►
From YouTube: Octant Community Meeting - August 25th, 2021
Description
Octant community meeting is held weekly. We discuss and talk about the current state and future of Octant, demo upcoming features and releases, and preview new ideas we are considering for Octant.
Feel free to add any discussion topic or question you may have to the agenda: https://hackmd.io/CzaPxtmXT_SW8nEpdwvGzw?view
A
Okay,
hello,
everyone
and
welcome
to
the
octant
community
meeting.
This
is
our
episode
today
on
august
25
2021.
A
We
are
so
glad
that
you
are
here
if
you're
joining
us
live
or
you're,
watching
the
recording.
Remember
that
you
can
have
any
topic
you
want
to
discuss
in
the
agenda.
The
agenda
is
completely
open,
so
there,
for
example,
feel
free
to
have
your
name
and
the
organization
you
represent
in
the
agenda
in
case
you
don't
have
it
and
you
are
here.
I
will
share
it
also
in
the
sunchat.
A
There
you
go
okay,
so,
first
of
all
status
updates.
Well,
we
have
a
couple
of
github
projects
which
are
created
to
collect.
You
know
work
in
two
specific
areas
that
we
see
important
for
for
project.
Octant
first
of
all,
is
documentation,
so
we
have
a
documentation
project
up
there
in
the
github
repo,
where
we
have
added
issues
created
in
the
past
that
are
related
to
documentation.
A
You
know,
documentation
is
a
it's
an
effort
that
in
in
which
we
are
trying
to
make
progress
in
naked
part
of
our
release,
cadence
and
if
you
have
a
documentation,
request,
issue,
etc.
Please
feel
free
to
create
an
issue
and
we'll
add
it
here.
A
It
will
be
really
useful
for
us
to
start
prioritizing,
documentation,
efforts
and
there's
a
similar
project
that
I
call
enablement,
because
it's
kind
of
more
than
documentation
it's
it
has
to
do
with
tutorials
demos
and
some
other
use
cases
or
some
other.
You
know,
training
resources
that
I'm
currently
creating.
I
don't
have
much
cards
here,
but
the
the
project
is
open,
so
feel
free
to
to
add
content
there
or
create
an
issue
and
we'll
add
it
here.
A
So
we
can
also
have
your
feedback
on
what
is
more
important
for
you
in
terms
of
training,
enablement
and
documentation
right
so
that's
first,
then
we
have
ui
plugin
management
that
is
being
moved
out
of
that
24.
So
I
don't
know
if
someone
from
the
team
wants
to
comment
on
that.
B
Yeah,
so
just
to
capture
the
state
of
how
our
board
of
our
current
backlog,
we
did
have
an
initial
attempt
to
create
a
ui
for
plugin
management.
Just
simply
because
the
way
to
do
it
currently
is
to
go
on
the
command
line,
and
it
doesn't
make
a
whole
lot
of
sense.
If
you
have
this
electron
application
or
user
interface
and
all
of
a
sudden,
you
have
to
go
to
the
command
line
or
or
just
start
shuffling
binaries
around
for
your
plugins.
B
So
we're
bumping
that
out,
just
simply
because
if
there
is
some
complexity
around
it
and
mainly
it's
the
idea
that
normally
you'd
have
to
restart
octant
in
order
to
load
a
new
plug-in
and
so
there's
some
work
to
essentially
make
that
process
a
bit
more
dynamic
or
even
just
allow
octa
to
load
that
plug-in
without
having
a
restart.
So
we
could
get
the
ui
for
it,
but
the
actual
implementation
will
be
a
little
bit
more
involved.
B
So
it's
going
out
of
0.24
currently
just
because
we
have
some
folks
out,
and
so
I
would
just
pop
it
out
a
few
weeks.
B
Yeah
this
one
is
also
me
again
so
this
I
will
try
to
summarize
this
with
the
there's.
It's
linked
to
an
issue
that
something
figure
was
working
on
and
essentially
what's
happening.
Is
that
we're
creating
two
mechanisms
where
a
client
can
talk
to
the
server
whenever
a
use
user
is
trying
to
do
something
in
octane?
And
essentially
there
are
two
mechanisms
you
can
do.
Rpc
calls,
which
is
essentially
how
the
plug-in
mechanism
works.
B
If
you
kind
of
use
like
the
dashboard
client,
you
get
all
these
exposed
methods
and
you
can
do
cluster
operations
or
there's
this
concept
of
an
action
in
object,
which
is
essentially
just
a
websocket
message
that
gets
passed
around
and
it
seems
to
be
that
we
don't
have
a
good
boundary
on
what
these
two
are
supposed
to
and
not
supposed
to
do.
B
Initially,
my
thought
process
was
that
all
of
the
rpc
related
calls
are
supposed
to
be
done
on
cluster
specific
operations
on
the
basis
that
we
do
want
a
very
limited
api
service,
so
that
a
plug-in
doesn't
potentially
do
nasty
things.
But
then
I've
looked
at
our
code
a
little
bit
and
it
turns
out.
B
That's
not
true,
we
do
have
mechanisms
for
editing
or
changing
a
cluster
state
through
the
use
of
web
socket
messages
and,
for
example,
here
apply
emo
apply,
yaml
does
do
this,
uses
the
it
doesn't
use
an
rpc
call.
