
want,
or
are
we
going
to
use
some
kind
of
automation
like
from
GitHub
actions
or
something
to
spin
up
this
VMS
and
use
them
or
what
was
the.
C
Well,
but,
according
to
my
knowledge
that
these
VMS
that
were
used
to
create
kubernetes
crafters
for
overhem
Pablo,
now
it
has
nothing
to
do
with
AWS
account.
It
is
like
a
like
a
sort
of
like
a
on-premise
VMS
with
the
machines
that
will
be
used
for
for
Abraham
to
to
run
pipeline.
A
C
D
A
C
And
I
I
record
that
and
thank
you
once
asked
you
to
create
some
virtual
machines
for
him
to
run
the
pipeline
of
run
the
netany
test
of
the
performance
tests
for
for
Harbor
OSS
project.
Yes,.
A
C
A
We
can,
we
can
definitely
do
that
in
that
account
or
we
can.
We
can
kick
off
like
a
AKs
or
setup
eks
I'm,
sorry.
So,
whatever
you
need
right
now
that
we
have
the
the
resources
we
can
utilize
them.
So
if
you
need
VMS
I
can
I
can
create
VMS,
and
we
can.
We
can
run
it.
I
prefer
if
we
do
that
in
some
automated
fashion
like
if
we,
if
we
want
to
do
tests
in
in
AWS.
So
that
means
like
we
need
like
three
machines
or
whatever
machines.
C
A
That
could
be
anyone
right
so,
but
if
we
have
the
credentials
as
GitHub
GitHub
secrets
and,
for
example,
we
create
a
new
repository,
let's
call
it,
for
example,
infra
or
whatever,
which
has
the
actions
to
spin
up
all
these
VMS
and
set
them
up
for
testing.
A
A
A
So
now
we
can
utilize
that
thing
and
actually
spin
up
some
VMS
to
do
testings
or
whatever
it's
we
needed
one
for
the
operator
we
needed
a
few
for
the
home
and
so
on
and
so
forth.
So
now
we
have
kind
of
playground
to
do
stuff,
which
is
cool
I,
think
so
we
have
to
use
that
and
we
bring
you
up
to
speed
with
the
discussion.
D
A
D
A
Anyone
anyone
I
was
that
that's
request
for
that
account.
Okay,
that
need
for
that.
Account
came
out
from
the
the
thing
that
we
needed
some
VMS
to
do,
Hampshire,
testing
or
or
actually
we
needed
a
cluster
to
do
the
helm.
Chart
testing
also
I
think
we
teach
Thomas.
We
discussed
that
or
so
I'm,
not
sure
the
the
operator
testing
as
well,
that
we
we
need
some
environment
there,
so
practically
everything
that
that
needs
testing
and
its
resources,
some
sort,
it's
a
it's.
D
A
So
yeah,
so
now
we
have
it.
We
just
need
to
find
a
way
to
set
it
up
and
have
fun
with
it.
That's
it,
okay,
great
and
and
for
me
the
most
obvious
way
is
by
creating
some
kind
of
repository
for
infrastructure.
That's
like,
for
example,
our
kubernetes
project
is
doing
it
and
and
run
GitHub
hashings
with
with
all
the
secrets
and
everything.
So
we
have
practically
just
hit
up
a
button
to
have
the
everything
set
it
up
or
destroy
it
or
normal
infrastructures
code
can
approach
nothing
special
yeah.
A
I'm
gonna
start
documenting
all
this
stuff.
It's
somewhere
and
I'm,
not
sure
this.
There
will
be
some
sensitive
data
like
the
AWS
account
number
or
who
has
access
to
it.
There
will
be,
should
be
some
accumulation
between
some
publicly
available
information
and
some
others
that
is
not
publicly
available
only
for
maintainers,
I,
suppose
yeah.
But
if
you
have
some
fancy
camera,
which
is
following
you.
D
A
E
Yeah,
let
me
introduce
the
new
feature
that
we
are
going
to
deliver.
We
need
in
a
two
dollar
now
the
issue
for
496
address
the
pen,
part
of
the
see.
E
Of
the
user,
such
as
the
previous
CV
report,
is
or
artifact
of
the
colleges
I
have
to
click
and
check
every
artifact
to
the
to
get
a
detailed
information,
and
the
city
report
feature
can
export
this
information,
but
it
only
can
export
the
information
by
a
single
project
and
it
is
not
easy
for
user
to
such
as
when
they
are
active
on
new
release
and
to
review
their
severed
as
severe
vulnerabilities
in
a
single
project
in
a
single
release,
so
I
mean
the
security
Harbor
provide
this
to
provide
this
new
feature
to
solve
this
issue.
