►
From YouTube: Pinniped Community Meeting - June 3, 2021
Description
Pinniped Community Meeting - June 3, 2021
We meet every 1st and 3rd Thursday at 9am PT / 12pm ET. We'd love for you to join us live!
Announcing v0.9.0 as well as an upcoming bug fix that was brought to the team's attention by @jeuniii (thank you!) and discussed changes to the roadmap and what the team is working on next. Full notes here: https://hackmd.io/rd_kVJhjQfOvfAWzK8A3tQ
A
Hi
everyone
welcome
to
this
week's
edition
of
the
pinniped
community
meeting.
Today's
date
is
june
3rd
2021,
it's
the
first
meeting
of
june,
if
you're
tuning
in
from
youtube
just
a
reminder,
we
do
meet
every
first
and
third
thursday
of
the
month
at
9
a.m.
Pacific
time.
So,
if
you're
able
to
we'd
love
for
you
to
attend,
live
when
you
do
attend,
we
ask
that
you
read
and
abide
by
our
code
of
conduct
which
is
listed
out
here
in
the
agenda.
A
If
you
have
anything,
you
would
like
to
put
on
the
agenda
that
you
want
to
bring
to
the
team
if
you
need
help
with
anything,
pinniped
related
any
questions
or
discussion
items
you
have
for
the
team.
We
ask
that
you
put
that
down
in
the
discussion
topics
below
and
we
can
use
the
meeting
to
discuss
those
items.
A
If,
as
you're
attending,
we
also
ask
that
you
put
in
your
name
and
any
company
that
you
represent,
or
if
you're
representing
as
yourself
and
you're,
using
pinniped
for
personal
projects,
we
also
want
to
know
that
as
well
for
announcements
that
we
have
today,
we
did
release
pinniped
0.9,
and
I
will,
I
guess,
kick
it
over
to
a
mat
to
give
a
little
bit
overview
over
that,
and
we
do
have
some
release
notes
and
a
blog
post
that
you
can
check
out
as
well.
B
Yeah
this
release
is
great.
This
release
has
so
much
stuff
that
we've
been
working
on
for
a
long
time,
so
it
has.
The
main
thing
is
ldap
support,
so
we
have
a
new
crd,
ldap
identity
provider.
You
can
now
configure
the
supervisor
to
authenticate
users
with
a
username
and
password
against
an
ldap
directory.
B
This
is
huge.
This
is
there's
a
lot
of
enterprises
and
and
companies
that
use
ldap
as
an
authentication
protocol.
B
It's
not
the
best
authentication
protocol
in
the
world,
so
we
still
would
recommend
that
if
you
have
access
to
an
oidc
identity
provider,
that's
probably
a
better-
that's
probably
a
better
place
to
integrate,
but
this
this
works
great.
It
is
somewhat
complex
to
configure,
because
ldap
is
relatively
complex.
You
need
to
know
how
your
directory
is
laid
out
and
how
user
attributes
are
formed
and
how
groups
are
attached
to
users
and
all
of
that,
but
we
documented
all
that
pretty
well.
B
The
other
feature:
that's
in
this
release
is
some
new
configuration
apis
for
the
concierge,
so
in
os
70
we
added
the
impersonation
proxy
that
makes
the
concierge
work
on
managed
clusters
essentially
clusters
without
control,
plane
nodes,
and
we
rolled
it
out
with
sort
of
like
defaults
that
worked
great
on
most
clusters,
but
now
we've
added
the
configuration
api
that
lets
you
customize,
how
it's
deployed,
so
you
can
choose
to
turn
off
the
impersonation
proxy
or
turn
on
the
impersonation
proxy.
B
You
can
say
when
the
impersonation
proxy
starts
up
and
it
deploys
a
service
to
get
traffic
to
itself.
You
can
control
kind
of
how
that
cert,
how
that
service
is
configured,
you
can
have
an
internal
service
or
a
service
with
certain
annotations.
That
are
mean
something
on
your
particular
cloud
provider
and
yeah.
So
this
just
adds
a
lot
of
flexibility
to
how
the
concierge
works.
In
these
environments.
B
A
couple
of
minor
changes,
nothing,
nothing,
nothing
too
major.
Unfortunately,
we
have
uncovered
one
bug
in
this
release.
Since
yesterday
it's
just
a
typo
in
our
deployment
yaml
I
linked.
I
only
did
659..
B
We
had
a
typo
that
we
didn't
catch
in
testing,
because
the
tools
that
we
use
for
testing
just
work
just
fine
despite
the
typo
that
field
called
mode
load
balancer,
should
be
called
type
load.
Balancer
in
our
test
environments,
we
always
deploy
with
cap
and
cap,
is
happy
to
just
deploy
that
and
the
defaults
in
that
field
apply.
So
everything
works.
Just
like
we
expected
other
tools,
so
argo
cd,
we
know,
is
one
of
them.
B
I
believe
even
coup,
ctl
angelia
said
group
ctl
apply
without
the
with
the
validation
flag
will
refuse
to
deploy
that
without
an
override
flag.
So
the
bug
is
pretty
trivial.
