DA Meeting Minutes 2022-07-13

Attendees:

Apologies:

Absent:

Agenda:

  • Review actions from previous meeting
  • Issue 91: Mojaloop deployment status and issues (LD)
  • Issue 92: Reconsider our NPM Audit Tools (MdB)
  • AOB

Minutes

  • Issue 91
  • We can’t install on the current version of Kubernetes
  • Alternatives are:
  1. Either update Percona to something modern (breaking)
  2. Remove chart dependencies and issue a breaking change
  3. Do nothing, wait for new refactored charts
  4. Just make the ingress change (non-breaking) and flip the default to not deploy percona by default
  • TD: problem solved for demo an out-of-the-box, just automating tests across multiple releases
  • Should OOB be separate? Then we continue to accumulate technical debt for anyone who wants to make a production deployment.
  • MdB: Helm charts are one thing, IAC is another. We should be careful to separate them
  • LD: we need to fix the problem at the source. As long as the Helm charts are deployable then everything falls into place.
  • MdB: Basically, are we going to update the existing charts or migrate to new ones. TD: new charts would take too long.
  • How to we ensure we don’t get off the release train in future? TD
  • How to get working again today: update the existing Helm charts. Option 4 is the best (MdB)
  • MdB: here is the current upgrade strategy: Upgrade Strategy Guide · GitBook
  • TD has code that makes these changes for MiniLoop. Try this out and check the rendered charts in? MdB: no issue with that.
  • Remaining issues: fixing the Ingresses. TD: have that coded too.
  • LD: this will be a breaking change, but we’re OK with it. MdB: Someone who cares shouldn’t be running this standard solution.
  • Are there any reasons not to do this? We can’t see one.
  • MdB: since this is a breaking change, why don’t we remove the dependencies, which will also be a breaking change? How much additional work is this? TD: yes, we should do that. How to do this? MdB: rip out the YAML… This is a week’s work.
  • Issue 92: Audit tools
  • NPM audit resolver does not support the version of NPM that we use. There is a snapshot release which semi-supports it. Only checks, doesn’t fix, and checking is inconsistent…
  • Options:
    • hang around and wait
    • consider a different tool like IBM’s AuditCI tool.
  • LD, MdB, we can’t hang around.
  • AuditCI doesn’t have a FIX feature, or timed ALLOW. OK because of Dependabots…?
  • MdB: Recommend we go for AuditCI. It’s supported and does most of the things we need to do.

Actions:

  • MR to publicise the need for people to look at the minutes and assent for both issues.
  • TD: Create PR with changes to Helm charts.
  • TD: Produce documentation and values file.
  • TD: Start modifying latest version of Moja Helm charts 25/7, including removal of dependencies.
  • We need a follow-up discussion about how to keep this problem from happening
  • We need to replace NPM Audit with AuditCI. As people are making changes, they can make the switch.
1 Like

Call recording:

Topic: Mojaloop OSS - DA Meeting (10 am UTC)
Start Time: Jul 13, 2022 13:00

Meeting Recording: