►
From YouTube: Pinniped Community Meeting - July 29, 2021
Description
Pinniped Community Meeting - July 29, 2021
We meet at 9am PT every 1st and 3rd Thursday of the month (except for this time, we met on the 5th Thursday). We'd love for you to join us live!
Agenda notes from this meeting here: https://hackmd.io/rd_kVJhjQfOvfAWzK8A3tQ?view#July-29-2021
A
Hi
everyone
welcome
to
this
week's
edition
of
the
pinniped
community
meeting.
These
meetings
are
held
every
first
and
third
thursday
of
the
month
at
9
a.m.
Pacific
time.
So,
if
you
are
watching
this
from
home
on
a
recorded
meeting,
we
would
love
to
have
you
join
live
when
you
are
attending
these
meetings.
We
ask
that
you
please
read
and
abide
by
our
code
of
conduct,
which
is
listed
here
in
the
agenda.
A
If
you're
unable
to
attend
these
meetings
in
person,
I
would
like
to
get
in
contact
with
the
team.
You
can
find
us
on
slack
and
twitter,
as
well
as
in
github.
Of
course,
these
details
right
here
outline
how
to
get
a
hold
of
this
in
the
kubernetes
like
workspace
within
the
pinniped
channel,
as
well
as
on
twitter
at
project
pinniped.
A
A
As
far
as
announcements
goes
just
a
reminder
to,
please
register
it
to
attend
the
pinniped
cncf
webinar,
which
is
happening
on
august
24th
2021
at
10
a.m.
Pacific
time
and
if
you
click
on
that
link,
it'll
take
you
here
and
you
might
have
to
create
a
login
to
rsvp
and
the
maintainers
matt
moyer
and
marker
crawford
are
going
to
be
the
speakers
for
this
webinar.
B
Yeah
we're
we're
releasing
or
planning
to
release
0.10
today,
so
that
will
have
sort
of
two
features.
Two
new
features:
one
is
support
for
logging
in
from
machines
without
web
browsers,
like
ssh,
jump
posts,
sort
of
the
main
use
case,
and
then
I
also
have
some
new
support
for
doing
the
ldap
login
flow
in
a
non-interactive
context,
from
a
cicd
job
by
setting
environment
variables
and
then
also
has
a
few
smaller
features
and
bug
fixes
has
support
for
outbound
proxies
in
the
supervisor.
B
A
B
Yeah,
I
can.
I
can
dive
into
this
too.
We
anjali-
and
I
adjusted
some
things
here
this
morning
to
reflect
reality.
We
did
make
one
priority
swap
as
well
so
remote
oidc,
login
support
happening
today
so
that
that
is
going
to
release
in
july,
which
is
good
because
it's
july
29th
ad
support
is
waiting
to
be
merged.
Basically,
we
have
a
couple
of
last
potential
features
that
that
we're
still
trying
to
iron
out
details
about
global
catalog
support
and
how
that
should
work
exactly.
C
B
B
And
then
the
next
roadmap
item
is
this
multiple
idp
supporter,
which
really
means
on
the
supervisor
having
a
federation
domain
with
multiple,
multiple
identity
providers
configured
and
giving
users
multiple
ways
to
log
in
that
ryan
has
a
design
doc
for
that
we're
going
to
go
through
later
in
the
meeting
and
then
as
well
a
road
map
item
for
wider
concierge
cluster
support.
I
think
this
is
a
little
bit
vague.
B
I
think
the
main
one
that
we're
gonna
add
is
open
shift
support
it's
a
little
open-ended
about
whether
there's
anything
else
that
sort
of
be
easy
to
pick
off.
But
I
think,
though,
you
had
like
a
you,
had
a
proof
of
concept
a
while
back
about
how
to
make
the
concierge
work
easily
on
openshift,
and
I
think
this
this
will
be
essentially
productizing
that
that
proof
of
concept.
D
B
B
Coverage,
I
think
we
might
want
to
do
both
things.
