►
From YouTube: Defend: Container Security Weekly Group Discussion
Description
Weekly meeting for the Defend:Container Security group
A
A
Is
that
accurate?
That's
what
the
agenda
says
going
once
sold
okay,
so
issues
for
planning
breakdown,
turnin,
cilium
on
and
off
I
know,
Sam
and
Arthur.
There's
good
comments
in
there
Sam
you
want
to
give
the
the
overview
of
that.
No
Arthur
is
not
here,
maybe
not
yet
or
if
he
can
make
it
today
or
not,
but
what
we
can
see.
B
Our
threes
on
that
looks
like
so
yeah
last
week,
Arthur
and
I
had
a
discussion
with
one
of
the
engineers
from
the
configure
team
and
basically,
the
short
summary
is
that
the
UI
there
is
staying
in
managed
apps
for
kubernetes.
What
they're
really
just
changing
is
how
it
works
with
the
backend,
so
it's
going
to
be
connected
a
little
bit
more
seamlessly
with
v2
of
managed
DevOps
so
that
you
know
they're
just
connecting
the
t's
so
that
they
don't
have
two
separate
solutions,
even
though
they're
keeping
the
UI
on
the
front
end
in
further
discussion.
B
Then
we
want
to
go
and
do
on
behalf
of
the
user,
because
if
something
goes
wrong,
you
know
it's
gonna
be
difficult
for
them
to
troubleshoot
there
in
the
UI,
and
once
we
like,
you
know,
build
like
a
full-fledged
solution
where
we're
exposing
all
of
the
ER
logs
to
them
and
giving
them
feedback
and
showing
them
all
of
the
commands
that
we
went
and
run
and
at
the
end
of
the
day,
it
may
just
be
easier
to
let
them
run
the
commands
themselves.
I
also
updated
the
description
to
show
the
goals
of
this
one.
B
So
one
we,
you
want
some
kind
of
a
UI,
because
we
want
this
feature
to
be
discoverable
right
now.
Psyllium
is
in
the
product,
but
it's
not.
It
doesn't
have
any
UI
and
we're
sure
it's
not
discoverable
and
what
you
happen
to
be
following,
though
the
lease
posts
or
you
happen,
to
read
our
documentation,
and
we
also
want
it
to
be
easy
to
turn
off
so
I
proposed
I
can
show
my
screen
here
to
potential
solutions
in
there.
B
Different
routes
that
we
could
go
I
guess
an
do
kind
of
be
up
to
your
discretion
on
how
to
approach
this
I
love
to
hear
your
thoughts
on.
If
we
you
know,
do
we
remove
the
install
and
uninstall
button
and
just
put
in
some
text
in
the
description
area
that
links
to
the
documentation,
or
would
it
be
better
to
keep
the
install
uninstall
button?
C
Yeah
I'm
open
to
opinions
on
this.
It's
a
it's
a
challenge,
I
think
one
seems
like
probably
the
easiest
opportunity
to
get
something
of
value
shipped
without
creating
kind
of
a
broken
experience.
In
my
opinion,
cuz
I
don't
think.
There's
anything
in
that
screen
that
mirrors
either
one
or
two
s
behavior
today.
C
I'm
almost
hesitant
to
say
like
maybe
we
again
like,
put
those
instructions
in
the
docs
and
link
them
to
it.
I'll.
Let
them
know
that
psyllium
is
installed
or
has
been
uninstalled
in
the
UI,
but
I
don't
want
to.
You
know,
put
instructions
inside
of
like
a
modal,
because
you
imagine
trying
to
like
use
your
COI
and
having
a
modal
up
and
then
resizing
windows
and
trying
to
like
juggle
instructions
and
typing
commands
could
be
challenged.
B
C
D
B
D
C
B
B
E
Sort
of
functioning
full
stack
right
now,
so
Arthur
or
Zamir,
or
anyone
can
argue
of
me
if
they
have
I,
have
an
incorrect
understanding,
but
because
both
Arthur
Arthur
and
me
and
I,
don't
a
speak
for
you.
