►
From YouTube: This Week in Cloud Native: Episode 1 Part 2
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
All
right
moving
forward,
so
there's
a
cve
this
week
for
cbe
2021
25736
for
a
cube
proxy
load,
balancer
contention.
This
is
actually
for
window
if
you're
running
kubernetes
on
windows.
So
this
is
this.
This
may
affect
you.
It's
a
medium
version
and
I
think
it
looks
out
like
flip
balancer
does
not
set
load
of
balance
or
ingress
ip
field
clusters,
where
load,
balancer
controller
sets
the
are
unaffected.
A
Unexpected
processes
listening
on
the
same
port
by
the
load
balancer
service,
could
indicate
exploitation
of
this
issue.
It
should
be
investigated
so
in
this
way
I
think
you're
able
to
like
take
over
or
maybe
impersonate
the
correct
endpoint,
and
then
you
would
actually
be
able
to
attract
traffic
to
your
to
your
your
hijacked
load
balancer.
So
that
should
be
interesting
seems
like.
It
only
affects
windows.
A
The
next
one
up
is
a
security
issue
was
discovered
in
kubernetes,
where
a
user
may
be
able
to
redirect
pod
traffic
to
private
networks
on
a
node.
Kubernetes
already
prevents
creation
of
endpoint
ips
in
localhost
or
link
local
range,
but
some,
but
the
same
validation
was
not
performed
on
endpoint
slices,
and
so
this
is
actually,
I
think,
a
defect
in
endpoint
slices,
specifically
fixed
versions
are
already
out
to
mitigate
this
vulnerability.
A
A
A
This
was
reported
by
jordy
versmussen
through
our
blog
pony
bug,
bounty
program,
very
cool,
so
it
looks
like
they've
already
got
a
fish.
We've
already
got
fixed
version
out,
and
it
looks
like
if
so,
if
you're
using
the
java
client,
there
may
be
a
cbe
that-
or
there
is
a
ce
that
could
actually
that
isn't,
sanitizing
inputs
correctly
and
that's
my
that's
from
was
posted
by
tim.
That's
an
interesting
one.
A
A
A
time
to
time
to
time
to
check
the
time
to
first
use
attack,
and
so
it's
a
timing
attack
and
it
lets
you
effectively
use
run
c
to
do
assembly
traversal
into
and
and
change
what
has
been
mounted
from
when
it
was
originally
first
checked.
So
I'm
going
to
do
a
whole
episode.
I
think
on
this
particular
cve,
but
it
won't
be
until
probably
maybe
the
next
episode
or
possibly
the
episode
after
that.
A
I
think
it's
really
important
that
people
patch
this
stuff
and
I
think
that
and
there'll-
be
a
blog
post,
a
kubernetes
blog
post
coming
out
and
lots
of
other
information
about
this
coming
up
soon,
but
suffice
to
say
because
of
this
runc
cbe,
if
you're
using
container
d
as
your
container
run
time
or
if
you're
using
docker
as
your
container
runtime,
it
may
definitely
behoove
you
to
go
ahead
and
patch
whatever
it
is,
that's
providing
1c
and
get
that
fixed
up,
pretty
quick,
so
definitely
an
important
one.
A
Cncf
things
what's
coming
in
the
cncf
we've
got
a
few
different
sessions
coming
up
this
week.
I
should
I
should
actually
change
this.
This
will
just
be
a
summary
and
it
won't
be
weekly
it'll,
be
every
two
weeks
and
maybe
I'll
actually
include
programs
that
have
passed
and
also
the
ones
that
are
coming
up,
and
so
some
of
the
cncf
online
programs
that
are
coming
up
are
matt
stratton
from
palumi
talking
about
using
your
favorite
programming
language.
A
To
build
your
dream
cloud
native
platform,
we
have
tackling
customer
issues
in
cloud
native
environments
by
eleanor
sperry
from
workout
cloud
native
policy
enforcement
with
open
policy
agent
from
anders
ekdert
and
the
styra
and
persister
data
and
ephemeral
kubernetes
ecosystem
with
eric
zeitlow
and
maya
data.
If
you're
interested
in
any
of
these
online
programs,
definitely
just
click
through
and
go
be
a
part
of
them
lots
of
interesting
stuff
there.
A
If
I
click
on
one
of
them,
you
can
see
basically
what
this
does.
It
takes
me
to
the
cncf
community
groups
page,
and
this
one
is
already
recorded.
