►
From YouTube: SIG Instrumentation 20200625
Description
SIG Instrumentation Meeting June 25th 2020
A
Okay,
today
is
sick,
instrumentation
meeting
of
june
25th,
frederick,
you
were
saying.
B
I
was
just
gonna
ask
david
if
he
could
give
us
a
quick
follow-up
from
the
discussion
that
we
had
last
time
where
we
he
was
gonna,
go
to
sig
note
and
ask
about
the
additional
metadata
in
log
paths.
I
believe
yep.
So
you.
C
C
So
there
are
two
concerns
that
came
up,
which
I
think
were
already
were
the
reasons
that
they
didn't
do
this
in
the
initial
version
of
the
cri
log
format.
But
one
being
that
there's
there's
some
limitations
with
how
much
stuff
you
can
stick
in
a
file
path,
and
so
there
were
concerns
that
we
can't
just.
We
may
not
be
able
to
add
it
directly
to
the
path
for
the
file.
The
second
concern
being
scalability
just
because
we
would
have
to
watch
namespace
objects
from
all
the
nodes
so
yeah.
That
was
the
feedback.
C
B
So
I'm
not
sure
we're
actually
the
right,
like
group
to
discuss
this
necessarily,
but
we
have
han
from
aki
machinery
like.
I
wonder
how
this
is
not
a
problem
with
basically
any
any
resource
right
like
anything,
that's
name-spaced,
the
namespace
may
be
deleted
and
critically
recreated
or,
like
maybe
there's
just
some
external
thing
that
doesn't
necessarily
watch
right
and
just
it
could
be
an
entirely
new
namespace
right
like
could
I
it
seems
it
seems
unreasonable
to
do
this,
but
like
and
an
obvious
solution
to
this
could
be
like.
B
B
So
the
the
issue
describes
how
log
metadata
essentially
lacks,
not
just
it
has
the
namespace
name,
but
it
doesn't
have
the
namespace
uid,
and
so
there
can
be
certain
situations
where,
like
recreating.
This
namespace
may
actually
cause
like
a
separate
namespace
to
exist,
but
it
happens
to
collide
with
the
name
right.
A
Yeah,
but
that
thing
is
kind
of
broken
right
now.
Anyway,
right
I
mean,
like
I've,
definitely
seen
orphaned
objects
under
namespace,
where
basically
in
order
to
clean
them
up
like
you've
got
garbage
collection,
failed
or
whatever.
You
basically
have
to
recreate
the
namespace,
so
you're
going
to
have
a
different
uid,
but
it's
effectively
the
same.
C
E
A
E
Could
could
the
pods
migrate
between
namespaces?
What
I
mean
here
is
garbage
collected,
didn't
work
and
someone
recreated
the
namespace
with
the
same
name.
So
I'm
asking,
are
we
worried
about
the
case
when
using
the
name
podlocks
using
the
name
of
the
namespace?
Some
somehow
would
not
belong
to
the
same
namespace
that
after
it
was
deleted.
A
A
Yeah:
okay,
let's
just
clarify
that
on
an
issue,
but
we
we
do
have
an
agenda
yeah
with
was
it
alex
and
patrick.
D
Yeah
we
we
we're
here-
this
is
alex
and
patrick
is
also.
I
see
him
online.
I
think,
last
time,
last
time
we
attempted
to
present
sort
of
the
background.
We
ran
out
a
little
bit
of
time,
so
I
just
kind
of
want
to
throw
it
to
the
folks
on
on
the
meeting.
D
If
the
background
is
necessary,
like
explaining
static
analysis
versus
dynamic
analysis
and
why
we
need
both-
or
we
should
just
kind
of
like
happy
to
answer
some
questions
that
you
may
have
related
to
the
cap
like
we
are
flexible.
So
let
us
know
how
you
would
like
us
to
proceed.
A
Well,
just
just
for
context,
I
mean
david
and
I
met
with
alex
offline.