Alan
have
operated
full-stack
before
and
have
some
view
experience
that
they'll
be
handling
both
front
end.
A
Where
we're
at
on
first
class
phones,
which
is
a
1210
thing,
not
a
30,
no
thing,
but
nobody
on
nobody
on
that.
Nobody
on
Lindsay's
team,
they're,
totally
dedicated
to
the
first
class
Bowl
and
stuff,
but
you
have
a
customer
deliverable
for
1210,
so
I'd,
rather
that
that
somebody
on
on
the
container
team
take
it
because
we
can
so
Arthur
I
know
you've
been
in
and
out
so
yeah.
This
would
be
a
30
know.
A
C
D
Yeah
I
think
I
think
it's
chroma
ball
I
just
said,
because
state
was
reduced
to
bare
minimum.
There
is
a
small
chance
because,
like
I
think
it
was
discussed,
I
think
any
brothers
said
it
would
be
good
to
have
stayed.
At
least
this
has
been
worked
on
and
it
might
be
a
possibility
to
get
a
state
back
on
the
screen
in
15
point.
All
the
Gaston
is
working
on
that
right
now
and
there
was
some
progress
and
that,
but
here
I
can
grow
into
this
one.
Based
on
the
description.
They
don't
need.
B
Okay,
that
sounds
great,
so
yeah
a
again
I
see
that
is
a
nice
to
have,
but
I
guess
Andy
if
he
could
design
for
that
experience
where
we
we
do
have
information
on
weather,
so
Ian's
installed
or
not.
That
would
be
great
and
I
guess
if
we
can't-
and
we
have
to
reduce
that
scope,
then
that's
okay,
I'm,
okay,
let's
not
change
if
needed,.
B
Great
we're
moving
through
these,
so
the
last
one
so
I
think
we
already
got
back
metrics
done
and
ready
for
grooming,
so
the
only
other
one
that
we
have
for
today's
discussion
is
Cecilia
metrics.
Getting
this
one,
all
the
way
done
and
hue
and
ready
for
grooming
I
did
meet
with
legal
explained
all
of
the
concerns
in
depth
and
mate.
The
conclusion
was
that
our
existing
and
User
Agreement-
and
you
know
what
we're
already
collecting
falls
in
line.
B
You
know
like
the
fact
that
this
is
coming
from
their
containerized
environment
still
falls
within
everything
that
they've
already
agreed
to,
and
so
there
really
weren't
any
concerns
there
at
all.
Again,
with
the
caveat
and
assuming
that
we're
still
reporting
this
up,
just
as
part
of
the
normal
usage
ping,
which
I
think
usage
game
is
already
anonymizing
customer
names
and
things
like
that,
like
it
uses
a
random
identifier
or
some
sort
of
like
UID
customer
ID
in
place
of
the
customer
name,
things
like
that.
B
D
He
did
some
technical
investigation
and
just
a
review
of
what
I
can
and
what
I
can't.
So
there
are
essentially
two
groups
of
metrics.
We
need.
One
is
salams
installation
state
and
one
the
bagging
filtering
stats
for
this
tape.
We
are
a
bit
what
I
mentioned
in
multiple
tent,
that
we
don't
really
have
a
stage
right
now,
but
our
crew
station
group
is
working
on
that
and
it
might
be
shipped
in
this
release
like
the
things
that
they're
working
on.
D
So
there
is
two
ways
we
either
get
the
state
ourselves
right
now,
all
the
way
for
what
they
will
implement
and
I
don't
see
a
good
way
at
least
a
better
way.
Then
extraction
group
is
doing
right
now
for
us
to
implement
the
state
collection
out
of
the
cost
application.
So
I
would
say
it
will
be
better
to
wait
for
them
to
finish
this
work,
especially
considering
it
being
worked
on
right
now.
So
it's
next
is
this:
some
extra
layer.