Currently
it
uses
a
websocket
message,
and
so
because
those
that's
kind
of
blurred-
we're
hitting
this
weird
point
where
we're
sort
of
hitting
duplication
on
both
sides
and
it's
not
very
clear
what
should
go
where,
and
so.
B
This
currently
right
now
is
going
to
be
resolved
by
documentation,
but
I
think
we're
going
to
need
to
have
a
proposal
or
some
sort
of
convention
or
some
guidance
in
the
future
on
exactly
what
becomes
an
action
and
what
becomes
an
rpc
call.
C
No,
I
mean
nothing
to
follow
just
you
know.
I
share
the
same
concern
like
definitely.
You
need
to
come
up
with
some
kind
of
standard
around
which
api's
you
can
expose
for
the
plug-ins
versus
what
we're
supporting
through
web
sockets,
and
you
know
having
a
discussion
around.
That
would
be
great
for
the
future.
A
Nope:
okay,
okay,
thank
you,
sam
okay,
yeah
next
in
the
agenda
is
well.
We
I
put
it
in
the
discussion
points
because
we
don't
have
a
section
on
a
special
guest,
but
I
think
we
should
open
one.
We
have
a
special
guest
in
this
meeting.
A
It's
my
pleasure
to
introduce
daniel
pacquack,
he's
open
source,
software's
engineer
in
aqua
security
and
one
of
the
developers
behind
the
starboard
login
for
opt-in.
So
welcome
to
the
meeting
daniel.
D
A
So,
do
you
want
to
share
your
screen.
D
Yeah,
I
was
thinking
how
to
present
this.
You
know
in
the
a
little
bit
time
constrained
way,
so
I
didn't
prepare
a
demo.
I
decided
to
go
like
a
little
bit
of
freestyle,
but
this
will
show
you.
How
am
I
using
octan
for
developing
stuff,
but
also
this
will
give
you
an
explanation
why
we
developed
starboard
why
we
needed
plugin,
why
we
put
some
things
on
hold
and
what
are
the
things
that
we
may
want
to
add
in
the
future
if
the
plugins
api
allow
it?
D
So
probably,
we
won't
have
too
much
time
for
the
discussion,
but
at
least
I
think
it
would
be
great
for
you
to
collect
some
feedback
or
like
thoughts
that
I
will
try
to
share
while
presenting
starboard
and
installing
the
plugin,
and
actually
I
will
start.
I
wanted
to
have
like
a
prayer
like
a
pre-created
environment
and
then
I
said,
no
I'll
show
you
how
I'm
creating
this.
This
will
show
you
a
missing
pieces
from
my
standpoint
in
octant
and
also
some
of
the
gojas
for
plug-in
developers
or
installers
or
users.
D
So
hopefully
it
is
going
to
look
interesting
and
yes,
I
don't
know
how
about
the
follow-up
discussion,
but
let's
try
this
out.
I'm
going
to
share
my
screen.
D
A
D
Voice
I
got
called
this
week.
I
decided
to
join
anyways
so
if
my
voice
should
be
shaky
or
that
sorry
for
that
in
advance,
oh.
D
D
Sure
no
worries,
so
I
need
to
tell
you
a
little
bit.
You
know,
especially
for
those
who
watch
this
video
online
or
offline.
You
know
what
is
starboard,
it's
it's
a
very
nautical
name,
a
pretty
cryptic,
but
I
will
show
you
this
project
or
you
know,
kind
of
a
utility
by
installing
it,
and
this
is
where,
first
of
all
you
have
to
go
to
starboard
documentation,
we
have
official
documentation,
you
can
navigate
to
it
from
the
github
repository
and
there
are
two
installation
modes.
D
One
is
starboard
cli,
but
more
interesting
and
more
useful
is
the
operator
it's
a
kubernetes
operator
pattern
without
going
into
much
details,
I'll,
just
install
it
and,
first
of
all
to
make
it
useful.
We
need
to
install
a
couple
of
custom
resource
definitions.
We
use
or
starboard
uses
custom
resource
definitions
as
data
storage.
D
It's
not
like
in
operators
where
you
declare
what
kind
of
application
or
what
kind
of
state
you
want
to
reconcile.
But
it's
more
like
a
data
storage
like
like
a
config
map
with
with
with
a
schema
think
of
it
like
that,
and
then
we
need
to
configure
it
like
a
create
service
accounts
role,
based
access
controls,
objects
and,
as
you
can
see,
I'm
using
cube
control
apply.
There
are
different
ways
of
doing
this.
D
There
is
a
helmet
installer,
there
is
open
life
cycle
manager
and
we
don't
really
support
automated
upgrades,
but
I'm
I'm
doing
this
online
to
show
you
how
painful
it
is
and
to
share
one
of
the
items
like.
D
Then
there
is
the
operator
life
cycle
manager
or
olm
catalog,
the
new
ones
emerging
ones,
so
it
would
be
really
cool
to
you
know:
just
click
somewhere
there
search
for
starboard
and
install
it,
but
even
without
this
it's
already
very
useful,
especially
for
you
know,
navigating
and
making
sure
that
what
we
did
actually
works.
So
this
overview
shows
me
the
starboard
operator
it's
up
and
running.
D
I
can
go
and
see
the
pod.
Usually
you
run
this
kubernetes
operator
as
a
pod,
so
we
could
see
and
check
logs
no
scary
arrows.
