# Cartographer Office Hours notes _This doc is meant to serve as the main record for Cartographer **weekly Office Hours** meetings AN. Join our [Google Group](https://groups.google.com/g/cartographeross) to get updates on the project and invites to office hours sessions._ :::info :information_source: **Meeting Details** ::: [**Public Google calendar**](https://calendar.google.com/calendar/u/0?cid=aHU1MXJuMm03YWpxbHJudHJ1Y2ZmYzM4bHNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ) * **Weekly** Office Hours - **Focus: RFC discussions** If you want to propose a new idea for the project, please check out the [RFC process](https://github.com/vmware-tanzu/cartographer/blob/main/rfc/rfc-0019-rfc-process.md#process) and join this meetings to discuss your ideas with the maintainers and Technical Oversight Committee team members - Held the first Tuesday of every month at 1:00PM ET ([Convert to your time zone](https://dateful.com/convert/eastern-time-et?t=1pm)) - [**Office Hours Zoom link**](https://vmware.zoom.us/j/94592229106?pwd=eEtpekxsSERoOVNlemJWZGJTK3hvdz09) - Previous recordings: [Cartographer Office Hours YouTube Playlist](https://youtube.com/playlist?list=PL7bmigfV0EqSkIcCBTr3nQq04hh_EFK2a) - RFCs [project board](https://github.com/vmware-tanzu/cartographer/projects/2) - [Older meeting notes](https://docs.google.com/document/d/1ImIh7qBrOLOvGMCzY6AURhE-a68IE9_EbCf0g5s18vc/edit?usp=sharing) (before May 9th 2022) ---- **Host instructions and meeting template: [separate document](https://hackmd.io/tK767C3sRWqCkelBC1w8Nw)** :::info :information_source: **How it works** ::: - A note taker (⭐️) will be determined prior to the meeting - We highly encourage expected attendees to add topics to the agenda prior to the meeting in order to be properly prepared - RFCs that are a high priority (as decided by the maintainers) are introduced first. Typically: - New RFCs for current core-contributor sprint (labeled with the next major release version) - RFCs blocked by TOC - New RFCs and Issues presented by external contributors are discussed next. We want external contributors to have a say! - The 60 minutes will be divided evenly among the # of discussion items so everyone has the same opportunity. If that time slot is not enough, we encourage attendees and contributors to keep the conversation asynchronous by adding comments to the RFC PR - All meetings will be recorded. :::info :information_source: **How to Reach Us** ::: The Cartographer team can be reached at: * [#cartographer channel](https://kubernetes.slack.com/archives/C02HKPSEKV1) in the Kubernetes Slack * If you aren't already a member on the Kubernetes Slack workspace, please first [request an invitation](https://slack.k8s.io/) to gain access. * [GitHub Discussions](https://github.com/vmware-tanzu/cartographer/discussions) * Add your request, question or suggestion to [our issue list](https://github.com/vmware-tanzu/cartographer/issues) * [Mailing list](mailto:cartographeross@googlegroups.com) * Twitter: [@OssCartographer](https://twitter.com/osscartographer) **Need help or have an issue to discuss with the team?** Add your item to **Discussion Topics** for the next meeting's agenda.:point_down: :::warning _Please read and abide by our [Code of Conduct](https://github.com/vmware-tanzu/cartographer/blob/main/CODE_OF_CONDUCT.md)._ ::: --- # Agenda ## August 1, 2023 - [x] Designate note taker: Kara Yimoyines - [x] Please record your attendance and affiliation: - Todd Ritchie, Waciuma Wanjohi, Rasheed Abdul-Aziz [VMware] - [ ] Questions/discussion topics (include your name) - Open issues in the Cartographer backlog. Are we going to address them? Bugs? Yes. New features will be evaluated case by case. ### Minutes ## June 6, 2023 - [x] Designate note taker: Kara Yimoyines - [x] Please record your attendance and affiliation: - Sam Coward [VMware] - Kara Yimoyines [VMware] - Waciuma Wanjohi [VMware] - Thomas Vitale [Systematic] - Scott Rosenberg [TeraSky] - [ ] Questions/discussion topics (include your name) - Status on artifact tracing RFCs (Thomas) - Proposal on standard "type" label for supply chains (Thomas) - Feedback from presentations about Cartographer: [Golden Path to SpringOne](https://www.youtube.com/watch?v=z_ASsv3izbU), [Cloud Native Rejekts](https://www.youtube.com/watch?v=Yb0a_SLGaGs), [Cloud Native Aarhus](https://community.cncf.io/events/details/cncf-aarhus-presents-paving-the-path-to-production-with-backstagetap-cartographer-1/) (Thomas) ### Minutes #### Artifact Tracing Looking at how effective the approaches to artifact tracing will be. So we're looking at what the future looks like for components as they act as "good citizens." The design work that Rash has been doing has resulted in a POC at this point with hopes toward a larger redesign. #### "Type" Label Q: Type info isn't shown in the Tanzu CLI. Does it make sense to have standardization in the label? A: We recognize that it has been