Add a meeting Rate this page

A

Good morning, good afternoon, wherever you are.

B

Morning, taylor.

A

Hi phil.

B

Good morning,.

A

Hotel.

A

We'll get started in a few minutes and leading today should be joining any minute now.

C

Morning, everybody.

A

Good morning,.

D

You.

D

Right, it's five o'clock, it's time to start.

D

um Okay, um first question: um I know.

C

What my vote is, but uh I see we've got a holiday coming up um the labor day holiday on the 6th of september. uh Anybody feel that they want a meeting on the 6th of september or that they don't.

B

uh Being as the agenda is empty even for today, it seems obvious uh all right.

C

Well, we'll take the we'll take the skip, um I'm good with that I'll blame you.

C

All right uh standard um thing that keeps coming up uh cube: common, o nes in los angeles, I um don't know who's going and who's not, but we do have our deep dive session on the working group itself. uh If anyone's got any other sessions, they think are going to be relevant to members, then um stick them in here um so that we all know what's coming up. um Otherwise um yep, it's it's there don't forget about it. uh We also have uh the mobile world congress los angeles, coming up at the end of october.

C

um I have no idea who's planning on going to that. Even but, um if again, there's any interesting things going on there that you think are worth no letting the members know about then um do go ahead and tell us what's going on.

B

I do have a general question about kubecon. um I've had I've never had luck with uh kubecon right now I had two different talks that were not accepted, one, which was a joint talk with ericsson.

B

um Any insight about you know how kubecon is willing to accept telco. I have a feeling they think. Oh, the telco stuff should go in o and yes and not in kubecon, but that just might be my guess. I I really don't know does. Does anybody here have some insight.

E

Yeah, it's it's always been really difficult, getting telecom talks into into kubecon. So your experience there is not uh is not isolated.

C

All right, thanks yeah, I think you have to remember that kubecon's audience is very, very broad, so um you know we're always at a disadvantage. They're talking about a very small subset of users compared to the entirety of. What's going on, imagine you could have said the same with openstack and openstack. At least we used to manage to get talks in um so.

A

Terminology is a blocker too, and I've seen a few of the submissions that that it looks like it would go into one es and I'm I'm guessing openstack being that there's a lot of development that was happening at the time. Use you'd have known terminology.

A

But if you have someone that's doing reviews that doesn't even see where.

C

It fits and yeah well also. uh Coupe comes twice the size that the openstack summits were even at their peak. So um again it's um much more overloaded with talks. I think so they're looking for broad appeal um to try and you know get to as many of that audience as possible.

C

uh Only s obviously is much more focused on specifically the users that we care about, um but obviously less focused on specifically the software that we're dealing with. So um it's a also an odd combination, but that's where we stand um yeah I mean I totally agree, um and I don't know um that the I don't know who does the reviewing of talks for kubecon or how they select that panel.

C

um Perhaps next time round, we try and establish that a little bit earlier or maybe maybe get our fingers in the pie and get a reviewer on the panel. um That would probably get us a bit further.

E

Yeah.

C

Okay,.

E

Go ahead, yeah, so I've I've been a part of these particular of of a couple of these things for kubecon and they usually will pull between six to eight people through the industry to do a vote, and then they'll get two people to chair it. Who then uh do the the final selection, but uh generally there is a networking track, uh but one of the things they then they did historically, which should help in future kubecons.

E

Is they finally split service mesh from from networking, so networking would only have would have a relatively small number of available slots and then, when you mix it in with service mesh, it was pretty difficult to get anything that was actually networking related into the networking track.

E

So I think there are some things that can improve, but they do have a. They do have a process for for feedback on some of this stuff. So I would recommend that we uh develop a little bit of feedback on some of the things that we're struggling with and respond to them so that we can get a better structure in the future. Where we can, we can get toxin that are related to to this particular industry.

C

Bill as I'm on the inside, what have you got to say on the subject.

E

Yeah, so I dropped a link in the chat um talking, and this is from the latest kubecon it's talking about uh the selection process and kind of like all the numbers behind it. um I think what frederick said is like also true that it's um yeah, it's good yeah, going into the numbers. The acceptance rate is low, but I think it'll be helpful if they split out now that, like service mesh and networking are sold out because they're two very different topics.

