Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
VMware / Cartographer Community Meetings / 1 Dec 2021
VMware / Cartographer Community Meetings / 1 Dec 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Cartographer Community meeting - Dec 1st. 2021

Description

00:00 Intro
01:36 The TL;DR
06:55 CNF Security TAG/Supply Chain WG invite
11:01 Classifiers naming in Delivery
24:06 End of year calendar

Community meetings happen each Wednesday at 8:00 AM PT/11:00EDT
See the agenda here (https://bit.ly/2Z67z08), add any topic you may want to discuss and join us live!

A

Okay, welcome everyone to the cryptographer community meeting today is the first day of december, and uh we want to give a warm welcome to the maintainers team and also to scott andrews in cora. Welcome to the community meeting. Thank you for joining.

A

Hello, so let me share my screen here and okay, that's something different! There you go! Okay, um yeah, please remind that. The agenda is open, uh so feel free to drop in any uh discussion. Topic that you could do. You would like to ask, and also your your name to the attendees list. It should start um there. You go.

A

um There you go okay, um now for the tldr and probably for the uh the polls who are joining us for this meeting. We have section at the beginning of the meeting called the tldr where someone from the team usually josh when he's available.

A

um We share what's new in the project this week and what the team is working on. It's a quick overview. So um we can go straight to that item. Josh.

B

Yeah, just updating the notes there before getting started. um Yeah, we have a lot of breaking changes um in this week. um We are. um The first thing is we're updating the labeling on supply chains to be best match. um So now your workload um basically define like your, so your supply chain will go and it can define multiple labels and characteristics that it supports along the way and then your workload can it does a best match of all the available labels on the supply chain.

B

So if you have, if your workload matches against one supply chain with say two labels and another one with one label, it'll pick the one with two as the the one it matches against. um Another breaking change we introduced is um overrideable params.

B

um So now, when a template author specifies a param that param can be overridden by the supply chain, as well as overridden by the workload at different levels, um so check out that issue. There's some interesting nuances there.

B

The other big thing we did was we're reducing the controller permissions. So now, when a workload propagates to a supply chain, it will actually use the a service account. That's found in the namespace of the workload to perform all of the different controller actions so submitting different crds along the way, um and then the other big thing that we've done recently is we've overhauled logging, just adding a whole bunch of like debug messaging and just some better, just yeah, better messaging, to make troubleshooting issues a lot easier.

B

Yeah, so those are the big things um and then the we're basically right now we're working on overhauling our docks just trying to provide as much information on uh all the new stuff we've been building um we're also trying to get a release out the door. um So we've gone through a couple rcs uh that they're posted up in github.

B

uh You can check those out um and so yeah we're working towards finalizing a release, um and then the last thing is uh we're, probably gonna be slowing down a bit over the holidays as we approach the end of december. So just another thing to keep in mind so yeah. Those are the things we've been doing.

A

That's great, so we the issue 51 close time to update readme, maybe.

A

Oh.

B

The the warning.

A

At the.

B

Top yep.

A

Yeah.

B

For sure.

A

Awesome. Thank you. Thank you, josh. Any question comment on this.

A

Oh.

C

Okay,.

A

Go ahead, I.

C

Guess done the control caller permissions. um Is that something that that require? I mean I should look it up, but um because I just was running into this. Actually I was I was upgrading from one release candidate to the latest one in order to use the params from the workload, and I found I'm getting these errors that say that the git repository object can't be created, so I'm I was just looking at that. Actually in about the in the last like two releases ago.

C

I guess it said something about the service accounts, but I'm actually still getting it with the latest one. So I don't know if it actually requires beyond just installing cartographer. Are there more roles that now have to be created.

B

Yeah there are yeah, so basically uh yeah. It will pick up a service account from the namespace that your workloads are running in, and so it's a documentation update that we need to make everywhere, but um yeah basically you'll have to update your um your roles uh that get bound to that service, account to make sure that you have all the necessary permissions to create all the objects that get created within that namespace.

B

So git repository is one of them um and then all the other objects in the supply chain that get created.

C

And if, if someone were to want to do this today, where would be the best place to look that up.

D

There's an example on the repo, um so in there under developer, I think there's like a service account that has a bunch of roles.

C

Okay, perfect thank.

E

You it might be helpful to use aggregated roles if you have more than one namespace, so that you can. You don't have to replicate the role configuration over and over again.

A

Cool.

A

Thank you. Welcome kara, ivan milan glad to have you here.

