►
Description
Weekly meeting for the Defend:Container Security group
A
Welcome
to
our
container
security
weekly
group
discussion
in
the
past,
this
call
has
been
focused
primarily
on
planning
breakdown.
We
are
sort
of
increasing
the
scope
of
the
agenda
to
include
whatever
synchronous
conversations
should
happen
at
the
group
level,
namely
demos.
So,
as
there
is
work
that
we
want
a
demo
to
our
p.m.
this
is
a
good
opportunity
to
do
that.
What
we'd
like
to
do,
rather
than
spending
a
lot
of
time
watching
synchronous
demos,
is
how
people
record
them
in
advance.
I
realize
just
now.
A
I
don't
have
this
on
this
agenda,
but
I
had
it
on
the
one
prior
to
this.
I'll
move
it
over.
So
it's
really
helpful
to
record
them
as
an
advance
share
them
in
slack,
but
then
also
here
on
this
agenda,
so
people
can
watch
them
ahead
of
time,
and
this
can
be
a
good
opportunity
for
people
to
ask
questions
clarify
anything
good
discussion
based
on
that
demo.
In
addition
to
demos,
planning
breakdown,
as
we've
been
doing
for
the
last
month
or
so
now,
I
want
to
say
so.
A
A
A
B
Okay
and
these
logged
ones
are
definitely
the
priority
to
talk
about
today,
so
if
we
don't
have
time
to
get
to
the
last
one,
that's
okay,
but
if
we
do,
we
can
talk
about
that
too,
so
just
to
dive
into
these
log
ones,
both
of
them
they're
very
similar.
So
that's
why
I
kinda
want
them
together,
at
least
in
discussion,
because
they'll
show
it
share
the
same
place
in
the
UI
and
know.
B
We've
talked
about
it
before
things
have
progressed
on
both
of
these
issues,
since
we
last
discussed
in
this
group
meeting
so
just
to
update
everyone.
If
you
haven't
followed
the
thread
or
the
notes,
there,
I
haven't
discussion
with
our
internal
gate,
lab
security
team
and
verified
that
the
requirements
here
will
in
fact
meet
their
needs.
We
also
have
a
couple
additional
customer
calls
upcoming,
although
I
would
not
like
to
wait
on
those
to
move
forward.
B
So
again,
just
the
quick
overview
here
is
we're
adding
a
page
to
the
get
lab
settings,
integration,
page
and
so
you'll
have
one
single
place.
Will
you'll
be
able
to
configure
your
integration
with
your
sim
product?
Now
I
use
the
term
sim,
it
doesn't
have
to
be
sent
to
them.
It
can
optionally
be
sent
to
a
central
logging
solution,
which
is
then
you
know,
acts
as
an
intermediary
which
then
gets
ported
onto
the
sim
later
on
just
for
ease
of
terminology
and
to
avoid
having
a
super
long
name,
we're
just
calling
yet
whole
integration
sim.
B
So
it's
actually
relatively
straightforward.
You
just
put
in
an
IP
address
or
hostname
your
port
and
either
tcp
or
UDP,
and
then
there's
two
check
boxes
down
there,
one
to
turn
on
and
off
mod
security
logs
going
to
that
IP
address
and
one
to
turn
on
and
off.
Cilium
logs
now,
obviously,
we
have
two
separate
issues
for
each
of
those
checkboxes
because
I'm,
assuming
that
the
effort
between
those
is
going
to
be
somewhat
separate
and
we
can
release
each
of
those
independently,
they
don't
have
to
go
together.
B
B
So,
with
all
of
that
being
said,
that's
really
kind
of
the
overview
of
what
we're
going
for
here.
The
ultimate
purpose
behind
all
of
this.
You
know
I
sort
of
started
with
the
solution
rather
than
the
problem,
but
the
problem
that
you
solve
with
all
of
this
is
just
to
give
the
customer
visibility
into
their
logs
without
having
to
SSH
into
the
container
or
to
pull
them
up
more
manually.