C

Right, okay, um I'm gonna keep that for later later examination, but um let's see uh right um the uh as I say, the o nes obviously is a better target for the things that we're talking about in a in one way. um So um again I don't know if anyone knows speakers at the only s or specifically relevant talks, but again, if you want to get them a little bit of free advertising, then make sure you tell us what's going on um and we will keep an eye out for that.

C

Then we can go and heckle. um I also don't know how many of you are actually planning on attending in person and I suspect anyone's plans at this point in time are subject to change. um Speaking personally, I'm likely to be out of the country at the time that it happens, which may have been arguably poor planning but we'll see how this works out. uh My plans might change just the same as everything else. um Okay, since nobody wants to talk about anything else.

C

I stuck in a note there about least privileges, because uh taylor- and I have been riffing on this for a few weeks at this point- to try and establish the whys and the what um we've got the review already out there for the best practice, but the best practice obviously didn't have any justification. It was just his best practice and we'd like to have use cases that speak to best practices.

C

I'm not sure the document we have is exactly a use case yet, but it is a a wide variety of thoughts on the subject and I have a link for it. I hope.

D

That one.

D

Maybe that one yes.

C

That one, so um this um taylor, you said you've made it public, did.

A

You yeah, this is in the um cnf working group.

C

Google drive right, it's got all of our notes from from the various meetings we've had, um because we've been talking about this sort of offline for a few weeks at this point, um but we tried to break this down to um uh at least some of the whys and the wherefores. I I think, what's clear here is this? Isn't a use case in the sense of this is a specific thing that a telco would want to do it's more.

C

A use case in the sense of um least privileges and acceptor is a widely accepted principle for the purposes of um uh well, among other things, security, but also stability, um and we were trying to basically frame that up into in terms of the advantages it would bring in the specific problem space that we have and the reason that the problem space makes it difficult to uh to deliver, um based on the fact that we're doing specific networking applications and they bring a range of problems where privilege is often called for.

C

um So to begin with um least privilege. The reason I would suggest that it was it's important is because, if you're trying to work with a platform and a selection of applications, then you break isolation. If you give any of the higher privileges that are going on, what you know, we would call a privileged container is obviously a privilege, but it's only one form of privilege. We've talked about root users in containers as well, both of them.

C

uh Well, specifically, the platform privileges tend to break isolation between applications and application platform, and if you do that, then you start to lose the sense of a boundary between components and without a boundary without establishing what a component is trying to deliver. Then you run into the difficulty of working out where problems arise when they come up.

C

If I have a privileged application and it's got power to change all networking in the system and then my basic cni calico, whatever stops working then do I call the platform team because calico is a platform component. Do I call the application team because the application could have broken calico?

C

If I call the platform team, how do they establish that the application didn't do anything untoward that led to that breakage? It's least privilege basically isolates applications from each other and from the platform to the point that when you have a problem, you can point a finger at a team and say this was your component. You were responsible for it. You are the one who will be able to fix it for me who will be able to find the problem as soon as possible.

C

So I think that's an important reason. Why sticking to the least quantity of privileges necessary to get things working is beneficial uh protection. I mean this one's the one that's been coming up in the uh in the use in the best practice more, but it's only one part of the problem.

C

Protection is basically saying that if problems uh arise, then least, privilege is a means to stop them escalating from you know a small security breach to all of your customers, basically being sold on the dart web, which apparently is a popular hobby at the moment, since it's happened to see two service providers in the last week um and um yeah, if you try and keep components within their boxes, then um there is much much less likelihood that they will get to data that you thought was well separated from from the box.

C

That's been compromised, um I think we've established previously. That um least, privilege is hard for us to implement. There are a lot of things that we want to do with networking um that tend to lead to um asking for privilege, um particularly capsis admin as one example, um but other things are set up in such a way that having root privileges over the containers file system is, you know, necessary to get things working.

C

It doesn't mean to say that those things can't be fixed by relatively straightforward means, but I think we have to establish to begin with that. They do need fixing that simply grabbing the root user and having right right access over the whole file system or file access over the whole file system is, is a dangerous thing and not 100 necessary to making your application work.

C

um Basically, educating developers- and I think developers here- are one of the larger audiences for this educating developers that there are options available to them. That isn't a blanket statement that oh yeah just grab privilege, because you know you'll never ever be able to work without it.

C

um I'd broken out some of the things that came to my mind um and taylor as well. I shouldn't take all the credit here um for um problems. One of them is uh performance.