E
E
And
the
current
visual
is
the
only
compatible
with
pluggable
scanner
aspect
1.0
and
support
only
to
support
the
true
adapter.
Maybe
in
the
future,
is
a
real
Implement,
more
or
tested
the
compatibility
of
the
other
adapters.
E
For
some
performance
consideration
that
scan
report
the
table,
you
need
to
add
the
following
columns.
Previously,
this
information
was
aggregated
honky
Bank.
Currently
we
are
going
to
add
this
information
in
a
scan
report
table
so
that
we
can
improve
our
performance.
E
And
the
implementation
we
are
going
to
deliver
to
I
understand
guys
wise
to
schedule
summary
information
scan
summary
when
we
provide
our
with.
F
E
Option
we
will
provide
the
most
dangerous
activity
and
amongst
the
dangerous
artifact,
usually
the
top
file,
dangerous
city
and
travel
file,
dangerous
artifact
and
also
currently,
we
are
only
implement
the
summary
by
System
level.
In
future,
we
are
going
to
implement
the
summary
by
project
level
so
that
when
we
click
that
each
project,
we
can
see
the
project
as
three
vulnerability.
Information
summary-
and
this
is
the
query
for
the
for
this
summary-
this
is
a
Secret
online
sequel.
E
E
E
To
minus
one,
and
the
response
is
the
same
as
the
response
content
is
the
same
as
the
query:
without
the
tune
count
option
and
the
only
difference
is
the
external
comp
will
exceeded,
we
are,
will
be
a
minus
one
and
in
UI
it
will
display
that
account
is
1000
plus
in
the
UI,
and
this
is
the
acquiring
conditions
for
such
vulnerabilities
and
the
country
we
can.
We
support
such
vulnerabilities
by
City
ID,
and
also
we
can
search
that
by
civility
levels
such
as
critical,
high
or
medium
that
as
such
and
research
score.
E
And
because
the
NBD
score
is
mostly
popular,
it
is
supported
by
Advanced,
for
example,
we
we
can
specify
the.
D
E
From
7.0
to
10.,
so
all
these
vulnerabilities
with
that
between
these
scores
we
are
displayed,
and
we
also
support
the
quality
by
project
ID
and
the
Repository.
This
is
our
exact
match
and
package
and
attack.
E
Beside
the
upper
wall
outline
windows,
we
also
need
to
reflect
some
of
the
code.
First,
we
need
to.
E
E
E
And
then
we
also
need
to
refactor
the
previous
cve
process.
E
And
this
is
we.
E
Plot
because
previous
Scandal
include
at
the
critical
counter,
High
count
and
medium
count
on
the
local.
We
will
extracted
this
data
from
previous
scan
report
and
this
is
the
UI
of
the
security
Hub.
This
is
the
first
feature
is
the
screenshot
of
the
summary
information.
E
And
in
the
button,
it
is
the
search,
vulnerability
interface.
E
Under
the
pop-up
for
the
performance
consideration,
the
topic
typical
production
environment
may
have
more
than
10
000
artifacts
and
each
other,
and
they
have
170.
So
the
the
table
of
report
vulnerability
record
will
have
many
many
records.
So
we
need
to
consider
the
performance
popular
query.
We
need
to
refine
the
current
query
for
better
performance
and,
for
example,
index
for
these
tables.
D
A
D
E
A
E
G
Cool
by
the
way,
this
is
the
anchor
feature
of
2.9,
so
we
have
already
released
some
PRS
I
mean
for
the
source
code.
So
so
actually
we
didn't
cut
chance
to
present
this
proposal.
But
actually
this
is
should
be
the
the
the
anchor
feature
in
2009
release
and
still.
G
A
All
right
by
the
way,
do
you
think
we
can
add.
B
A
Two
nine
one
of
the
the
other
projects
from
the
mentorship
program
like
have
you
managed
to
review
wilfred's
changes
and
and
the
others.
G
So
if
we
would
like
to
have
some
of
them,
we
can
maybe
plan
them
in
2010
finding
window
so
decide
which
one
will
be
in
to
London
2010
and
then
so.
We
will
focus
on
that.
So.
A
G
The
yearly
yeah
we
usually
start
to
plan
the
next
release
after
the
FC
stage
of
the
previous
release,
so
me
should
be
reached
to
the
planning
of
210,
maybe
in
two
weeks.
G
I
mean
we
should
start
the
plan
window
for
2.10,
maybe
in
10
weeks.