B
You
know
the
assumption
here
is
that
most
customers
already
have
some
sort
of
central
logging
solution,
there's
them
in
place
and
we
can
just
send
it
over
there
and
that's
kind
of
a
normal
place
in
their
workflow,
that
repeat
the
logs.
It's
not
a
perfect
solution,
but
it's
one
that
will
at
least
be
a
first
start
or
an
MVP
that
can
prove
value
to
the
customer
and
preveli
to
us
and
we
can
iterate
from
there.
So
with
that
being
said,
any
questions
about
the
problem
to
be
solved
or
the
requirements
for
the
solution.
A
B
B
A
E
If
the
requirement
is
that
we
have
to
push
logs
into
a
seam,
then
we
are
essentially
still
running
to
the
issue
of
like
trying
to
push
them.
Try
to
push.
You
can
think
from
the
github
side
to
the
cluster
side
to
the
seam,
and
this
could
potentially
conflict
significantly
with
supporting
something
like
blast
statistics.
E
So
we
would
have
a
separate
implementation
of
Howard
fetching
logs
from
how
we're
actually
pulling
stats,
namely
if
we're
pushing
at
some
seam
that
we
can't
pull
from
that
same
seam,
so
we're
either
choosing
special
log
export
or
we
have
statistics
so
I
guess
the
question
is:
are
we
solving
this?
Are
we
solving
one
problem
here
or
are
we
trying
to
create
like
a
unified
experience
for
our
network
stats
and
our
or
well?
E
B
So
it
sounds
like
your
question
partially
delves
into
like
how
it's
implemented
on
the
back
end
in
a
lot
of
ways,
if
I
understand
it
right,
I
mean
customers
want
to
view
their
logs
in
the
sim
IV.
That
is
somewhat
separate
from
things
like
lab
statistics
or
even
container
network
security.
Statistics
folks
should
be
able
to
work,
regardless
of
whether
I
have
the
sim
enabled
or
not,
and
enabling
the
sim
shouldn't
shut
down.
My
wife
statistics
I,
don't
know
if
that
answers
your
question
or,
but
not,
maybe
quite
a
little
bit
for
me.
Yes,.
E
Sorry
I'm
just
kind
of
thinking
about
this
as
I'm
talking.
So
if
it's
unclear
that's
entirely
on
me,
but
I
guess
to
to
support
something
like
laughs
statistics
alongside
waft
logs.
Through
this
approach,
we
would
essentially
be
deploying
an
elastic
search
cluster
with
elastic
search
instance
within
their
cluster,
as
well
as
pushing
out
to
some
third
party
scene
and
I
guess
I'm,
trying
to
I'm
just
seeing
if
we're
all
on
the
same
page
that
that
is
the
direction
we
would
be
going
with
this
approach.
E
B
The
logs
will
be
I
mean
the
end.
Vision
is
for
logs
to
be
sent
to
multiple
places.
If
that's
what
you're
asking
the
answer
is:
yes,
we
do
want
to
be
able
to
send
logs
to
multiple
places
down
the
road
we
do
still
want
to
surface
the
logs
indicate
lab,
which
would
be
duplicative
and
seemingly
a
little
bit
redundant.
And,
let's
you
understand
that
you
know
the
sim
is
taking
your
mom's,
not
just
from
these
products
from
a
whole
host
of
other
things
as
well.
B
So
there
is
value
independently
and
having
it
in
the
same
and
there's
also
separate
value
and
having
an
ingot
lab
the
value
for
having
it
in
the
sim
is
it's
easy
to
be
correlated
with
all
the
other
logs
that
are
coming
in
and
the
sim
can
find
things,
but
we
can't
find
and
get
lab
because
we
don't
have
access
to
those
other
logs
the
benefit
of
having
the
logs
and
get
lab.
Is
it's
right
there
in
one
product?
B
So
if
you're
trying
to
team
rules
and
get
loud,
you
can
go
look
at
the
logs
and
get
Lobby.
It's
just
all
one
place
to
manage
it.
So
you're
not
having
to
bounce
back
and
forth
between
your
sim
and
and
get
lab
just
to
test
a
ruler
to
set
it
up.
