 see this? Am I sharing my screen? Thanks. It's weird, like I've been trying for the past like five minutes to get the presentation view to work and it just messes with all my screens and I cannot find zoom controls anymore. It's it's really frustrating. Yeah the interaction between yeah the Safari and the browser-based presentation modes are really bad. Yep it's challenging for sure. They create a new desktop which then screws up zoom. All right it's the full hour here so I want to welcome everyone to the functional group update for the distribution team. We are going to quickly run through the OKRs for Q1 and Q2 and the things we are working on but I'll start with the team. A couple of important responsibilities that the team has creating the installation method on Kubernetes and all of the cloud providers. Distribution packages, Linux distribution packages by the means of Omnibus GitLab package and we are supposed to be responsible for one click cloud installers. Sadly all of these three are major undertaking. On the upside though we are hiring to be able to accomplish all of those things. So we are looking for someone with Kubernetes experience. If you have people in their networks that have been building applications that can work in cloud native way please reach out to them because our pipeline is a bit slow. We previously used Stack Overflow to advertise our opening but that brought more I would say noise than the actual use so we opted for something a bit different. We are actively sourcing and this has yielded a bit more quality in the pipeline but still this is a bit slower than we would like. Let's go to our Q1 OKRs and what we achieved. We'll start off with support for generating let's encrypt certificates from the package. We achieved this in full so 100% completed with 10.7 let's encrypt certificates are going to be fetched automatically which means when you install the package and specify that you want to use HTTPS endpoint we will try to get certificates automatically if for some reason that fails then we fall back to HTTP. We are still hopeful that for 10.7 will include automatic renewal as well. The merge request is being reviewed currently and we'll have one final improvement for the let's encrypt tasks before we move the whole thing into maintenance mode and that is trying to get the certificates for registry and the method most automatically as well like the smallest step possible there is using SAM certificates. The next item is also 100% completed so we upgraded omnibus internals which means Chef13 and upstream omnibus version. Basically this is not really that interesting to the end user and because this is addressing technical debt. We did however have a very impactful regression caused by this upgrade and that made us rethink our strategy for Q2. You can check out the regression there. Basically our HA setup was not working as we intended it to work after this upgrade happened. Next item also 100% completed. We now have measurements of how much time it takes to install our package. You can take a look at the link provided there. We are using GitLab pages to present this information. I do have to stress that this is MVC meaning like meaning a variable change that we could do because we were very inventive with this. Apart from using our CEI and Docker to install the package inside of Docker, we are also using Google Sheets to store these results as an intermediate step and then use GitLab pages to present these results. We are going to research into using real monitoring so we are going to look into whether we can connect this to Prometheus for example to have this presented a bit better but at least we did well measure something so we have the measurements there and with every major release that we have so dot zero sorry not major release but dot zero release we will have this page updated so we can see whether there is some impact and we can investigate further. Next item is establishing a roadmap for automated vulnerability reporting. This one is a bit vaguely defined. We could have completed this by just saying this is possible to do or not possible to do but we wanted to actually have something useful. The first step was to talk with the security products team to see whether we can use the newly acquired gymnasium knowledge to have this as part of our product. That didn't really work at the beginning so we went moved with minimum variable change again where we basically just wrote a script that scans our libraries queries a CV database and gives us the results so the results you can see there in the screenshot is this version secure or not and print us a report inside of a build. Second step did involve again security products team where we added a new step in our build pipelines and we moved how this report looks into a JSON compatible file that now can be presented in our pipeline using our I forgot the name so please security products team don't give me but the feature that presents the report inside of the pipeline. We do have multiple steps here to improve this further we actually have to address the vulnerabilities we found so in 10.8 this is going to be our focus get the whole pipeline green currently it's red and because of that we allow these builds to fail so it's a warning currently only and we want to enable this by default to remove the option of it failing and have notification in our Slack whenever something gets introduced as as vulnerable and we also want to increase the scope because currently we are only checking the limited amount of libraries we want to increase the scope to every library that we have in our package. Finally cloud native help charts in alpha we shipped this so it's 100% completed we have a number of known limitations that are written in the docs but what's more important for me here is that we are getting some usage of these charts so users are actually trying this out even though it's only EE and we are having our users report some issues to us some things that we didn't consider before so hopefully as soon as we get charts with github community edition we'll be able to increase the usability of this as well or usage of this as well. Moving to the Q2 OKRs this time around the OKR format change the bit as you probably all know we decided to opt out for one important OKR and that is HA setup validation so if you remember in one of our Q1 OKRs we introduced a regression that caused HA setups to fail we realized this is a big problem we don't really have a good way of testing how our HA is working out of the package so we are going to try and set up validation of of the HA setups which means the idea is to quickly set up HA, round reconfigure, hit some end points and confirm that everything is working but this OKR is two fold I would even say with the work we are doing here to automate the setup we are going to also