D
A
A
D
I
vote
to
see
what
stunk
is
doing
on
a
sled
before
answering
that,
but
I
think
it's
doable,
but
there
was
a
second
group
of
metrics
that
discussing
on
the
issue.
Right
now
is
packet
filtering.
The
one
concern
I
have
about
those
packet
filters
is
that
those
are
highly
dependent
on
the
policies
with
the
boy
and
with
the
boy
bare
minimum,
a
single
bit
like
minimal
policy
by
default.
If
user
one
said
in
an
online
our
audio
box
environments,
so
it's
essentially
bare
minimum
in
terms
of
policies.
D
Does
all
those
policies
being
deployment
like
dropping
will
not
happen?
So
I'm
just
curious?
How
useful
right
now
to
have
those
packet
filters?
If
we
don't
really
have
ability,
like
users,
don't
really
have
an
effective
ability
to
deploy
policies.
Ranson
has
them
going
and
manually
creating
those
in
the
point
of
sequester's.
B
Two
numbers
should
be
identical
to
the
ones
that
we
were
showing
in
on
the
statistics
page.
So
the
one
is
just
the
total
amount
of
packets
that
were
analyzing
regardless.
If,
if
we
drop
it
or
block
it
or
not,
and
then
the
second
one
is
how
much
of
that
is,
is
actually
dropped.
So
really
those
two
numbers
should
be
identical
to
again,
what's
shown
here
in
the
statistics.
Page
volumize,
so
like
one
point,
two
thousand
in
this
example
would
be
the
number
that
should
be
reported
up
for
the
total
number
packet
that
phillium
analyzed
I.
D
Yeah
I
agree,
but
I'm,
saying
I
mean
in
terms
of
collecting
usage
metrics
like
this
UI
is
essentially
a
foundation
of
what
I
learned
right
now,
and
it
makes
sense
to
do
that.
But
does
it
make
sense
to
do
the
same
for
the
metrics
right
now?
I
push
metrics
that
you're
not
provide
any
value,
essentially
because.
F
B
A
A
A
Maybe
we
make
the
database
changes
for
it,
but
we
don't
add
that
yet
until
there's,
actually
we
expect
it
or
we
do
it
now
or
we
do
it
as
part
of
this
issue,
but
we
know
it's
going
to
be
very
low
if
not
close
to
zero
until
we
make
the
policy
is
easily
configurable.
Just
knowing
the
number
of
total
packets
process
by
cilium
is
a
lot
is
a
lot
of
value.
So
we
can
see.
You
know
how
it's
a
good
gauge
of
customer
usage
as
Northstar
metric.
B
Right
so
this
number
still
has
value
right
and
I
would
rather
collect
both
of
them.
So
I
did
change
the
Northstar
metric
to
focus
on
this
total
number,
rather
than
the
drops
packet
number.
So,
even
though
I
would
like
for
us
to
collect
both
so
that
we
can,
we
can
track
it
over
time.
The
real
focus
is
going
to
be
on
the
total
packet
number,
which
should
be
independent
of
the
policies
that
they
deploy.
D
D
Value
of
this
matrix
will
be
still
low
and
I'm,
not
sure
how
like
I,
obviously
not
the
project
manager
I'm
just
trying
to
concerned
that
this
matrix
right
now
and
in
this
particular
moment
from
my
understanding,
they're
a
little
value
and
if
you're
interested
in
ability
to
see
product
observation
ceilings
state-based
metrics
will
help
you
to
caesar
horizon
collection.
How
many
packets,
our
users,
are
forwarding
for
their
question
but
yeah,
and
it's
just
suggestion
that
you
might
not
get.
B
A
Yep,
it
also
listed
in
this
issue,
something
we
want
to
track.
So
your
concern
is
is
until
we
provide
the
ability
to
modify
policies,
an
easy
way
to
modify
policies.
Customers
are
not
going
to
put
in
policies.
The
policies
are,
what
provides
the
security
value
so
we're
putting
the
perhaps
putting
the
the
cart
in
front
of
the
horse.