C

The performance of an application in a networking world is tied up by the fact that you've got a lot of packets coming in on a regular basis that you have to get rid of before more packets come in because you know the world doesn't stop and traffic doesn't wait for you to process it. um So there is an a calculation here that I've done in front of people many times before now within my company and two customers that I work with, but um I thought it was worth writing down here.

C

It's a very academic thing to consider in the sense that you know. Yes, I have to basically do numbers and make calculations, and you can rework these calculations for yourself. If you want but effectively, we are not serving websites where a user will, you know, accept anything that turns up within a second.

C

uh We are moving packets and if packets don't get moved in milliseconds, then packets get dropped. That isn't the level of performance. That platforms are typically optimized for, because that isn't the level of performance that anyone else requires.

C

They almost certainly won't say no, but it's never very high on their shopping list to get things turned around in half a millisecond and it makes a difference to um the tuning of the application, and it typically means that grabbing high level privileges so that you can prioritize your components over or your most critical components is.

C

You know often seen as necessary.

C

um And then a wide ranging list of networking behaviors.

C

um The document explains this in more detail and if I sit here and talk through the entirety of the document, you're all going to get bored with me, but those are the ones that have a section in this document at this point in time, because they tend to be the ones that come up that we've, at least in many cases previously discussed in these meetings and in the chat um to say that these are reasons why we grab privilege, because we're trying to do things that are out of the ordinary again doing them requires us to lay hands on rights that aren't necessarily well widely available to kubernetes applications.

C

In summary, I would say that it isn't so much that you can't do these things in kubernetes. It's often that using those platform grade, privileges is necessary because there isn't a finer grained way of getting exactly the right you need in order to get the task done. um You know I, if I want specific fine-grained scheduling behavior. I have no way of asking for that for the platform from the platform and the platform offers no concrete guarantees that it will happen as a matter of course, without asking for additional behavior.

C

Similarly, tau we discussed this last week. Sctp is an example.

C

Typically has a kernel module that you require in order to enable it there's no guarantee that the platform actually loads or includes that kernel module, and you were saying that in fact, in your case, uh you don't like to include it, because you consider it to be a security concern um and not me personally.

A

But.

C

Red hat yes, true enough, um I I am judging you by the company you work, for you can always leave if you don't like standing for red hat on the call, um so uh it it's often the case that what we're trying to do here isn't necessarily impossible. It's just not practical in the current world that we live in it. It may be that certain areas of the platform need enhancement to make this.

C

If not, you know not just possible but beautiful, elegant from an application design perspective, and I think, that's perfectly acceptable to say no one's saying that kubernetes is is polished and perfect is never going to change, but um yeah without setting down some ground. Rules like as sctp is an example that all platforms would load that module and include it or, alternatively, that there is a means to ask for the level of functionality that you're looking for. Then you get into difficulty, writing applications that consume it um again.

C

I can talk and talk and talk on this. It's an interesting topic, but this is a meeting where you're supposed to do the talking I'm supposed to share it. So um I don't know what your thoughts are on this uh or whether you want to give this document more study, either now or later on and see what you think.

B

um So I I read much of it and I think it's a great document. This is really useful.

A

I I.

B

Like these detailed discussions, because there's a lot to discuss um a quick note, you know we if we scroll up, I think the two aspects you identify that the principle gives us, which is um isolation and protection. um Well least, privilege does provide those, but if those are our goals.

A

There are.

B

Other principles that can provide that right. If our goal is isolation and say we do need to use, I don't know the root user. For some reason, um maybe the trick is not to think of it in terms of least privilege, but in in ways of how can we increase isolation? So just an example is kata containers right, that's or or google's g visor right there are if our goal is isolation and we can't achieve isolation using least privilege. Maybe there are other things we can do and of course, protection as I keep pointing out.

B

The whole field of security is far far more than this principle right. So there's a lot of ways to achieve protection and all the things that that are mentioned here. You know, in terms of um I I guess I'm saying these two topics, isolation and protection are worthy of discussion in and of themselves, without connection necessarily to this principle.

C

Yeah yeah, I I wouldn't disagree with that. I was trying to find arguments for least privilege, not arguments. That least privilege is the only way to do certain things.

B

Yeah absolutely.

A

Yeah al, what we want to end up with at some point is here is a practice that someone can implement and we can get to the many different practices that you can have out of us, especially if you said we want to follow security practices. Well, that's going to be a wide set, so we're trying to narrow it down so that we can end up with some, but it doesn't mean as a group. We must focus on least privilege and we must focus on non-root. It's just the first of many things.

