►
From YouTube: Pinniped Community Meeting - January 21, 2021
Description
Pinniped Community Meeting - January 21, 2021
This is the first recorded community meeting for Pinniped, covering project roadmap, CI transparency, what's in v0.5.0, and multiple Pinnipeds.
Meeting information and notes can be found here: https://hackmd.io/rd_kVJhjQfOvfAWzK8A3tQ?view
A
A
All
right
so
thanks
everyone
for
joining
for
the
second
community
meeting
of
2021,
really
excited
to
have
everyone
here
and
welcoming
rajet.
Hopefully
I'm
saying
that
correctly
we
have
a
few
things
to
go
over.
I'm
just
gonna
go
over
the
list
of
what
we
have
here.
I'll
put
it
in
the
chat
for
the
agenda.
A
And
whenever
you
give
your
status
update,
just
kind
of
give
a
short
little
intro
of
who
you
are,
and
you
know
what
what
you
do
here
and
maybe
a
little
just
a
tiny
little
background
so
that
the
community
knows
you
know
who
you
are
is
familiar
with
you,
so
I'm
gonna
start
with
matt.
Do
you
have
anything
to
cover
there's
nothing
here,
but
I
just
wanna.
B
C
B
E
Yep
nancy,
I
think
he
said-
maybe
do
some
introductions
too.
So
I'm
andrew
I'm
a
engineer.
I
work
at
vmware
and
I've
been
on
the
pinniped
team.
I
guess
since
it
started,
although
I
wasn't
really
involved
in
much
of
the
planning
pre
the
team
forming
and
then
I
participate
a
little
bit
in
on
upstream
kubernetes,
mostly
in
sigoth
and
working
at
vmware
since
was
acquired
by
pivotal,
mostly
work
on
all
stuff.
E
E
E
So
mo-
and
I
were
debugging
this
problem
in
in
ci
today
and
mo
had
the
really
good
idea
to
turn
on
audit
logging
in
our
kubernetes
clusters
to
get
a
little
bit
more
of
an
idea
of
what
was
going
on
under
the
hood.
So
specifically,
there
was
a
resource,
a
secret
that
was
getting
deleted
and
we
weren't
sure
why,
and
so
mo
was
like
turn
on
I'll
get
logging
in
our
kind
cluster
that
we
were
using
and
we
turned
it
on
and
we
figured
out
who
was
deleting
the
secret
and
it
was
incredibly
helpful.
E
E
We
didn't
see
any
performance
slow
down,
but
maybe
there's
some
of
that
behind
the
scenes-
and
I
guess
an
another
con
is
maybe
resources
like
you
could
maybe
overflow
a
docker
volume
with
an
audit
log,
but
I
I'm
not
losing
much
sleep
over
that
just
because
that's
an
ephemeral
disc
that
just
gets
deleted.
After
all
of
our
tests
run
so
that's
kind
of
a
high
level
view
of
this
issue.
E
B
B
I
think
a
lot
of
the
things
we're
talking
about
here
are
only
available.
We
haven't,
we
haven't,
found
a
safe
way
to
open
them
up.
You
have
sort
of
like
read-only
access
through
concourse,
but
we
don't
have
like
a
safe
way
to
expose
like
all
the
ci
jobs
and
how
they
run
and-
and
we
don't
really
have
a
plan
for
how
we
would
open
up
that
access
in
the
same,
in
the
same
way
that,
like
kubernetes,
does
for
test
infra.
B
C
So,
if
I
understand
correctly,
though,
and
for
cube
ci,
even
as
like
a
member
of
the
oregon
stuff,
all
I
can
see
from
ci
runs
because
I
don't
I'm
not
in
like
the
test.
Infra
group
is,
I
can
see
all
the
artifacts
that
that
so
so
you
have
a
lot
of
you
have
a
lot
of
visibility
in
on
what
happened.
