►
From YouTube: Defend: Container Security Weekly Group Discussion
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right,
so
welcome
to
our
container
security
group
meeting,
looks
like
philippe
has
the
first
two
items.
I
don't
know
if
these
are
just
fyi's
or
if
you
had
more
commentary
here,
but
I'll
go
ahead
and
read
them
so
this
first
one
I
tried
to
search
for
gitlab
network
policies
and
it's
not
linking
to
anything
in
our
online
docs.
A
We
should
avoid
using
psyllium
when
talking
about
network
policies
or
network
security.
I
guess
you
think
so
it
shows
up.
A
I
would
just
add
my
comment
on
that
is
I
don't
think
it's
bad
to
use
the
lamb
in
the
docs.
I
think
it's
okay
for
them
to
know
what
we're
actually
using
under
the
hood,
but
ideally
we'll
use
both
so
that
you
know
so
that
we
can
still
find
it
when
we
go
and
search
for
it.
B
A
Would
be
our
I
can
so
it
looks
like
that
would
be
our
direction
page,
which
is
relevant.
That's
like
a
roadmap,
I'm
not
seeing
like
the
documentation
on
how
to
set
it
up,
though
right.
So
if
you're
wondering
how
to
set
it
up,
it's
the
documentation,
that's
missing
from
the
top
of
the
search
results,
so
I'm
not
really
sure.
Obviously,
that's
google
search
engine
so.
C
A
C
A
So
I
mean
on
that
same
note,
and
I'm
guessing
that's
where
that
came
from.
I
just
did
a
review
with
philippe
closing
out
a
task
that
he
had
to
help
architecture
a
better.
A
You
know
approach
for
customers
who
don't
want
to
use
the
icdu
to
deploy
their
application
into
the
cluster,
but
still
want
to
manage
the
security
of
the
cluster,
and
so,
as
part
of
that,
I
just
created
an
issue
to
update
our
documentation.
I
think
this
might
get
better
when
we
do
that,
because
I'm
proposing
that
we
actually
create
a
separate
page
dedicated
to
how
to
set
that
up
I'll
drop.
That
link
here
in
the
notes
document.
A
Yeah,
so
I
think
that
would
fit
in
really
well
on
that
new
page
that
I'm
proposing
I'm
essentially
proposing
that
we
create
a
new
page
under
the
cluster
sub
menu
dedicated
to
container
security.
So
we'll
have
a
page
for
how
to
set
up
a
new
psyllium
and
a
page
for
how
to
set
up
and
use.
I
want
to
say,
file
called
container
host
protection.
A
Security
sounds
great
anyway,
that
one
I
have
slated
tentatively
for
13.3,
but
I'll
drop
that
link
in
here
too.
You
can
take
a
look
at
it.
A
D
I
think
it's
the
the
confusion
between
the
relation
between
threat
inside
and
the
tragic
monitoring,
secure
and
defend.
Maybe
that's
the
thing
that's
going
on
right
now.
C
A
Yeah,
I'm
not
really
sure
how
to
clean
that
up.
Maybe
we
can
ask
back
to
tiago
and
ask
him
exactly
what
he
would
propose
here.
E
A
Okay,
okay,
so
that
being
done,
let's
dive
into
our
final
designs
for
create
edit
and
delete
policies.
Let
me
go
ahead
and
share
my
screen
here.
I
was
hoping
to
have
arthur
on
but
can
go
ahead
without
him,
we've
been
iterating
quite
a
bit.
I've
updated
the
prototype
that
we
have
arthur,
updated
it
as
well.
I
synced
up
with
him
yesterday
just
to
make
some
final
changes,
so
I
incorporated
his
most
recent
feedback
here
by
breaking
out
port
separately.
So
now
you
can
have.
These
are
essentially
the
layer.
A
Let's
see
these
are
the
layer
three
filters
and
then
the
port
is
the
one
layer,
four
filter
that
we
support.
So
that
way
you
can
have
both
a
layer
three
and
a
layer,
four
within
the
same
rule,
so
you
can
do
ip
address
and
port
at
the
same
time,
in
this
new
model
also
notable
changes
we
took
out
namespace
from
here,
since
that's
something
that
were
is
duplicative
of
the
environment.
A
So
if
they're
picking
the
environment
up
here,
they're,
basically
picking
which
namespaces
it
gets
applied
to,
so
we
don't
need
to
specify
that
down
here
as
well,
and
then
I
think
those
are
the
key
changes.
We
got
rid
of
the
service
options
just
due
to
some
complexity
there,
and
we
want
to
try
to
keep
this
minimal.
You
know
if
we
can.
We
want
to
fit
it
in
13
too,
even
though
I
think
it's
going
to
be
a
little
bit
tight.
A
A
B
C
All
right,
I'm
good,
okay,
I'll
share
my
screen
here.
So
we
have
generally,
I
guess
the
flow
if
we
look
at
it
as
you're.