C

I think I mean taking up your points about cater containers and g-visor. Then the question would be in both cases um the experimental method here, which is: why are people not using these things to implement cnfs, um which I don't think they are? I mean I certainly haven't seen it if they are the right thing to do. Why is it that it's not occurred to anybody?

C

um Could you implement a cnf with them, um so you you could take that forward and ask yourself um from an experimental basis, what's putting people off from a practical basis, um sort of tied to the experimental but more more again, academic in nature is. Could you implement a cnf with either of those technologies? Is there something that completely forbids you or prevents you from from writing a cnf using those technologies, and certainly it's not going to be as easy? There are certain hurdles to overcome like the way again in which we access the network.

C

Could you access the network in with either of those technologies in place, um but those are topics again we could explore independently. um Your point is correct, though, that both isolation and protection. You could ask yourself for something that nominally provides isolation or protection.

C

Is it a reasonable option to give you a better platform than the one that we're currently looking at.

B

um So so to keep it on topic of you know in this specific lease privilege principle we're not talking only about not using root user, that's one way to reduce privileges but, for example, to make sure that all your files are right protected, or you know that the the the mod attributes are all you know just for your user things like that, there are a lot of little things that you can do that um are easy right.

B

um It's different than you know wanting to so I guess I'm separating there's the notion of the privileged keyword right for pods. That makes them privileged containers, but we're also talking about uh general operating system privileges right uh reading.

A

Right, which is this this section, is the general tell um right if and can you scroll down to um the section thursday june 15th, which you could also find on the left, but.

A

Yeah there we go so um tell this section has a whole list of potential practices that are all somewhat related to this area. So no rooting container would just be one that we picked right now running a container with the privileged flag or not running. It would be another practice, but there's a lot of different ones. Pods should not mount host directories as volumes. These are just practices and we have them if we don't need to go through all these sections, but whoever wants to read it.

A

um The other sections where we're talking about least privileged or non-root or whatever a topic may have a thought, may have come up like what you're saying to alan saying what about this, and this we'll write those down the this principle of least privilege is the general yeah and.

E

Probably.

A

End up with a whole set of practices that reference whatever this is called like ian was saying: it's not exactly like a user story right now. We may end up with some user stories in it, but it's, I think, what we're gonna probably have more than that is a write-up around the the general principle of least privilege, and then we can have a whole set of practices that come out of that, and maybe references to other other topics around isolation and protection tell we could have those just referenced to other documents.

A

uh Isolation itself may be like a focused uh use case on the need for isolation and protection.

C

Yeah, I I mean you know because you've seen what we've been presenting over the course of the weeks, you'll notice that we've been working backwards, pretty much from the beginning right. We should not use rooting. Containers therefore, there's a reason for that, and we should figure out what that reason is and so on. It's kind of it's a strange way of approaching it, but the problem is that you, you kind of, I would say, as a developer.

C

The idea of using the least quantity of privileges is is ingrained in what you do at this point in time. um You know you should sometimes it's a little difficult to articulate the reasons why you feel that's a good thing, so you know because it covers a whole bunch of stuff. So having we started with no written containers, you can see if you follow the timeline up from this meeting that we had a couple of weeks ago, back upwards, then you'll find well it's right.

C

Okay, so that's one point of least privilege what other least privilege practices amount to again least privilege here's a long list. Then it's like okay. Well now let us work out the broad statement of why least, privilege is sensible, which is the document that we, or or at least the skeleton that we have in in the latest round that we were discussing, which literally was half an hour ago at this point um to to get to why these least privileged rules are actually being helpful.

C

um But yeah I mean it's a broad topic.

B

Can can I point another interesting tension here that I think it's pretty obvious, but everything we're seeing on screen right now, which is a great list, there's probably even more things we can add, but it's um none of this is specific to telco. This is just good.

B

This is a good principle for working on kubernetes and, of course, much of this document too. We deal into well the specific requirements with telco with networking, etc. um There. It's a tension here right in a way this. This part shouldn't be worked on just in this working group. These kinds of this idea of how to apply the principle and tips for doing it are general tips for kubernetes right. This shouldn't be owned by our working group to an extent, but then the telco requirements have to do with wealth. Sometimes we do need privileges.

C

The telco requirements, I think, emphasize the need for security, separation least privilege, because again, we've got requirements on performance where privilege will mess up any guarantee. You can promise.