A

Okay um next thing. Well, previous meeting, we canceled previous meetings. So no not exactly a follow-up, and now we have the up invite discussion section. uh The first topic was proposed by rashid. I think he won't be able to attend so we'll go to next. um I've been attending the cncf security tech meetings.

A

They have a supply chains, query working group working on a reference architecture.

A

You know best practices, white paper and a reference architecture, doc right now, it's using a different set of tools, uh but there are. There are many sections that are open to collaboration, but for collaboration, and um they they ask. They made us an invitation. First thing we could, whenever we feel we're ready, we could uh join one of the sessions to present cryptographer the design philosophy, a demo and uh part of the of the team. There includes mike lieberman from city who's.

A

Also, I believe, co-founder of chain guard and well he's considered an expert on the supply chain security field, and he will. He will also wants to see the demo and provide feedback for the project, even if, in the future, cartographer is not part of a cncf or if we go to a different foundation. That's a totally separate conversation.

A

It will be great to have more eyes and more feedback into the project, so the invitation remains open.

A

um As I pointed out in a in an issue yesterday, uh they brought up uh the salsa framework um that, like kind of the um the standard for what they would like to see in a demo demo, that includes at least uh these steps and that you can see there and also to emphasize that you can make it that cartographer is flexible right, that you can use different tools for different steps.

A

So um that's kind of the overall message um in parallel, I've been exploring uh the process with the continuous delivery foundation, how to propose a project, and all of this probably that's uh for a further stage, but that's so far, there's an open invite from the cnc of security back.

F

So an action item on this one. Oh sorry,.

A

No.

F

I was going to say, and actually I'm from this one would be to include uh hector here. I think um we're actually presenting at the ancor open source meetup later today to discuss not exactly this but related topics, so um so yeah, including somebody from those teams, would be really helpful because they're they're responsible for looking at these kinds of things.

A

Elaborate there: okay, that's great yeah by the way um cartographer will be part of the you know, content in the encore, oss meetup. It will happen today we announced a couple of days ago, so it's interesting to have this collaboration between open source projects. That's great!

A

Okay! uh I believe there there's another item, blueprint and owner named discussion. I believe it was proposed by rash, but I'm not sure his lack message.

G

This was something that um I kind of I kicked off because I started using the term blueprint in code. I think that it's something that I had used in nrcs before, but um yeah once it hit the repo it gave a larger discussion.

G

Essentially, we've got, we've got delivery and supply chain and they're. Both you know they both create some logical object, uh along with uh your workload and or deliverable, and so there's sometimes in code and then also just in discussions where we want to talk about.

G

What's that, what's that generic object, that a bloop that a supply chain and a uh delivery represent, for example- and uh I called it a blueprint um that they are blueprinting out um these logical uh uh processes that are going to happen um and then what do we refer to the their partner, the that workload or that deliverable, as um I I've always liked to order um rash uh russia that we had used owner at some points previously?

G

um And so that's what made it into the code uh but yeah we wanted to have a discussion. What do people think at a high level.

E

Owner feels very generic, it's like it happens to be the owner of you know the resources that get created, but that's like a more general term in kubernetes context.

E

I don't know if that's helpful feedback.

C

Is there a is, is there a relationship between like a blueprint concept and the catalog like a catalog concept.

G

You would have a catalog of blueprints.

E

I think the catalog is more about the templates right. It's like the templates you choose between to create your. You know, blueprint.

H

I'm a fan of blueprint, it's a concept we used in in vra. You know you create blueprints and then stamp out deployments based on blueprints. um So I like the way it encapsulates the idea um so that you know that's my opinion on that. I don't know if it overloads the term as we've used it. You know across vmware, but uh I certainly like the idea.

G

Okay, I would say I yeah blueprint. It was the first term that I reached too, and I I like it. I think the suggestion that guys is that you know we are a cartographer. Maybe we should look for some mapping term um map does seem to be maps, are a pretty basic data structure so that wouldn't be great um but yeah like I don't know. If there's some other map like word chart because.

F

A chart or something yeah arcograph and then confuse everyone.

C

Or a graph, would it make sense.

G

Yeah I'll say.

G

I don't think any of them will be as readily understandable as blueprint, but I wish there were a word that that it was thematic and understandable.

E

I think the interesting aspect of it to me is that when you change the blueprint every you know everything that's using. It also changes immediately. There's there's this like it's not just you know a template that happened once and then you know only new things get created from it. If it's you know, if it changes or get created differently, if it changes, um I don't have suggestions on how that should improve the naming, but I'm not sure if blueprint suggests that or doesn't suggest that.