But-
and
I
guess
I
could-
I
think
some
of
the
repos
are
open
and
I
could
go
try
to
change
the
test,
jobs
or
something.
But
I
can't
like
you.
C
B
C
B
C
Most
part
like
the
job
definitions,
don't
matter
because
they
just
run
a
suite
of
tests
and
you
see
a
failure
and
you're
like
all
right.
I
mean
like
look
at
the
audit
logs
or
something
like
you
just
need
the
metadata,
but
I
do
remember
in
openshift
I
I
could.
I
could
get
qco
access
to
a
running,
ci
cluster
and
that
was
always
really
nice.
Should
we
finish
the.
F
So
I
guess
matt
and
I
have
been
working
on
writing
an
impersonation
proxy.
So
currently
we
have
the
concierge
piece
of
pinniped,
which
you
give
a
token
to,
and
it
gives
you
a
cluster
certificate
back
and
we
want
to
get
around
that
by
having
an
impersonation
proxy
on
that
cluster
to
just
give
a
token
to
and
then
act
as
that
run
the
command
as
that
user.
B
Yeah,
we
can
talk
about
it
down
here
too
so
discussion
topics.
First,
one
is
like:
what's
in
our
next
release,
besides
the
multiple
pinnipeds
thing,
and
then
I
added
also,
what
do
we
think
is
the
schedule
on
that
release.
I
would
say
my
opinion
as
a
starting
point
is:
there's
nothing
in
zero:
five,
zero.
C
B
So
we
think
it's
should
be
safe
to
merge,
even
though
it
doesn't
really
work.
Yet
you
can't
really
it's
not
documented
and
you
can't
really
use
it
yet.
I
would
consider
that
we
could
probably
merge
that
to
main
that
would
be
fine,
but
we
wouldn't
actually
consider
it
released
yet,
even
though
the
code
was
there
or
even
though
some
of
the
code
was
there,
but
I
don't
know,
this
might
be
a
point
where
we
talk
about
like.
B
Otherwise,
and
maybe
the
other
reason
is
just
to
integrate
early
and
not
have
to
have
merged
conflicts,
but
I'm
not
that
in
this
case,
I'm
not
that
worried
about
that.
So
I
could
also
see
a
valuable
path
where
we
try
to
enhance
the
pr
pipeline
so
that
we
can
do
more
test
in
more
different
environments,
at
least
some
of
the
time
for
or
for
long-running
feature
branches,
and
we
would
just
hold
this
feature
off
until
it's
completely
finished
and
merge
it
in
which
would
be
cleaner
from
the
like.
The
release.
C
Yeah,
I
can
so
the
general
problem
is
and
a
lot
of
other
projects
have
similar
problems
and
they
kind
of
almost
say
they
ignore
the
problem,
which
is,
whenever
you
have
a
very
kubernetes
native
workload
like
piniped,
that
is
incredibly
dependent
on
crds
for
the
bulk
of
its
work
and
even
more
so
with
an
aggregated
api
service
right,
even
though
these
resources
in
themselves
can
be
name
space.
The
actual
definition
so
like
the
schema
of
those
things,
is
defined.
C
So
with
that
problem
in
mind,
what
ends
up
happening
is,
if
you
try
to
install
more
than
one
template
on
the
cluster
like
a
lot
of
vmware
technologies
might
want
to
do
you
don't
know
which
one
is
going
to
win?
It's
basically,
whoever
shows
up
last
will
probably
step
on
whoever
was
there
before
and
put
the
whole
thing
into
an
incoherent
state.
Maybe
the
last
one
would
keep
working
somewhat,
but
certainly
the
ones
installed
before,
wouldn't
so.
C
So
the
middleware
logic
that
I've
been
working
on
allows
like
99
of
our
code,
to
not
care
that
that
is
happening
under
the
hood
and
then
sort
of
magically
rewrites
api
calls
to
the
right
place
and
the
codes
and
encode
stuff
as
you'd
expect
but
yeah
so,
but
but
the
general
idea
is
we.