You
know
in
the
policy
tab
some
conversation
going
around
if
we
should
move
this
button
or
just
display
it
only
when
the
policy
tab
is
selected,
we
move
it,
you
know,
maybe
we
can
find
a
nice
place
for
it
and
then
going
through
the
flow
I'll
update
this
based
on
that
new
direction.
Sam
was
showing
us
and
now
the
error
states.
C
So
basically,
it's
kind
of
like
old
and
older
form,
validation
where
you're
just
kind
of
like
highlighting
the
area
and
then
making
a
call
to
it
below
with
just
kind
of
like
a
list
or
yeah,
basically
an
unordered
list,
because
I
don't
really
have
enough
room
to
put
the
validation
underneath
the
field,
which
is
how
we
do
it
today
in
most
of
the
single
fields
we
have,
but
I
don't
think
it's
much
cause
for
alarm
and
then.
B
Andy,
forgive
my
newbieness
on
on
responsive
guidelines
in
gitlab.
Very,
are
we
we're
not
expecting
people
on
mobile
to
be
using
their?
What's
the?
What's
the
responsive
look
like
in
there.
C
We
want
to
be
aware
of
it
same
thing
that
we're
kind
of
seeing
in
the
security
dashboard
is
there's
some
like
undesirable
behavior.
We
really
just
want
to
mitigate
as
much
as
possible,
knowing
that
primarily
we're
assuming
that
people
are
still
using
desktop
or
a
larger
screen
for
their
main.
You
know
job
or
main
focus,
but
that
doesn't
mean.
A
A
Yeah
in
the
prototype
that
I
built,
if
you
make
the
width
small
enough,
that
policy
preview
will
jump
down
to
the
bottom,
so
you
know
it's
at
least
a
little
bit
responsive.
I
I
would
not
work
like
we
don't
need
to
worry
too
much
about
that.
It's
going
to
be
a
huge
edge
case
for
people
to
be
writing
these
policies
on
their
phones.
C
Oh
yeah,
so
I
mean
that's
fairly
straightforward
when
it
comes
to
like
the
inline
validation.
We
want
to
support,
there's
another
case
that
I
still
need
to
build
out.
That
sam
was
mentioning
just
before
this
call,
where
we
can't
parse
this
information
from
the
yaml.
C
C
C
D
Do
you
mind
if
I
ask
a
question
right
now:
yeah
go
ahead,
I
I
was
wondering:
what's
what
would
be
the
difference
between
apply
changes
and
add
edit
policy.
C
So
if
you
were
to
say
you
wanted
to
change
this,
just
plain
text
description.
That
would
then
be
a
change.
You
could
apply
right
now,
as
well
as
like
quickly
disabling
the
policy,
but
there's
some
there's
some
things
we
probably
want
to
work
through
like
if
you
disable
the
policy
you're
gonna,
disable
it
across
all
of
its
instances,
even
if
it's
in
different
name
spaces
right
sam.
A
Right
so
urinate,
so
I
mean
the
policy
is
gonna,
be
applied
to
one
or
more
namespaces
or
environments,
and
if
you
disable
it,
then
it'll
disable
it
for
all
of
those
environments
that
it
was
applied
to
same
thing.
If
you
enable
it
it'll
enable
it
across
the
board
for
all
environments
that
it
was
applied
to
okay.
C
And
then
this
is
again
that
policy
editor,
but
if
you're
looking
at
an
existing
policy,
the
only
changes
is
that
we
now
add
a
button
that
says
delete
policy
which
should
bring
up
a
confirmation
model
that
you
know
we
can.
I
can
provide
a
mock
for
if
it's
necessary,
which,
since
it's
a
destructive
action,
we
want
to
make
sure
people
don't
destroy
all
their
policies,
and
then
this
is
just
the
first
run.
So
what
happens
when
you
land
on
this
page?
What
does
it
look
like
if
you
haven't
done
anything.
B
On
the
model
lindsey,
do
you
think
your
people
will
need
that
it's
pretty
standard,
but
do
you
need
that.
E
As
full
stack
so
hey
zamir,
do
you
need.
A
D
A
D
E
A
D
C
Yeah
we
have
a
standard
modal
component,
probably
just
neat
copy,
and
that
pretty
much
covers
it.
Is
there
anything
else.
I
mean
we're,
probably
going
to
be
waiting
on
some
copy
I'll
bring
in.
I
think
nick
is
still
our
tech
writer
here.
So
if
we
want
to
have
copy
here,
it
just
needs
to
be
massaged.
I
think
that
can
happen.
D
One,
the
only
thing
that
I
think
I
mentioned
that
before
is
that
the
person
that's
going
to
happen
between
the
rule
mode
and
eml
mode
is
going
to
be
based
on
the
the
fields
that
we
predetermine.
We
cannot
do
the
parsing
against
kubernetes
definition
of
the
network
policy
right
now.
I
think
that
in
the
beginning,
it
should
be
lots
of
work
for
this.
A
Right
we're
going
to
only
support
psyllium
network
policies
with
this
which
comes
back
to
that
error
state.