So
it
seems
that
it's,
it's
working,
fine,
so
now
a
little
bit
more
about
what
it
does.
So
when
we
saw
octant
for
the
first
time
it
was
kind
of
an
application
or
at
the
time,
when
I
learned
about
it,
it
was
a
tool
to
show
you
what
is
running
in
the
cluster
and
especially
show
you
things
that
are
troublesome
like
something
is
not
working,
something
is
broken.
D
So
this
was
like
a
great
platform
for
us
at
aqua,
a
security
company
where
we
wanted
to
show
some
security
threats,
for
example,
show
you
that
you're
running
a
workload
that
is
vulnerable
or
show
you,
for
example,
a
default
configuration
or
maybe
a
configuration
which
is
not
super
secure
from
the
operations
or
day
two
standpoint,
and
that's
why
we
like
those
little
icons,
green,
it
seems
to
be
fine
red,
indicates
that
something
is
wrong
and
etc.
So
I'll
show
you
that
by
creating
a
deployment
that
we
know
will
be
vulnerable.
D
So
what
it
does
you
know
like
we
talk
about
like
a
securing
stuff,
showing
what
is
secure,
what
is
insecure,
shifting
left,
which
is
a
common
approach
to
shift
the
security
responsibility
to
developers,
but
if
you
don't
provide
tools
or
you
will
tell
a
developer
that
he
has
to
go
download
some
security
scanner
scan
his
workload
and
then
checking
back
most
likely.
He
won't
do
this.
So
that's
why
we
wanted
to
base
our
integration
on
existing
dashboards
like
octane,
where
we
don't
have
to
develop
ui
right.
We
are
security.
D
We
are
a
security
company.
We
don't
want
to
spend
most
of
our
time
in
making
you
know
ui
beautiful.
We
just
want
to
provide
a
security
information,
and
this
is,
if
you
remember,
I
installed
the
custom
resource
definitions
in
the
cluster
and
just
a
few
seconds
ago
I
created
a
engine's
deployment
in
the
default
basement.
So
if
I
switch
here,
you
will
see
that
we
have
this
engine
it's
up
and
running.
We
have
some
default
status
information
about
number
of
replicas.
D
So
now,
if
I
go
ahead
and
list
custom
resources,
you
see
that
we
have
a
config
audit
reports.
This
is
where
we
store
configuration,
updating
reports
and
vulnerability
report.
If
I
go
here,
you
see
that
we
have
created
a
report
for
active
replica
set
for
the
engine
engines,
deployment
right,
and
this
is
a
yaml
file
that
contains
all
this
information
about
vulnerabilities,
like
it
inspects
the
container
image
checks
what
packages
are
installed
and
it
is
cross-checking,
the
nvd
databases
or
lots
of
other
security
advisories
for
the
information.
D
So
this
is
pretty
useful
but
pretty
ugly
presented,
I'm
not
saying
about
the
default
crd
viewer
in
octant,
which
I
think
is
great,
but
this
information
is
not
immediately
available
to
the
developers
right.
Let's
say
I
deployed
engines,
I
see
it's
green,
but
what
if
it
has
some
critical
vulnerabilities?
I
want
to
show
this
information
here,
and
this
is
where
the
starboard
octane
extension
comes
in
and
I
will
go
through
the
process
of
installing
it,
and
I
think
I
can
pause
here
for
a
second.
You
have
like
immediate
questions.
If
not
I'll
I'll
continue.
D
Okay,
so
let's
take
it,
thank
you
yeah.
So,
let's
take
it
further.
So
the
we
have
this
project
like
a
starboard
octant
plugin,
usually
I'm
looking
for
what
other
people
are
doing.
Do
we
have
a
competitors?
Do
we
have
followers?
Do
we
have?
D
I
don't
know
supporters
and
unfortunately,
there's
not
like
a
tons
of
plugins
here,
which
is
another
interesting
point
for
us
to
see
if
it's
worth
investing
more
into
that,
I
can't
do
anything
about
this,
but
this
is
like
kind
of
one
of
the
metrics
that
we
are
looking
at
another
one
is
a
download
kind
of
kind.
It
seems
that
few
people
downloaded
it
already,
but
it's
also
not
like
a
skyrocketing.
D
If
you
look
at
the
operator,
we
have
like
hundreds
of
thousands
of
downloads,
which
shows
that
people
usually
benefit
from
the
installing
the
operator,
but
they
don't
really
use
the
user
interface
right.
So
it's
kind
of
an
indication
we
we
didn't
do
like
a
study
on
that
or
like
a
heat
maps
or
anything
like
this,
but
this
basic
metric
showed
me
that
if
you
know
there
is
a
bug
in
octane
plugin
and
there
is
a
bug
in
the
starboard
operator,
I
would
probably
go
for
the
operator
first.
D
So
if
we
want
to
install
the
the
plugin,
this
is
at
least
my
understanding.
When
I
first
read
about
the
documentation,
it
might
have
changed
so
far
for
that
for
that
and
if
the
maintainers
can
catch
this
up
and
show
me
the
other
way
of
installing
it.
That
would
be
great.
But
what
I'm
doing
since
I'm
running
on
mac
os?
I
will.
I
will
download
the
release
artifact.
This
is
the
tor
file
and
basically
we
go
to
downloads
and
we
have
this
binary
and
now
this
binary
contains
the
starboard
octane
executable
right.