a problem with matching; however, it is something we're looking at in the redesign. ## March 7, 2023 - [x] Designate note taker: Rasheed Abdul-Aziz - [x] Start recording - [x] Please record your attendance and affiliation: - Sam Coward, Rasheed Abdul-Aziz, Kara Yimoyines, Waciuma Wanjohi, Todd Ritchie [VMWare] - Thomas Vitale [Systematic] - \<yourname> [\<affilliation>] - [x] Review outstanding RFCs: | RFC ID | Most recent change of status | | -------| -------- | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | - [ ] Questions/discussion topics (include your name) - [x] Cartographer CLI proof of concept (Thomas Vitale): https://github.com/ThomasVitale/cartographer-cli - [x] Presentations including Cartographer (Thomas Vitale): [Golden Path to SpringOne](https://tanzu.vmware.com/developer/tv/golden-path/16/?ref=thomas-vitale) and [Cloud Native Rejects](https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-amsterdam-2023/talk/QMZ98Z/?ref=thomas-vitale) - [x] Prevent Cartographer from propagating output from a resource if it is not healthy. - [x] Can Cartographer installation be simpler. - [x] Update website to last version: https://cartographer.sh/docs/v0.6.0/ - [ ] your question ### Minutes #### Container concurrency Container concurrency in Cartographer 0.7.0 (wtg @i) #### Cartographer CLI Thomas has a PoC of a [CLI](https://github.com/ThomasVitale/cartographer-cli). * Inspired by Carvel's CLI. * Want's to add cartotest integration * Perhaps installation * Info about installed carto. * Blog post? Maybe not yet. #### Easy install Easy install command could be easier, it currently fails on #### Presentations including carto As per discussion topic. Thomas will be presenting twice on Cartogra #### Healthrule > Prevent Cartographer from propagating output from a resource if it is not healthy. How to distill the conversation? #### Docs bump? AI: Yes, there are some docs to * Add to the 0.7.0 docs for scaling * Publish 0.7.0 #### Conventions team Thomas would like https://github.com/vmware-tanzu/cartographer-conventions/issues/294 reveiwed * AI: Invite Conventions team to OSS channel and Office hours [KY] ## February 7, 2023 - [X] Designate note taker: - [Sam Coward] - [X] Start recording - [X] Please record your attendance and affiliation: - Waciuma Wanjohi, [VMware] - Sam Coward, [VMware] - Scott Rosenberg [TeraSky] - John Kjell [VMware] - Thomas Vitale [Systematic] - \<yourname> [\<affilliation>] - [ ] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [Artifact Tracing with Health Rules](https://github.com/vmware-tanzu/cartographer/blob/artifact-tracing-with-health-rules/rfc/rfc-0000-artifact-tracing-with-health-rules.md) | Draft | | [Add support for setting container runtime concurrency](https://github.com/vmware-tanzu/cartographer/pull/1131) | Draft | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [John] https://github.com/vmware-tanzu/cartographer/discussions/1002 - [Thomas] Cartographer CLI ### Minutes * Artifact tracing Draft RFC18 * How do they compare with correlation and other RFC? * Build upon health rules behavior * Generic work first * Clearer indication in roadmap of RFCs being pursued? * PR open for concurrency https://github.com/vmware-tanzu/cartographer/pull/1131 * is there a framework or way to support attestations in a generic way * avoid having to invidually support attestations for myriad products customers want to integrate * carto currently just carte blache trusts the output of all components * what possible collaboration pattern could carto use/enforce? * same is true for anything else... say tekton pipeline .. at some point you trust the pipeline script is honest * equivalence of an attestation on a template? * how would/should carto be able to verify the deployments of all the collaborating controllers of supply chain resourcesother objects on cluster whose configuration could hide inputs, e.g. kpack buildpacks * what is attesation? * limit scope of what cartographer can make an attestation about * what is the seal around this and attestations on stamped out objects? * generic access to object atttestation data akin to health rules * tekton chains for attestation * in-toto * SBOMs * SLSA provenance format. ko may have features related to this * https://github.com/pivotal/kpack/issues/1093 * Cartographer CLI ... * TCE retired * will there be a CLI, similar to how carvel pkg tooling is extracted, in OSS space * would make it easier to get started like carvel * app plugin could be consumed as separate CLI? * some dependency on tanzu cli framework config * would also be great to have debugging, spelunking tools for workloads etc * possibly create small public repo to kick this off... * [creyaml](https://github.com/sahil-lakhwani/kubectl-creyaml) creates generic objects from the CRD definition ## September 19th, 2022 - [ ] Designate note taker: - [X] David Espejo - [X] Start recording - [ ] Please record your