D

Is there a corollary to blueprint instead of owner like an implementation, if a blueprint is a blank or something that implements a blue? I don't know.

C

I mean.

D

It's.

C

Sorry, you got it.

G

I was just gonna say that um I don't think that I I've never thought of the workload as I think the workload as uh the order that a developer brings to you know this, this path to production factory and with that order they kick off um the actual instantiation of the supply chain.

G

um So that's why I have liked the term order um and arash said that when he sees order, he thinks of like one two three order, and so that throws him.

G

uh But yeah I I wouldn't, I think specifically to your question marty. I would call the actual thing: the instantiation it's the word. I always reach for.

C

So, just to sorry just to make sure that I'm understanding the question here, it's the suggestion is to because there's now deliveries, there's another like um sort of like sibling relationship to a supply chain, and therefore this is an attempt to find a term that would encapsulate both of them and then so that's blueprint and the other one is just like and that when you, when you use when you leverage a blueprint to make a blueprint of your own, what do you call that the thing that's going to actually instantiate the blueprint you've filled in you've customized, I guess so you've personalized- is that right.

C

Is that a good summary of what we're talking about.

G

I think the first one was, I thought I thought that marty was asking about uh what should we call workload deliverable which have that relationship with uh with uh the blueprint objects? So we've got this generic blueprint term. What's the generic term for the the objects that they pair with?

G

So this.

C

Is just it's just vocabulary right, it's not actual, but it's not actual objects. It's actual kubernetes resources. It's just the word. Lingo. Okay,.

G

Yeah they because.

B

They're trying to share their the the owner is referring to the the duality of the the workload and the deliverable object that the developer submits yeah.

C

Okay, so so, both on the upside and on the dev side, the deliverable or the delivery have introduced siblings to supply chain and workload, and so now we need a higher level term. Okay,.

B

For each of them exactly yep.

F

I'm so partial to the like cooking analogy, so like recipe uh makes sense to me.

G

It's recipe die as opposed to blueprint. You were saying.

F

Just like you use a recipe to make something right.

D

What would the corollary to that be for workload and deliverable, like? I think it's helpful to think of two terms that work well together to understand the relationship like.

F

Naming is the worst thing ever so.

D

Call it agreed just something like a recipe in a dish like I don't know where you go with recipe, but.

F

I mean it fits with order right because you order something, and then you use a recipe to actually make the thing right. You have ingredients which are which go into your your thing right, like I really like that analogy. That makes it really easy to understand, but we're also a supply chain.

F

You know so it's like this stuff doesn't doesn't fit right.

I

Another good term that comes to mind is mold because it's uh it seems to fit well, it doesn't sound good, but so it's like a mold that you use to. I don't know how we'll go.

C

I'm looking at wikipedia like wiki cartography and just words that pop out there's one there's layout, is here projection map projection, but layout layout map.

D

What a plan.

C

Oh plan.

B

We have so many good.

G

Ones.

B

For for the blueprint concept or plant.

D

Thoughts, I've been done for the other one, so short.

B

Backwards.

F

What's the best.

G

Thing we have.

D

For the.

G

A synonym for order is request, the dev brings a request and they get their supply chain or they get their delivery.

G

Similar similar synonyms bookings, commissions, reservations.

G

uh It could also just be a constructor.

C

Workload is such a good word.

F

We could do it, we could do a naming exercise right like what we did with the name for cartographer itself, like no we're. Never gonna find a name that everybody loves right then this is one of the things that I've learned about, naming you know naively just like we're. Never gonna find a name that everybody's like yeah, that's it. So um I think that, like most, maybe maybe the way forward here, if it's not pressing, is to just do like a super.

F

Quick naming exercise in like an upcoming community meeting here and just say like these- are what we're considering, let's not vote for them, move forward with whatever it is right.

G

That sounds reasonable to me. Democratic action.

A

It makes pains and.

A

I'll add it as an action item to have this naming exercise.

A

All right.

A

I can you listen to me.

A

Sorry, having some serious laptop issues- um okay, that's great! I will I will react. I will add the action item to to hold a naming exercise uh yeah. The final point here will be to agree on the in the calendar for uh community sessions.

A

uh The for this for the end of the year, so giving a look to share can share calendar and also seeing what other projects are doing.

A

I would say that, having our last community meeting for the year on december 15th, we will make sense and well cryptographer office hours will be on december 13th and we could resume on the first week of january. If you agree it could be a second week of january, but at least in december I would say that, two weeks from now it's what majority of the projects are doing. I don't know what.