►
From YouTube: Pinniped Community Meeting - March 3, 2022
Description
Pinniped Community Meeting - March 3, 2022
We meet every 1st and 3rd Thursday of the month. We'd love for you to come join us live!
This we went over what to expect with v0.15.0 and doing investigative work in regards to Pinniped auth against dashboards. We also announced our new community manager, Nigel Brown! Full details on this meeting here: https://hackmd.io/rd_kVJhjQfOvfAWzK8A3tQ
A
All
right,
hi,
everyone
welcome
to
the
first
meeting
of
march
of
the
pinniped
community
meeting.
Today's
date
is
march
3rd
2022..
If
you
are
watching
this
from
home,
we
encourage
you
to
come.
Join
us
live
we
meet
every
first
and
third
thursday
of
the
month
at
9
a.m.
Pacific
time
it's
an
opportunity
for
you
to
come
and
hang
out
with
the
maintainers
other
members
of
the
community.
A
A
A
A
Moving
on
to
agenda
items
just
a
reminder:
we
have
this
github
discussion
that
asks
how
you're
using
pinniped
and
you're
you're
welcome
to
go.
Put
a
comment
within
this
discussion
so
that
others,
as
well
as
maintainers,
can
learn
use
cases
of
how
folks
are
using
pinniped.
It
helps
the
team
understand
the
ways
that
people
are
using
it
to
best
learn
how
to
you
know,
work
on
the
project.
A
What
other
features
they
might
need
to
to
work
on
kind
of
gives
them
a
more
insight
on
on
how
things
are
are
working
for
others
with
regarding
that,
and
it
helps
the
community
understand
better
on
how
they
might
be
able
to
use
it
if
they
see
the
way
others
are
using
it
whenever
you
are
attending.
We
just
ask
that
you
put
in
your
name
and
any
organization
that
you're
representing
here
in
the
attendees
section.
A
A
If
you
have
any
feedback
regarding
either
one
of
those
items
please
reach
out
to
us,
we
would
love
to
hear
more
from
you
and
and
how
we
can
possibly
update
this
to
to
better
suit.
You
next
thing
for
announcements
in
case
you
missed
it.
Margo
crawford
one
of
the
maintainers
for
pinniped
did
a
demo
and
went
over
pinniped
itself
within
tgik,
pgi
kubernetes,
and
you
can
go
to
their
youtube
list
and
check
out
the
video
there
for
a
replay.
A
A
This
is
going
to
be
my
last
pinniped
community
meeting
that
I
am
the
community
manager
of
we
have
been
doing
a
few
little
transitions
kind
of
changing
up
some
stuff
here
at
vmware
and
I
will
be
taking
over
a
different
project
and
my
colleague
nigel
brown,
will
be
coming
the
community
manager
for
pinniped
and
he
is
on
the
call
today.
I
don't
know
nigel
if
you
wanted
to
say
hello
to
everybody.
B
A
Angel
and
nigel's
a
bit
more
technical
than
me,
so
he
you
may
see
him
actually
doing
more
demos
of
his
own
on,
pin
and
pad.
You
know
sharing
more
of
of
of
things
that
I'm
not.
I
I'm
not
too
knowledgeable
about,
so
he
definitely
has
a
one-up
on
there
for
me,
and
you
might
see
him
on
the
conference
circuit
talking
about
pinniped.
Who
knows,
I
might
be
speaking
a
little
bit
too
much
for
him
right
now,
but
I'm
always
super
impressed
with
his
technical
background.
A
C
C
Yes,
we
are
very
close
to
releasing
the
group
refresh
functionality.
Just
you
know
a
bunch
of
delays
internally,
but
you
know
ready
to
release
it
very
soon,
either
today
or
tomorrow.
So
look
for
that
and
we
already
released
last
time
I
had
spoken
about
it
that
we
have
a
great
how-to
guide
now,
which
is
posted
on
in
on
the
website.
A
A
C
A
E
Checking
whether
groups
have
changed
upon
refresh
that's
happening
in
line
so
for
some
users
that
might
require
tweaking
the
ldap
search
params
to
make
it
performant.
So
that's
not
like
a
very
long
operation.
That's
happening
every
time,
a
user
refreshes,
which
is
every
five
minutes,
or
so
in
the
case
that
that's
still
not
really
possible
to
do.
There
is
like
a
flag.
You
can
use
to
turn
it
off.
Although.
E
F
F
No,
but
we'll
see
you
know
based
off
of
that
and
then
I'll
start
to
tweak
it
and
everything-
and
you
know
there
can
also
be
might
get.
Is
there
going
to
be
any
recommendations
on
the
types
of
tweaking
or
anything
like
that?
