►
From YouTube: Pinniped Community Meeting - July 15, 2021
Description
Pinniped Community Meeting - July 15, 2021
We meet every 1st and 3rd Thursday of the month at 9am PT. We'd love for you to join us live!
This week we discuss July 2021 Roadmap Updates and announced the CNCF Pinniped Webinar. Full details here: https://hackmd.io/rd_kVJhjQfOvfAWzK8A3tQ?view#July-15-2021
A
Hi
everyone
welcome
to
this
week's
edition
of
the
pinniped
community
meeting.
Just
a
reminder,
these
meetings
are
being
recorded
and
uploaded
to
our
youtube
playlist.
If
you're
watching
from
home
on
one
of
these
recordings,
we
invite
you
to
attend
these
in
person.
We
meet
every
first
and
third
thursday
of
the
month
at
9
a.m.
A
Pacific
time,
that's
just
an
opportunity
for
you
to
listen
in
on
what
the
team
is
working
on
and
bring
up
any
discussion
topics
that
you
wish
to
share
with
the
team,
or
you
have
anything
that
you
need
help
with
from
the
team.
It's
a
really
good
like
live
opportunity
for
you
to
engage
with
the
team
in
that
way,
when
you
do
attend,
we
ask
that
everyone
reads
and
abides
by
our
code
of
conduct.
A
So
please
read
that
and
and
when
you
attend
justified
by
by
that
and
you,
we
also
ask
that
when
you
attend,
you
put
your
name
in
any
organization
or
company
that
you
represent
here
and
that's
just
a
way
for
us
to
keep
track
of.
Who
is
attending
these
meetings
and
making
sure
the
lines
of
communication
are
left
open
and
we
can
reach
out
and
not
lose
sight
of
of
who,
from
from
the
community,
is
joining
us
as
far
as
announcements
goes,
it
looks
like
we
don't
have
anything
here.
A
Is
that
correct?
Is
there
any
announcements
that
the
team
wishes
to
share.
B
Updates
on
these
three
yeah,
so
the
first
one
out
over
there
remote
over
dc
login
support.
I
think
we
are
very
close
to
getting
that
done.
I
know
marco
can
give
more
updates
on
the
ad
support
side.
The
the
the
third
one
there
wider
concierge
cluster
support,
we're
still
we're
still
trying
to
work
that
out
and
see
what
makes
sense,
because
mo
has
come
up
with
a
cool
pr
upstream
for
short-lived
certs.
B
C
Yeah
so
yeah,
so
we've
been
kind
of
trying
to
get
this
active
directory,
specific
identity
provider,
it's
slightly
different
than
that
the
old
app
identity
provider
and.
C
Be
as
little
configuration
as
possible,
so,
like
you
know,
if
you
don't
say
this,
is
the
username
ldap
attribute
that
I
want
to
be
present
in
my
id
token-
and
this
is
the
uid
attribute
that
I
want
to
be
present
in
my
id
token,
we
can
just
kind
of
infer
that,
based
on
our
knowledge
of
what
attributes
active
directory
has
we've
been
kind
of
working
on
figuring
out
if
we
can
get
the
search
base
defaulted,
which
is
kind
of
hairy,
because.
D
I
was
going
to
ask
margo
and
ryan.
If
they,
I
guess
we
could,
we
can
wait
for
a
discussion.
I
had
a
question
for
them,
but
I
can
wait
so
in
regards
to
my
thing
I'll:
go,
find
the
kept
link
and
put
it
somewhere
in
the
community
meeting
stats,
but
the
the
gist
of
it
is
in
122
and
later
clusters.
D
What
that
does
is,
then
it
broadens
the
scope
of
things
that
we
can
support
environments
that
we
can
support.
So
as
a
for
example,
today
we
require
an
impersonation
proxy
to
be
used.
If
you
want
to
use
a
gke
cluster
or
a
openshift
cluster.
Those
are
the
only
those
both
require.
The
impersonation
proxy
feature
to
be
enabled.
D
D
So,
if,
as
a
for
example,
if
we
wanted
direct
openshift
support-
and
we
did
not
want
to
wait
for
a
122
version-
a
kubernetes
version
of
openshift
that
had
that
functionality,
then
we
could
add
direct
support
in
a
different
way,
but
we're
still
trying
to
work
out
what
makes
sense
long
term.