D
So
it's
a
separate
process.
We
have
octant
process
running
on
my
machine
and
we
have
the
plug-in
process,
so
I
guess
they
communicate
through
rpc,
even
though
I
remember
there
were
lots
of
changes
in
this
related
to
electron
and
stuff.
Honestly,
I
got
lost
what
is
the
current
architecture
of
octan?
I
didn't
have
time
to
catch
up
with
this.
D
So
now,
if
I
copy
this
starboard
operator
and
I'm
supposed
to
copy
it
into
config
option
plugins
directory
there
is
this
special
directory
where
octant
picks
up
extensions.
So
let's
do
this
and
restart
octant.
I
have
already
installed
octant
with
broke
package
manager
in
macos.
D
I
think
we
don't
have
to
repeat
that
place
a
great
documentation
about
installing
octant
on
different
platforms,
and
this
is
the
first
thing
where
mac
os
user
can
get
scared
off
by
installing
plugins
right.
This
is
by
default.
Our
release
process
on
github
is
not
signing
the
the
the
binary
artifacts.
D
So
at
this
point
I
think
we
can
drop
off
quite
a
bunch
of
users,
and
the
point
is
that
macos
cannot
validate
this
binary,
that
we
released
as
as
a
you
know,
for
markers,
it's
basically
a
malware
or
virus
or
whatever.
So
what
I
need
to
do
is
to
go
to
the.
D
D
D
This
looks
the
same,
but
there
are
new
components
like
a
user
interface
components,
it's
not
very
visible
because
I
didn't
play
too
much
with
like
a
colorful
extensions
and
I
think
the
built-in
ui
widgets
are
also
limited
in
terms
of
customization,
at
least
at
the
time
when
we
first
developed
this
extension
or
at
least
when
I
look
at
the
documentation.
This
is
what
I
could
find
it's
pretty
easy
to
add
or
contribute
to
the
status,
and
this
is
how,
for
example,
we
run
or
to
be
more
precise.
D
The
starboard
operator
detected
that
you
created
an
engine
deployment
that
it
is
referring
to
the
engine's
container
image,
so
it
run
the
vulnerability
scan
in
the
background
and
it
created
a
crd.
Now
we
are
just
taking
the
crd.
It
is
associated
with
this
deployment
through
some
navy
convention
or
label
selector.
D
It's
not
important
for
the
sake
of
you
know
talking
about
plugins,
but
eventually
we
can
add
this
information,
which
is
more
like
a
human
readable.
Here
right,
you
don't
have
to
read
the
yaml
files.
You
see
that
this
container
image
has
critical
vulnerabilities.
I
would
love
to
add
more
warning,
icons
and
stuff
like
that,
but
you
should
get
the
point
like
this
is
vulnerable.
D
D
So
basically,
this
is
already
useful.
What
is
still
missing
for
me
is
if
you
go
back
again
here,
it's
hard
to
spot
it
then
it's.
I
haven't
seen
any
mechanism
to
change
the
status
of
the
icon
based
on
the
plugin
right.
It
is
looking
at
the
replica
sets
or
it
is
checking
probably
lightness
probes
or
you
know,
checking
the
readiness
checks,
but
it's
not
really
plugging
can
not
override
the
status
or
it's
not
that
easy.
It
would
be
really
nice
to.
You
know,
mark
it
as
red
that
you
know
it's.
D
It's
a
it's
a
it's
a
let's
say,
production
workload.
It
has
critical
vulnerabilities.
We
should
not
show
it
as
a
as
a
successful
it's
it's
actually
kind
of
a
failure.
Another
thing
that
I
wanted
to
add
here
was
another
tab,
so
here
we
talked
about
container
image
right.
Every
application
has
to
be
containerized
to
run
in
kubernetes.
D
Another
type
of
checks
is
to
inspect
the
configuration.
The
descriptor,
for
example,
do
we
run
this
workload
as
a
root
user?
Do
we
drop
some
linux
capabilities
right?
There's
a
plenty
of
tools
or
plenty
of
blog
posts
that
tell
you
don't
run
as
root
right
in
case
your
pod
gets
compromised.
Then
you
know
you
can
use
this
for
the
privilege
escalation
escape
from
the
container
to
the
host
and
do
other
nasty
things.
D
So
that's
why
we
also
generate
another
type
of
custom
resource
to
hold
to
hold
the
result
of
scanning
the
the
workload
with
configuration
checker
in
by
default
in
starboard,
it's
polaris
by
fairways
ops,
but
it's
also
pluggable.
You
can
write
your
own
checks
in
oppa,
which
is
another
nice
integrations
of
all
these
tools
that
we
are
talking
about
today.
But
essentially,
you
see
that
this
workload
check
is
not
running
as
host
ipc,
but
some
of
them
will
you
know
the
when
the
when
the
success
is
false.
D
This
this
basically
shows
that
there
is
something
to
do
for
devs
or
devops
to
fix
it
again.
If
I
go
to
workloads.
D
And
jinx
I
have
to
search
for
it.
Probably
a
lot
of
people
will
skip
this
section.
That
is
also
contributed
by
the
plugin,
because
at
that
time
there
wasn't
it
wasn't
possible
to
add
a
new
tab
right.
But
if
you
look
carefully
you
see
this
is
another
type
of
report.