So
in
the
end
we
definitely
do
want
to
support
the
ability
to
send
this
information.
Take
this
information
farm
it
out
to
multiple
and
locations.
E
I
understand
the
intent
I
just
this
is
I,
guess
the
part
where
it
gets
difficult,
which
is
I'm,
not
sure
how
to
proceed
to
a
planning
breakdown
stage
where
I
haven't
understood
any
of
what
we
want
to
do
in
a
prog
direction.
But
I
feel
like
that
is
a
there's,
a
big
gap
between
how
things
are
currently
implemented
and
getting
there.
So
without
getting
like
too
deep
into
the
sticks.
E
D
E
So
maybe
that's
fine
if
we
were
moving
to
if
this
is
the
way
the
processes
should
work,
then
maybe
that
is
a
part
of
planning
breakdown,
but
I
would
consider
it
to
be
still
a
part
of
solution,
validation,
just
taking
into
account
the
engineering
constraints.
So
yes,
I
I
would
say
it's
not
complete.
So.
A
It
sounds
like
we
need
engineering,
x'
involvement
in
the
solution,
validation
because
Sam
has
done
the
piece
that
he
he
believes
is
correct
and
moving
forward,
but
we
need
to
come
back
with.
It
was
some
more
research
within
the
engineering
team.
Does
that
son
right,
okay,
Samir
I'm?
Looking
at
you,
man
are
you
the
I
know
Arthur
is
out
right
now
and
you've
got
a
lot
on
your
plate.
Are
you
willing
to
take
on
some
of
this
over
the
course
of
the
the
next
I
mean?
A
A
E
I'm
happy
to
help
I
don't
have
much
capacity
right
now.
A
Sure,
okay,
so
Zamir
I
think
what
I
would
like
to
do
is
take
one
of
these
two
issues
and
I.
Think
Sam
correct
me.
If
I'm
wrong,
it
should
probably
be
the
laugh
logs,
because
this
is
where
we're
more
sort
of
deeply
entrenched
right
now
and
have
Zamir
assign
this
to
Zamir,
to
do
some
more
research
and
dig
into
this
solution
a
bit
more
and
make
sure
that
we
understand
how
this
impacts
our
work
and
the
direction
this
is
taking
us.
B
Yeah,
that
sounds
great
I,
don't
have
a
strong
preference
on
which
one
you
start
with,
especially
since,
at
least
from
my
perspective,
that
seems
like
there's
going
to
be
enough
of
an
overlap
between
the
two.
Where
you
know
working
on
the
one
is
also
going
to
get
some
forward
progress
on
the
other
you're
gonna,
if
it's
not
quite
deliverable
yet
so
yeah.
If
you
prefer
to
start
on
the
left
log,
that's
great
Zamir,.
A
So
then
I
don't
know
if,
based
on
these
concerns,
it
makes
sense
to
start
talking
about
the
front-end
work.
Given
the
I
know
part
of
what
what
Lucas
is
talking
about
is
putting
the
UI
on
this
and
how
we
give
the
customers
the
opportunity
to
configure
this
I
do
want
to
call
out
that
this
is
sort
of
outside
of
our
normal
work.
Boundary
right,
so
we'd
be
working
in
the
configure
sage
to
add
this
screen.
A
Looking
at
those
that
part
of
the
application,
you
know
what
it
would
take
to
add
another
view
here
off
of
this
configuration
page,
so
I
think
I
want
to
get
the
solution.
Validation
done
first
I
think
that
falls
more
into
the
grooming.
So
for
now
we'll
assign
this
one
does.
Amir
will
wait
on
any
of
that
front-end
investigation
until
we
have
some
more
confirmation
that
this
is
the
direction
that
we're
taking.
A
A
B
So
I
added
one
just
barely
too
as
a
note,
so
we
are
looking
to
deprioritize
the
environment
level,
graph
toggle
items
so
I
know
as
a
mirror.
Those
are
fine
too,
because
I
mean
I,
think
I'm
going
to
push
those
out
just
into
the
general
backlog
and
reevaluate
brainer.
If
it
goes
back
up
so
hopefully
that
at
least
helps
take
one
thing
off
your
plate.