I
think
a
couple
weeks
ago
and
he
clarified
a
couple
things
for
us,
which
I
I
don't
think
we
had
fully
understood,
and
so
I
I
thought
it
was
kind
of
important
that
it
was
mentioned
here
so
that
other
people
are
also
on
the
same
page,
about.
D
Okay,
so
presentation
like
like
10
introduction
into
this
topic:
okay,
perfect,
can
you
make
me
a
presenter
somehow.
F
D
All
right,
can
you
guys
see
the
the
deck.
D
D
D
Well,
that's
good
all
right,
so
just
a
little
bit
of
a
background,
so
I'm
my
name
is
alex
chernicholski
and
with
me
here
I
also
have
patrick
romberg
and
we
are
both
on
gt
security
team
and
in
the
last
year,
or
so,
we've
been
working
on
developing
a
solution
for
developing
tooling
to
help
developers
have
developers
catch
early
mistakes
they
make
with
respect
to
logging,
potentially
sensitive
data
to
to
you
know
to
logs,
and
in
this
context
we
basically
thought
that
it
would
be
a
good
idea
to
share
the
tooling
and
sort
of
the
expertise
with
the
broader
community
kubernetes
community
and
in
a
recent
fairly
recently
we
open
source
the
static
analysis
tool
that
basically,
is
the
same
tooling
we
use
internally
in
ing
key
and
how
this
relates
to
how
this
relates
to
the
cap.
D
So
the
kia
proposes
to
extend
the
k
log
in
order
to
analyze
the
objects
sent
to
the
to
send
to
the
keylogging
library
and
find
potential
potential
credential,
let's
use
the
term
credentials,
but
it
could
be
something
else
that
we
don't
want
to
allow,
and
there
were
a
couple
of
questions.
There
were
several
good
questions
on
the
on
the
cap
in
the
discussion
about.
D
D
Based
on
our
experience,
we
found
that
at
the
moment
at
least
the
best
approach
is
actually
to
use
both,
because
that
provides
the
best
coverage.
There
are
some
certain
edge
cases
within
within
static
analysis,
tooling,
that
the
educators,
which
are
difficult
to
catch
with
the
static
analysis
and,
on
the
contrary,
like
dynamic
analysis
like
at
the
time
of
the
runtime
within
k
log,
are,
you
know
better
better
to
detect
things,
so
that
is
kind
of
the
tldr
and
the
rest.
D
I'm
just
kind
of
want
to
give
you
a
little
bit
of
a
background
about
the
static
analysis.
I
don't
know
if
we
will
do
the
demo
just
just
to
save
time.
I
think
the
damn
is
not
particularly
exciting
because
it
just
basically
analyzes
the
source
code
and
finds
the
line
where
we
send
something
to
log
in
it
prints
the
line
where
we
found
that
error
message.
Sorry,
we
found
that
occurrence.
D
So
so
what
is
like
precisely?
What
is
a
static
analysis
and
what
is
it
exactly?
How
does
it
work
so?
The
type
of
static
analysis
that
we
are
using
is
called
the
team
propagation
analysis,
and
this
is
a
type
of
dynamic
analysis
where,
with
the
flow
of
the
data
potential
execution
flows
of
the
data
is
analyzed
and
we
detect
instances
where
user
inputs
exit
the
boundary
of
a
program
without
being
first
sanitized.
D
So,
in
other
words
like
imagine
like
a
kubernetes
secret
or,
for
example,
token
review
object,
which
contains
sensitive
information
and
somewhere,
it
is
initiated
and
it
flows
through
the
kubernetes
code
base,
and
eventually
it
may
hit
something.
What
we
call
a
sync,
a
sync
is
something
that
takes
the
data
and
takes
it
outside
the
boundary
of
the
process.
It
could
be
a
log,
it
could
be
http
call,
it
could
be
just
writing
to
disk.