It's
kind
of
a
workaround
with
all
honesty,
so
I
couldn't
edit
it
as
a
tab.
So
you
see
this
is
a
metadata.
It
links
back
the
report
to
the
workload
you
see
some
information
about
the
scanner.
D
This
is
a
summary,
and
here
we
are
there's
a
simple
representation
of
all
the
checks.
It
was
pretty
tricky
to
sort
by
different
columns.
I
don't
know
if
it
was.
There
is
a
this
plugin
by
the
way
is
written
in
golan.
I
know
there
is
a
typescript
apis,
but
at
the
time
was
just
golang,
so
some
of
the
components
that
we
define
or
implement
are
kind
of
a
representation
of
responses
between
plug-in
process
and
octant
main
process,
so
some
functionality
is
limited.
Even
adding
the
icons
is
somehow
cumbersome.
D
It's
a
mix
of
golang
with
markdown,
with
html,
with
some
little
nasty.
Well,
not
nasty.
Some
little
hacks,
let's
call
it
this
way,
but
overall
it's
useful.
However,
what
I'm
trying
to
say
is
that
it
should
be
easier.
It
should
be
easier
to
to
for
me
to
lay
out
these
components
easily
change
this
layout
change
ideas.
I
had
a
feeling
that
once
we
put
this
in
place,
I
don't
want
to
touch
this
code
or
improve
it,
because
it
it
wasn't
that
easy
and
I
think
ordering
by
multiple
columns
would
be
very
useful
here.
D
You
see
there
is
a
severity
and
there
is
a
category,
and
I
would
love
to
pop
up
this
failing
check
to
the
top
of
the
list,
and
also
I
don't
know
what
happened.
If
it's
regression
or
it's
just
a
layout,
I
couldn't
jump
easily
to
the
next
page
right.
There
are
some
checks
when
I,
when
I
increase
the
page
size,
I
see
more
warnings.
D
So
that's
basically
from
the
functional
standpoint.
We
also
have
another
type
of
reports
this
time,
it's
pretty
actually
split
here
for
the
workloads
like
applications
and
infrastructure,
which
is,
for
example,
nodes.
D
So
if
I
list
nodes
in
octane,
we
contributed
another
plugin.
This
one
is
running
cis
benchmarks.
Again,
the
starboard
operator
that
we
installed
in
the
beginning
discovered
a
node
and
run
cis
benchmark.
This
is
another
tour
cube
bench.
Basically,
starboard
operator
is
so
nice
that
it
runs
it
on
your
behalf
right,
so
you
don't
have
to
switch
back
and
forth.
We
can
just
focus
on
one
user
interface
and
see
what
is
going
for
infrastructure
engineers.
This
is
useful.
D
This
will
show
you
especially
for
installation
of
kubernetes
on
premises
because,
usually
with
managed
clusters,
there's
nothing
really.
You
can
do
about
it
unless
you
contact
the
cloud
provider,
but
if
you
are
installing
kubernetes
cluster
on
your
own,
with
cube,
cubadm
or
other
tools,
it
gives
you
a
pretty
interesting
information.
D
So
yeah,
I
think
from
the
from
the
functional
standpoint.
That's
it
what
I
wanted
to
share
and
talk
about
today
in
terms
of
starboard
and
plugins
and
how
it
looks
like
when
you
install
it,
and
I
think
we
can
again
stop
here
for
a
second.
If
you
want
and
then
that
the
last
part
I
I
wanted
to
focus
on
the
actual
code
and
where
I
think
it
can
be
improved
or
where
we
actually
bump
into
quite
some
issues
when
it
comes
to
understanding
the
api
and
using
it.
A
Yeah,
I
have
a
question
so
far
at
least
one.
What
did
you
find
the
easier
the
you
know?
What
was
the
easiest
part
during
the
plugin
creation
and
what
was
the
hardest
task.
D
Yeah,
so
I
think
getting
started
based
on
the
sample
plugin
that
I
that
I
found
out
in
opt-in,
github
space
was
easy,
so
it's
very
easy
to
get
started,
see
your
plugin
registered
there.
D
However,
when
you
start
really
doing
useful
stuff
like
trying
to
get
the
data
trying
to
understand
what
is
the
life
cycle
of
the
plugin,
this
is
where
you
do
everything
by
experimenting
and
it's
not
very
easy
to
debug
this
process
right.
This
is
an
external
process,
so
I
know
there
are
ways
of
doing
this,
but
we
are
talking
about
like
people
like
we.
D
We
want
to
integrate
with
other
tools,
but
this
is
not
our
main
focus
so
debugging
and
trying
to
find
out
what
will
be
the
best
ui
component
to
render
this
part
or
how
I
add,
multiple
tabs
and
then
actually
discovering
hard
way
that
it's
not
possible.
That's,
I
think,
was
the
biggest
challenge
and
the
last
one,
maybe
is
the
client
kubernetes
client
exposed
to
the
go
plugins,
which
looked
like
a
full-blown
client
that
I
can
do
everything
with
this
plugin,
but
it's
pretty
limited.
D
It's
like
a
read-only,
at
least
at
the
time
of
when
we
wrote
this
this
version-
and
I
didn't
talk
about
that,
but
maybe
let's,
let's
wrap
up
this
this
question
and
I
can
also
talk
about
like
a
future
plans
and
where
we
see
other
useful
apis
for
the
plugins.
