Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / 13.0 Release Product Kickoff Review / 16 Apr 2020
GitLab / 13.0 Release Product Kickoff Review / 16 Apr 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: GitLab 13.0 Kickoff - Defend:Container Security

Description

GitLab Defend:Container Security Group Kickoff

https://gitlab.com/groups/gitlab-org/-/boards/1420731?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=group%3A%3Acontainer%20security&label_name[]=direction&label_name[]=Deliverable

A

And my name is Sam white I'm, the senior product manager way it's get lab and today I'm going to be going over our release, kickoff for the 13 Auto release or the container security group in 13.0. We have a quick and easy way to turn Network policies on or off. This is a follow-on to the cilium Network policy feature that we launched in our container network security category, and we released that initially just a few milestones ago.

A

So we're continuing to iterate on that in providing a UI to be able to turn that on and off also likely coming in 13 dotto. Is this issue that's showing under 1210? At the moment?

A

It's right now, looking like it's going to miss that milestone just barely so there's a good chance of the cilium or the container network security logs, sending those out through syslog will actually fall in 13 Davos, so I'm just going to go ahead and show a couple of marks for each of those for the first one on turning network policies on or off the main goal with this was to provide a UI to help improve discoverability for the future.

A

We're looking right now to put it under the security and compliance configuration page and because we want to start small and iterate as we go for the first pass. Let's manage button, we'll just link out to the docs and that solution actually may be the preferable and state as well. Just because the container network policies are a little bit complex and that if you enable or disable the feature it requires you to actually go and restart all of the pods in the cluster and where that's a fairly intrusive action.

A

We may actually just leave that as a manual steps to be performed with supporting documentation so that users are fully aware of everything, that's happening and they can plan for any downtime. That may result also looking at the feature to send the container network policy logs out to SM. This would be an extension of the work that we're doing in 1210 to send on security or laugh logs out.

A

As part of that feature, we added in a another managed app for you. Kubernetes cluster called fluent D that you can install or uninstall and fluent D is a data collector that lets you forward on these logs either desam or a centralized logging solution, and so, as part of this, will just be extending that functionality to also be able to send cilium logs out to the sim that's configured so again. Those two features are the deliverables that we've got planned for 30 now.

A

The other work that we'll be doing is centered around just some initial research and investigation into container behavior analytics, so that we can better understand what direction we want to go with that category and what technical solution makes sense. As always, we welcome any feedback which can be provided either by commenting directly on the issues or you can always email me s. Y at gitlab, comm.