►
From YouTube: Security Self-Assessment: Cluster API Part 2
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
A
Good
call,
yes,
so
see
you've
been
doing
this
more
than
often
than
me,
so
I'm
learning
from
you
good.
So
this
is
wednesday
october
27.
A
A
Okay,
cool
so
robert.
I
don't
know
if
you
had
a
chance
to
look
at
the
data
flow
diagram,
I'll
start
sharing
my
screen
and
then
we
kind
of
can
go
from
there
right.
A
A
A
A
A
B
A
So
first
thing
I
want
to
think
about
is
we
need
more
such
diagrams
for
different
point
in
time,
cluster
api
mechanisms
or
where
it
looks
like
and
how
it
looks
like
the
idea
behind
all
the
data
flow
diagrams
is
from
security
perspective.
A
We
now
start
essentially
in
a
simple
way,
look
at
every
single
flow
and
say
what
would
it
take
for
an
attacker
to
misuse
this
flow
or
if
this
particular
component
is
compromised,
what's
go
what's
at
stake?
How
can
it
be
compromised
and
those
are
the
threats
that
will
we'll
start
basically
listing
down
and
then
we'll
discuss
with
both
of
you
and
robert
and
everyone,
whether
these
make
sense,
and
sometimes
the
assumptions
will
be
wrong.
A
A
C
Where
things
are
secrets-
or
you
know,
data
needs
to
be
encrypted
and
where
there
needs
to
be
special
attention
to
administrative
data,
if
you
will
that
that
needs
to
be
guarded.
A
A
Correct,
yes,
that
makes
sense,
so
we
started
with
a
little
bit
of
the
in
transit
communication
for
some
of
them
and
we
sort
of
left
left
it
in
some
of
them
here
so
we'll
have
to
cover
for
all
the
flows
eventually
in
terms
of
admin
data,
I
think,
and
the
secrets
data.
This
seems
like
the
most
important
one
for
me
from
our
last
discussion,
where
we
have
data
here
for
a
while,
and
then
we
pick
it
up
here
and
then
it
gets
stored
in
hcd
of
the
control
plane
cluster
or
this
cluster.
B
A
A
B
A
B
Things
that
continue
to
scare
me
are
like
the
fact
that,
without
I
mean
it's
not
necessarily
a
cluster
api
concern.
Well-
and
I
mean
it's
concerned
with
cluster
operators-
that
without
say
without
policy
mechanisms,
you
can,
you
know,
extract
those
keys
from
the
host
by
mounting
the
pardon.
A
B
A
I
see
so
this
is.
This
is
why
I
think
this
these
kind
of
discussions
are
helpful
because
for
from
an
outsider
perspective,
when
you
see
secrets
you're,
like
oh,
this
time
seems
interesting,
but
it
seems
like
that
was
also
interesting
for
the
creators
of
cluster
ap
and
they
took
care
of
that
well.
But
the
other
parts
are
something
that
we
need
to
pay
attention
to.
So
I
think
that's
good.
We
don't
have
to
start
coming
up
with
threats
now,
at
least
in
my
opinion,
but
like
let's
start,
my
hope
was
with
the
time
we
have.
A
We
can
do
two
more
sessions,
including
today's,
like
this,
where
we
create
one
each
one
date
diagram
each
for
a
different
sort
of
point
in
time,
cluster
api
system
and
then
once
oh
robert
switched.
His
account
looks
like
to
policy
working
group.
A
Okay,
no
worries,
okay,
all
right,
so
so
that's
my
hope
like
it.
If
we
come
up
with
three
data
flow
diagrams
at
the
in
the
in
terms
of
our
scope
and
then
just
list
threads
based
on
that,
we
already
have
one
or
more
or
less,
and
then
we
need
two
of
them.
So
second,
one,
my
hope
was,
would
be
control.
Workload.
Control
plane
is
now
going
to
create
or
join
itself
to
a
workload
worker
node
and
how
that
is
going
to
look
like.
A
B
Yeah
sure
I
think
that
makes
sense,
I
think
the
other
one
I
think
scott
rosenberg
sort
of
highlighted
that
was
operations
around
cluster
cuttle
cli,
where
we
yeah
we're
downloading
things
from
github
we're
doing
environment
variable
substitution.
A
B
A
Before
we
go
there,
what
at
what
point
in
time
does
cluster
ctl
start
making
sense
to
use?
I
would
imagine
bootstrap
cluster
doesn't
need
cluster
ctl,
or
am
I
wrong.
B
B
Yeah
and
so.
B
Yeah,
I
think
so
I
will
need
to
decide
between
so
there's
two
modes
as
well,
just
like
in
it
that
you
want
on
the
bootstrap
cluster
like
before.
You
got
anything
like
this.
It's
just
a
blank
cluster.