attendance and affiliation: - David Espejo, [VMware] - Ciro S. Costa, [VMware] - Emily Johnson, [VMware] - Waciuma Wanjohi [VMware] - Sam Coward [VMware] - Thomas Vitale [Systematic] - Scott Rosenberg [TeraSky] - [X] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | <Check previous meeting's notes> | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [X] Supply chain security and Cartographer: https://github.com/vmware-tanzu/cartographer/discussions/1002 (Thomas Vitale) - [ ] Removing template recursion: https://github.com/vmware-tanzu/cartographer/pull/1004 (Sam Coward) ### Minutes * Scott Rosenberg, standing room only at Explore. Attendees thought OOTB was Carto, extensibility was impressive for the audience. Used options and ytt, but most of the extensibility was done with options. If you know how Crossplane compositions work, there are many possibilities but the learning curve is steep * RFCs: no major updates to discuss * Supply chain security and Carto: * [WW] In Tekton everything you do is code Tekton can read, but not sure about how Tekton Chains would be _intercepting_. Modularity Carto brings is and advantage (easily swappable resources) * [TV] Tekton Chains intercepts inputs/outputs and the spec of the resource, taking into account Carto already has the same info, would it be possible to implement attestation with Carto? * [WW] There are some RFCs around Artifact Tracing, designed to solve these issues (performance hit implied): * RFC to make it possible to associate outputs with the inputs that caused them: https://github.com/vmware-tanzu/cartographer/blob/artifact-tracing-with-health-rules/rfc/rfc-0000-artifact-tracing-with-health-rules.md * RFC to report the provenance of artifacts: https://github.com/vmware-tanzu/cartographer/blob/rfc-0018-workload-report-artifact-provenance/rfc/rfc-0018-workload-report-artifact-tree.md * Removing template recursion: * [SC] Draft PR to indicate users where the path to the document is. * [SR] Removing ## September 12th, 2022 _CANCELLED DUE TO LACK OF AGENDA ITEMS_ ## September 5th, 2022 CANCELLED DUE TO US LABOR DAY ## August 29th, 2022 - [ ] Designate note taker: - [ ] Emily Johnson - [X] Start recording - [ ] Please record your attendance and affiliation: - David Espejo, Emily Johnson, Rasheed Abdul-Aziz, Kara Yimoyines [VMware] - \<yourname> [\<affilliation>] - [ ] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | <Check previous meeting's notes> | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [ ] your question ### Minutes - EMJ will update RFC board after meeting - What is the status of TOC? - Kara is working on governance internally - will bring back to this meeting in a week or two - Blueprints RFC is still in FCP - Cannot move forward until we decide what is happening with governance - Looking for external feedback on blueprints types - Rash to start a discussion on this ## August 22nd, 2022 - [X] Designate note taker: - [X] David Espejo - [X] Start recording - [X] Please record your attendance and affiliation: - Emily Johnson, David Espejo, [VMware] - Scott Rosenberg [TeraSky] - \<yourname> [\<affilliation>] - [X] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [Common blueprint architecture](https://github.com/vmware-tanzu/cartographer/pull/976) | Move to FCP + See TOC discussion topic | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [ ] EMJ - Dissolving the TOC/governence model - [ ] DE - Carto in the K8s Atlanta meetup: https://www.meetup.com/kubernetes-atlanta-meetup/events/287845059/ - [ ] SR - Custom supply chains with Carto - [talk at VMware Explore](https://event.vmware.com/flow/vmware/explore2022us/catalog2/page/catalog?search=%22Scott%20Rosenberg%22&tab.contentcatalogtabs=1627421929827001vRXW)! ### Minutes - Blueprints RFC - [EJ] Ok to move to FCP? A: Yes - [EJ] Updated RFC, open for comments for 7 days: https://github.com/vmware-tanzu/cartographer/pull/976 - [WW] ## August 15th, 2022 - [x] Designate note taker: @ciro - [X] Start recording - [x] Please record your attendance and affiliation: - Scott Andrews, Rasheed Abdul-Aziz, Sam Coward, Emily Johnson, Ciro S. Costa, Todd Ritchie, Kara Yimoyines [VMware] - Scott Rosenberg [TeraSky] - [x] Review outstanding RFCs: | RFC ID | Most recent change of status | | -------| -------- | | [Updated Blueprints RFC](https://github.com/vmware-tanzu/cartographer/blob/731-rrfc-common-blueprint-architecture/rfc/rfc-0000-common-blueprint.md) | | - [x] Questions/discussion topics (include your name) - *on updated blueprints RFC, is it still under the same old RFC?* - yes! see https://github.com/vmware-tanzu/cartographer/pull/766 - *so, have we decided on new apiversion for blueprints work?* - yes! - *how about serviceaccounts in this new world of blueprints?