It
looks
like
and
so
you'd
be
able
to
watch
that
live
on
youtube,
and
if
you
have
questions
the
person
to
reach
out
to,
for
those
sorts
of
things
is
definitely
the
person
that
I've
linked
here.
So
in
this
case,
you
could
reach
out
to
matt
stratton
or
any
of
the
other
folks
in
those
in
those
lists.
So
that
is
what's
happening
in
cloud
native
this
week.
A
That
was
a
lot
of
data.
I
hope
that
some
of
it
showed
up.
I
know
that
I
know
that
I
was
like
frozen
for
a
little
while
and
I'm
not
sure
what
happened
there.
That
was
kind
of
weird
but
looks
like
we're
back
in
play
here,
so
this
wednesday
I'll
be
participating
at
the
austin
kubernetes
meetup,
with
crutch
and
my
friend
jason
de
daveris.
A
So
we're
going
to
see
two
awful
geeks,
possibly
more
than
two
alpha
keys,
talking
about
different
things
and
at
that
meet
up
I'll,
be
presenting
like
how
to
use
cube
adm
to
do
to
as
a
playground
for
studying
for
the
ck
x
certificates,
so
definitely
check
that
out,
that'll
be
a
fun
one
I'll
be
doing
more
talks
coming
up
as
well,
and
then
the
next
thing
that
we're
going
to
dig
into
today
is
a
an
open
source
project
of
some
kind,
and
so
today
I'm
actually
going
to
dig
into
mini
cube
because
and
I'll
tell
you
why
this
is
actually
kind
of
an
interesting
thing.
A
So
I've
been
working
at
isovalent,
and
that
means
I'm
working
on
a
cni.
That's
called
psyllium.
If
you
haven't
checked
out
psyllium
definitely
do
so.
It's
a
very
cool
cni
psyllium
is
because
psyllium
operates
at
like
the
evpf
layer.
It
means
that
it's
probably
better
for
us
to
make
sure
that
we
have
a
linux
kernel
for
each
of
your
kubernetes
notes,
and
that
means
that
for
my
particular
environments,
I've
been
trying
to
figure
out.
You
know
kind
of
a
reasonable
way
to
create
a
multi-node
cluster
where
each
node
has
its
own
kernel.
A
A
I
have
to
tell
you:
it's
been
a
while
it's
been
a
while,
since
I
actually
took
a
look
at
minicube,
and
this
is
actually
why
I
kind
of
highlighted
it
in
this
session,
because
I
think
it's
definitely
worth
highlighting
mini
cube
as
an
open
source
project,
or
you
know,
as
part
of
the
this
stuff
has
actually
come
really
quite
far
since
the
last
time
I
looked
at
it
the
last
time
I
looked
at
it,
it
didn't.
A
Actually,
I
think
it
was
actually
already
using
cube
adm
as
a
bootstrapper,
but
there
were
a
lot
of
other
things
that
it
did
not
do.
For
example,
it
couldn't
give
you
multiple
nodes
and
I
don't
think
at
the
time
we
even
had
the
idea
of
profiles
right,
so
you
couldn't
create
multiple
clusters,
so
there
was
lots
of
stuff,
for
example,
that
I
didn't
do
so.
A
I'm
going
to
show
you
my
my
flow
we're
going
to
work
through
my
flow
for
spinning
up
a
company's
cluster
with
psyllium
and
we're
going
to
play
with
that
a
little
bit
to
kind
of
show
that
off
and
show
like
what
you
can
actually
do
with
mini
cube.
Now,
because
I've
been
incredibly
impressed.
A
A
So
in
my
particular
case,
I'm
actually
going
to
go
ahead
and
we'll
change
that
memory
setting
because
that's
too
low
it
has
to
be
at
least
1900.
I
think
it
is
so
we'll
do
mini
cube,
config
set
memory,
1900.
A
And
if
we
do
mini
cube
config
view,
we
can
see
that
it's
1900
now
and
that
stands
that'll
be
megabytes,
I'm
actually
also
using
the
kvm
driver,
and
this
is
because
I'm
actually
using
kvm
as
my
virtualization
on
my
linux
laptop
here
and
then
bootstrapper,
there's
actually
a
few
different
bootstrappers
and
I
think
it
might
be
worth
checking
out.
If
you
are
unaware
of
this.
This
actually
kind
of
impressed
me
so
on
the
bootstrapper
side,
I'm
gonna
cue
config
well
help.