So
normally
that's
going
to
be
your
kind
or
mini
cube
that
you've
just
created
just
for
the
purposes
of
using
cluster
api.
For
the
first
time.
A
B
The
other
scenario
is
like
at
the
end
of
the
process.
You
want
a
permanent
management
class.
You
want,
you
want
your
cluster
to
be
self-managing.
You
don't
want
to
have
to
rely
on
your
laptop
reconciling
against
the
cloud,
so
we
we
basically
back
up
the
resources
and
then
restore
them
to
the
new
area.
That
also
involves
reinstalling
the
components
on
the
new
cluster
as
well.
So
maybe
cluster
cuttle
move
is
the
more
appropriate
one
because
it
it
includes
the
in
it
by
nature
of
the
move.
So
it's
the
most.
A
B
B
Self-Managing
and
also
then
creates
all
further
clusters
down
down
the
road
like
workload
clusters.
We
call
it
so
we
make
this
a
management
cluster
in
in
the
terminology
right
api
terminology,
so
we've
got
a
bootstrap
cluster
on
the
left
and
we're
creating
a
management
cluster
on
the
right.
If
you
like.
B
Yeah
or
defender,
so
I
I
mean
beyond
where
tanzy
does
a
thing
that
I
don't
I
can't
remember,
but
it's
it's
basically
it's
essentially
up
to
there.
I
see
user,
slash,
mender
and
I
think
out
of
people
who
use
this
model.
I
think
it's
like
vmware
v
works
telos.
I
think,
and
kinwoke
so
yeah
there's
a
few
people
who
use
this
model,
but
I
don't
know
exactly
they
might
each
take
a
different
point
in
time
because
it
might,
you
might
want
to
install
a
whole
bunch
of
like
core
work
clothes
before
you
did
a
move.
A
B
B
B
A
B
B
B
A
A
Anything
in
red
is
basically
either
kubernetes
or
cluster
api
components.
Blue
is
the
provider,
and
purple
is
third
party
which
belongs
to
neither
of
them.
B
C
What
do
you
mean
exposing
I
mean
giving
them
any
access?
Are
they
interacting
with
this
other
than
you
know,
through
controlled
channels?
B
You
might
want
to
delegate
access
from
the
left-hand
cluster,
so
the
management
cluster,
so
that
they
can,
you
know,
create
worker
nodes
like
machine
deployment
so
and
scale
them
up
and
down.
So
it
depends.
I
guess,
on
what
the
organization
wants
to
do,
but
it
wouldn't
surprise
me
that
there
is
some
some
level
of
access.
That's
given,
on
the
left
hand,
side
to
the
user
wire
like
kubeco,
basically.
A
A
Yeah,
yes,
correct,
that's
the
main
assumption.
Anyone
who
creates
the
cluster
is
will
be
considered
admin
any
developer,
who
wants
to
consume
kubernetes
as
a
cluster
to
create
their
own
apps
and
jobs
would
have
cube
ctl
access
specific
to
the
cluster
they
want
access
to
when
they
rank
it.
You
can
correct
me
yeah.
B
C
D
A
B
C
C
B
C
B
A
Okay
cool,
so
I
have
a
separate
diagram
now
my
font
is
messy
wrong.
I'm
not
able
to
change
it
so
we'll
keep
it
as
is,
but
I'll
change
it
later.
Okay,
I
yeah.
I
don't!
I
don't
forgot
how
to
change
how
I
changed
the
font
in
the
first
place,
and
now
I
can't
change
it
back
so
anyway.
So
now
we
have
this
control
plane,
node.
A
Exactly
so,
we
have
this
control
plane
node.
Now
the
plan
is
to
create
another
one
and
I'm
assuming
another
one.
So
we'll
have
three
nodes
and
then
we
can
say
okay
now
I
want
to
not
worry
about
this
bootstrap
cluster
and
then
use
this
as
management
cluster.
So,
let's
focus
for
the
time
we
have
on
this
flow.
Hopefully
it
will
take
faster
than
last
time,
but
if
not,
we
can
continue
again
next
week
or
week
after
that.
B
Yeah
so
there's
some
bits
that
I
don't,
or
at
least
can't
remember
fully
I'll,
be
great
if
we
add
lubamir
here,
but
I
think
he's
away
or
something.
So
what
has
I
think?
One
of
the
things
that
has
happened
during
this
initiation
process
is
that
cube.
Adm
has
stored
an
encrypted
version
of
all
of
the
key
material
on
xcd.
Well,
wider
api
server.
B
A
While
the
there
is
looking
this,
these
arrows
that
don't
have
any
pointers
basically
are
both
wave
flows,
so
two
waveflows,
instead
of
so
I
just
didn't-
put
arrows
on
both
sides,
but
it
basically
is
two
waveflows.
B
Oh
actually.
I
don't
think.