D
D
Interestingly
enough,
this,
this
form
of
static
analysis
started
out
in
the
you
know,
started
out
to
fight
the
cross-site
scripting
attacks,
where
you
know
malicious
users
input
potentially
like
malicious
javascript
into
the
web
form,
and
then
that
gets
saved
to
the
database
and
later
on
it
can,
you
know,
do
some
bad
things
when
users
load
those
pages
back,
so
this
is
kind
of
the
same
principle.
D
We
basically
assume
that
the
something
is
stated
and
we'll
look
for
instances
where
it
is
sent
to
the
to
the
sink,
so
the
concept
of
a
sanitizer
which
is
important
again.
So,
ideally,
you
want
to
have
a
library
within
the
within
the
I
think,
within
the
kubernetes
code
base.
D
Ideally,
we
want
to
have
a
library
that
knows
how
to
sanitize
things
so
like,
for
example,
when
it
receives
an
object,
it
knows
how
to
make
it
safe
for
logging,
and
I
think
essentially,
this
is
what
this
cab
proposes,
that
k
log
will
become
this
sort
of
library.
It
sort
of
combines.
D
You
know,
combines
two
functionalities,
it
it
logs,
but
it
also
sanitizes,
but
obviously,
as
part
of
the
implementation
will
actually
separate
those
two
functionalities.
But
from
the
simplicity
point
of
view,
you
can
think
of
k
log
becoming
both
sanitizer
and
logger
and,
of
course,
from
static
analysis.
Point
of
view.
If
we
detect
that
the
data
is
sanitized
before
it
exits
the
boundary
of
the
process,
then
that's
fine.
We
don't
have
to
raise
any
any.
We
don't
have
to
raise
any
concerns
there.
D
So
there's
also
this
issue
of
propagators,
which
is
a
very
tricky.
This
is
where
things
become
quite
tricky.
Think
of,
for
example,
like,
for
example,
grpc.
So
like
rpt
or
product
product,
you
know
product
proper
web
copying
like
you,
take
something
and
you
convert
it
into
a
different
format
like
you.
Take,
for
example,
a
string,
a
secret
object
and
you
convert
it
to
a
string
so
that
now
the
string
is
also
tainted
right.
D
D
I
think
there's
some
some
noise
coming
from
one
of
the
one
of
that
ngs.
If
you
could
just
mute
yourself,
that
would
be
awesome.
D
D
Of
course,
this
is
operating
at
runtime,
dynamic,
analyzers,
leverage,
reflection
and
using,
and
potentially
you
also
use
the
call
stack
analysis
to
identify
potential
sources.
D
So
why
do
we
need
both
so
identifying
painted
data
is
hard.
It's
a
hard
problem.
It's
still
under
subject
of
active
research.
D
So
therefore,
we
recommend
for
best
results
to
use
a
defense
and
depth
approach
and
use
both
static
and
dynamic
analysis.
So,
essentially,
what
we
are
saying
here
is
that
this
is
the
first
cap
that
we
are
proposing
to
solve
to
to
to
mitigate
the
risk
of
logging
credentials,
and
we
will
be
following
up
with
another
cap
where
we
will
propose
the
use
of
a
static
analysis
tool
as
part
of
the
pre-submit
pre-submit
pipeline
within
kubernetes,
so,
but
just
to
keep
sort
of
kept
actionable.
A
Yeah
so
for
me
that
was
like
the
key
thing
that
was
missing
from
it
was
because
every
the
static
analysis
question
is
kind
of,
I
guess,
the
obvious
one
that
people
have
yeah
and
then
and
then
basically,
when
I
understood
that
you
had
intended
to
do
the
static
analysis
thing
and
that
you
in
fact
already
had
code
for
it.
I
thought
that
was
particularly
relevant,
especially
considering
that
merrick
just
implemented
the
aesthetic
analysis
piece
for
instrumentation,
and
so
I
could
probably
give
a
couple
pointers.