A
A
A
A
A
A
A
So
we're
using
the
kvm
driver,
you
can
use
virtualbox,
you
can
use
docker,
there's
a
bunch
of
different
drivers
that
you
can
use
for
this
stuff,
we're
going
to
use
the
cube,
adm
bootstrapper
and
then
for
the
container
d
run
for
the
container
runtime.
We
can
actually
specify
whether
to
use
docker
container
d,
podband,
there's
a
variety
of
different
container
runtimes.
You
can
use
in
the
image.
So
let's
go
ahead
and
check
this
out.
So
let's
do
mini
cube
start,
and
then
this
was
something
I
learned.
A
So
if
you
do
dash
p,
you
can
specify
a
profile,
and
that
gives
you
the
ability
to
name
the
cluster
whatever
you
want
right.
So
we'll
call
this
one
c1
and
then
the
other
thing
that
blew
my
mind
lately
is
that
you
can
actually
also
specify
how
many
nodes,
so
I'm
going
to
create
two
nodes
here,
I'll
give
two
cpus
to
each
one
of
them
and
I'm
gonna
give
them
their
own
name.
I'm
gonna
give
this
guy
its
own
named
network
that
I'm
gonna
share
with
another
cluster,
so
we'll
call
it
mesh.
A
A
A
A
A
A
All
right
there
we
go
so
now.
If
we
do
kettle
get
nodes,
you
can
see.
We
have
two
nodes
and
we
have
a
status
of
not
ready
and
that's
because
I
said,
don't
use
any
cni.
Now,
there's
an
interesting
bug
in
in
in
mini
cube
right
now,
where,
because
of
the
way
that
podman
is
installed,
if
you,
even
if
you
say
cni,
not
false,
it
will
install
that
podman
cni
configuration
to
disk
and
it'll
be
sitting
in
etsy
just
ssh
in
here,
and
I
can
show
you
what
I'm
talking
about.
A
A
So
when
mini
cube
like
bundles
pod
man
as
part
of
a
pos
as
a
possible
containerizer,
it
also
included
this
like
default
configuration
for
the
pod
men
bridge,
and
I
did
not
want
that.
I
wanted
it
to
be
empty.
I
wanted
there
not
to
be
anything
in
there.
So
how
did
I
fix
it?
You
say
this
is
actually
pretty
neat
so
pot,
so
mini
cube.
Has
this
idea
of
syncing
files
into
the
virtual
machine
and
the
way
that
it
does?
A
So
that's
what
we've
got
here
right.
We
got
a
psyllium.
We
have
a
cluster
ready
for
a
cni.
Nothing
is
running
cni
wise
at
the
moment.
A
If
we
do
cube
kettle,
get
pods
dash
a
we
can
see,
for
example,
that
core
dns
is
pending
and
it
will
remain
pending
until
it
is
until
there
is
a
cni
and
that's
because
the
core
dns
is
part
of
the
it's
part
of
the
it's
part
of
your
pod
network.
It's
not
part
of
your
host
network
right.
All
the
rest
of
these
are
actually
like
running
as
as
as
as
part
of
the
host
network,
they're
basically
running
as
hostnet.
A
A
This
person
cube
proxy
is
running
over
here
on
136,
and
if
I
do
cube
kettle
get
nodes
dash,
oh
wide,
you
can
see
those
ip
addresses
right
are
the
host
ip
addresses.
So
these
are
the
ip
addresses
of
the
virtual
machines
that
are
running
not
of
the
pods
that
are
running.
The
pods
are
just
using
the
network
stack
of
the
underlying
host.
A
A
You
could
use
calico
flannel,
whatever
you
want
and
actually
there's
a
bunch
of
built-in
cni's
in
mini
cube.
So
if
you
don't
want
to
explore
like
some
other
cni,
this
is
just
important
to
me
for
my
work.
But
if
you
wanted
to
use
like
flannel
or
calico
or
any
or
even
psyllium,
you
can
actually
just
specify
cni
and
then
the
name
of
the
cnl
you
want
it
to
come
up
with
and
minicube
will
configure.
All
of
that
for
you
pretty
cool.
A
A
So
we
can
see
the
cilium
bits
are
starting
to
come
up.
We
have
one
of
our
psyllium
pods,
another
cylinder
pod
and
then
the
helium
operator
all
doing
deployed,
and
if
you
do
psyllium
status
you
can
see
that
it's
up
and
running
and
then,
if
I
do
cubekittle
get
pods
dash
a
again
I'll,
be
able
to
see
that
now
that
I
have
a
a
cni
installed
core
dns
is
running
and
if
I
do
cube
kit
I'll
get
nodes,
I
have
my
nodes
specifying
that
they
are
in
a
ready
state.