That's
a
good!
That's
a
good
point.
I
forgot
yeah
kubernetes
is
releasing
here
in
in
mid
august,
so
this
would
be
a
good
time.
We
could.
We
could
add,
support
because
we'll
be
able
to
like
start
using
the
122
client
libraries
with
all
the
right
api
types
and
start
building
that
in
in
september
for
sure
in
august
the
things
that
we
swapped.
B
So
we
did
swap
that
multiple
idp
support
one
higher
than
the
concierge
cluster
type
support.
That's
we
sort
of
saw
multiple
idp
support
as
kind
of
a
table.
Stakes
thing
that
people
probably
would
assume
already
works.
If
you
were
just
sitting
down
for
the
first
time
with
benefit,
you
would
looking
at
our
apis.
You
would
guess
that
this
already
works
somehow
and
it
doesn't
so.
That
feels
like
the
bigger
priority
to
to
sort
out
yeah
and
the
rest
of
the
road
map
is
unchanged.
I
didn't
want
to
call
out.
B
A
B
D
D
So
whenever
we
get
around
to
adopting
that
we'd
sort
of
make
it
easier
for
adoption
of
the
concierge,
because
the
impersonation
proxy
does
require
networking
configuration
that
may
not
be
we,
we
can't
necessarily
automatically
do
it.
We
do
sort
of
automatically
do
it
in
some
situations,
mostly
when
you
like
cube
ctl,
apply
stuff,
but
not
it
might
be
production
deployment.
D
A
A
E
Okay,
so
this
is
hot
off
the
press.
It's
just.
I
just
finished
this
yesterday
evening,
so
my
teammates
have
not
had
a
chance
to
read
it
yet,
so
it
might
make
sense
for
this
to
be
more,
like
just
a
brief
introduction,
brief
overview
of
the
document,
the
document
is
meant
to
just
create
discussion.
It's
not
meant
to
be
like
a
super,
concrete
proposal
saying
this
is
definitely
what
we
should
do.
E
It's
just
more
of
a
straw
dog
proposal
to
create
discussions,
so
we
can
all
start
brainstorming
all
the
details
and
put
together
a
more
concrete
design
together,
so
maybe
just
kind
of
introduce
it,
and
then
we
can
kind
of
defer
the
the
critiques
the
brainstorms
until
everyone
has
had
a
chance
to
read
it.
We
can
do
that
together
at
a
later
date.
Does
that
sound
okay.
E
So
start
at
the
top.
What
are
we
talking
about
here?
I
think,
if
we
back
up,
we
created
this
api
in
the
supervisor
called
the
federation
domain
and
when
we
dream
that
up
what
we
intended
it
to
be
is
to
represent
a
pool
of
users
to
provide
identity
to
a
pool
of
kubernetes
clusters,
and
we
implemented
that
second
part
where
you
can
create
federation
domains
and
create
as
many
as
you
want
in
the
supervisor,
and
each
one
provides
identity
to
a
pool
of
clusters.
E
E
So
it
started
out
the
stock
with
just
kind
of
brainstorming,
a
couple
of
different
use
cases
where
you
might
want
to
do
something
like
this.
So,
for
example,
I'll.
Just
I'm
not
going
to
read
this
whole
book
to
you,
but
I
would
encourage
everyone
to
to
read
it
after
the
fact
that
the
link
is
already
shared.
E
I
think,
from
h
of
the
duck,
but
just
for
example,
one
possible
use
case
might
be
maybe
you're
in
charge
of
creating
pools
of
clusters
for
development
teams,
and
you
would
like
each
development
team
to
have
its
own
pool
of
kubernetes
clusters,
and
you
want
to
make
sure
that
only
people
who
belong
to
that
development
team
can
log
into
those
kubernetes
clusters.
But
you
would
like
all
those
identities
to
come
from
your
corporate
identity
provider.
E
Several
other
examples
follow
encourage
you
to
look
at
those.