B
D
B
C
D
B
Yeah,
it's
it's
all
there.
It's
all
the
sort
of
the
api
center
key
private
key
and
all
that,
because,
because
the
assumption
is
you're
going
to
stick
a
load
balance
in
front
of
it
and
you
want
to
present
the
same
certain
way.
Well,
no,
it's
not
that
it's
the
ca
sets
that
generate
all
the
yes.
So
it's
the
case,
private
key
material
got.
C
So
it's
basically
enveloping
that
and
some
wrapping
that
in
some
encryption
and
then
decrypting
it
when
it
copies
it
over,
allows
you
to
use
that
in
your
load,
balancer
or
create
create
the
search
that
you
need
for
your
load.
Balancer.
D
Yeah-
and
I
can't
remember
what
we
do.
C
B
D
For
that
kind
of
stuff,
you
do
you
happen
to
know
where,
where
that
code
is
I'd,
love
to
take
a
look
at
that
I
can
google
it
I
can
switch
around
and
get
yes,
I
do
because
it's.
B
Yeah,
I'm
going
to
assume
that
we
I
I'll
need
to
check.
I
don't
think
we
are
using
the
key
radium
copy,
so
I
think
what
we
do
for
control
plane
join.
Is
we
because
we
kappa
cappy,
has
all
of
the
key
material
anyway,
because
it
generated
it
in
the
first
place
on
the
left,
we
are
able
to
do
pretty
much
the
same
process
for
the
control
plane
joint.
Actually,
I
can't
find
a
tls
code
right
now
so
I'll.
Take
that
as
an
action
item.
B
B
All
right,
so
we
it's.
C
B
C
B
Yeah,
essentially
so,
and
we're
stuffing
that
in
secrets
manager
which
is
kms
encrypted
at
that
end,
so
just
kuba
dm's
not
directly
using
any
kms
apis
or
whatever
so
the
data
we
so
we're
just
extracting
that
out
cloud
in
it,
etc,
I'm
stuffing
it
in
so
I
think.
Actually,
maybe
we
let's
do
a
working,
no
join
and
then,
if
I'm
wrong
about
control
plane
join,
which
I
might
be,
then
we
can
come
back
to
that.
A
B
B
Say
so,
assuming
that
control
plane
is
created
said
what
the
initiation
of
creating
that
machine
is
some
scaling
operation
on
a
machine
set.
So
actually
that
happens
right
at
the
beginning.
So
right
at
the
cluster
created
the
machines
for
the
machine
deployments,
so
the
worker
nodes,
those
resources
from
a
kubernetes
perspective
would
have
been
created
immediately,
but
they
nothing
would
have
happened
because
they
were
waiting
for
a
condition
on
the
cluster
resource
which
is
along
the
lines
of
you
know,
waiting
for
the
control
plane
to
be
ready.
B
So
once
that's
happened.
A
B
A
A
B
Set
resource
and
then
a
number
of
machines
equal
to
the
number
of
replicas
that
were
requested,
okay
and
they
would
have
been
just
stuck
in
provisioning.
I
suppose.
Whilst
they
were
waiting,
so
I
as
soon
as
what
happens
is
as
soon
as
the
the
load
balance
is
created
that
that
fills
in
a
the
aws
controller
would
have
filled
in
a
control,
plane,
endpoint
field
on
its
own
resource,
the
aws
cluster
resource
back
in.
A
A
B
B
And
then
that
becomes
the
communication
point
for
everything.
So,
as
once
control
plane,
endpoint
is
filled
in
then
other
controllers
will
start
taking
action
essentially.
B
B
They're
going
to
connect
to
is
really
what
we
what's
needed
so
once
that's
happened,
the
bootstrap
controller
that
we
have
so
in
the
machine
resource.
We
have
a
bunch
of
in
references
to
other
resources,
so
an
infrastructure
machine
resource
that
matches
the
machine
and
a
bootstrap
config
resource
that
matches
the
machine.
B
B
Yeah,
you
do
so.
You
set
that
on
on
a
infrastructure
machine
template,
so
that
infrastructure,
machine
and
this
this
would
have
also
been
true
for
the
control
plane,
so
that
the
template
defines
options
which
is
generally
machine
instance
type
source
of
the
image,
so
that
this
is.
I
think
this
might
be
an
interesting
field
we
want
to.
B
A
A
Typically,
robert,
then,
you
can
also
correct
me
and
add
on
to
what
I
said
generally.
These
kind
of
scenarios
are
taken
care
of
by
using
something
like
a
two-party
or
a
second
pair
of
eyes,
kind
of
scenario,
where
I
need
two
admins
to
do
a
privileged
action,
because
that
is
sometimes
done
by
dividing
or
breaking
the
password
or
the
credential
into
two
parts.
One
is
with
one
admin,
the
other
is
with
other
admin,
and
until
you
have
both,
you
can't
really
do
that.