A
A
A
A
A
Mesh
there
we
go
so
this
is
using
kvm
again,
so
I'm
using
the
verse
command
line
to
kind
of
interact
with
the
kvm
configuration
of
things
and
I've
done
a
list.
I've
tried
to
I've
told
it
give
me
the
network
information
for
the
network
that
is
named
mesh
and
in
this
output.
I
can
see
that
the
bridge
associated
with
that
mesh
network
is
vr,
vir
br1,
and
then
I
should
be
able
to
do
things
like
brctl
show
vir
br1.
A
So
that's
some
of
the
stuff
I've
learned
about
minicube
this
week
and
I
think
it's
actually
pretty
neat.
So
there's
a
couple
other
things
c1
and
then
you
can
actually
give
it
a
name
of
the
node
that
you
want
to
jump
into,
and
so,
if
you
want
to
ssh
into
different
nodes,
if
you
just
like,
don't
specify
one
it'll
still
work
you'll
be
able
to
jump
in
and
you'll
be
on
the
control,
plane,
node.
A
A
And
there
we
go
so
this
gives
me
an
ability
to
kind
of
jump
into
either
of
my
two
nodes.
Each
of
my
nodes
has
its
own
kernel,
because
it's
actually
running
as
a
virtual
machine,
so
I
don't
have
to
worry
about
that
part
of
it.
It
gives
you
quite
a
lot
of
configurability
now
resource
wise.
It's
not
going
to
be
nearly
as
efficient
as
something
like
kind
where,
where
these
are
just
where
all
of
the
kubernetes
all
of
the
processes
running
inside
of
a
cooper
news
cluster
are
running
inside
of
a
container
right.
A
We
have
one
linux
kernel,
all
those
processors
are
basically
just
name-spaced,
but
at
the
same
time,
if
what
you're,
trying
to
troubleshoot
or
interact
with
requires
things
like
you
know,
has
some
requirement
where
each
of
the
nodes
have
their
own
representation
of
a
linux
kernel,
then
this
is
a
way
of
doing
that
right.
Some
other
examples
of
why
you
might
want
that.
Like
I,
I
want
that
for
psyllium,
but
other
ways.
Other
reasons
you
might
want
that
is
for
for
things
like
if
you're
doing,
sc,
linux,
testing
or
any
sort
of
like
enforcement.
A
At
that
point,
if
you're
doing
app,
armor
testing
things
that
actually
require,
like
a
kernel
layer,
kind
of
abstraction,
that
sort
of
stuff
that'll
be
where
it
really
comes
in
that
you
really
want
like
your
own
kernel
for
it
but
yeah.
That
is
what
I
had
for
you
today.
So
I
look
forward
to
seeing
you
again
in
two
weeks.
A
Definitely
come
check
it
out
and
hang
with
me
again
in
two
weeks
again,
there's
so
much
great
content
coming
out
this
week,
there's
a
new
show
every
day,
there's
been
a
lot
of
really
great
content
already
on
cloud
native
tv
and
a
lot
of
those
recordings
are
up.
So
if
you
want
to
check
them
out,
definitely
do
so.
I
realize
that
I
have
to
fix
this
problem
like
I
have
definitely
got
a
a
css
issue,
because
I
can't
see
your
text
inside
of
the
chat
there
but
yeah.
A
Thank
you
for
joining
me
and
if
you,
if
you
have
content
that
you
would
like
me
to
talk
about
in
two
weeks
at
the
at
the
next
version
of
this
particular
show,
definitely
like
I
said
just
jump
into
hackmd
io,
slash
at
twicn
and
you'll
be
able
to
see
next
week's
notes,
or
the
next
shows
notes.
Zero,
zero,
threes
notes
and
you'll
be
able
to
add
links
and
that
sort
of
stuff
that
you
want
me
to
talk
about
and
so
feel
free
to
go
ahead
and
do
that.
A
A
Definitely,
let
me
know
keep
me
in
the
loop
I'm
happy
to
talk
about
that
stuff
and
enjoy
your
incredible
week.
Thank
you
all.
So
much
for
tuning
in
and
I'll
see
you
and
I'll
see
you
in
two
weeks
and
make
sure
you
subscribe.
Yeah
subscribe
to
cloudnativetv.
So
you
know
those
things
are
coming
so
thanks
again
and
I'll
see
you
next
time.