You
know
they
could
actually
do
a
lot
of
things
in
yaml
that
will
work
and
be
valid
policies,
but
we're
not
going
to
support
and
so
no
matter
what
the
reason
is.
If
we
have
a
problem
with
the
ammo,
but
we
can't
parse
it
we'll
just
display
that
error
state
it'll
be
the
universal
fallback
and
they
can
always
go
to
yaml
mode
to
edit
it
directly.
A
Awesome
so
here's
the
big
question
I
mean,
I
know
we
still
have
just
a
few
outstanding
design
items.
You
know
a
few
error
states
and
the
final
text
that's
missing,
but
are
we
ready
to
move
this
to
workflow
refinements.
B
It
would
be
wouldn't
it
be
plenty
breakdown.
First,.
E
Questions
in
the
agenda-
and
I
know
it's
really
just
zamir-
that's
answering
them
right
now-
to
move
from
playing
breakdown
to
refinement.
We
want
to
know.
Are
the
requirements
clear
enough
to
understand
the
intent
of
the
request
and
do
we
understand
the
boundaries
of
the
work
to
be
completed
and
has
the
research
and
solution
validation
been
complete?
B
A
No
we're
not
doing
a
full
solution,
validation
on
this.
We
don't
always
do
problem
and
solution
validation.
If
we
did
that
doing
a
problem.
Validation
takes
like
two
to
three
months
and
doing
solution.
Validation
takes
like
two
to
three
months.
So
if
we
did
that
for
every
single
issue,
we
would
never
have
anything
to
get
to
engineering,
so
we
really
just
evaluate
them,
based
off,
of
which
ones
need.
D
A
B
Let's
let
samir
and
I
have
a
quick
look
after
this
catch-up
and
then
we'll
move
to
refinement
if,
if
it's
all
good,
just
to
give
just
just
to
give
arthur
a
chance
as
well
in
the
spirit
of
asynchronous
meetings
but
based
on
arthur's
last
comment.
It
should
be
okay,
but
just
just
give
me
a
chance
to
to
cross-check
with
everyone.
E
I
know
that
sounds
good
planning
breakdown
versus
refinement,
like
breaking
things
into
subtasks
versus
smaller
deliverable
issues
are
different,
and
I
look
at
this
and
I
feel
like
there's
a
lot
in
this
large
issue.
So
I'm
wondering
if
there's
ways
to
slice
this
into
deliverable
pieces
benefits
that
we
can
give
to
our
customer,
not
necessarily
subtasks
like
how
you
would
solve
the
problem,
but
as
you
and
samir
and
arthur
are
thinking
about
that.
That
would
probably
benefit
this.
A
Yeah
so
one
thing
to
note
as
well,
if
I
can
just
call
this
out
real
quick
in
the
request,
I
intentionally
left
the
requirements
very
vague,
because
I
wanted
to
have
a
very
a
relatively
simple.
You
know,
hard
requirements
and
then
a
stretch
goal
for
us
to
go
after
so
I
would
view
like
the
minimal
requirements
or
that
they
are
able
to
create
new
policies,
edit
them
and
delete
them.
A
So
even
if
we
just
do
the
yaml
mode
and
don't
get
the
rule
mode
done,
you
know
that
would
meet
all
of
these
core
requirements
and
then
that
rule
mode
or
the
more
visual
way
of
editing
them.
B
Yeah
samia,
arthur
arthur,
had
some
ideas
around
doing
this
front
end
only
so
we
could
probably
just
check
check
that,
while
we're
still
in
planning
breakdown,
yeah.
A
D
Yeah,
I
was
thinking
that
this
one
was
mainly
front
end
because
he
did
the
the
cycle
already
in
the
back
end
to
edit
the
policies
over
there
at
least
to
install
and
remove.
I
think
it's
more
or
less
over
there
on
the
back
end
side,
so
it
will
be
mostly
front
and-
and
I
like
the
idea
that
sam
was
able
to
put
the
requirements
a
little
bit
clean
on
that.
So
then
we
can
create
follow-up
issues
if
we
need
to
cut
a
little
bit
of
the
scope
for
now.
A
And
actually
I
didn't
put
this
on
the
agenda,
but
okay,
so
next
up,
you'll
you'll
follow
up
on
that
and
confirm
if
it's
ready
for
refinement.
I
didn't
put
this
on
the
agenda,
but
I
just
want
to
follow
up
last
planning
breakdown
meeting
we
covered.
We
covered
the
active
response
options
for
container
host
security.
A
I
think
the
mirror
you
were
really
the
only
one
from
this
group
that
was
synchronous
on
that
call,
at
least
from
the
back
end
team,
but
we
felt
that
that
was
ready
to
move
to
refinement.
I
just
want
to
make
sure:
are
we
still
good
to
go
on
that
or
do
we
need
to
come
back
and
talk
about
that
at
all,
because
I
haven't
seen
any
refinement
done
on
it.
Yet.
D
D
B
Yeah,
it
was
also
towards
the
end
of
last
week
and
we
had
family
and
friends
day.
I've
only
really
caught
this
today,
so
it
it's
coming.