• Armada seems to be working locally on the stretched k8s, and we are investigating the auth components needed to send tasks to another cluster
• We are actively debugging/trying to understand EOS user authentication. 
  • Kerberos nonstarter, X509 might be tricky because the EOS containers are all EL7 (!) and we're trying to understand the CA/cert situation
  • "plain" OAuth2 deprecated, with support shifting to SciToken-based auth
  • Not quite clear how to bridge the gap from Keycloak to SciTokens, still working on it
• Coffea Casa JupyterHub should be working on https://coffea-casa.hl-lhc.io/ , with caveats..
  • Must have a UChicago AF account already, to get your /home, /data, and access to HTCondor
  • Still working on:
    • General ATLAS users coming from IAM without a UChicago AF account
      • Only get Jupyter, no persistence
      • Probably will crash right now if you try it
    • HTCondor pool on the stretched cluster
    • Mounting NFS/Ceph over the WireGuard interface within K8S
      • Jupyter limited to UChicago nodes at the moment, where we can mount locally