►
From YouTube: sig-auth bi-weekly meeting 20210512
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Wait:
let's
should
we
so
psp
replacement
discussion?
Oh.
A
No
no
problem.
I
did
not
add
that,
though,.
D
Yeah
I
mean,
I
guess
the
announcement
is
that
the
kept
merged
so
we're
planning
on
an
alpha
in
122.,
we
landed
on
pod
security
for
the
name
for
pod
security,
admission
control,
if
you
prefer.
D
Yeah,
I'm
not
sure,
there's
much
more
to
say
about
that.
We've
added
a
bit
more
detail
over
the
last
week,
but
nothing
no
large
changes
from
what
we've
discussed
previously
here.
D
A
Awesome
well,
congratulations
and
thank
you
to.
A
Well,
that
segways
nicely
into
the
topic
that
I
wanted
to
discuss,
and
I
apologize
if
this
was
maybe
discussed
previously
in
some
of
the
breakout
sessions.
Now
that
we
do
have
a
replacement
planned.
A
A
So
I
I
think
that
the
initial
announcement
of
the
psp
deprecation
said
that
it
was
slated
for
removal
in
124.
D
A
125
so
assuming
we
have
an
alpha
version
of
ps
in
not
very
good
acronym
in
122
beta
in
123.
Are
we
comfortable
with
the
timing
there.
E
C
Of
equivalent
maturity
or
forward-looking
support,
so
124
at
the
latest
becomes
the
release
where
you
can
do
your
migration.
That
gives
us
two
releases
to
get
to
that
point.
I
would
still
like
to
see
us
work
through
the
the
beta
blockers
in
time
to
get
to
beta
by
123.
I
think
that's
achievable,
plus.
E
C
A
Yeah,
the
other
thing
that
happened
after
we
set
the
125
date
is
the
change
in
release
schedules.
A
E
C
Yeah,
I
I
would
actually
say
I,
I
think,
that's
enough
time
to
accomplish
this.
If
we
prioritize
it
and
getting
rid
of
beta
things,
we
don't
intend
to
graduate
should
be
the
top
priority
like
we,
we
graduated,
csrs
and
token
projection
is
on
track
to
graduate
in
122
and
not
token
protection
bound
servicing
out
tokens
earn
122.
E
I
highly
support
that
I
highly
highly
support
that
note
that
every
time
I've
had
a
chance
to
talk
about
psp
being
finally
removed.
I
have
been
careful
to
always
say
it
is
planned
to
be
removed
in
125,
because
I
wanted
to
ensure
that
we
left
the
door
open
to
push
it,
but
not
very
much.
Only
the
tiniest
crack
because
I
think
pushing
it
would
be
bad.
C
Yeah
the
I
thought,
the
blog
post
that
was
done
about
psp.
C
Made
some
good
points
like
this:
is
the
the
replacement
being
planned?
It's
not,
it
doesn't
cover
everything,
psp
does,
and
so,
if
you
are
depending
on
mutation
aspects
of
psp
or
fine-grained
programmable
control,
like
psp,
you
need
to
start
planning
your
transition
now
and
so
that's.
Why?
Because
then.
C
B
C
Said
on
a
call,
that's
being
posted
to
youtube
in
an
hour
but
sure,
but
like
really
I
yeah
I
I
would
probably
be
stronger
and
saying
like.
If
we
don't
get
it
done
in
time
for
125,
then
it
wasn't
prioritized
and
like
I.
I
don't
think
it
should
change
the
plans
to
remove
m125.
C
D
A
Yeah
sounds
good.
The
other
thing
that
I
had
written
down
here
was
any
migration
tooling.
I
did
see
that
some
admin
tooling
was
mentioned
in
the
cap
for
like
tasks
like
namespace
labeling.
A
C
I
would
like
to
see
so
so
there's
sort
of
two
steps:
there's
the
evaluation
of
like
existing
psps
and
saying
like
which
two
pod
security
levels
standards
levels.
Does
this
fall
between,
so
that
that
evaluation
is
one
step
and
having
either
a
tool
or
a
controller
that,
like
reflects
that
information
back
into
api
objects
in
some
way?
C
That's
one
thing,
then
the
next
thing
is
what
what
do
you
do
with
that
information?
Like?
Do
you
select
the
lower
bound
so
that
you
don't
open
up
permissions
at
all
at
the
cost
of
maybe
overly
restricting
some
workloads
that
currently
work,
or
do
you
select
the
upper
bound
where
you
prioritize
not
disrupting
any
workloads
and
I'm
not
actually
sure
what
the
right
thing
to
do?
There
is.
E
I
don't
think
the
migration
tool
can
be
automatic
and
if
the
migration
tool
isn't
automatic,
we
don't
have
to
select
between
those
could
have.
If
it's
interactive,
you
could
have
like
an
a
spellish
interface
like
for
this
one.
Do
you
want
to
pick
upper
or
lower
type,
l
or
r?
I
mean
I
don't
think
we
should
actually
do
that,
but,
like
ultimately,
you
know
the
the
sysadmin
has
to
make
that
choice
like
on
a
per
namespace
basis.
E
C
Yeah
I
I
kind
of
like
yeah
so
mike.