Yes,
if.
G
I
may
put
my
ops
hat
on
here:
I've
managed
operations
infrastructure
for
a
long
time
when
I
was
at
Westfield
and
the
the
Total
Request
along
would
would
be
an
interesting
metric.
I
would
like
to
see
that
he
would
tell
me
that
psyllium
is
working
he's
seeing
those
packets
go
through.
You
would
raise
a
question
in
my
mind
why
I'm
not
saying
the
other
metric
go
up
and
and
I
think.
Maybe
after
maybe
that's
one
of
your
concerns,
people
look
at
that
why's
it.
Why
is
it
zero
and
and
then
they
will.
D
D
D
What
does
Sam
saying,
because
it's
an
interesting
topic,
I
think
it's
another
thing
that
I
mentioned
on
the
issue:
that
we
don't
do
enough
for
the
policies
and
that's
why
we
can't
really
do
policies
metrics
and
I.
Think
policies
is
that
are
the
cornerstone
of
this
particular
feature
and
deployment
of
those
is
essentially
highlight
of
the
successfulness
of
the
feature
from
my
perspective,
because.
A
Mean
I
agree:
it's
sir
Sam.
If
it's,
if
it's
is
it,
is
it
easier
to
do
both
sets
of
metrics?
At
the
same
time
when
we
implemented
you
in
a
set
of
M
ours
for
on/off
metrics
and
packet
based
metrics,
or
should
we
perhaps
do
that
on-off
metrics?
As
one
issue
then
work
on
policy
configure
eight
configurability
in
other
issue,
then
the
ability
to
look
at
drop
packets,
which
will
be
dependent
on
the
policy
and
kind
of
do
it?
That
way
is
that
is
that
kind
of
what
you're
advocating
Arthur?
A
D
What
you
said
is
correct,
I
think,
right
now,
the
sillim
state-based
matrix
makes
the
most
sense,
because
that's
what
essentially,
what
we
have
in
terms
of
value
and
then
once
we
start
adding
additional
features
may
be
like
next
step,
a
little
bit
in
policies
interface
and
on
top
of
policies
interface,
we
will
be
able
to
roll
policy
based
like
stats.
Let's
say
how
many
policies
are
used,
boring
or
if
we
will
get
a
Pro
default
policies,
how
many?
How
popular
pretty
fall
policies
well.
B
Yeah
I
mean
I,
guess
my
perspective
on
this
is
that
you
know
we
definitely
are
planning
to
add
a
policy
UI
down
the
road,
and
you
know
I,
would
rather
get
this
all
done
while
we're
adding
stuff
to
to
the
usage
metrics
like
get
as
much
done
as
we
can
plus.
Then
we
can,
you
know,
then
we
start
the
data
and
one
can
even
see
how
it
changes
over
time.
Right.
We've
got
it
before
and
after,
whereas
if
we
make
wait
to
measure
this
until
after
we've
added
policies,
you
know
we
don't.
B
A
It
it
sounds
like
we're
not
gonna
in
the
in
the
next
five
minutes,
not
gonna
come
to
a
conclusion
on
this
one,
but
maybe
I'm
fine,
Sam
and
Arthur,
with
whatever
you
guys
decide
as
long
as
you
guys
come
to
an
agreement
on
something
on
this.
So
maybe
you
guys
take
that
offline,
discuss
it
and
then
come
back
to
the
group
with
a
well.
You
guys
agree
on
what
you
don't
and
then
we
discussion,
they're,
reasonable
mm-hmm,
yeah.
A
You
know:
we've
been
talking
a
lot
about
cilium
Scott,
do
I
added
some
of
the
agenda,
so
just
I
don't
know
if
you
want
to
give
a
one
minute
up
great
update
as
a
mere
and
separately
al-anon.
Just
what
you've
been
working
on
thing
be
great
to
hear,
but
we're
doing
more
than
just
psyllium
related
stuff.
Of
course,.