Then
the
doc
goes
into
an
overview
of
just
to
remind
us
and
to
remind
myself:
how
does
it
work
today?
What
are
the
limitations
that
we
have
today?
Why
do
we
have
them?
It
goes
in
there's
a
bit
of
a
summary
goes
into
more
details.
It
has
links
to
the
source
code.
E
I
also
thought
about.
We
already
have
clusters
out
there,
and
so,
when
you
upgrade
your
supervisor
to
some
new
version
that
supports
multiple
identity
providers,
there's
some
things.
We
should
keep
in
mind.
How
are
we
going
to
try
to
make
that
a
submitted
upgrade?
So
what
what's
out
there
today
is
kind
of
summarized
here
in
these
sections
and
then
lots
of
questions
that
I'd
love
to
have
everyone
chime
in
and
share
their
thoughts
on
the
dock
or
in
a
separate
follow-up
meeting.
E
So
I
just
started
asking
questions
and
just
dumping
thoughts
into
the
dock
about
each
question.
These
again,
I'm
not
going
to
read
all
these
to
you,
but
please
take
a
look
at
them.
There's
a
lot
of
thoughts
in
there.
Please
add
your
thoughts.
More
importantly,
please
what
questions
did
I
forget
to
ask,
so
please
add
more
questions
as
well,
as
you
think
about
what
are
the
things?
E
What
are
the
things
that
we
would
have
to
explore
and
answer
before
we
actually
come
up
with
a
really
concrete
design
for
this
and
then
finally,
I
sketched
a
straw
dog
proposal.
If
you're
not
familiar
with
the
term
straw
dog,
it's
it's
the
brainstorming
seed.
So
it's
not
meant
to
be
the
final
answer.
It's
meant
to
start
a
conversation
and
in
this
strategy
proposal.
E
E
B
Yeah,
I
think
that
was
a
good
overview,
I'll
lose
the
stairs
to
dive
into
design
questions,
but
I
think,
in
terms
of
scheduling,
I
think
we'll
be
ready
to
pick
up
this
work
somewhere
toward
into
september.
So
maybe
we
should
sorry
no.
This
work,
I'm
crossing
the
streams
here.
This
work
ties
in
a
lot
with.
I
think
the
starlark
identity
transforms
work
as
well,
so
maybe
it
makes
sense
to
combine
those
which
I
think
would
mean
that
the
feature
lands
like
in
september
october
time
frame.
B
This
feels
like
a
really
good
start
to
like
start
that
discussion.
This
is
like
the
big
to
me.
This
is
the
biggest
feature
of
pentapet
that
we've
known
about
since
we
started
building
it
and
we
haven't
designed
yet
we
kind
of
knew
that
we
wanted
all
of
these
things
almost
from
the
beginning.
We
just
knew
it
was
gonna
be
hard,
so
we
put
it
off
until
we
had
the
basics
and
we're
almost
ready
to
build
that.
So
that's
it's
really
exciting.
To
me.
D
E
D
D
D
B
I
think
that
makes
sense
it
does
it
does.
I
think
I
think
it.
I
think
that
supervisor
configuration
is
not
that
bad,
because
of
that
it
does
mean,
then
that
on
the
client
side
on
the
on
the
workload
cluster
side
and
the
concierge
it
does
have
to
like
have
a
separate
jot
authenticator
for
each
federation
domain,
which
is
okay,
but
it
might.
A
Okay,
well
thanks
everyone
for
joining
the
pinniped
community
meeting
today
and
just
a
reminder:
if
you're
watching
this
from
home,
please
consider
joining
us
live.
We
meet
every
first
and
third
thursday
of
the
month
at
9am
pacific
time,
and
we
also
can
be
found
on
twitter
at
project
pinniped
and
in
the
kubernetes
slack
workspace
in
the
pinniped
channel.
So
we
encourage
you
to
join
us,
you're
free
to
come
and
lurk
you're
free
to
come
and
bring
any
discussion
topics
or
anything
you
need
help
with.