We
don't
want
an
impact
to
be
a
single
pin
on
your
cluster.
We
want
you
to
have
as
many
as
you
want
to
have.
C
G
B
Yeah
absolutely
a
couple
of
things.
I
think
we
should
do
in
that
direction.
One
is
so
so
from
a
immediate
planning
standpoint.
We
are
in
general
operating
in
a
pretty
kind
of
agile
methodology,
where
we're
only
usually
playing
only
really
strictly
planning
a
couple
weeks
at
a
time
like
what
we're
kind
of
actively
planning
to
pick
up.
B
We
could
start
to,
even
maybe
even
if
we're
not
ready
to
prioritize
them,
we
could
start
to
say,
like
oh
here's,
some
future
release
where
we
add
this
feature
and
start
to
think
about
thinking
of
that
as
a
little
bit
more
of
a
road
map,
and
then
we
also
have
a
documentation
page
that
I
think
is
probably
probably
needs
some
attention,
which
is
a
scope
page.
It's
it's
this
page,
which
is
meant
to
be
a
list
of
things
that
we
do
and
don't
intend
to
do
in
this
project.
D
B
D
G
So,
okay,
so
here's
a
thing
like
I
mean
I
can
share.
Oh
sorry,
I
realized
some
folks
joined.
I
joined
before
some
folks,
so
I'll
just
go
ahead
and
introduce
myself
hey,
I'm
khachat!
I
I'm
in
india
currently
and
I
haven't
done
a
lot
of
open
source
contributions.
I
made
like
minor,
appears
to
a
few
projects.
G
The
only
one
substantial
enough
to
mention
would
be,
I
guess,
jupiter
hub
added
few
prometheus
metrics
to
the
project
so
where
I'm
coming
from
my
goal
is
to
get
a
little
more
involved
in
open
source
in
general,
so
I
was
looking
at
projects
where
you
know.
Basically
they
kind
of
I
can.
I
resonate
with
the
goal
and
authentication
authorization
is
one
space
specifically
in
the
cloud
native
ecosystem.
I
feel
that
currently
requires
a
lot
of
work.
G
As
in
at
work
I
mean
I,
I
work
with
kubernetes
and
such
and
authentication
authorization
access
control.
I
don't
see
the
standard
tooling
that
I'm
hoping
to
have
any
out
there
like.
There
is
no
project
that
I
feel
that
hey.
This
is
what
we
can
just
use
off
the
shelf,
and
this
will
get
us
running.
I
mean
the
closest
thing
I
think
I've
seen
is
dex
and
gangway.
G
G
So
that
was
where
my
interest
really
drew
into
it.
When
I
saw
it
piniped,
I
felt
very
compelled
to
help
out
in
this
project
in
terms
of
how
to
contribute.
So
documentation
is
something
that
I
have
a
natural
predilection
towards.
So
I
mean
even
at
my
company,
I'm
kind
of
the
one
creating
project,
wikis
and
nudging,
everyone
else
to
add
the
content
to
documentation
and
curating
side
wikis.
G
So
I
feel
that's
the
lowest
barrier
entry
barrier
for
any
project.
So
that's
how
I
started
with
piniped.
So
far
I've
made,
like
I
mean
small
two
three
years.
I
think
up
to
benefit
I'm
hoping
to
get
more
involved
with
the
code
itself,
but
full
disclosure.
I
am
kind
of
a
noob
in
golang,
and
apart
from
that,
I
don't
have
very
good
knowledge,
I
would
say,
regarding
authentication
and
authorization
itself
like
and
that's
kind
of
the
primary
goal.
G
So
I
kind
of
learned
why,
by
doing
it
and
doing
it
in
open
source
kind
of
gives
you
that
nudge
for
accountability-
and
you
see
that
your
work
has
impact
a
lot
of
folks-
are
gonna,
actually
use
the
products
you
build
and
so
forth.