D
Yeah
we're
already
talking
to
we're
already
talking
to
american,
we
and-
and
he
was
very
gracious
and
then
provided
a
very
detailed
list
of
things
we
need
to
think
about,
and
so
so
yeah
this
is.
This
is
what
patrick
will
be
working
in
the
coming
month.
But
hopefully
this
gives
you
some
idea
that
it's
it's
not
one
versus
the
other.
It's
really
it's
really
both
that
we
need
to
implement
for
the
best
results,
and
this
is
just
the
first
portion
of
of
this
effort.
D
Right
right,
it
is
so
so
the
so
the
big
yeah,
so
the
dynamic
analysis
by
definition,
runs
at
at
execution
time
and
it
runs
constantly
and
essentially
every
time
there
is
a
there
is
a
call
to
k
log
some
logic.
Some
some
logic
will
run
in
order
to
determine
whether
or
not
it
is
safe
to
log
this
piece
of
data.
D
The
the
the
new
ideas,
though
there
is
to
rely
on
caching,
so
the
sort
of
the
general
idea
there
is
that
99
of
the
calls
will
not
have
will
not
have
credentials
to
them.
So
basically,
once
we
analyze
the
call
call
site-
and
we
determine
that
it
is
not
producing
that
it
is
not
producing
any
credentials.
Then
we
can
probably
catch
that
fact
for
some
time,
and
that
will
be
the
main
idea
behind
optimization
yeah.
D
But
this
is
something
we
will
probably
best
discuss
like
as
part
of
the
implementation
on
the
cl
and
we'll
provide
some
benchmarks,
et
cetera,
et
cetera.
But
it's
certainly
on
the
top
of
our
mind
with
respect
to
how
how
to
minimize
the
performance,
overhead.
F
Yeah,
just
to
make
clear
there
will
be
a
switch
which
will
be
which
users
will
be
able
to
use
to
switch
on
this
functionality
and
as
for
now,
we
propose
to
to
this
functionalism
to
be
switched
off
by
default.
So
the
the
overhead
should
be
really
really
minimal
in
case
of
functionality
being
switched
off.
D
Yeah
yeah,
you
exactly
right
bible.
As
a
matter
of
fact,
the
way
I
look
at
dynamic
analysis,
eventually
like
once
we
mature,
is
that
it's
quite
possible
that,
like
that
users
will
actually
run
this
dynamic
analysis
in
their
testing
and
staging
environments
and
basically
issue
alerts
when
something
is
found
and
fix
the
problems
before
they
go
into
production
and
then
basically
running
in
production.
It
may
or
may
not
be
even
something
that
that
that
users,
the
users
need,
but
I
think
they're
not
quite
there.
D
Yet
I
think
not
everybody
at
that
maturity
level
to
you
know
to
to
set
up
alerts
and
react
to
them
in
testing
and
staging
pieces.
A
D
D
I
think
I
guess
my
question
is:
what
do
you
think
would
be
an
acceptable
overhead
and-
and
I
think
we
will
just
keep
it
in
mind
as
we
implement
this,
and
I
mean
I
guess
zero
probably
like
like.
Would
you
know,
20
30,
millisecond
overhead
be
sufficient
like
be
acceptable
like
what?
What
do
we
think
would
be
something
that
a
community
would
accept.
A
Voidchuck,
you
should
talk
to
boycott
okay,
yes
sure
yeah
sure,
but
the
thing
on
so
on
instrumentation
side
that
the
thing
that
is
particularly
relevant
is
the
api
surface,
which
you
are
expanding
in
k-log,
right,
right
and
particularly
the
filter
methods
or
whatever,
which
I
think
is
actually
just
generically,
probably
very
useful
for
us,
because
that
basically
gives
us
an
injection
mechanism
right.
It's
it's
almost
like
a
like
layered
handlers
or
something.
D
Exactly
exactly
yeah,
I
I
yeah,
I
agree.