Is
there
anything
that
you
guys
have
found
in
terms
of
the
tweaking,
or
is
that
more
it'll
be
exploratory?
F
D
There's
one
right,
which
is
turn
off
nesting,
search
that
that's
the
one
we
noticed
internally
made
the
query
go
from
30
seconds
to
instant.
Let's
just
don't
look
for
nested
groups
and
I
was
like
yeah
but
that's
lame
like
I
want
my
nested
groups
to
also
work,
so
it
wasn't
maybe
desirable,
but
it
did
at
least
was
tractable,
for
I
guess
in
certain
environments
where
maybe
it's
not
as
important.
D
And
you
know
if
you
have
more
control
over
the
schema,
you
know
you
know
in
ad
and
stuff,
you
know
you
might
be
able
to
scope
it
down
to
not
just
the
whole.
Forest
right
depends
on
your
situation,
yeah
as
a
as
a
as
a
way
to
try
to
make
it
more
clear
to
the
user
that
these
things
are
happening
as
you're
using
you
know,
cube
ctl,
which
is
under
the
hood
using
the
kinetic
cli.
D
The
the
server
will
send
sort
of
informative
warnings
to
the
client
to
let
it
know
when
the
groups
are
changing
so
like
you'll
you'll,
actually
notice
that,
if
you're
in
a
state
where
your
groups
are
actually
changing,
because
you
know
the
adn
stuff
are
not,
you
know
they're
eventually
consistent.
So
you
can
hit
different
replicas
of
domain
controllers
and
stuff
and
get
different
group
information
back.
So
that
might
be
confusing.
D
F
Right
awesome,
yeah,
no,
and
I
think
I
think,
in
active
directory.
There
is
a
way
also
to
limit
the
depth
of
a
query.
If
I'm
not
mistaken,
of
nested
searches
in
active
directory,
I
don't
think
that's
native
ldap
but
and
I'll
see
what
the
performance
is
there
and
then,
if
I
end
up
finding
something
like
that,
that
may
be
something
that
gets
that
could
be
added
then
to
the
active
directory.
F
E
E
F
F
D
D
D
D
We
I
I
could
imagine
implementations
that
do
a
better
job
of
hiding
any
proxy
occurring
instead
of
making
it
sort
of
like
like
the
easiest
thing
would
be
to
say:
hey,
cube,
apps
and
your
backend
also
co-locate
this
proxy
process
and
just
kind
of
just
have
it
there
and
kind
of
hide
it,
and
I
think
that
would
work
fine
for
things
like
cubafs.
But
if
you
wanted
to
support
anything
like
an
spa,
then
problems
much
harder,
because
basically,
the
only
thing
you
can
do
is
sort
of
vanilla
a
lot
in
an
spa
yeah.
D
D
F
D
F
D
So
that
that
is
a
hard
requirement
for
such
a
thing.
Probably
I
mean,
maybe
you
could
imagine
other
immigration
points,
but
if
you
want
to
stay
within
oibc
that
is
effectively
a
hard
requirement.
So
that
is
one
of
the
things
that
my
poc
did,
which
was
just
kind
of
hand,
wave
that
be
like
here's,
a
new
client
that
you
can
use
for
a
web
flow.
D
D
Even
if
you
sort
of
hand
wave
all
of
that
away
and
just
say
eventually,
we
catch
up
with
the
standard,
oibc
oauth
bits
because
pin
a
pet
tries
to
work
everywhere.
We
have
a
lot
of
machinery
in
the
cli
that
hides
a
bunch
of
clusters
of
complexity
that
either
has
to
be
replicated
in
the
backend
somehow
of
a
web
app.
And
if
you
don't
have
a
back
end,
then
there
is
really
no
solution.
It's
just
impractical!
There's!
No
there's
no
way
in
the
browser
to
do
clients
are
off
right.
D
So
because
google,
like
accounts.google.com,
is
a
global
issuer
and
it's
just
like
yeah
free
for
all
send
the
access
token
anywhere
just
basically
refuses
to
follow
that
model,
because
we,
but
we
don't.
We
cannot
guarantee
that
those
access
tokens
won't
be
observable
by
like
a
cluster
admin
on
one
environment.
A
All
right
thanks
everyone
for
tuning
in
to
this
week's
edition
of
the
pinniped
community
meeting.
If
you
are
watching
this
from
home,
please
come
join
us
live.
We
meet
every
first
and
third
thursday
of
the
month
at
9
a.m.
Pacific
time
and
again,
this
is
my
last
time
hosting
the
community
man
as
a
community
manager
and
I'm
passing
the
baton
to
another
amazing
community
manager.