So
yeah,
that's
where
I'm
coming
from.
If
you
have
anything
specific
to
us,
I
can
tell
you.
B
B
It's
a
lot
more
complicated,
but
it's
basically
solving
the
same
problem
of
of
taking
the
oidc
web
browser-based
identity,
login
system
and
making
the
piece
that
connects
it
to
kubernetes
nicely,
which
gangway
was
a
good
first
try,
but
I
think
I
think
we've
done
something
a
lot
better
now
so
yeah
I
mean
thank
you
so
much
for
the
documentation
prs
you've
sent
already
and
like
we're
happy
to
help
help
grow
your
go
capabilities.
I
think
I
think
it's
I
think
penfed
so
far
is
a
pretty
good
example.
B
F
D
Tiger
dude
that
at
your
place
of
employment,
you,
you
contribute
a
lot
of
documentation
and
you
enjoy
doing
that.
I
think
you
said
that
you're
also
interested
in
finding
a
way
to
contribute
to
the
golang
stuff.
Did
you
have
a
particular
did
you
have
particular
ideas
or
hopes
for
the
way
that
you
would
like
pinup
head
to
work,
or
are
you
coming
more
looking
for
suggestions
for
things
that
that
you
could
contribute.
G
Yeah,
it's
the
latter,
I'm
like
hoping
to
get
suggestions
over
how
to
get
started
with
it,
like
not
something
too
big
at
once,
which
kind
of
overwhelms
me
or
something
so
yeah.
That's
where
I'm
coming
from
nothing
specific
as
such,
like
I'm
not
looking
at
to
work
on
a
particular
component
or
something
whichever,
where
you
folks
suggest,
I'm
I'll
be
open
to
that.
F
G
G
G
Yeah
sure
I'll
I'll
be
giving
them
a
shot.
So
truthfully
I
haven't
been
able
to
focus,
spend
much
time
on
oss
in
2021.
So
far,
that's
all
like
I
mean
I
wasn't
making
a
say
any
complaint
or
anything
towards
lack
of
issues.
Yeah,
just
that.
So
far
I
mean
yeah.
It
has
been
a
little
daunting
to
actually
get
into
the
code
and.
B
Yeah,
that's
totally
understandable,
too.
I've
been
on
the
side
of
the
contributor
process,
too,
of
of
like
working
on
kubernetes
when
it
wasn't
really
my
job
to
work
on
kubernetes
and
you're,
just
kind
of
finding
some
spare
hours,
and
it's
it's
hard
because
you
know
it's
not
a
commitment.
You're,
not
you're,
not
necessarily
making
a
commitment
to
to
spend
a
certain
amount
of
time
or
or
to
solve
a
certain
number
of
issues
or
anything
like
that.
It's
just
you
know
a
thing.
B
That's
engaging
to
contribute
to,
or
maybe
there's
maybe
you
know
if
you
do
find
places
to
use
peniped
at
your
job
and
there's
particular
features
that
are
missing
or
bugs
that
you
run
into,
and
you
can
find
time
here
and
there
to
do
little
things,
but
you
know
never
never
feel
like
you're.
You
know
on
the
hook.
B
D
I
think,
maybe
maybe
we
can
all
be
on
the
lookout
for
things
that
we
think
raja
might
be.
We
could
reach
out
on
slap.
We,
if
you
think
of
any
point
to
point
out
the
issues
to
you.
I
think
one
of
the
possibilities
that
comes
to
mind
off
top.
My
head
is
that
you
mentioned
you
enjoyed
working
on
documentation
for
open
source
projects.
D
G
G
B
B
G
B
B
That
yeah
I
mean
yeah.
We
would
like
to
be
as
like
the
the
coop
that
pentapet
is
the
thing
that
you
find
as
a
kubernetes
user.
When
you
say,
like
you,
start
searching
for
how
do
I
set
up?
Google
login
on
my
kubernetes
cluster
benefit
and
here's
here's
the
guide
to
how
to
do
it
and
you.
