►
From YouTube: Pinniped Community Meeting - June 3, 2021
Description
Pinniped Community Meeting - June 3, 2021
We meet every 1st and 3rd Thursday at 9am PT / 12pm ET. We'd love for you to join us live!
Announcing v0.9.0 as well as an upcoming bug fix that was brought to the team's attention by @jeuniii (thank you!) and discussed changes to the roadmap and what the team is working on next. Full notes here: https://hackmd.io/rd_kVJhjQfOvfAWzK8A3tQ
A
Hi
everyone
welcome
to
this
week's
edition
of
the
pinniped
community
meeting.
Today's
date
is
june
3rd
2021,
it's
the
first
meeting
of
june,
if
you're
tuning
in
from
youtube
just
a
reminder,
we
do
meet
every
first
and
third
thursday
of
the
month
at
9
a.m.
Pacific
time.
So,
if
you're
able
to
we'd
love
for
you
to
attend,
live
when
you
do
attend,
we
ask
that
you
read
and
abide
by
our
code
of
conduct
which
is
listed
out
here
in
the
agenda.
A
If
you
have
anything,
you
would
like
to
put
on
the
agenda
that
you
want
to
bring
to
the
team
if
you
need
help
with
anything,
pinniped
related
any
questions
or
discussion
items
you
have
for
the
team.
We
ask
that
you
put
that
down
in
the
discussion
topics
below
and
we
can
use
the
meeting
to
discuss
those
items.
B
Yeah
this
release
is
great.
This
release
has
so
much
stuff
that
we've
been
working
on
for
a
long
time,
so
it
has.
The
main
thing
is
ldap
support,
so
we
have
a
new
crd,
ldap
identity
provider.
You
can
now
configure
the
supervisor
to
authenticate
users
with
a
username
and
password
against
an
ldap
directory.
B
B
It's
not
the
best
authentication
protocol
in
the
world,
so
we
still
would
recommend
that
if
you
have
access
to
an
oidc
identity
provider,
that's
probably
a
better-
that's
probably
a
better
place
to
integrate,
but
this
this
works
great.
It
is
somewhat
complex
to
configure,
because
ldap
is
relatively
complex.
You
need
to
know
how
your
directory
is
laid
out
and
how
user
attributes
are
formed
and
how
groups
are
attached
to
users
and
all
of
that,
but
we
documented
all
that
pretty
well.
B
You
can
say
when
the
impersonation
proxy
starts
up
and
it
deploys
a
service
to
get
traffic
to
itself.
You
can
control
kind
of
how
that
cert,
how
that
service
is
configured,
you
can
have
an
internal
service
or
a
service
with
certain
annotations.
That
are
mean
something
on
your
particular
cloud
provider
and
yeah.
So
this
just
adds
a
lot
of
flexibility
to
how
the
concierge
works.
In
these
environments.
B
B
We
had
a
typo
that
we
didn't
catch
in
testing,
because
the
tools
that
we
use
for
testing
just
work
just
fine
despite
the
typo
that
field
called
mode
load
balancer,
should
be
called
type
load.
Balancer
in
our
test
environments,
we
always
deploy
with
cap
and
cap,
is
happy
to
just
deploy
that
and
the
defaults
in
that
field
apply.
So
everything
works.
Just
like
we
expected
other
tools,
so
argo
cd,
we
know,
is
one
of
them.
B
B
Today.
The
only
the
only
thing
that
we're
waiting
for
is
just
to
see
if
there's
any
other
changes
that
we
think
we
might
want
to
throw
into
that
that
bug
fix
release.
So
that
is
that's
the
update
on
the
release
and
like
thanks
to
everyone
that
contributed,
especially
thanks
brian,
for
writing
that
awesome,
blog
post.
B
C
B
Yeah,
I
think
we
should
what
so
I
think,
one
of
the
bugs
here
or
that
one
of
the
things
we
should
fit
we
should
remediate
is
in
our
test
environments.
We
deploy
using
k.
Chaop
cap
nancy
gets
cap
right
cap,
it's
cap,
yes,
nancy
is
also
community
manager
for
carvalhal
team.
We
deploy
using
cap
and
ci,
but
actually
on
our
website.
We
document
installing
with
poop
ctl
apply.
B
We
don't
actually
ever
test
nci
deploying
with
google
apply,
so
we
should
probably
fix
that,
and
actually
I
opened
another
issue
today
about
building
image
package
packages
and
documenting
how
to
install
penapod
with
the
carvel
tool
suite
it's
it's
anyway.
We
should
probably
do
both.
We
should
probably
both
document
the
same
floor
that
we
use
in
ci
and
then
also
test.
The
cube
ctl
apply
flow
because
it's
what
a
lot
of
users
would
want
to
use
anyway,
yeah,
I
actually
I
don't
know
the
specific
answer,
question
about
validation
and
cap.
I
don't
know.
A
All
right,
thanks
for
that
matt,
thanks
for
bringing
over
the
new
release
and
then
the
bug
fix
that
should
be
released
later
today.
As
far
as
status
updates
go
we're
moving
on
to
project
roadmap-
and
I
think
am
I
frozen-
is
my
image
frozen?