* - proposal coming soon (current thought: making extensive use of aggregated roles, but, perhaps leverage ClusterBinding?) - clusterwide rbac might lead to overuse of cluster-admin especially if we start making use of namespaced supplychains - awesome from ux perspective, but, if we make it so it's really easy for folks to bring CRDs, there might be a lot of work towards getting permissions set for them - although ... only admins should be submitting CRDs to a cluster anyway? thus, setting the permissions at that point? - with the move towards single cr (clusterblueprint) shared between not only templates, but also compound ones (equivalent to what was a supplychain), now it becomes hard to apply rbac towards cartographer resources themselves (e.g., preventing non-admins from modifying supply chains) - Scott Rosenberg working on some new supplychains! - https://github.com/vrabbi-tap/helm-supply-chain - https://github.com/vrabbi-tap/supply-chain-with-custom-image-repository-support - https://github.com/vrabbi-tap/techdocs-publishing-supply-chain - Interestings - [CRD Validation Expression Language #2876](https://github.com/kubernetes/enhancements/issues/2876) ### Minutes ## August 8th, 2022 - [X] Designate note taker: - David - [X] Start recording - [ ] Please record your attendance and affiliation: - David Espejo, [VMware] - Scott Rosenberg [TeraSky] - Scott Andrews [VMware] - \<yourname> [\<affilliation>] - [ ] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | <Check previous meeting's notes> | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [ ] your question - [ ] Carto 0.5 [released](https://github.com/vmware-tanzu/cartographer/releases/tag/v0.5.0)! - Does this change the minimum K8s version? - 1.12 is the minimum version - [ ] Contributor of the Month - Minutes - ## August 1st, 2022 - [ ] Designate note taker: - [X] David Espejo - [ ] Start recording - [ ] Please record your attendance and affiliation: - David Espejo, [VMware] - \<yourname> [\<affilliation>] - [ ] Review outstanding RFCs: | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | <Check previous meeting's notes> | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [ ] your question - [ ] [SR] Carto and Crossplane - Using it for ServiceBindings - IaC use cases mainly, managing AWS/etc resources from K8s - Related to the [Blueprints RFC](https://github.com/vmware-tanzu/cartographer/pull/766) proposal - Crossplane lacks conditionals among other features in the Supply Chain domain - CP`s composed resources can be challenging to do ordering - Re: Bring your own descriptor - In a composition, thinking on how values are passed from one resource to the next - [SR] Having the ability to define my own types could be benefitial, strongly typed is great, but having the ability to define types - [WW] Regarding the Blueprint proposal, seems like it assumes that the SupplyChain maps to a workload - [RA] Nothing is built into Selectors - [ ] [WW] What happen with the other ideas? (eg. allowing a SC to read values that are at some another object in the cluster). One of the changes proposed by Scott would entail moving up selectors to Supply Chains - [RA] Nothing wrong with those, further discussion is needed ### Minutes ## July 18th and 25th cancelled ## July 11th - [x] Designate note taker: - Todd Ritchie - [x] Start recording - [x] Please record your attendance and affiliation: - Waciuma Wanjohi, Todd Ritchie, Rasheed Nehasapetapetalum Abdulazizaloo, Scott Andrews [VMware] - Scott Rosenberg [TeraSky] - \<yourname> [\<affilliation>] - [ ] Review outstanding RFCs: | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [Add matchParams selector](https://github.com/vmware-tanzu/cartographer/pull/618) | Accepted | | [Artifact Tracing with Correlation Rules](https://github.com/vmware-tanzu/cartographer/pull/894) | | | [Artifact Tracing with Generation Output Correlation](https://github.com/vmware-tanzu/cartographer/pull/893) | | | [Artifact Tracing with Health Rules](https://github.com/vmware-tanzu/cartographer/pull/891) | | | [Next Gen Carto](https://docs.google.com/document/d/1-FiuD6iLl9tT9nsLY4FDb_cMKMvA6SkjFo-oNzXI9Js/edit#heading=h.x8ln6a24ti7i) | | - [ ] Questions/discussion topics (include your name) - [ ] Discussing [Next Gen Carto](https://docs.google.com/document/d/1-FiuD6iLl9tT9nsLY4FDb_cMKMvA6SkjFo-oNzXI9Js/edit#heading=h.x8ln6a24ti7i) / General Use Cartographer - Suggestion to delay the new CRD as long as possible (Waciuma) - Discussing API transition paths, either incremental additions or whole new API and tradeoffs - Longer transition time for the former, higher effort migration for the latter - Which way do we want to bias? - Pushing for type analysis through supply chain to ease the migration (Rash) - Explaining the Next Gen Carto blueprint design. New ClusterTemplate outputs field to pass down to dependent templates. New "inputs" in templates allows downstream templates to consume them. Another proposal later in the document explains how "params" could be used in both new and existing cases. - Instead of writing out a static value as an output we now propose writing out a reference to a field in another object found with a selector - Follow-up meeting with 2x2 prioritization for ease of implementation over the several RFCs in the General Use Cartographer proposal <!