So
that
could
be
something
for
such
privileged
actions.
C
Yeah,
you
could
do
that,
I
think,
could
if
you're
you're
pulling
an
image
you
I
mean
there
might
be
a
way
that
you
can
put
something
like
opa
in
here
and
have
image
pull
checks,
but
yeah.
A
C
Could
both
you
could
have
kind
of
access
level,
control
and
split
party
control,
n
of
m
password
break
and
break
it
up
into
end
pieces
or
m
pieces
right?
Do
it
that
way?
I
I
you
know,
obviously
even
before
that
you
could,
if
you're,
if
you're
following
change
management,
you're,
probably
ticketing
things
and
people
are
reviewing
yeah
auditing
yeah,
I
mean,
if
you
just.
A
A
A
B
So
I
think,
I
think
that's
the
distinction
where
the
like
the
thing.
So
I
think
if
the
thing
on
the
left
is
just
your
bootstrap
on
your
laptop,
then
then
it's
really
really
the
responsibility
of
the
cloud
admin
to
set
up
the
appropriate
cloud
controls,
because
if
they
are
allowed
to
launch
malicious,
that
meant
they
always
had
permissions
to
launch
something
malicious
from
the
cloud
api
level.
The
thing
that
I
think
is
more
interesting
is
once
you've
got
the
management
cluster.
B
You
need
to
have
mechanisms
in
place
to
like
who
who
who
has
access
to
great
classes,
because
kubernetes
becomes
your
control
plane.
You,
your
you've,
lost
their
ability
to
use
their
control
mechanism
from
an
individual
level,
you're,
never
going
to
see
that
unless
we
like
start
getting
people
to
put
their
own
credentials
whenever
they
create
cluster.
But
I
don't
think
that
is
really
the
right
answer.
So
right,
yeah,
yeah,.
A
A
B
A
B
A
Lot
that
I
have
what
we're
gonna
get
yeah,
let's
see
how
much
we
can
finish
and
then,
if
needed,
we
can
have
a
longer
meeting
next
time.
B
Yeah
sure
so
right,
so
this
bootstrap
resource
is
going
to
get
created.
So
the
bootstrap
controller
is
now
then
going
to
contact
the
load
dancer
on
the
right.
This
one,
okay,
yeah
and
create
a
service
account
token
on
that
api
server.
B
Yeah
I
mean
they
all
do
really
to
some
extent.
They've
all
got
remote
clients.
B
It's
going
to
be
used
for
joining
nodes,
so
it
it
adds
to.
It
adds
the
bunch
of
groups
that
you
need
to
join
a
node,
so
the
system
group
node
bootstrappers.
I
think
it
is
and
there's
ones
that
cube
adm
has
as
well
so
the
one
that
is
well.
We
come
on
to
that.
The
one
the
super
naughty
one.
So
I'd
like
to
call
it
because
of
because
of
cuba
adm's
design,
so
we
need
to
stop
using
cube
adm.
It's
it's
going
to
be
the
end
result
of
this.
B
B
A
B
A
B
B
A
B
A
A
Okay
and
this
one
is
created
using
machine
set
and
machine
templates
that
we
discussed
earlier.
A
B
A
B
A
A
B
B
Okay,
so
kubrick
creates
a
certificate
signing
request.
B
A
B
A
A
A
A
B
A
B
B
Terms
of
whatever
the
only
other
thing
that
can
happen
is
cloud
controller
manager
which,
if
you're
not
using
out
a
tree,
is
inside
controller
manager.
I
think
isn't
it.
I
can't
remember
yes,
so
the
cloud
controller
manager
is
going
to
validate
the
node
name
against
the
ec2
api.
So
there
is
a
line
from
the
controller
manager
up
to
ec2
api.
B
A
A
B
A
B
A
Okay,
so
I
think
we'll
stop
here.
I
have
couple
of
boxes
to
add
and
one
flow
to
ec2
api
I'll,
send
this
again
and
put
it
in
the
docs,
like
we
discussed,
so
that
we
don't
have
it
in
slack
anything
else.
We
should.
We
should
continue
on
here
and
potentially
go
back
to
how
a
control
plane
node
can
be
joined
with
other
control,
plane
nodes
next
time.
B
A
C
A
Okay,
all
right:
okay,
we'll
figure
out
something
either
next
week,
tuesday
or
maybe
a
week
after
that.
What.
A
Yeah,
I
thought,
like
we
didn't,
do
much
progress
today,
so
maybe
just
for
next
week
we
can
meet
immediately
and
then,
after
that
we
can
do
every
two
weeks.
A
That
works,
okay,
that
time
works
for
you.
You
stay
same
time:
yeah,
okay,
cool,
we'll!
Try
that
unless
something
else
comes
up
for
all
of
us,
but
okay.