I
I
would
like
to
have
something
to
give
to
admins
to
say
like
if
you
want
to
do
one
of
these
two
or
three
things
like
just
run
this
controller
in
the
124
time
frame,
and
it
will
accomplish
that,
for
you.
E
C
E
D
Staffing
staffing
could
be
depends
who
we're
staffing,
but
also
a
tool,
that's
kind
of
like
shipped
as
a
you
know,
independent
release.
It
can
also
be
independent
of
the
kubernetes
release
cycle.
So
this
isn't,
like
you
know,
we
have
to
land
this
in
123
or
124
or
whatever
something
that
can
kind
of
go
out,
iteratively
and
yeah.
It
would
be
nice
if
at
some
point
we
say
like
okay.
This
is
we're
happy.
D
Speaking
of
psp
documentation,
we
had
talked
about
an
update
to
recommend
best
practices
that
would
make
their
migration
really
easy
and
seamless
did
that.
Does
anyone
know
if
that
change
ever
went
in
or
is
that
still
something
that
we're
looking
for.
E
A
B
Do
we
want
so
for
the
follow-up
items
from
the
cap
like
do
we
want
to
continue
to
use
the
replacement
meeting
for
that
or
or
create
issues
to
track.
D
C
So
there
are
enough
sort
of
independent
moving
pieces
here,
like
there's
documentation,
bits,
there's
pod
security
standards,
bits
there's
like
a
staging
repo
and
sort
of
laying
out
the
scaffolding
for
this,
and
then
these
follow-up
issues
like
there's
a
lot
of
moving
parts,
and
I
think
once
we
kind
of
get
stuff
underway,
some
of
it
will
be
parallelizable,
so
I'd
probably
recommend
creating
a
project
board
for
this.
That
makes
it
clear,
like
here's,
what
blocks
alpha?
Here's,
what
blocks
beta?
C
Oh,
I
should
I
probably
should
have
put
this
in
the
announcements
section
before
we
got
into
this.
Just
as
a
heads
up,
you
probably
are
all
aware,
but
enhancements
freeze
is
tomorrow
and
sig
off
currently
has
three
items
being
tracked
for
122
and
they
are
the
psp
replacement,
bound
service
account
tokens
going
to
ga
and
external
client
go
credential
providers
going
to
ga,
so
I'm
happy
to
see
two
long-term
projects
getting
wrapped
up
in
122
and
also
happy
to
see
the
psp
replacement
bits
making
progress.
C
B
E
A
S
sweep
issue
stuff.
However,
I
think
we
did.
We
are
now
doing
weekly
bug
scrubs.
Should
we
migrate
these
this
recurring
agenda
item
to
the
bug,
scrub
meetings.
A
B
B
C
So
this
is
not
going
to
be
pretty
and
yikes
yeah.
Sorry.
C
And
so
that
shows
the
individual
tests
show
up
in
our
in
our
bucket,
but
I
don't
actually
think
that
there's
anything
for
us
to
do
there.
So
if
you,
I
just
dropped
a
link
to
the
history
of
that
job,
so
they're,
actually
it's
it's
solid
red
and
if
you
look
at
individual,
individual
failed
runs
like
it's
multiple
failures.
C
C
So
I'm
not
really
sure
what
to
do
with
this
other
than
like
reach
out
to
whoever
owns
that
job
and
say
like.
Are
you
expecting
this
to
be
solid
red
and,
if
not
like,
filter
it
out
of
triage
board?
When
we
look
at
stuff
to
try
to
figure
out
signal
of
our
own
tests,
like
the
intersection
of
a
sig's
tests
and
another
group's
environment
or
test
job
is
really
hard
to
navigate.
A
Right
because
it
the
test,
the
actual
test
is
labeled
sigoth,
but
the
job
is
not
basic
job,
so
it
doesn't
show
up
in
our
test
grid.
B
B
I
see
maybe
we
need
to
add
it
to
this
this
page,
I
guess
if
we
will.
C
Yeah,
I
I'm
not
sure
we
don't
actually
own
that
job.
That's
not
a
job.
We
particularly
maintain
or
care
about
that
environment,
like
the
other
two
jobs
are
jobs
that
we
own
entirely,
like
the
only
thing
that
those
other
two
jobs
are
running,
are
our
tests,
and
so
like
we
own
those
entire
jobs.
I
see.
C
The
cops
job
I've
linked
to
the
test
info
down
at
the
bottom,
where
it
has
the
annotations.
It's
sig
cluster
life
cycle
cops.
So
I
guess
in
cluster
lifecycle,.
B
C
We
do
about
other
groups,
psyche
tests,
so
I
think
the
csi
driver
tests
get
looked
at
in
the
csr
driver
meeting.
Am
I
right
about
that.
C
Okay,
if
they
are
being
looked
at,
we
don't
have
to
do
that
here.
If
they're,
not
okay,
we
could
try
to
resolve
it
here.
It's
up
to
you.
B
I'll
make
sure
I'll
make
sure
that's
a
recurring
agenda
in
the
meetings
yeah.
C
Okay,
it
looks
like
two.
A
B
C
So
cool:
did
you
want
to
jump
into
the
csi
driver
test
here
or.
C
A
Yeah,
I
think
we're
done
and
we
will
move
the
those
other
three
items
to
the
bug.
Triage.