Sorry
in
two
weeks.
So
probably
we
can
and
create
a
new
discussion
for
to
collect
the
requirement
from
the
community
for
2.10
yeah,
maybe
next
week
or
or
yeah
two
weeks
after
yeah
and
then.
A
Okay,
yeah!
That's
that's
the
reason
why
I'm
asking
because
we
have
to
address
this
this
as
well:
yeah,
okay,
cool.
A
All
right,
so
anyone
any
more
questions
about
security,
hope.
A
Okay,
thank
you
Jordan
again,
okay,
so
next
on
an
agenda
out
of
the
making
sure.
Oh
it's
discussion,
topics
about
the
kubecon
Chicago
with
Stephen.
We
still
haven't
applied
for
any
of
this
stuff
that
I'm
showing
the
kiosks
or
project
meetings
I'm
just
wanna.
Last
time,
sure
sync,
with
with
everyone
that
there
will
be
presents
there,
like
volume,
you're
planning
to
be
there
right,
yeah.
D
D
The
this
the
talk
for
the
president.
D
D
A
D
A
A
B
A
Okay,
good
yeah,
the
same
thing
goes
for
the
project:
update
I,
think
the
emphasis
will
be
the
security
hub
functionality,
obviously,
and
some
other
stuff
around
operator
and
on
the
telephone,
for
example,
provider
and
that's
about
it
because
we
yeah
it's
so
far
ahead
of
time.
A
Then
the
conference
that
yeah,
we
don't
know
what
will
be
entertained
so
yeah,
okay,
okay,
so
that
I
think
that
that's
cool
I'm,
gonna
contact
you
about
the
kiosk
depends
on
the
time
frames
that
we
we
want
to
have
like
afternoons
or
something
and
about
the
project
meeting
the
same
thing
like
what
the
same
thing
that
we
did
for
Amsterdam
alrighty.
A
Yeah
I'll
do
that
another
update,
okay,
that
should
be
in
the
update
section
but
I've
created.
Maybe
you
saw
that
on
the
maintainers
mailing
list,
I've
created
a
new
zapier
account
under
the
cncf
harbor
maintenance,
email
address
and
I
use
that
to
sync
whenever
we
have
new
recording
into
Zoom
to
be
automatically
uploaded
to
YouTube,
so
that
password
the
same,
that
user
will
be
into
the
future
shared
LastPass
account
for
the
project.
If
you
want
to
use
it
for
some
other,
like
automation,.
A
Because,
right
as
of
now,
it
was
it
is
under
the
account
of
Jonas
but
yeah
having
it
on
private
accounts
is
not
it's
not
good,
so
I
decided
to
migrate
it
to
our
own
account,
which
will
be
inherited
by
whoever
wants
to
take
care
of
the
project
in
the
future.
If
something
goes
differently
that
we
anticipated
right
now,
so
yeah
yep,
my
my
operations
site
is
kicking
in.
So
sorry
for
that
and
yeah
I'm
on
community29
release,
update.
G
All
right,
thank
you.
We
are
in
the
FC
stage
up
to
the
night
and
the
plan
date
of
FC
stage
is
the
July
17th.
But,
however,
since
we
there's
some
updates
on
the
security
harp
proposal
like
a
stone
and
just
pretend
we
did
some
API
chain
as
well
as
some
UI
change,
so
they
we
would
like
to
require
more
one
more
week
for
the
code
implementation.
So
we
would
like
to
today
at
the
FC
state
for
one
more
week.
G
So
last
should
be
the
July
24,
as
well
as
the
ga
day.
The
new
Jade
day
should
be
the
August
21.
D
G
A
Okay,
do
we
have
that
somewhere,
documented
or
like
in.
A
D
Just
in
the
comment
of
this
yeah
I,
just
added
here.
D
A
Folk
provided,
as
we
discussed,
I
addressed
that
to
cncf
they're
super
happy
with
the
update.
If
we
find
it
like
useful
for
us
and
we
if
we
like
it,
there's
no
restrictions
from
their
site.
How
how
to
deal
with
that
so
I'm
happy
with
the
look
so
I
think
we
can
unblock
that
thing
and
everyone
can
vote.
A
For
discussion
yeah,
let's
see
yeah;
okay,
you
remove
it
yeah,
okay,
so
cool
I'm,
gonna.
Add
it
into
the
agenda
for
today.
So
anyone
any
thoughts
on
this
one.
G
B
G
A
Are
yeah
yeah
I've
opened
I
can
relate
if
you
want
me
to
to
the
cncf
service
desk
ticket
that
I
asked
them
ISD
was
that
marketing
slash
whatever
Bureau
with
cncf
and
they
they
took?
They
took
a
look
at
the
at
the
changes
that
it's
fine,
it's
as
long
as
it's
work
work
for
us,
it's
not
violating
any
like
branding
or
project
kind
of
marketing,
oriented.
B
A
B
F
Our
UI
designer
have
reviewed
this
PR
already
and
he
he
is
okay
with
the
change.
A
Okay,
that's
a
quick
one
good,
any
any
other
topics
for
today.
A
Holidays
in
at
least
in
that
region
of
the
Earth,
where
I'm
living
our
project,
so
at
some
point
one
is
I
want
to
take
some
some
days
off,
so
I'll
be
looking
for
some
volunteers
to
take
care
of
the
community
meetings
at
some
point.
Our
output
dates
for
the
next
one.
So
if,
if
someone
can
take-
and
just
do
that
thing
that
I'm
doing
so,
it's
not
a
big
deal.
A
A
Yeah
because
I'm
planning
to
take
a
little
bit
prolonged
application.
That
means
August
and
half
of
September
so
that
that
we
mean
was
that.
B
A
A
Yes,
yeah
sorry
I'm
pretty,
but
that's
yeah,
that's
the
only
way.
I
can
do
it.
Otherwise,
I
have
super
problematic
situation
with
the
kids.
I
have
to
take
care
of
the
kids
and
yeah.
B
A
Yeah
so
yeah,
okay,
thanks
for
that,
I'll
put
the
dates
for
the
like
until
the
September
for
for
the
meeting
that
we'll
need
someone
else
to
take
care,
I'll
be
around
with
the
for
the
release.
So
we
can.
We
can
work
out
some
some
blog
posts
and
some
notifications
around
the
release,
but
I'll
be
I'll,
be
I'll
join
around
the
release
date,
so
we
can
figure
this
out.
A
So
yeah,
so
that's
that's
everything
from
my
side,
one
one
one
another
interesting
update
I
was
invited
to
a
conference
in
Netherlands
called
Enterprise
devops
techcon
this
one
enterprise
Enterprise
this
one
and
actually
I
spoke
with
Thomas
O'brien
from
from
the
Dutch
railways.
A
Yeah,
the
conference
will
be
in
a
thrift
actually
yeah
a
bit
time
for
show
off,
but
I
was
invited
to
give
a
keynote
session
about
cncf
and
how
cncf
helps
projects
and
such,
but
the
the
other
thing
is
for
Hardware
use
case
so
yeah.
A
If
you,
if
you
feel
like
traveling
to
Utrecht,
it
will
be
super
nice
to
see
you.
It's
October
3rd
I,
think
yeah.
A
Nice,
whatever
yeah,
whenever
we
have
something
like
a
laid
down
on
the
agenda
for
the
talk,
I'll
put
it
up
for
review
from
from
you
folks.
If
you
have
some
ideas,
how
we
can
make
it
a
little
bit
better.
A
A
Yep,
okay,
that's
just
everything
from
my
side.
Anyone
else
wants
to
share
something.
G
Yes,
I
can
make
a
quick
update
if
you
want
during
the
last
Arbor
operator
community
meeting,
we
mainly
talked
about
the
release
of
the
1.4
operator
version
that
will
manage
2.6
above
version.
Our
goal
is
to
release
it
before
the
end
of
summer.
We
try
to
to
visit
for
the
end
of
July,
but
at
worst
it
will.
It
will
be
end
of
August,
so
that
is
our
main
Target.
Today.
G
Right
and
once
this
release
will
be
done,
we'll
start
to
talk
about
the
next
full
is
the
1.5
to
see
what
we
want
to
to
do,
which
harbor
version
we
want
to
handle
and
which
kubernetes
version
and
and
the
features.
So,
if
you
want
to
talk
about
it,
you're
you're
welcome.
A
G
Yeah,
we
are
talking
every
Tuesday
one
weeks
on
June,
so
the
next
meeting
will
be
on
next
Tuesday
sure
on
testing
and
that's
it.
A
By
the
way
I
have
to
publish
the
last
last,
recording
is
still
pending,
so
I'll
do
that
now,
actually,
after
the
call.
So
if
someone
is
interested,
Can
can
take
a
look
at
the
recording
what
was
discussed
last
time,
cool
all
righty.
Thank
you
very
much
for
attending
today.
I
hope
you
have
great
rest
of
the
day
or
have
a
great
evening
and
talk
to
you
in
two
weeks.