Mother,
that's
huge,
but
one
less
thing
to
look
at
and
that.
B
And
then
next
one
so
just
to
start
talking
about
this
one's,
not
in
what's
the
right
stage,
this
one's
not
in
planning
breakdown
yet,
but
it's
also
not
scheduled
for
12:10.
This
is
one
we're
looking
at
more
for
13.0
and
just
wanted
to
start
the
discussion
here.
I
know
we
he's
fully
started
it
at
the
end
of
a
meeting
a
few
weeks
ago.
Just
wanted
to
pick
this
back
up
and
talk
about.
You
know
get
an
early
engineer's
perspective
on.
How
do
we
break
this
down?
B
B
There
any
comments
or
feedback
from
engineering.
You
know
this
is
still
early.
It's
still
in
the
design
state.
You
know
we're
trying
to
still
figure
out
what
this
looks
like
and
where
it
goes
in
the
UI,
but
just
wanted
to
open
the
door
to
any
comments
or
feedback
that
you
guys
may
have
on
this
issue.
B
So
let
me
ask
a
different
question,
then
you
know
the
mirror.
They
approach
that
you've
taken
to
turn
the
walk,
laugh
on
and
off
seems
to
be
working,
and
it's
managed
overcome
some
of
the
other
technical
obstacles
that
we
were
running
into.
Initially,
you
foresee
that
this
is
something
you're
going
to
be
able
to
handle
in
the
same
way,
by
pushing
out
updates
for
the
home
chart
or
are
there
other
considerations
here
so.
D
Right
now
we
have
a
cup
of
we
have,
for
example,
the
configuration
file
format,
security,
it's
our
code
base,
so
we
can
play
a
little
bit
more
with
that
for
sealing
right
now.
It's
just.
We
just
triggered
a
home
insulation
and
we
we
don't
have
much
stuff
on
our
side.
It's
basically
just
using
the
infrastructure
from
the
orchestration
team.
A
F
F
B
So
for
container
scanning
I
believe
they
do
have
something
on
that
security
and
compliance
page.
So
we
do
have
like
a
space
in
the
UI
that
we're
starting
to
build
out.
Not
everything
necessarily
makes
sense
to
go
there
like
the
sim
integration.
You
know,
we've
gotten
a
dedicated
integrations
page
and
so
it
kind
of
Falls.
You
know
outside
the
scope
of
that
page,
so
you
know
we
still
need
to
figure
out.
You
know
where
does
this
live?
I
also
was
reading
weightings
point
in
the
in
the
agenda.
B
I
can
vocalize
it
I,
don't
think
he's
on
right
now.
You
know
he
says
I
believe
that
psyllium
will
be
different
from
laughs
in
terms
of
the
configuration
of
logging
and
blocking
overall
psyllium
logs
and
blocks
based
on
the
customers,
network
policy
and
contrast,
laughs,
late
blogs
and
blogs
based
on
the
low
loss
rule
set.
He
does
not
believe
we
mean
flogging
and
blocking
configuration,
filling
him
and
get
lap
UI,
but
he
does
believe
they
need
enable
and
disable,
and
they
get
lot
of
UI.
That
certainly
may
be
possible.
B
So
you
know
that's
another
good
point
of
feedback
that
maybe
this
is
just
an
on-off
switch.
We
don't
switch
between
logging
and
blocking
I
would
say
in
an
ideal
world.
Maybe
it's
not
easy
to
add
that
toggle
from
engineering,
but
it
would
be
nice
to
override
your
individual
settings
with
a
global
switched
if
they
actually,
you
know,
even
though
I've
got
these
policy
in
place.
I
actually
want
it
to
ignore
that
and
just
be
logging
anyway.
But
that
may
be
something
beyond
the
scope
of
our
initial
cut.
B
You
know
something
we
can
just
pull
go
for
now
and
get
customer
feedback
on
and
see
if
we
need
to
add
it
in
later,
once
we've
got,
you
know
more
users
in
it,
so
maybe
this
is
just
a
enabling
and
disabling
it
in
the
UI.