Hopefully
it's
easy.
You
just
install
piniped
and
you
know
configure
it
and
it
all
works.
So.
B
So
the
way
that
we
built
the
concierge
right
now
means
that
you
can
only
log
into
pennipet.
You
can
only
use
pinapple
to
log
into
a
cluster
if
the
cluster
is
a
special
kind
of
cluster.
It's
it's
a
special
kind
of
cluster
where
the
control
plane
node
is
accessible
inside
the
cluster
which
covers
software,
isn't
it
yeah.
C
B
Self-Hosted
is
the
kubernetes
word
it's
like
you
know.
A
kind
clusters
are
like
this.
A
lot
of
the
vmware
distribution
clusters
are
like
this
rancher
clusters,
like
this
openshift
clusters
like
this,
but
it
doesn't
include
any
kubernetes
cluster,
so
you
can't
use
piniped
today
on
aks
eks
gke
clusters,
because
they
don't
have
that
property.
B
So
that's
the
summary
and
I
don't
think
we'll
get
there
like.
I
said
I
don't
think
we'll
really
ship
this
in
the
next
release,
or
probably
the
release
after
so
I
think,
in
my
mind,
like
zero.
Five
o
is
probably
really
solving
the
multiple
pinnipeds
issue
and
then
zero
six
o
is
probably
solving
the
any
kubernetes
cluster
feature.
B
So
I
added
this
item
here,
but
I
actually
don't
have
any
really
specific
ideas
about
what
we
can
do
so
reg
dot
just
for
like
transparency
here.
So
we
have
the
pinafed
repo
and
the
pentapet
repo
is
public,
obviously,
and
it
has
all
of
our
tests
in
it
and
when
you
open
a
pr,
you
get
commit
status,
update.
B
B
Is
that
it's
not,
so
I
don't
think
it
might
have,
so
I
don't
think
it
has
secrets
in
it.
That
was
maybe
the
fear
is
that
maybe
we
had
some
kind
of
secrets
that
were
part
of
the
definition,
but
beyond
that,
there's
there's
a
mix
of
there's
a
mix
of
definitions
in
that
repo
of
things
that
are
testing
the
open
source
project
and
things
that
are
really
testing
internal
vmware
integrations,
which
are
not
interesting
to
the
community.
B
Is
how
we
deliver
the
software,
the
pack
yeah
the
release
pipe
packaging
pipeline
stuff,
which
could
be
that
could
be
public.
Actually,
I
wonder
if
we
could
actually
split
try
to
split
those
things
to
some
extent,
even
if
they
all
kind
of
ran
the
same
way,
even
if
they
were
all
deployed
onto
concourse
the
same
way
as
they
are
today,
but
actually
they
just.
B
D
B
B
B
B
I
guess
a
discussion
here
is
that
we
have
been
doing
project
planning
on
github,
but
before
that
we
were
doing
project
planning
in
another
tool,
we've
been
trying
to
figure
out
the
right
way
that
we
can
maintain
really
good
focus
and
prioritization
as
a
team
and
also
be
really
transparent
about
what
we're
working
on
and
what
our
priorities
are.
And
so
I
expect
that
we're
going
to
figure
more
of
that
out
in
the
next
few
weeks
and
and
have
a
better
like
shared
vision
for
how
that
how
that
works.
B
A
Awesome-
and
I
just
want
to
say
thank
you
again
to
roger,
like
it's
very
helpful,
to
have
you
on
here
and
really
excited
to
have
you
part
of
the
community
thanks
a
lot,
and
this
will
be
posted
on
youtube
as
well.
Just
you
know,
so
you
can
go
back
and
look
at
it
and
review
anything,
and
I'd
also
like
to
get
your
feedback.
If
you
want
to
think
on
it
on
how
this
meeting
went
for
you,
if
there's
anything
else,
you
would
like
to
add
from
a
community
member
perspective.