-- NEXT_AGENDA --> ## July 5th - [ ] Designate note taker: - [ ] David Espejo - [ ] Start recording - [ ] Please record your attendance and affiliation: - Waciuma Wanjohi, David Espejo [VMware] - \<yourname> [\<affilliation>] - [ ] Review outstanding RFCs: | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [Add matchParams selector](https://github.com/vmware-tanzu/cartographer/pull/618) | In review | | [Artifact Tracing with Correlation Rules](https://github.com/vmware-tanzu/cartographer/pull/894) | | | [Artifact Tracing with Generation Output Correlation](https://github.com/vmware-tanzu/cartographer/pull/893) | | | [Artifact Tracing with Health Rules](https://github.com/vmware-tanzu/cartographer/pull/891) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [ ] Blueprints - Workload or owner-agnostic? - Likely to deprecate the Delivery CRD - Disadvantages of moving everything to be a Blueprint has to do with losing some the ability to define which tasks are managed by which type of role - Miro [board](https://miro.com/app/board/uXjVOqBPEXQ=/?moveToWidget=3458764528467346835&cot=14) by Rasheed - We'll have to look at the permissions model, which becomes difficult with K8s - A solution could be pulling permissions from a repo - What about namespace-scoped blueprints? - No RFC for it yet - It's another way to handle it - Could be solved with something like a Kyverno OPA - - ### Minutes * Question from Scott: is there any plan to expand Delivery? * Not prioritized right now ## June 29th, Community Meeting - [ ] Start recording - [ ] Please record your attendance and affiliation: - \<yourname> [VMware] - \<yourname> [\<affilliation>] - [ ] What's new in the project? - [ ] What's coming? - [ ] Open mic discussion (add your name) - [ ] Moving this meeting to a newsletter format [David Espejo] - No objection from attendees (Scott, Sam) ## June 27th 2022 - Office Hours - [ ] Designate note taker: - [X] Rasheed - [X] Start recording - [ ] Please record your attendance and affiliation: - Waciuma Wanjohi, David Espejo, Adam Shamblin, Rasheed Abdul-Aziz [VMware] - Thomas Vitale [Systematic] - \<yourname> [\<affilliation>] - [ ] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2) | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [Add matchParams selector](https://github.com/vmware-tanzu/cartographer/pull/618) | Denied -> In review | | [Artifact Tracing with Correlation Rules](https://github.com/vmware-tanzu/cartographer/pull/894) | | | [Artifact Tracing with Generation Output Correlation](https://github.com/vmware-tanzu/cartographer/pull/893) | | | [Artifact Tracing with Health Rules](https://github.com/vmware-tanzu/cartographer/pull/891) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [x] Questions/discussion topics (include your name) - [x] [Introducing new release process guidance](https://hackmd.io/3aQ1iGm-RlWwuujuYm0dcQ) Rasheed Abdul-Aziz - [x] [Looking for a Proof of concept for the CD Foundation](https://github.com/cdfoundation/sig-events/issues/117#issuecomment-1160584714) David Espejo - [x] Feedback from [Cartographer presentation at GOTO Aarhus](https://gotoaarhus.com/2022/sessions/2064/a-paved-path-to-production-on-kubernetes) Thomas Vitale ### Minutes #### MatchParams RFC. Waciuma mentioned this is already back to review. Waciuma fell offline, and Rash would like to know if there's a strong motiviation, otherwise it could wait? Reduce huge function use in YTT. Rash asks please mention that it helps avoid using YTT even more. #### Artifact tracing RFCS. Please approve artifact tracing RFCs Shelving caching to aid security. MITM still too easy. Rash to take this to the Core Maintainers #### Questions - Release Process David asks, please add to github discussions Rasheed: we will implement for now as is, open for discussion. Adam Shambin: do we have a n-x support policy, Rash: not as yet, possibly not until 1.0 #### Questions - CDEvents Proof Of Concept David to keep working with TOC/Tech Leadership to move this forward. Waciuma: Seems like a strange ask wrt to Level triggering vs Edge triggering. And Kept is a better fit? Rash: I can imagine usecases - but would be nice to find out what folks in the CDF and what James Rawlings thinks they are? Thomas Vitale: Events allow for a GUI. Rash: K8s events already on the table Thomas: CloudEvents (knative) would be more useful Rash: Would love to see an issue raised by Thomas. [CD Events spec](https://github.com/cdfoundation/sig-events/blob/main/vocabulary-draft/README.md) #### Questions - Goto Aarhaus [Deck](https://speakerdeck.com/thomasvitale/a-paved-path-to-production-on-kubernetes) Happy: * Reactive systems well received. * Flexible * K8s native means less onramping * Seperation