C

um We are- and I know you've debated this particular point as well, but the general assumption here is that the platform is separated and supplied by someone different from the application, which isn't generally true of uh applications in the wider world right plenty of application teams and again we can pick on openshift here, but I think you'll find that uh people paying for platforms from third-party vendors are often then developing the you know: they're the application team paying for the platform, not an independent operator paying for the platform and an application from two vendors, which is the the concept that we're kind of expecting in the world of cnfs, and also the idea that we're running multiple applications from potentially multiple vendors and or development teams on a single platform.

C

These are the things that emphasize the requirement for least privilege over and above what other people might see, but you're absolutely right that most of these are best practices they're, just not so emphatically useful. In other people's problem spaces.

B

I'm not quite sure what to do with that, though, because we to an extent I I kind of wish this list, what we're seeing on screen right now would be open to other members of the kubernetes community. I know that's very huge. You know other industries that are involved.

B

This is an area where you know it. It seems perfect for collaboration. I I have no idea how to manage that exactly.

B

I wonder if it's in the general topic of the kubernetes security right, I think, there's a safe for security, yeah.

C

And if you look at what falco's doing then it's quite interesting, it's more on the auditing yeah the first. Do it then check it kind of side of things, but um absolutely it's clear that people have looked at this sort of thing before yes,.

E

Yeah audit and uh remediation like, if you start a shell in a container not expecting, then it can kill the pot as an example.

C

Yeah, which you know trust but verify, is a perfectly good thing, um but, firstly, you need to know what you're trusting them to do and I think this is again, maybe not the entire set of rules, but a set of rules. That's quite useful for that.

C

So well that it that being the case, then we're all basically talking without necessarily close insight into what's happening in the security um community. um Does anyone, assuming that none of us are actually there, then do we have any contacts over there that we go and sort of pick the brains of.

E

I show up to every one of their meetings and I'm involved in that space. So if there's a specific thing you want out of my group, I'm happy to make introductions.

C

I think yes, I'm not sure it's specific. I think it's more a general question of how we could benefit from their learnings, assuming that they've gone studied this rather more directly because it's their immediate focus, then I'm thinking that as tal says, there's probably other skills out there and more to the point. This list is not just for us necessarily.

C

I.

E

Recommend is you put together a short talk, maybe five to ten minutes worth put it on, put it on their calendar. The way you put it on their calendar is by opening a pull request against the uh against the security technical advisory group and give a talk and then ask for ask for help and see see what they say.

D

Okay,.

C

Let me get some minutes written up, but please keep discussing while I type don't. Let me stop you, the um the two.

E

People you can uh actually three people, you can ask for help there. um The first one is emily fox. The second one is brandon, loom, l-u-m and the third one is andrus vega and any one of them can help with uh with getting involved with that community as well and andrew.

E

So emily fox brandon, lum lum. uh Third person is andres vega,.

E

And uh 1m on what am I saying for loom? It's just one m perfect.

A

Andres is um involved, he works on uh spire and spiffy stuff.

A

And there project wise on the sick, the tag security. You have folks that are working on falco, which is the was originally from sysdig security company, and they it does run time. um Security checks as well as like pre-checks, and the people from the opa team um are also on that.

A

So I mean the tag. Security is one place and we could also reach directly out to the projects.

A

Test suite we're actually trying to talk directly with a few of them, because we're wanting to get utilize the tools for testing specific things. Falco has a some stuff around privilege, like the non-root user checks, uh checking for any root user and any process for all the containers running.

C

Yeah yeah, I I don't want to limit this to exclusively runtime checks. I think if we can get static analysis um as well, because static analysis is right, if you spot something going wrong at runtime, it's too late, because whatever you're running is probably not going to deal well with you just murdering things when it thinks it's about to get started, but um yeah.

C

We need both parts of this.

E

So they've also published two white papers, one on cloud native security and the second one on supply chain security, and there is a security controls group that, let me see if I can find the uh the spreadsheet for it, but in short, they have a spreadsheet that they're developing it's not finalized. Yet that goes over.

E

The uh variety of different security controls uh they're the purpose of that one was initially so they can give to groups like auditors or people who are building baselines so that they can work out um like a lot of a lot of people who are who are in that particular chain are not kubernetes experts, and so when they say something like is data and transit encrypted? It's like. Where do you start um or if there's?