A
B
Yeah,
so
the
broad
question
is:
would
y'all
still
be
open
to
taking
prs
for
some
of
these
changes?
I
think,
like
some
of
the
concerns
that
you've
mentioned,
like,
for
example,
being
able
to
change
the
color
of
the
status
icon
based
on
these
results
of
the
security
scan.
I
have.
B
I
wrote
some
code
that
I
guess
like
at
the
end
of
july,
that
is
merged
in,
and
that
allows
you
to
do
that
and
same
thing
with
a
lot
of
the
icons
that
have
to
be
rendered
and
marked
down
like,
I
think
those
can.
Those
are
simplified
now.
That
being
said,
I
don't
know
the
state
of
this
project
and
if
it's
still
actively
developed
and
whether
or
not
it's
worthwhile
to
continue
to
move
over
to
some
of
these
simplified
methods
of
doing
of
doing
these
things.
D
Yeah,
definitely,
I
think
you
know
it's
it's
actively
developed.
Maybe
we
lost
some
traction
because
we
bump
into
some
like
limitations
of
the
apis
at
that
time,
but
you
know
any
simplification
will
help,
and
I
think
this
plugin
is
one
of
the
biggest
plugins
out
there.
D
So,
even
if
it's
not
used
as
we
intended
it
as
a
security
tool
to
shift
left
security
responsibility,
this
can
be
like
a
real,
not
you
know
sample
app
based
plugin,
where
you
will
show
off
or
exercise
all
the
apis
that
you
define,
and
I
I'm
fully
aware
that
this
process
is
like
incremental.
D
D
Yeah
so
another
thing,
so
if
there
are
no
more
questions,
I
think
we
still
have
a
few
minutes
to
talk
about
code.
I
have
this
code
open
in
intellij.
Sorry,
for
that
I
didn't
look
into
that
for
quite
some
time,
but
hopefully
I
remember.
D
Config
map
doesn't
really
refer
to
any
image,
so
we
don't
really
do
vulnerabilities
kind
of
config
maps,
but
we
do
config
checks
right,
for
example,
starboard
can
check
that
you,
you
stored
plain
password,
so
it
will
warn
you.
So
what
I
realized
is
that
octant
is
centric
around
gvk.
Gvk
is
a
is
this
abbreviation
for
group
version
kind?
Each
and
every
kubernetes
resource
has
this
kind
of
identifiers.
D
However,
so
I
would
expect
that
when
I
do
register
extension
points,
I
wouldn't
talk
about
like
a
tab,
printers
etc,
like
print
request,
tab
response,
but
I
would
more
register
it
for
a
given
g
keys.
So
what
I'm
trying
to
say
is
that
it's
fine,
it's
working,
it's
great,
because
it
is
working,
that's
the
most
important
one,
but
I
think
at
scale.
If
you,
if
your
extension
grows,
you
would
like
to
define
extension
points
or
tabs
based
on
the
domain
of
of
kubernetes
right.
D
So
I
don't
want
to
do
this
kind
of
a
case
switches.
You
know
to
render
different
tabs
based
on
the
kubernetes
object
type,
because
this
makes
my
component
like
a
custom
component,
huge,
untestable
and
and
and
overly
complex.
What
I
would
like
to
do
is
to
really
understand
what
is
the
life
cycle
and,
for
example,
when
we
register
a
tab
response
for
a
deployment,
then
I
should
have
a
just
a
simple
callback
called
I
don't
know
on
render,
and
then
I
know
that
you
know
this
is.
D
This
is
the
place
where
I
put
my
operative
code,
for
you
know
just
drawing
some
tables
or
adding
some
status.
So
that's
something
that,
as
I
mentioned,
we
started
with
kubernetes
workloads.
So
it's
not
that
bad.
We
also
have
node.
If
you
remember,
we
do
have
tab
for
let's
go
back
to
deployments
and
jinx
right
so
for
vulnerability
reports,
we
don't
add
cis
benchmark
tab
by
the
way
this
wouldn't
be
possible
because
you
can
add
only
one
tab
for
a
given
gvk.
D
On
the
other
hand,
we
add
a
different
type
of
tab
for
nodes
right,
so
I
think
I
can
always
do
it
this
way,
which
is
less
readable
and
I
think
for
troubleshooting
for
maintaining
and
scanning
it
up.
It
would
be
much
better
to
you
know,
focus
on
gvk's
and
and
custom
components,
and
the
similar
way,
I
think,
is
applicable
to
all
types
of
extension
points
like
for
me
in
the
beginning.
It
was
also
pretty
hard
to
understand.
D
Why
is
it
limited
to
status
field
right?
What
can
I
extend
or
put
in
the
configuration
by
the
way?
This
is
even
I
forget,
and
now
I
reminded
myself
that
here
is
where
we
add
the
summary
for
vulnerability
reports,
but
if
our
configuration
checker
will
detect
some
dangerous
configs,
it
will
add
it
here,
also
pretty
hidden
in
the
in
the
in
the
great
octane
user
interface.
D
So
this
is
kind
of
like
a
main
feedback
for
the
go
code
from
the
api
standpoint,
I
think
it's
too
centric
on
grpc
at
that
time.
Communication
protocol
and
on
the
other
hand,
I
wasn't
pretty
sure
what
is
the
status
of
this
architecture
it
used
to
be
go
server.