of concerns Delta: * Lack of a GUI * Observability and troubleshooting ## June 21st,2022 (canceled) ## June 13th, 2022 - Office Hours - [X] Designate note taker: - David Espejo - [X] Start recording - [x] Please record your attendance and affiliation: - David Espejo, Waciuma Wanjohi, James Rawlings, Sam Coward [VMware] - Scott Rosenberg [TeraSky] - Thomas Vitale [Systematic] - \<yourname> [\<affilliation>] - [x] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | <Check previous meeting's notes> | | [Artifact Tracing with Correlation Rules](https://github.com/vmware-tanzu/cartographer/pull/894) | | | [Artifact Tracing with Generation Output Correlation](https://github.com/vmware-tanzu/cartographer/pull/893) | | | [Artifact Tracing with Health Rules](https://github.com/vmware-tanzu/cartographer/pull/891) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [ ] Thomas Vitale`s presentation at [GOTO Aarhus ](https://gotoaarhus.com/2022/sessions/2064/a-paved-path-to-production-on-kubernetes)(Thu Jun 16) - [ ] your question ### Minutes - [RA] Started a new RFC. - Could we imply that all inputs are constrained? - Draft RFC text to come - [RA] Gitwriter [example](https://cartographer.sh/live-editor/index.html?pako=eJy1lD1vgzAQhnd-hZXdRF1Zo1bq2lZdq4s5Eis2ts4GQn99jSEFklhqhjIhv3evn_sAznkGVn4iOWnqggkgb3Jq6m37BMoe4Sk7ybos2E41ziO9N9aqfncEWWcaPZTgocgYq0FjwVxUuYiysygGyaFC4Q0N74yBtbmH-rvJW90BYS6M3naGTspAyX1vg02H-ywEEzrTkEA3ZvLLJfGQWzKtLJGixphHbRV4fMOqmI4YW6PHvI8p7jfGWB8qd3PSfFNFRvOD9Avpupz50eDF8UWiKt21NDiesA_ooSX5yJ9f-15okGBwZ89n6bxLURFa8y9YUsMB_wK2mknM4vtGqkcm8jpk3Qxk4TidWSDQC_zVrV-WsJLnBXILqgnqZhD4ZhJWqzSaXPYrtVIzzKivSxamruTh8TXcxbxE1eHr4KPxJMQSE9T3mn7dwBVyWDnekfQP0CY4b5xG6ATo_VbNbsNPJD2mMUb3fJrCnJ0eYPYDXlthQw) - [WW] Artifact tracing intro ([presentation here](https://docs.google.com/presentation/d/1F-irZqpgQsVXh5sl82aCQFwIpUv8nDK8Ob5KnlXyrag/edit?usp=sharing)) - What: Carto ability to determine - Why: Observability and Security - Currently Carto realies only on RBAC to determine if a Supply Chain is corrupted/compromised - Provide users the ability to make a Supply Chain strongly consistent - How to do it? - Provide inputs in outputs - [RA] Source revision could be unrrelated. This is the case when input should match the output - [WW] "This output came from this input" - [SR] Any example of resources that do this today? - [WW] Tekton TaskRun - [JR] How much overlap there would be with other OSS tools that perform attestation, or other tasks? - [WW] This is not meant to replace attestation/provenance capabilities of other tools (kpack, etc). It doesn`t prevent one to add a *bad* controller - [JR] We still need to solve attestation problem. What people can build on top of this - [RA] relates to showing users they can trust on what they have designed - [WW] At least 2 use cases: - UI built on top of Carto, - Security - Provide generation in outputs -[RA] observedGeneration and the `generation` field and how it should be useful for historical record, surprised that it is not -[SR] How would that affect kpack? Would that give me a new generation? - [RA] If the spec is unchanged, the generation doesn`t change -[WW] -[SL] What it is proposed here could not be completely accurate -[WW] Agree -[RA] This is the goal in the CI/CD space - Nothing provided in the inputs -[RA] Third approach has a performance problem -[RA] What examples do we have that we have to do this? -[WW] There is no way for Carto to determine that every resource is going to behave as expected -[SL] We are not holding the rights to enforce that behaviour. -[SL] kpack behaviour (serialization) doesn not compromise it too much -[RA] What if `Ready` is unknown? -[WW] -[RA] When you say cache the spec, you really mean just the inputs per gen, right? -[RA] The template should end up producing a new gen -[WW] We do not have an example where we do this right now -[JR] ## June 6th, 2022 - Office Hours - [X] Designate note taker: - David Espejo - [X] Start recording - [X] Please record your attendance and affiliation: - [VMware] David Espejo, Waciuma Wanjohi, Bryan Kelly, Sam Coward, Rasheed Abdul-Aziz - [TeraSky] Scott Rosenberg - [\<affilliation>] \<yourname> - [X] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [Add matchParams selector](https://github.com/vmware-tanzu/cartographer/pull/618) | Denied --> Pending | | [Introduce Generation-Output Correlation](https://github.com/vmware-tanzu/cartographer/pull/886) | | - [ ] Questions/discussion topics (include your name) - [ ] your question ### Minutes * **Add matchParams selector RFC** * [WW] Params can come from several sources, if you are writing a SC you will know the permissions to give. Some work with TAP has been done, and there is another persona we are not respecting, yet to figure it out. Someone who expects some platform operator to tweak a default platform to his needs. Right now it s necessary to build a lot of logic into ytt to build a SC (an antipattern). If you yo don t have it, the cleanest way to do it is to switch params. * No objections on moving it to **Pending** * **Input output correlation RFC** * [WW] It comes from a recommendation from the TOC to write a separate RFC * [WW] Field prioritization in the spec. More reasonable for resource authors to report an observedGeneration in the status. * [BK] Could it help with inputs resulting in an error? * [WW] Right now there is no expectation that you would use that * [BK] Expectation is also to correlate failure * [SC] Not exactly a design goal now, but something to consider and aks the TOC * [BK] Probably there could a big audience that is asking for input-error correlation (more than input-output) * [WW] There are all sort of combination of events so it is hard to infere what is the cause of a failure. Carto does note yet read the kind of info from the objects to be abke to infere it better (like in the case of K8s) * [BK] Should Carto know that the submitted resource is crashing or not? * [SC] The original task was to write a RFC to support artifact tracing. * [BK] What if the artifact failed at some part of the process? How do we trace that? * [WW] Carto can say when was the last time a resource was good. We could have sidecar objects, but would be a heavylift tho * [SR] If we stamp out resources that were garbage collected, sending out additional data to ConfigMaps, it could provide more visibility without increasing size of workload status * [WW] Still trying to define the best way to it. I am concerned more about readability than size in the Workload status * [SR] Not a fan of external database, ConfigMaps are the next logical reason. * [SC] * [BK] Would there be a desire for, or are there other consumers of this information? eg a visualizer (be it through `kubectl` or an UI). What I want to have is a pointer. Is the main persona here a user or developer or operator? * [SC] Right now it is one for every resource. * [SR] It could get large if we start adding multiple versions * [SC] We could have a narrow view (just solve Artifact tracing) or get a lot of data * [WW] Some of the questions here relate to another RFC ([#18](https://github.com/vmware-tanzu/cartographer/pull/519)). * [WW] The hypothesis of the persona for this RFC are devs who want to create an UI for the solution we will eventually produce here * [SR] If I am in a higher generation Carto no way to get details from a previous generation * [BK] CRDs do not work the same so you still have to copy everything * [WW] For some K8s objects passing config, that is huge *[SR] What about a K8s taskCron? ## June 1st, 2022 - Community Meeting/Office Hours - [X] Designate note taker: - [X] David Espejo - [X] Start recording - [X] Please record your attendance and affiliation: - [VMware] David Espejo, Rasheed Abdul-Aziz, Cora Iberkleid \<yourname> - [TeraSky] Scott Rosenberg - [\<affilliation>] \<yourname> - [ ] What's new in the project? - [X] Work on v0.4.0 - [X] Bug fix on Runnable, probably will change its behavior - [X] Most of the Health status work is done - [X] Cartographer catalog repo is live: https://github.com/vmware-tanzu/cartographer-catalog - [ ] What's coming? - [X] New PR workflow - [X] Events to come on a further release - [ ] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | <Check previous meeting's notes> | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | | - [ ] Questions/discussion topics (include your name) - [X] Contributor of the Month! [DE] - [X] Hacking on [front matter](https://hackmd.io/dzWqaTVbRVKqmn-xXbPzEg) for the Cartographer website; Rasheed Abdul-Aziz * Document open for feedback - [X] Status of resources renaming work [CI] - [RA] A couple of proposals in place, currently focused on 0.4 sprint. Looking to encapsulate resources into the Blueprint concept. - [X] [SR] It would be great for Carto to have a community hub of examples (similar to Tekton Hub), a library of controllers - [SR] Have links to examples at the Resources page. Will create an issue for this ### Minutes ## May 30th 2022 - Office Hours Move to Community Meeting's agenda (this week only) ## May 23rd 2022 - [x] Designate note taker: - [x] Start recording - [ ] Please record your attendance and affiliation: - Rasheed Abdul-Aziz, Waciuma Wanjohi, Sam Coward, Stephen Levine [VMware] - \<yourname> [\<affilliation>] - [ ] Review outstanding RFCs: | RFC ID | Most recent change of status | | -------| -------- | | [#758 Introducing K8s Events](https://github.com/vmware-tanzu/cartographer/pull/756) | Accepted | | [#nnn RFC Name](https://github.com/vmware-tanzu/cartographer/pull/nnn) | - [ ] Questions/discussion topics (include your name) - [ ] your question ### Minutes #### Outstanding RFC Ready to Move Intro K8s events -> Now accepted #### Discussing changing configuration outputs for different environments Waciuma: The problem: Output of a supply chain is some configuration