I
don't
know,
but
we
would
overall
like
to
add
more
UI
to
these
things.
You
know,
even
though
we've
got
infrastructure
as
code.
B
If
we've
got
UI
that
fronts
that
it
just
makes
it
a
whole
lot
easier
to
discover
and
find
and
use
by
the
end
users,
and
if
they
want
to
delve
into
the
code
that
way
they
can.
The
infrastructure
part
makes
it
easy
to
copy
projects
over
or
to
preserve
your
settings
from
thing
to
thing.
But
the
flip
side
is,
you
know
we
need
it
to
be
simple
enough
for
somebody
coming
and
new
to
be
able
to
just
pick
it
up
and
run
with
it.
D
Okay,
thank
you.
So
I
do
have
a
general
question
about
that.
Right
now,
orchestration
gene
has
something
called
cluster
management.
Apps,
that's
in
the
better
is
a
thing.
It's
basically
they're,
moving
away
from
the
UI
from
having
that
apps
new
UI
and
using
this
centralized
repository
that
can
install
and
uninstall
applications
as
they
go.
So,
for
example,
that's
how
Celia
has
been
built
different
than
wah-wah
was
built
in
bedded
inside
gitlab
repository
when
you
say
that
we
want
to
have
more
UI.
D
B
I,
don't
think
I
have
I
know,
there's
another
issue
going
around
where
we're
looking
at
a
more
consolidated
way
to
have
UI
that
ends
up
pushing
commits
into
files
like
across
all
of
secure
and
defend
just
because
they
have
the
same
problem
that
we
do,
and
you
know
potentially
looking
at
breaking
out
that
secure
and
defend
pieces
of
the
code
from
everything
else,
because
I
know
some
files
get
really
large
and
long.
They
don't
I'm,
not
really
aware.
D
Learned
that
the
hard
way
we
when
we
start
doing
the
Cillian
integration,
I
start
adding
code
into
get
lab,
amar
and
then
hire
them
are
for
death
and
then
the
guys
for
a
crustacean
team
and
they
came
and
they
they
kind
of
show
us
the
way
for
going
forward
with
that.
So
that's
why
I'm
bringing
this
up,
because
it's
not
I,
know
it's
not
straightforward
to
consider
that.
E
This
is
something
so
I,
don't
know
if
I
ever
posted,
that
recording
of
the
Gila
and
Japs
1
vs.
V
2,
but
I'll,
try
and
post
on
this
channel,
because
that's
really
really
important
for
this
discussion.
The
the
issue
I
linked
here
just
now
was
sinking
you
at
a
cluster
management
project.
That's
the
plan,
a
direction
for
configure
to
go,
which
is
essentially
you
change
a
configuration
within
the
UI.
It
would
add,
like
a
enabled
true
to
a
CI
file
and
that
controls
the
chart
generation.
E
But
that's
really
important
here,
because
we
as
senior
said
there
is
no
UI
at
all
for
psyllium
right
now,
so
we
would
have
to
build
an
entire
UI.
That's
going
to
sync
to
the
cluster
management
project
as
a
prerequisite
to
having
toggles
for
this
one.
That
wasn't
really
something
that
was
raised
here,
because
there's
other
problems
to
solve.
Already
with
that,
but
there's
quite
a
few
prerequisites
together.
E
Thank
you
and
that
that
I
think
the
current
direction
is
very
similar
to
on
the
way
the
security
products
work
where
you
essentially
have
a
the
cluster
management
project
will
upload
a
report
that
has
a
list
of
configuration
and
the
applications,
and
so
we'll
have
something
in
the
database
that
we
can
reference
to
check
what
the
current
deployed
configuration
is,
but
that's
read-only.
It's
not
right.
D
And
I
can
I
can
say
that
if
we
figure
this
out
with
them,
it's
going
to
be
also
it's
going
to
clear
the
path
for
us
to
do
the
environmental
changes
for
wofe
as
well,
because
we,
the
structure,
is
going
to
be
similar.
It's
going
to
be
to
interact
with
the
pipeline's
in
the
environments
for
each
project.