D
D
I
I
wasn't
confident
you
know
which
way
we
should
should
we
maintain
this
goal
code,
or
is
it
better
to
trans,
like
you
know,
rewrite
it
in
typescript?
There
are
some
good
reasons
why
we
use
go
because
basically,
we
use
some
of
the
utilities
of
starboard
starboard
is
an
operator.
Starboard
is
a
cli,
but
it's
also
a
bunch
of
useful
utilities
that
we
have
already
written
in
golang.
So
we
can
use
it
here,
otherwise,
with
typescript
plugin,
we'll
have
to
rewrite
some
of
this
in
in
javascript
or
typescript.
D
A
B
Quick
comment
on
the
go
versus
typescript
distinction,
so
we
did
make.
We
did
communicate
at.
I
guess
with
some
previous
meetings
that
the
intention
is
to
maintain
both
just
simply
because
there
are
a
lot
of
packages
and
imports
within
the
go
space
and
basically
the
go
ecosystem
is
kubernetes,
so
it
doesn't
make
a
whole
lot
of
sense
to
abandon
that
work.
Although
it
is
more
work
on
our
part
to
maintain
essentially
two
different
yeah,
essentially
two
different
languages
for
the
plug-in
interface.
D
Yeah
I
got
it.
I
remember
the
discussion,
maybe
that's
my
fault
that
I
missed
some
of
the
you
know
community
meetings,
so
I'm
not
blaming.
You
know
you
for
announcing
it.
It's
basically
probably
my
fault.
I
miss
it.
But
again
sometimes
maybe
it's
you
know.
Some
information
could
be
duplicated,
so
it's
you're
reaching
out
everyone
on
the
so
the
the
the
maybe
the
last
thing
I
want
to
you
know
add
here
is
what
we
want
to
do
next.
D
D
On
the
other
hand,
I
can
show
you
quickly
the
configuration
of
the
starboard.
It
has
plenty
of
configuration
settings
mainly
encoded
in
the
config
maps.
D
I
don't
want
people
to
you,
know
added
yaml
file
or
some
key
values
going
back
to
the
documentation.
We
want
to
focus
on
one
tab
in
the
browser.
Once
you
open
octane,
you
don't
want
to
leave
it,
that's
the
goal.
I
know
we
are
pretty
far
from
this
goal,
but
imagine
this
right.
I
don't
have
to
go
out
of
this.
I
want
to
have
a
representation
of
config
maps
implemented
as
a
plugin.
I
want
to
have
nice
drop
downs.
D
You
know
buttons
to
configure
everything
to
validate
my
configuration,
preferably
reusing
some
of
the
go
libraries
or
utilities
that
we
already
already
use.
So
this
is
like
a
I'm
talking
about
future
now
so,
like
a
configuration
providing
a
user
interface
for
configuring,
star
wars,
making
sure
there's
another
example,
I
think
more
more
useful
is
this:
is
generic
starboard
configuration?
But
if
you
look
back
at
the
vulnerability
scanner,
you
saw
that
we
are
showing.
D
D
But
if
I
go
back
here,
you
see
that
we
show
this
report,
even
though
there
is
no
fix.
So
there's
one
parameter.
If
I
go
back
to
to
the
starboard
operator,
namespace
3v
is
the
vulnerability
scanner
that
we
use
it's
plugable,
so
it
doesn't
really
matter,
but
there
is
one
flag.
D
Actually,
where
you
can
configure
severity-
and
this
is
a
one
flag-
it's
not
defaulted
here
that
allows
you
to
skip
unfixed
vulnerabilities
right,
so
you
will
see
less
vulnerabilities.
But
again
I
don't
want
people
to
read
the
documentation.
No
one
reads
documentation.
This
should
be
self
explanatory,
so
I
go
to
plugin.
D
I
click
somewhere
here
like
a
configure
starboard
or
maybe
we
have
like
a
top
level
view.
I
didn't
talk
about
this
top
level
view,
but
let's
keep
it
for
this
time
and
then
maybe
I
should
have
some.
You
know:
ui
interesting,
ui
components
for
editing
stuff,
not
just
for
rendering
stuff,
and
at
the
time
when
I
played
with
the
plugins
api,
there
were
not
many
components.
D
We
somehow
moved
this
conflict
out
of
the
report,
so
everyone
can
see
this
and
then
we
also
sort
it
out.
So
this
you
know
bubbles
up
to
the
top,
and
then
we
have
a
button
here.
So
I
can
say
how
to
fix
this.
That
would
be
great
because
then
imagine
that
behind
the
scenes
we
do
patch
the
engine's
resource
right
then
open
refreshes.
This
every
like
a
refresh
with
you,
know
the
whole
ui
and
then
ideally
this
this
warning
or
this
danger
should
disappear.
D
That's
kind
of
full
experience
which
wasn't
easy
to
design
and
implement
with
the
with
the
current
apis,
and
then
you
know,
depending
on
the
community
or
you
know,
downloads
counts.
We
can
think
about
other
stuff,
but
the
eventual
goal,
at
least
for
us,
was
to
to
make
it
useful
not
just
to
to
to
display
some
data,
but
do
something
with
this
data.
D
So
yeah,
thanks
again,
for
you
know
giving
this
opportunity
to
share
the
feedback.
Take
it
easy.
You
do
a
great
job
and
yeah.
