#acumos-meeting: Architecture Committee

Meeting started by farheen_cefalu_a at 14:05:30 UTC (full logs).

Meeting summary

  1. Docker Proxy Bryan Sullivan (farheen_cefalu_a, 14:10:28)
    1. Ability for people to pull and push through the docker proxy. Is it allowed? And there are some basic rules around that. There is an acumos user name pwd. And are they allowed to docker pull. Is it a public model? Do they own it? If it's public is it open source? If it's not open source do they have a right to use. If it's public and not open source you have to have the right to use. The docker prox (farheen_cefalu_a, 14:12:49)
    2. sidecar to enginex. It validates and responds back yes, you can add. the docker registry api you probably know that it is a complicated thing. It involves oauth as an enabler. When you want to login to a docker registry you are authenticated by a third party using oauth. You have a registry and a proxy that validates your access to this resource. When the user logs in pull and push is re-verified that t (farheen_cefalu_a, 14:15:15)
    3. then it checks the users right to pull or push. This works in Boreas. I have verified. Any time you get in the middle of a protocol you have potential of breaking things. It is functioning for pull and push. The bigger arch. question is, is this the role that Acumos should have? (farheen_cefalu_a, 14:16:34)
    4. Where do these images live? Many people are not going to have a docker registry that is baked into the platform. The docker registry is way outside the acumos platform. There are many doors to this docker registry. There are many protocols around acumos entry. (farheen_cefalu_a, 14:17:41)
    5. We need to look at the complexity of completing these goals. There are limits to what we can guarantee to the security of the platform. (farheen_cefalu_a, 14:18:45)
    6. Manoop: We can provide a minimal one click download and install however the minimal security is oauth samples. We should not support all options we should give minimal. (farheen_cefalu_a, 14:20:39)
    7. Bryan: We will apply the rules and controls that we have. In the context of deployment environment what actually has access to what resource under what terms will be a Clio discussion. My experience in implementing the docker proxy it's complicated, technically challenging and may introduce fragility to the user experience. (farheen_cefalu_a, 14:22:13)
    8. Mukesh: Is this docker proxy to be used for onboarding? Bryan: Yes. When a human wants to access an image they will be able to do it thru the docker proxy. They login thru the docker proxy. Manoop: Will it check portal user credentials? Yes, it calls the jwt token of the api like for onboarding. (farheen_cefalu_a, 14:23:41)
    9. Guy: We (onboarding) have gone over this before. We are OK with it. It is a viable way to go. It is perfectly usable. With this docker push user will be logging in to pull the docker image. Is there a way we can track which user and how many? (farheen_cefalu_a, 14:25:15)
    10. Manoop: Is there a user story for pulls? Mukesh: Assuming docker proxy can seamlessly be integrated into CDS. Manoop: We need to understand and document that. (farheen_cefalu_a, 14:26:09)
    11. ACTION: Bryan create a user story for the Clio release for docker proxy pull (farheen_cefalu_a, 14:26:36)
    12. Bryan: Deployment is going to be substantial in the Clio release. I provide a front end that is not thru portal. Portal requires the scanning service thru the security verification library. (farheen_cefalu_a, 14:27:59)
    13. Manoop: I want details for the ML Workbench. Bryan: The blue things are web service component. The role of kong proxy and ingress controller becomes more important because there may be many ms many layers. Just like zool proxy is a reverse proxy layer. There may be reverse proxy's so the security of the platform and apis. Security will become important (farheen_cefalu_a, 14:33:46)
    14. Why jenkins? Jenkins is a single consolidated engine that is conducting processes. What is the advantage? The user onboards a model and sees a progress screen on the portal. The portal is reaching out to dbase or where we are in the step table. The things thats writing to the step table is monitoring and that thing can write to the step table. It's a question of who populates the data in that step. The (farheen_cefalu_a, 14:36:16)
    15. a build function. It will conduct multiple ms. Kazi: I have a diagram Bryan: use draw.io so we can drill down into the subsystems it will be very helpful. (farheen_cefalu_a, 14:37:54)
    16. : Manoop: We will continue to brainstorm. (farheen_cefalu_a, 14:38:16)

  2. Clio Schedule Nat Subramanian (farheen_cefalu_a, 14:38:52)
    1. Nat: Reviewing Clio Revised Sprint Calendar. Kazi feels it is no doable due to the overlap with the Boreas release. Nat: We have to start Clio on time in order to make it to the November thanksgiving break. (farheen_cefalu_a, 14:41:19)
    2. Bryan: Our experience in Boreas we tried to start it before the holidays that really didn't help us at all. I would not start the next release before January of next year. (farheen_cefalu_a, 14:44:11)
    3. ACTION: Kazi and Bryan bring your concerns to the Tuesday 4/2 4PM EDT TSC call. (farheen_cefalu_a, 14:45:29)

  3. ML Workbench (farheen_cefalu_a, 14:56:53)
    1. Chris: I am working with Eric Ball on the deploy fix. We will work with LF foundation to get the jenkins. (farheen_cefalu_a, 14:57:48)

  4. Scorecard (farheen_cefalu_a, 14:57:56)
    1. CDS Chris: 95% (farheen_cefalu_a, 14:58:21)
    2. ML Workbench Kazi: We are not getting response about how we will be integrated with the workbench. How to integrate the nifi with the workbench. That is a big blocker. How to interface the backend and how to manage the user containers. We knew we wanted to do a lite integration with the be in this release. We can solve this. The bigger question is how are we going to launch the containers. Nifi and Zep (farheen_cefalu_a, 15:00:57)
    3. will re-use the CMLP team. Manoop: Based on the blocker do you see progress with four weeks left? Kazi: It is a big concern. From the architecture perspective we have to come to some conclusion in the next week. If you see that is not happening then we will raise it as a concern. From architecture perspective i want the design finalization by next week. They have to do a POC and provide a (farheen_cefalu_a, 15:03:29)
    4. Kazi: We started with the assumption thinking that the CMLP team had the solution but have not gotten a reply from CMLP. We have significant risk that we are not going to be able to deliver. (farheen_cefalu_a, 15:04:25)
    5. we may have to leverage the access we have to launch using the kubernetes api. Manoop: If you need help from CMLP then reach out to Sayee. (farheen_cefalu_a, 15:08:46)
    6. ACTION: Kazi propose to Anwar that we need help from CMLP (farheen_cefalu_a, 15:09:18)


Meeting ended at 15:09:25 UTC (full logs).

Action items

  1. Bryan create a user story for the Clio release for docker proxy pull
  2. Kazi and Bryan bring your concerns to the Tuesday 4/2 4PM EDT TSC call.
  3. Kazi propose to Anwar that we need help from CMLP


People present (lines said)

  1. farheen_cefalu_a (32)
  2. collabot (3)


Generated by MeetBot 0.1.4.