E

If, if there's a policy saying you must have firewalls and then you're running kubernetes and there's no firewall on the edge of kubernetes, then why is kubernetes sufficient? What controls are there? That's sufficient that could help replace a uh a firewall which might be your ingress controllers or other similar types of things. So there's so there's a security controls group that is relatively new. That is also putting things together. It'd be good to go over the documentation.

E

That's been produced by that group to see if there's any other security related things that we could tie into it. If that's the.

C

Interest, yeah and- and I think you have to be careful with some of these statements because, for instance, encryption in motion as an example uh is um widely touted as an answer to uh security problems, um but it isn't always appropriate, depending on what you're doing if what your main job is is to move traffic as fast as possible with the least amount of cpu uh and encryption in mo and the traffic is moving over a network where it's mostly not encrypted before it comes to you then encrypting it. You know between your components.

C

As an example gets you absolutely nothing the? What I'm saying is that all security rules you have to put into context. They don't necessarily apply just because they've been written down once.

E

Absolutely and that's that's something that those groups are very aware of, but it's how do you articulate this in the way that someone who is not in that particular field, uh and we actually see this problem in the zero trust space? Quite heavily? It's like you, have one camp that says. Why do I need this? We have sufficient defenses already and then you have the the opposite camp, which is literally wow. I can put dates.

E

I can put dates in every single component of my system and check them every single time for every piece of communication every every moment of every day and which then you end up with uh extremely high granularity of, or you know, with very fine grain controls, but you also end up with something that uh cost so much from uh from a runtime perspective that you end up killing your availability and your cost goes through through the roof, yeah and so and then there's a wide spectrum in the middle.

E

Where there may be trade-offs, you can make on either side that land you into a secure or not secure, but into a more secure stance than we have today, without sacrificing uh security or or cost.

C

Or honestly maintainability, because obviously encrypting everything gets you less and less insight into what's happening every single time you do it, but um yeah there's always trade-offs in this. Well, actually, that's the wrong thing to say: there aren't always trade-offs in this, the ones that we should be recommending as best practices. First, the ones where you're actually not trading anything.

E

Yeah and you have to look at what's called the residual value at the end of the day, which is what is the thing you're defending? What is the cost of defending it? What's the value when you put those two of them together and like what's the remaining value of that information or data or so on, and so it very much people think, oh, it's just a technical thing.

E

No, it very much ties into a business need and if the security costs that are you're required to put in exceed the cost of doing business, then uh in some scenarios you may even ask: should we even be doing this in the first place so um or you? Maybe you? Maybe you go back and try to work out? Why is this thing so expensive because maybe maybe there's a better way to do it, or maybe the value that you place on something might be wrong, so I mean a lot of different places.

E

You can look but yeah. In short, uh all of this ends up trying to to the business at the end of the day, because some business leader has to make a decision on whether or not they accept the risk, whether or not they accept the cost uh or um or other stances that that are other types of actions are present.

C

Okay, so um next steps.

B

uh Who wants to prepare that 10-minute briefing.

C

I think we can safely answer nobody.

B

Well, to be honest, the document that uh e and uh taylor created is a great start if it can be boiled down to a few slides.

C

Yeah- and I think if we could focus it from away from here- is a shopping list of things that we we would want to do because, frankly, um I think we'd be uh teaching grammy to suck eggs at that point and uh keep it to the high level of why it matters or what is most important in a telco space which they might not have considered.

C

Then that would seem to be the way to present this. We want to be teaching things, they don't already know so yeah by the way.

E

In the future- and maybe this is something we could do through here- I would like to eventually do a more in-depth talk there that discusses things like the various 5g protocols and the security deficiencies that exist in some of them and that way that people become informed and they can then become part of that perspective. So, for example, the the the 5g user tunneling protocol that we end up using ends up the whether you're logged in or not is a bit.

E

It says this user has been successfully logged in, we set it to one, and then they gain access and unencrypted. So so the protocols themselves need to have something else. That's that's attached to them, or there needs to be some out-of-band thing or you accept, like you said, you could always accept the risk, um whether that's a good idea or not. It's probably not a good idea, but yeah.

E

In short, it would be it'd, be good to raise some of these type of things into those environments, because then the the security community at large could then brainstorm ideas that we could effectively do in the kubernetes space. That would move kubernetes from being just a hey. We can run this at higher density and lower cost, presumably lower cost to. We can run this thing with all those benefits, but also get a more secure stance because of things that kubernetes brings to the table, and that would be a very powerful message to push forward.