Hopefully
we
can,
you
know,
help
work
together
or
discuss
things
to
make
it
even
better.
A
Thank
you
so
much
daniel.
You
know
your
feedback
as
honest
as
it
can
be.
It's
really
important
for
us.
Our
goal
is,
is
to
improve
the
project.
You
know,
unlock
some
other
use
cases
and
extend
what
you
can
do
would
start
on.
Often
for
sure
I
I
I
had
one
question
before
I:
I
leave
space
for
the
theme
class.
A
I
I
can
imagine
that
if
you
mentioned
that
it
was
easy
to
to
get
started
with
examples,
but
the
the
hardest
part
is
to
actually
start
putting
data
in
in,
in
the
plug-in.
All
of
that,
probably
you
missed
some
documentation
pieces
right.
You
you
were
you
you
wanted
to
have
some
you
know.
Particular
documentation
or
tutorials
probably
will
have
been
useful.
So
I
don't
know
if
you
can,
in
your
in
your
mind,
collect
the
the
kind
of
documentation
you
would
like
to
see
for
plugging
outdoors.
D
Yeah,
I
think
I
can
answer
it
in
a
bit
different
way.
Forget
about
documentation.
No
one
reads
that
not
necessarily,
but
I
remember
when
I
was
doing
more
front-end
engineering
and
every
week
there
was
a
new
javascript
framework
and
I
think
it
still
holds
today.
D
There
was
like
a
kitchen
sink
or
widget
kind
of
a
type
of
a
project
that,
for
example,
how
to
add
tabs
or
pie
charts
in
I
don't
know
angularjs
or
in
in
react.
Imagine
that
you
have
this
kind
of
a
kitchen
sink.
I
don't
remember.
D
This
can
be
really
useful
at
this.
That
will
be
the
first
thing
I
would
pick
up.
You
know
clone.
It
start
messing
up
commenting
out
some
pieces
adding
duplicating
code
so
like
a
really
nicely
commented
sample
plugin,
but
not
as
simple
as
you
know,
just
as
you
know,
adding
tab
or
maybe
one
button.
Just
just
add
more
of
these
widgets
show
more
complicated
use
cases
this.
This
would
be
at
least
for
users
like
we
like,
more
maybe
a
little
more
advanced.
That's
that's
something
we
are
looking
for
right.
D
A
D
And
and
just
to
add
on
that
sorry
for,
like
you
know
that
okay,
I
took
it
as
a
kind
of
a
brainstorming
and
also
like
it
recalls
me
what
you
know
what
I
was
thought
about
these
plugins.
I
also
mentioned
that
there's
no
plugin,
for
I
don't
know
to
which
extent
you're
familiar
with
olm,
like
operator,
lifecycle
manager.
This
is
an
operator
for
managing
operators.
It's
basically
very
cool
like
for
day
two
operations
for
installing
stuff
monitoring,
stuff,
auto
upgrades,
but
the
learning
profit
very
steep.
D
D
D
Maybe
you
will
miss
some.
You
know
functionality
for
modifying
kubernetes
objects.
For
now
I
think
it's
great
for
reading
stuff
and
sometimes
it's
limiting,
but
with
like
a
real
world
plugins
or
maybe
refactoring
or
extracting
some
of
the
functionality
of
octane
to
the
plug-in
ecosystem.
Basically,
when
you
install
when
you
run
knockdown,
this
will
be.
You
know
loaded
automatically
this.
This
can
open
some
of
the
opportunities
to
to
drive
this
api.
D
Otherwise,
I
think
you
know
we
get
stuck
with
the
simple
plugins
and-
and
we
may
miss
some
of
the
interesting
use
cases
that
are
possible.
A
That's
amazing
thanks
so
much
daniel.
I
think
I
will
need
to
re-watch
this
recording
several
times
to
take
notes.
Thank
you.
I
don't
know
if
anyone
else
from
the
team
wayne
philippe
bikram,
some
have
any
additional
comment.
Questions.
B
Yeah,
no,
nothing
in
particular.
I
just
want
to
thank
daniel
for
taking
the
time
every
evening
to
give
this
feedback
to
us.
It's
extremely
helpful,
just
from
a
developer's
perspective
as
well
as
just
letting
us
know
that,
like
what
we're,
what
we
can
do
better
and
thank
you
for
your
honesty
as
well,
and
I
think
like
ultimately,
that's
how
we
all
improve
and
lift
the
whole
ecosystem
as
whole.
D
Sure
no
problem
and
thanks
again
for
giving
me
the
opportunity
to
share
the
feedback
if
I
was
using
octan
in
some
very
weird
or
particular
way
and
there's
an
easy
way
or
you
saw
some
crazy
golden
gold,
please
let
us
know
you
know
we
are
also
learning
and
I
know
that
things
are
changing
and
we
don't
always
have
time
to
catch
up.
So
I
really
appreciate
you
listening
to
us
and
yeah
keep
up
doing
great
job.
A
Awesome,
thank
you
daniel.
Well.
If
there
is
no
additional
comment
or
question
from
the
team
well,
I
will
wrap
up
the
meeting.
Thank
you
daniel.
Thank
you
for
everyone
for
joining
and
again
we'll
keep
working
to
improve
the
project,
to
make
all
your
use
cases
even
better.
So
thank
you
so
much
for
being
here.