introduce a way to provision HA more easily than it's currently possible. We tried initially to change this around by using different configuration options and supplying better documentation so that users can set it up more easily but as our awesome support team keeps reporting to us it's still too difficult to get things up and running quickly with HA so we are going to spend some significant time this time around to automate this to make this easier to install and then as part of our CI ads integration testing that will use this tool spin up the whole HA setup and hit some endpoints to verify that everything is working basically on demand. How far we get there we'll see ideally we have everything in our CI and our Slack receiving notifications when something fails. A couple of other OKRs that are more generic I think making sure that we finally do hire that one engineer that we've been trying to hire for the past couple of months and try to deliver 100% of committed issues for each release. I think this one was generic for all engineering teams but I realize now that I didn't include this OKR in the previous review so I'm just gonna quickly run through what we did in Q1. We were really disciplined or disciplined as much as possible so we had between 70 and 90% delivery rate per release and whether we are gonna achieve 100% ever I don't know I kind of am not really optimistic 100% is a big number but this is our goal for sure and we are going to try and stay disciplined with it throughout Q2 as well. You might be wondering well cloud native charts is a big thing we have been talking about that for a while now it is not our OKR but this is because it is an OKR for the whole engineering team everyone is involved in this and we are receiving help from every team in the company basically and this is still the biggest thing for our team we still are going to spend more than half of our resources let me correct this. We are going to spend half of our time as a team in total to do this even a bit more than that and as we know that this has been requested by a lot of our customers and the biggest customer we have GitLab.com. Requirements for beta are we want to have backup and restore up and running we want to make sure that you as a consumer can go from your previous installation method into this new world. We also want to make sure that we have all the GitLab functionality supported so currently emails are not working configuring different GitLab options and so on. Update is possible but with version releases so you currently can update but there is no easy way to lock things down and we want to make sure that you can run through the whole concurrent DevOps cycle without a single error so our demos are focused on running through the script that is concurrent DevOps and we make sure that all of those things are working so right now we are at the very beginning with with this demo we are hitting all sorts of different issues and I'm gonna explain a bit later about that as well so some work in progress items for 10.7 we are shipping auto-renew let's encrypt certificates hopefully fingers crossed Ubuntu 1804 package Ubuntu 1804 is still even not out but we already have support for it so yeah team that's an awesome thing to stay ahead of the ahead of the curb. We have a deprecation of a package as well but the package is still going to be supported for the next couple of releases which is tibian 7. We are going to try for 10.8 to remove some megabytes from the package to save some money mostly because it takes some time to produce the package and of course it costs some cost some money as well to store this and we are going to do various library upgrades as I mentioned they're mostly for security vulnerabilities that are scanner found and for the GitLab cloud native chart we are aiming at getting the GitLab runner installed out of the box. Madan we're over 12 minutes can we take questions now? Yes of course. No for next time like I think it's a wonderful presentation but we can read it so you no need for you to read it out loud. Yep no problem let me check the questions folding back to HTTP seems weird should we be at least offering a self-signed certificate. I understand your point there but I think there is no big difference to be honest because the end user will ultimately see the red page and I think this is more confusing than having HTTP present GitLab. We can we can discuss this for sure I'm open for discussion maybe I'm missing something but at least that's my experience it's more confusing to get a red page than GitLab. Does less encrypt work with GitLab pages? We have an open issue for that it does not at the moment and there are a couple of different ways of using this. Great to hear about usage and offer cloud native chart is there a place we can you see those usage metrics we don't have metrics but we have the repository and you can see that at the helm GitLab bio that someone should link right now because I don't have the link handy. Cloud native chart coming in CE2 right yes we were waiting for object storage to land in CE I think this happened last week or something and we are going to be working towards having charts for CE as well. All right if there are no more questions. We added renewal and the hard thing with renewal is that you need to run a periodic job I saw we did go-kron for that. I assume that that has nothing to do with the systemkron you know needs to do or something but it's just a go process that you that you run additionally I see so much nodding I'm not even gonna finish my question thanks for that. For pages to set up pages you kind of need like the default domains you kind of need a wildcard let's encrypt edit that are we gonna have that work out of the box so what are your ideas there? We are going to work towards that at some point for sure not right now because wildcard certificate requires DNS different way of getting the certificate and we don't have that out of the box obviously. Yeah that's gonna be super hard to make work automatically like that's gonna core DNS and everything okay I can see how we're not doing that and then for if I set up a custom domain that is something maybe more achievable to then have the HTTPS certificate for that. Custom domain as in... So you run pages with the cloud native installer all the all the default domains assigned don't work but I if I want to run it on sites.com I can do a non DNS authentication probably. Yeah that should be possible but for pages it's currently not supported yet right look we didn't add that for registry metamos and pages yet and this is a part of our next step. Yep it makes sense to to focus focus on the other things thanks sir thanks for that. Yep I think this is it thanks for your patience sorry for taking more of your time and see you at the team call. Thanks Madan great presentation.