A

I would I'd like to get um this first best practice put forward with maybe a write-up on the least privilege that we understand into the github repo, and then we could present that to tag security and say this is we're trying to apply this to networking applications and take all of these um recommendations and put them out there and then ask for their help on that, so that we can say we're taking steps and we'd like to get your input versus not having a any type of a finish thing and saying we're waiting for you to do it or something would be different.

C

Okay, so I think we could probably do this in parallel to see how it works out. We can get this right up, um framed, documented committed and in the process of getting it frame documented committed. We could be writing up a few slides for the 10 minute presentation see how they come out as a pair rather than necessarily saying one, then the other would that work.

A

Yeah, I mean definitely write it. Like would do a presentation, an intro like what are we doing? What are where are we trying to go and then and then actually give an example of here's, one that we're working on and we've published, we'd like to add more and get your input on the ones that we're doing.

A

They can happen in parallel. The work can happen in parallel and I'm happy to help with both presentation, as well as.

C

Trying to get like writing five slides is going to take us very long. I think writing five. The right five slides might take us a bit longer, but if we again, if we, if we, if we make the attempt we'll see how far we're getting we'll see whether having any success.

F

So I haven't read the document, but one thing that I noticed is I haven't seen any examples: do you think that is important to have this one code example or something to use a way to exemplify uh some of the best practices or something or do you think that the way that it is is good enough for, for anyone.

C

I think what you're asking for is effectively the best practices that this suggests um yeah. I do think having examples is a good thing um that look here is what we often see a in practice here b is what you could be doing, and here is how to get to b. Yes, absolutely, um but that does sound like a best practice, because then we're making a recommendation of you should do this, but yeah I mean I I agree with you.

C

Examples are great and that's what we should get to we, we, if we write documents that are not comprehensible, then obviously nobody's going to use them so the simpler we make it the better. It will be.

C

Right, um we have nine minutes remaining. um We've talked about this there's nothing else on the agenda, but I wanted to throw it open to see if there's anything else, people wanted to talk about or any work they've been up to that they would like to kind of mention here.

B

um I've I've started working on my uh discussion for a networking orchestration, but uh nothing that I'll show public. Quite yet, it's still very early.

C

I'm really interested in that, and I very much like to see that as soon as you get the opportunity or as soon as you basically have something that you're not going to cringe with by every time you present it in public. I think that would be worth doing.

C

Any more.

C

One thing I think that came up in passing there, something frederick mentioned that you know some of these things are probably worth a you know, could benefit from a technical presentation of, however long um we always kind of get tied up with the idea that technical presentations have to go into kubecon and therefore we can't get into kubecon. So we never get to make our technical presentations.

C

Isn't it upsetting um in a world of being online and working from home all the time and being wondering whether or not we're ever going to be allowed to attend conferences again anyway, we can do technical presentations. Whenever we want right, we can basically um have someone make them set a time for them record them. I I'm sure uh bill and his team will happily put them on youtube for us as well. um There is always that option. We don't have to wait for the perfect moment.

C

So if there are any technical presentations either people want to give or they want to receive, then I suggest we start making a list of things that we might be willing to. You know put ourselves out there for an hour and actually produce.

B

I did actually want to ask on that. I was looking for a tug presentation and I couldn't find it on youtube. I think youtube hasn't been updated in quite a while. I expected that all these meetings would automatically be added, but I guess it's a by request.

A

I can check your bill if, if you want to check um that some of the people that were doing that were out so they're just we may have like a cue needs to be worked through.

A

If you.

C

Have.

F

A.

A

Specific, if you can go back to a specific date and and request like say, I don't see this one than that.

B

Yeah.

A

They.

B

Should all be on youtube? Yeah?

B

Okay, maybe I I'll check again thanks.

A

Yeah, well, if you don't find it towel, then just reach out and give this specific date for and whether it's tug or um the senior networking group.

B

Should I reach out to bill, or are you.

A

Either one okay, thank you.

C

All right um we seem to have come to a natural pause. If no one's got anything further to add, then I will give you five whole minutes back, so you can run to the bathroom before your next meeting.

C

All right, thank you very much. Everybody and I'll see you again next time, which should be next week, shouldn't it. We that's the week after next all right next monday have a good week. Everyone.

B

Thanks everyone bye all right.

B

You.
youtube image
From YouTube: CNF WG Meeting 2021-08-23

Description

CNF WG Meeting 2021-08-23