to apply to a cluster. But there may be several clusters that the configuration is to be applied to. The config may not be "right-sized" for all of them. Should there be a way for Cartographer Delivery to apply an overlay to configuration that it has picked up? Stephen: Shared a Miro board of possible future. Supply chain runs and creates an output. Either k8s objects, or kapp packages or even helm charts. That is then picked up by another process (e.g. another supply chain) via gitops. That is then altered and committed to git again. That is then picked up by another process (e.g. Delivery) and applied to a cluster. James: Strong belief that everything that is applied to the cluster must have its definition stored in git. Shared an example of this from Jenkins. Rash: Demonstrated how committing the revision of the owner (workload/deliverable) in the gitops repo changes can lead to clearer understanding of what work was done by the blueprint. ## May 16th, 2022 **CANCELLED DUE TO KUBECON EU!** ## May 9th, 2022 - [x] Designate note taker - David Espejo - [x] Start recording - [x] Please record your attendance and affiliation: - [VMware] David Espejo, Robert Szumlakowski, Rasheed Abdul-Aziz, [Waciuma Wanjohi](https://github.com/waciumawanjohi), Joshua Winters, Jackline Mutua - [TeraSky] Scott Rosenberg - [x] Review [outstanding RFCs](https://github.com/vmware-tanzu/cartographer/projects/2): | RFC ID | Most recent change of status | | -------| -------- | | <Insert priority RFC here> | | | [#799](https://github.com/vmware-tanzu/cartographer/pull/799) | | | [#756](https://github.com/vmware-tanzu/cartographer/pull/756) | TOC Approved, additional maintainers review required | | [#705](https://github.com/vmware-tanzu/cartographer/pull/705) | Blocked | | [#787](https://github.com/vmware-tanzu/cartographer/pull/787) | Blocked | - Questions/discussion topics (include your name) - [x] Surfacing Mauricio Salatino's feedback (https://salaboy.com/2022/05/07/knative-oss-weekly-38/) [David E] * [SL] The surface of both Keptn and Carto are events, difference is that Carto is level-triggered vs having to capture events to get status. Most of the RFCs authored by Waciuma aim to simplify integrating external toooling, not K8s native * [RA] [Start a GH Discussion and keep the convo there](https://github.com/vmware-tanzu/cartographer/discussions/844) - [ ] *Insert additional question/discussion topic* ### Minutes - **#799** * Intro by Sam Coward * [SL] Assuming parameter interpolation, what would be the motivation to referenci the parameter as something that should be interpolated against other alternatives? * [SC] Original recommendation from Scott Andrews, expressed in the intent * [SL] Probaly would make most sense to reference the name of the parameter? There are a couple of alternatives in the syntax, but just curious about it * [SA] The main difference here is the context: template vs actual resources. We can iterate on this if it's causing confusion * [SC] If *correlations* doesn't make much sense, open for improvements * [SA] Are we reading the value before a reconciler run * [SC] To add updates to make it more clear * [WW] It's dangerous to try to read the object if we re unsure about the current spec of the object. When the templating context changes all the oppty to read the current object disappears * [WW] Seems like every template author would leave correlationRules off and so those rules wouldn't apply. Q to Stephen: Is this related to the concern you brought up a month ago? * [SL] Is this RFC proposing observedGeneration? In this case, would you need correlationRules? * [RA] Is this RFC important for our current sprint? * [JW] Not for this one, yes for the next - **#756** * Ready for FCP * [RA] At least one blueprint event would be valuable for operators * [SL] It will be a lot of data * [RA] Events can be correlated * [SL] Could be a lot of noise * [RA] The idea would be an identical event that just keeps adding stats. Histograms * [SA] Concerned with ecnouraging spamming events. API Server storage is not the concern but that write operations have a finite limit on the server * [SL] Not necessarily opposed to it, but it's not a common pattern * [CC] # of workloads matching for a given blueprint sounds more like something you'd use prometheus for.(could have both a counter and a gauge for it to capture both "this many right now" and "have selected this many up until this point" - gauge and counter respectively) * [SL] Not to have metrics outside K8s events * [SR] if i remember correctly tekton has an event every time a taskrun or pipelinerun is created on the relevant task/pipeline * [AS] They output cloud events for every state changed, if that feature is enabled * [WW] This would not be an event for every reconcile cycle, - **#705** * No update, still blocked on TOC - **#766** * An updated document will be created when Emmily returns, it's a big change