The
fix
is
pretty
trivial.
It's
just
a
one-line
change.
Basically,
I
think
we'll
get
that
rolled
out
and
release
it
as
0.9.1.
B
Today.
The
only
the
only
thing
that
we're
waiting
for
is
just
to
see
if
there's
any
other
changes
that
we
think
we
might
want
to
throw
into
that
that
bug
fix
release.
So
that
is
that's
the
update
on
the
release
and
like
thanks
to
everyone
that
contributed,
especially
thanks
brian,
for
writing
that
awesome,
blog
post.
B
C
B
Yeah,
I
think
we
should
what
so
I
think,
one
of
the
bugs
here
or
that
one
of
the
things
we
should
fit
we
should
remediate
is
in
our
test
environments.
We
deploy
using
k.
Chaop
cap
nancy
gets
cap
right
cap,
it's
cap,
yes,
nancy
is
also
community
manager
for
carvalhal
team.
We
deploy
using
cap
and
ci,
but
actually
on
our
website.
We
document
installing
with
poop
ctl
apply.
B
We
don't
actually
ever
test
nci
deploying
with
google
apply,
so
we
should
probably
fix
that,
and
actually
I
opened
another
issue
today
about
building
image
package
packages
and
documenting
how
to
install
penapod
with
the
carvel
tool
suite
it's
it's
anyway.
We
should
probably
do
both.
We
should
probably
both
document
the
same
floor
that
we
use
in
ci
and
then
also
test.
The
cube
ctl
apply
flow
because
it's
what
a
lot
of
users
would
want
to
use
anyway,
yeah,
I
actually
I
don't
know
the
specific
answer,
question
about
validation
and
cap.
I
don't
know.
A
All
right,
thanks
for
that
matt,
thanks
for
bringing
over
the
new
release
and
then
the
bug
fix
that
should
be
released
later
today.
As
far
as
status
updates
go
we're
moving
on
to
project
roadmap-
and
I
think
am
I
frozen-
is
my
image
frozen?
I'm
good,
I'm
looking
at
myself,
but
I'm
just
stuck
in
this
funny.
A
All
right
project
road
map
june
2021-
we
have
multiple
idps
listed
out.
There
has
anything
been
started
on
that
item.
B
No,
this
is
probably
a
good
discussion
topic
because
I
think
we're
gonna
probably
pull
the.
B
I
think
I
think
we
decided
to
pull
the
device
code
flow
support
kind
of
above
that,
so
we
need
to
adjust
the
roadmap.
B
Based
on
that
decision,
I
think
multiple
idps
is
still
well
actually
so
there's
two
there's
two
things
that
we
kind
of
wanted
to
bump
up
device
code
support
and
then,
following
up
on
the
ldap
support,
we
wanted
to
add
a
specific
active
directory.
B
The
real
reason
that
right
we
wanted
to
to
ship
this
separately
is
it
gives
us
the
option
as
we
evolve
the
api
to
add
new
default,
add
new
fields
and
set
good
defaults
for
active
directory
versus
good
defaults
for
generic
ldap
in
the
future.
So
if
we
add
new
functionality,
we
can
make
it
work
well
with
ldap.
B
We
can
make
it
work
well
with
active
directory
if
the
user
has
expressed
this
intent,
that
they
are
attached
to
active
directory,
so
those
two
roadmap
items
kind
of
go
to
the
top
of
the
pile,
and
I
think
that
pushes
multiple
idps
down
a
couple
of
rungs,
which
means-
maybe
it's
not
june
anymore,.
B
It
might
be
a
good
time
to
go
back
through
those
and
groom
them
and
make
sure
that
we
still
have
the
right
right
set
of
issues
in
the
right
order.
But
if
anybody
has
thoughts,
all
of
those
issues
are
tagged
as
documentation
on.
B
Github
does
anyone
else
anjali
or
anyone
else
on
the
team
have
anything
else,
any
other
thoughts
about
roadmap.
I
think
we
need
to
make
a
little
adjustment
to
the
roadmap
yeah.
D
B
D
Definitely
my
hair
can
be
messed
up
right
now,
but
yeah
I'll
do
that
I'll.
Take
that
action.
A
Okay,
thank
you
for
that,
and
it
looks
like
I
was
going
to
move
on
to
device
club
flow
versus
alternatives
as
far
as
from
previous
meeting,
but
it
sounds
like
we
just
discussed
that
that's
going
to
be
moved
above
the
multiple
idps
and
added
to
the
project
roadmap.
Is
that
correct
or
do
you
want?
Is
there
anything
further
you
want
to
discuss
from
the
previous.
B
B
I
think
we
talked
about
last
in
the
last
meeting.
It's
secure
pretty
convenient.
It's
slightly
less
convenient
than
device
code
flow
support,
but
it's
also
probably
easier
to
build.
So
I
I
think
in
general
we
decided
we're
willing
to
do
extra
development
work
to
get
that
extra
little
bit
of
user
experience
in
the
login
flow.
Even
if
it's
a
little
more
code.
A
little
more
time
to
build.
C
B
B
Obviously
that
in
the
end
makes
a
lot
more
work.