I
So
I'm
working
off
on
the
wife
statistics
right
now
so
I
have
my
first
merge
request
is
ready
for
actually
I
believe
one
last
review
needs
to
happen
and
it
will
be
Murchison.
So
I
I've
done
like
a
week
of
going
with
all
people
relates
to
database
how
to
improve
the
query
and
for
to
fetch
the
data
from
just
to
make
sure
that
we
have
the
proper
later.
I
So
that's
the
first
one
and
I
already
have
the
second
merge
request
that
is
waiting
for
the
first
one
to
be
merged
and
then
the
second
one
I'm
gonna
have
how
many
total
packets
are
we
or
are
we
going
through
laughs
and
how
many
packets
were
analyzed
and
that's
it.
So
I
truly
hope
to
finish
all
of
these
this
week
as
emerged.
H
And
from
my
side,
I
have
been
working
on
exporting
the
logs
from
the
containers
to
seams
using
the
syslog
protocol.
So
right
now
we
have
a
three
PRS
for
the
wasp
art.
That's
what
you
have
basically
just
flew
in
P
we're
going
to
be
using
flow
in
P,
with
some
external
plugins
to
to
get
the
logs
from
the
containers
that
we
want
to
export
using
the
syslog
and
that
it's
going
to
be
just
a
small
change
to
add
the
other
containers
as
well
like
see.
A
So
I
think
we
can
cover
quickly
time
frame,
so
I
put
it
who
tends
to
come
to
this
meeting
and
what
region
of
the
world
they
are.
So
you
know
lots
of
folks
in
you
know
US
and
Canada,
one
person
in
Mia
and
two
in
a
pack.
So
you
know
Mia
is
Allen
Pollan
and
Arthur
New,
Zealand
and
Thiago
in
Australia
that
make
it's
really
hard
to
find
overlap
between
Arthur,
yet
/,
Thiago
and
Allen.
A
A
G
A
A
Another
way
to
do
it
is
because
you
know
in
in
US
and
Canada.
You
know
we
can
find
time
more
easily.
That
works
for
you.
Another
way
to
do
it
is
we
change
the
time
we
alternate
times
each
week,
so
sometimes
it's
a
good
time
for
Allen.
Sometimes
it's
a
good
good
time
for
Tiago
and
Arthur
and
people
just
can,
you
know,
contribute
a
synchronously.
You
know
beforehand,
comment
on
the
dock.
Add
questions
that
we
address
in
the
dock.
H
D
Not
actually
for
the
two
meetings
and
bass
notes
here
does
I
think
it
just
your
work
better.
Otherwise
we
are
not
solving
problem
for
anyone.
I
can't
imagine
how
it
will
be
for
Thiago
to
wake
up
at
five
o'clock
to
just
meet
with
at
their
alternate
meeting
in
same
time,
Ellen
pushing
already
quite
far
as
he
stands
on.
This
meeting
is
not
too
bad.
G
Doing
a
meeting
at
5:30
a.m.
he's,
probably
fine,
the
the
5:00
a.m.
one
is
worse,
because
then
I
got
that
mental
block
of
waking
up
at
at
4:00
and
I'm,
actually,
okay
doing
doing
the
the
the
second
option,
which
is
alternating
the
times.
I,
wouldn't
mind
doing
this
once
a
week
once
every
two
weeks,
okay,.
A
Okay,
so
let's
try
the
alternating
and
then
see
how
it
goes
so
Tiago.
Why
don't
you
don't
you
edit?
The
meetings
make
make
this
one.
You
know
every
other
week.
You
know
I
guess
an
hour
later,
then
we
started
this
one
and
then
one
earlier
in
the
day,
maybe
about
roughly
six
hours
before
this
one
which
works
for
works
for
Allen
and
everyone
in
US
and
Canada.
Who
do
we
use
that
to
do?
Is
you
can't
you
can't
make
the
meeting
alternating
Google,
Calendar
I
believe
you
have
just
you
know,
have
two
separate
meetings:
I.