I'm
good,
I'm
looking
at
myself,
but
I'm
just
stuck
in
this
funny.
A
B
The
real
reason
that
right
we
wanted
to
to
ship
this
separately
is
it
gives
us
the
option
as
we
evolve
the
api
to
add
new
default,
add
new
fields
and
set
good
defaults
for
active
directory
versus
good
defaults
for
generic
ldap
in
the
future.
So
if
we
add
new
functionality,
we
can
make
it
work
well
with
ldap.
B
B
D
B
A
Okay,
thank
you
for
that,
and
it
looks
like
I
was
going
to
move
on
to
device
club
flow
versus
alternatives
as
far
as
from
previous
meeting,
but
it
sounds
like
we
just
discussed
that
that's
going
to
be
moved
above
the
multiple
idps
and
added
to
the
project
roadmap.
Is
that
correct
or
do
you
want?
Is
there
anything
further
you
want
to
discuss
from
the
previous.
B
B
I
think
we
talked
about
last
in
the
last
meeting.
It's
secure
pretty
convenient.
It's
slightly
less
convenient
than
device
code
flow
support,
but
it's
also
probably
easier
to
build.
So
I
I
think
in
general
we
decided
we're
willing
to
do
extra
development
work
to
get
that
extra
little
bit
of
user
experience
in
the
login
flow.
Even
if
it's
a
little
more
code.
A
little
more
time
to
build.
C
B
B
Obviously
that
in
the
end
makes
a
lot
more
work.
So
I
think
we
won't
do
that
unless
well,
if
we
do
end
up
doing
things,
the
way
that
concourse
did
the
the
sort
of
the
non
non-standard
way
doesn't
mean
that
we're
forever
shut
out
of
doing
thing
again
and
and
building
the
device
could
flow
later.
So
that's
that's
always
an
option
but
yeah,
hopefully
we'll
know
more
by
by
next
week.
So
right
now
we
have
issues
filed
or
I
think
it's
the
link
there.
B
B
We
currently
distribute
pinniped
in
a
few
ways,
so
we
distribute
the
container
image
for
the
server,
which
is
currently
just
like
one
big
image
that
includes
the
concierge
and
the
supervisor,
and
this
local
user
authenticator
that
we
use
mainly
for
testing,
and
then
we
distribute
ytt
templates
in
a
directory
on
git.
We
don't
actually
kind
of
like
snapshot,
those
for
you
and
then,
with
each
release.
We
run.
We
evaluate
the
templates
with
all
the
right
defaults
and
get
just
some
yaml.
B
This
story
is
about
using
the
rest
of
the
tools
and
using
them
all
in
a
coherent
way.
So
we
can
distribute
a
image
package
bundle
which
is
a
collection
of
then
all
of
our
all
of
our
templates
and
everything
nicely
packaged
up.
So
you
can
reference
it
with
an
immutable
hash
and
know
what
you
can
know
exactly
what
you're
getting
is
what
we
released.
So
I
know
andrew
and
ben.
You
all
were
interested
in
doing
similar
work
to
package
benefit
downstream,
hoping
we
can
get
these
things
aligned
so
that
we
do
the
work
once.
E
B
B
It's
a
little
bit
of
a
dangerous
assumption.
I
don't
think
we
have
broken
them
yet
I
would
say
the
thing
we
actually
really
support
right
now
and
this
the
thing
that
we
test
and
and
can
actually
say
we
support-
is
the
default
yaml,
that's
pre-rendered
and
upgrading
from
one
version
to
the
next
of
that
we
should
probably.
E
B
B
B
B
That's
all
I
really
wanted
to
mention
here.
I
think
if
anybody
has
other
thoughts,
there's
been
a
long-standing
issue
to
also
package
and
distribute
a
helm
chart.
I
think
it
was
like
the
third
issue
in
our
repo
or
something
like
that.
It's
very
early.
We
haven't
done
that.
We
don't
have
that.
We
don't
have
that
prioritized
yet
because
we
don't
we
don't
use
helm
to
deploy
anywhere.
So
it's
not
a
huge
priority
and
it
would
be
we.
B
I
wouldn't
want
to
release
helm
support
unless
we
could
properly
test
that
it
worked
basically,
especially
since
we
do
have
a
bunch
of
code
and
pinniped
that
has
to
do
with
object,
references
and
garbage
collection
and
making
sure
that
we
dynamically
create
all
these
objects
and
they
all
get
cleaned
up
correctly
like
it's,
it's
not
something.
I
think
we
could
just
blindly
throw
out
there
and
hope
that
it
works
yeah.
This
is
it
exactly.
B
A
A
Pacific
time,
if
you
aren't
able
to
attend
any
meetings-
and
you
do
want
to
interact
with
the
team,
we're
also
on
the
pinniped
channel
in
the
kubernetes
slack
workspace
and
we're
also
on
twitter,
which
is
at
project
pinniped
so
and
we
we
welcoming
in
all
discussion
and
feedback.
So
please
share
your
thoughts
and
we'd
love
to
have.
You
join
join
us
with
that
enjoy
the
rest
of
your
day
and
we
hope
to
see
you
soon.
Thank
you.