So
I
think
we
won't
do
that
unless
well,
if
we
do
end
up
doing
things,
the
way
that
concourse
did
the
the
sort
of
the
non
non-standard
way
doesn't
mean
that
we're
forever
shut
out
of
doing
thing
again
and
and
building
the
device
could
flow
later.
So
that's
that's
always
an
option
but
yeah,
hopefully
we'll
know
more
by
by
next
week.
So
right
now
we
have
issues
filed
or
I
think
it's
the
link
there.
B
We've
issued
files
for
device
code,
support
and
the
supervisor
as
a
server
and
device
code
support
in
the
cli
as
a
client
and
I'm
going
to
hopefully
prototype
those
this
week
and
we'll
have
enough
information
to
understand
the
scope
for
to
really
get
started
in
earnest
and
build
the
production
stuff
next
week.
B
I
did
have
one
other
issue.
I
thought
might
be
good
to
discuss.
I'm
sorry,
I
didn't
link
it.
Let
me
link
it
really
quick.
B
We
currently
distribute
pinniped
in
a
few
ways,
so
we
distribute
the
container
image
for
the
server,
which
is
currently
just
like
one
big
image
that
includes
the
concierge
and
the
supervisor,
and
this
local
user
authenticator
that
we
use
mainly
for
testing,
and
then
we
distribute
ytt
templates
in
a
directory
on
git.
We
don't
actually
kind
of
like
snapshot,
those
for
you
and
then,
with
each
release.
We
run.
We
evaluate
the
templates
with
all
the
right
defaults
and
get
just
some
yaml.
B
We
ship
that
as
a
file
in
the
release,
so
your
choices
when
you
install
are
like
you
can
install
using
the
the
default
yaml
that
works
great
for
most
environments,
where
you
can
clone
the
git
repository
run,
ytt
with
a
bunch
of
options
that
you
want,
set
custom
options
and
you
can
get
a
custom
manifest,
and
it's
sort
of
all
up
to
you,
then,
to
like
make
sure
you're
pulling
the
right
versions
of
everything
together.
B
B
This
story
is
about
using
the
rest
of
the
tools
and
using
them
all
in
a
coherent
way.
So
we
can
distribute
a
image
package
bundle
which
is
a
collection
of
then
all
of
our
all
of
our
templates
and
everything
nicely
packaged
up.
So
you
can
reference
it
with
an
immutable
hash
and
know
what
you
can
know
exactly
what
you're
getting
is
what
we
released.
So
I
know
andrew
and
ben.
You
all
were
interested
in
doing
similar
work
to
package
benefit
downstream,
hoping
we
can
get
these
things
aligned
so
that
we
do
the
work
once.
E
B
B
It's
a
little
bit
of
a
dangerous
assumption.
I
don't
think
we
have
broken
them
yet
I
would
say
the
thing
we
actually
really
support
right
now
and
this
the
thing
that
we
test
and
and
can
actually
say
we
support-
is
the
default
yaml,
that's
pre-rendered
and
upgrading
from
one
version
to
the
next
of
that
we
should
probably.
E
B
B
B
B
That's
all
I
really
wanted
to
mention
here.
I
think
if
anybody
has
other
thoughts,
there's
been
a
long-standing
issue
to
also
package
and
distribute
a
helm
chart.
I
think
it
was
like
the
third
issue
in
our
repo
or
something
like
that.
It's
very
early.
We
haven't
done
that.
We
don't
have
that.
We
don't
have
that
prioritized
yet
because
we
don't
we
don't
use
helm
to
deploy
anywhere.
So
it's
not
a
huge
priority
and
it
would
be
we.
B
I
wouldn't
want
to
release
helm
support
unless
we
could
properly
test
that
it
worked
basically,
especially
since
we
do
have
a
bunch
of
code
and
pinniped
that
has
to
do
with
object,
references
and
garbage
collection
and
making
sure
that
we
dynamically
create
all
these
objects
and
they
all
get
cleaned
up
correctly
like
it's,
it's
not
something.
I
think
we
could
just
blindly
throw
out
there
and
hope
that
it
works
yeah.
This
is
it
exactly.
B
A
Well,
cool
anything
further
on
that
particular
item,
any
other
comments.
A
Going
once
twice
all
right,
so
that
brings
us
to
the
end
of
today's
meeting.
I
encourage
you
if
you're
watching
this
from
home
to
attend,
live,
and
we
welcome
workers,
we
welcome
those
who
want
to
engage.
You
know
any
and
all
are
welcome.
We
meet
every
first
and
third
thursday
at
9
00
a.m.
A
Pacific
time,
if
you
aren't
able
to
attend
any
meetings-
and
you
do
want
to
interact
with
the
team,
we're
also
on
the
pinniped
channel
in
the
kubernetes
slack
workspace
and
we're
also
on
twitter,
which
is
at
project
pinniped
so
and
we
we
welcoming
in
all
discussion
and
feedback.
So
please
share
your
thoughts
and
we'd
love
to
have.
You
join
join
us
with
that
enjoy
the
rest
of
your
day
and
we
hope
to
see
you
soon.
Thank
you.