I
think,
no
matter
what
we
will
eventually
implement
an
approach
that
uses
the
csr
api,
because
it
has
some
nicer,
just
sort
of
architectural
semantics
that
we
would
like
to
have.
A
That,
okay,
anything
else
from
the
team
on
those
items.
A
We
have
secured
a
spot
for
august
24th
at
10
a.m,
pacific
time
and
the
maintainers
matt,
moyer
and
margaret
crawford
will
be
doing
a
live
webinar
with
q,
a
and
just
going
over
pinniped
and
doing
some
demos
and
the
history
of
pinniped
and
why
it
was
built
and
all
those
fun
things.
So,
if
you're
really
interested
in
learning
more
about
the
project
and
being
able
to
see
some
demos
and
ask
direct
questions
in
that
way,
we
encourage
you
to
sign
up
for
this
webinar.
A
Okay,
now
moving
on
to
some
items
we
had
from
previous
meetings,
I
know
matt
who's
not
on
the
call
today
had
brought
these
two
up
last
time,
but
I'm
curious
if
anybody
had
any
thoughts.
Any
updates
for
this
report,
non-iterative
password-based
oidc.
C
C
E
E
I
think
we've
also
set
this
aside,
but
probably
deserves
to
be
on
the
road
map
somewhere,
it's
more
of
a
long
concern.
I
think.
D
D
The
context
of
my
question
is,
I,
I
think,
the
so
far
the
feedback
we
have
sort
of
gotten
from
field
engineering
and
such
is
that
configuring,
this
stuff
is
hard
like
it's
fine
once
you
have
it
configured
and
that's
all
great,
but
it
can
be
hard
for
customers
and
the
field
to
figure
out
what
the
right
configuration
is.
D
C
It's
a
little
bit
simpler
to
know
ahead
of
time
like
what
that
attribute
will
be,
but
we're
not.
I
guess,
yeah
we're
not
really
active
directory
experts,
we're
trying
to
kind
of
understand
what
these
things
mean.
You
find
out
that
you
can
make
a
search
with
an
empty
search
base
if
you
use
the
global
controller,
but
we're
not
sure
what
the
implications
of
that
are
fully
so
we're
still.
E
Yeah
that
sounds
that
sounds
about
right
and,
like
you
said,
I
think
we
just
have
a
lot
to
learn
about
global
catalogs
and
forests
and
domains
and
all
of
the
active
directory
concepts
figure
out
what
might
make
sense.
D
Experts
did
you
all
get
a
sense
for
when,
like
like,
maybe
not
even
necessarily
with
versions
but
like
how
often
is
the
global
catalog,
like
a
thing
that
you
can
actually
talk
to.
C
It
seems
like
by
default
your
first
domain
controller
that
you
set
up
is
a
also
has
global
set
up,
but
we're
unsure
about
is
like.
Does
that
mean
that
people
have
enabled
that
global
catalog
port,
or
is
that
blocked
by
some
firewall
wall
in
almost
every
instance
or.
E
E
If
someone
gives
us
the
host
name
of
an
active
directory
server,
it
may
or
may
not
have
the
global
catalog
role
assigned
to
it.
So
it
may
or
may
not
think
on
the
global
catalog
port.
E
D
Okay,
I
guess
we
can
probably
keep
talking
about
this,
maybe
in
the
next
community
meeting.
I
think
we
will
probably
learn
a
lot
more
and
probably
gotten
much
further
in
our
implementation.
A
Okay,
anything
else:
the
team
wants
to
bring
up.
A
All
I
want
okay,
okay,
so
thanks
for
attending
this
pinniped
community
meeting
just
a
reminder,
we
do
meet
every
first
and
third
thursday
of
the
month
at
9
a.m.
Pacific
time,
so
we
encourage
you
to
come
and
attend
us,
attend
these
meetings
and
join
us
and
bring
up
any
discussion
topics
you
wish
to
discuss
with
the
team
or
just
listen
in
we
welcome
lurkers.
A
You
don't
have
to
actively
engage
it's
just
a
nice
way
to
to
start
getting
involved
if
you're
interested
other
ways
to
reach
us.
If
you
aren't
able
to
attend
these
meetings
is
in
the
kubernetes
slack
workspace
in
the
piniped
channel
and
also
on
twitter
at
project
pinniped,
and
with
that
we
hope
to
see
you
soon.
Thank.