I
think
it
will
be
useful
feature
for
potentially
other
things
as
well,
but
yeah,
I
think
performance
will
come,
become
very
important
and
we
fully
aware
of
that-
and
we
are
thinking
very
hard
about
how
to
minimize
this.
The
best
we
can
we
will
produce
some
numbers.
D
I
know
pavel
already
did
some
like
experiments
like
instrumenting
kellogg
and
looking
at
what
potential
overhead
that
made
me
you
know
produce,
but
I
think
I
think
it
will
be
probably
best
to
discuss
us
over
cls
and
benchmarks
like
like
what's
happening
there.
A
I
personally
have
no
objection
to
expanding
the
k-log
interface
to
add
this
filter
mechanism,
because
adding
layered
handlers
for
logging
could
be
generically
useful.
I
I
don't
know
how
everyone
else
feels
about
that.
I
think
that's,
probably
the
most
significant
change
from
an
instrumentation
perspective.
A
But
does
anyone
well.
B
Against
this
I
do
think,
but
that
that's
also
probably
because
I
just
haven't,
spent
enough
time
with
k-log
myself.
So
I
would
very
much
like
us
to
get
a
review
on
this
from
sally
and
tim
hawkin,
because
they
they've
been
quite
in
the
weeds
of
the
kellogg
b2
as
well
as
well
as
mark,
obviously
so
like.
I
would
like
to
delegate
that,
essentially
to
them
and
if
they're
comfortable
with
this,
I'm
perfectly
happy
with
moving
forward
with
this.
E
Yeah
yeah,
definitely,
I
think
their
feedback
would
be
useful.
I
think
there's
some
ideas
hanging
in
tim's
head
to
like
deprec
like
stop
running
or
on
k-lok,
because
it's
starting
to
be
a
wrapper
for
our,
like
customized
implementations
of
login,
like
the
current
structure
logging
cap,
introduces
a
pluggable
system
for
logging
for
json
and
like
this
is
the
direction.
This
is
also
the
interface
that
they
designed
so
I'll
be
very
interested
in
their
feedback.
How
how
this
will
like
how
this
mechanism
would
be
integrated
with
it?
A
Would
it
make
sense
that,
wouldn't
it
make
sense
more
to
implement
the
static
analysis
piece
first,
because
since
we're
actually
actively
working
on
replacing
k
log
with
the
structured
logging
thing,
it
would
almost
make
more
sense
to
do
the
static
analysis
piece
and
then
to
integrate
directly
with
structured
logging
as
a
second
step,
if
that's
available
right
like
because
that
could
be
available.
E
Yeah
so
currently
like
there
are
two
layers
k.
Log
currently
is
its
own
implementation
that
also
grabs
the
lower
level
interface
that
we
want
to
like,
go
deeper
and
start
developing
and
at
some
point,
maybe
reverse
those
so
k
lock,
would
not
be
a
default
implementation.
It
would
be
one
of
deployment.
Implementations
yeah,
like
whatever
like
k,
look
already
like
it,
should
be
pretty
easy
to
already
like
integrate.
One
of
those.
E
D
Just
I
know
we
have
one
minute.
I
just
want
to
throw
one
thought
why
the
the
sequence
you
so
you
can
certainly
do
it
the
other
way
around.
We
can
start
with
the
static
analysis
and
the
dynamic
analysis
later,
but
what
we
found
from
our
experience
that
static,
dynamic
analysis
was
finding
thing.
Basically,
the
the
challenge
with
static
analysis
is
knowing
the
types
that
contain
credentials.
D
What
we
found
is
by
using
dynamic
analysis.
We
were
learning
about
the
system
about
the
types
that
actually
produce
credentials
and
that
would
feed
the
basically
it's
a
kind
of
a
feedback
loop.
We
find
something
with
a
dynamic
analysis
and
we
extend
the
configuration
of
the
static
analysis
to
know
hey.
This
type
here
can
also
contain
pi.
D
A
Well,
from
a
safety
perspective,
static
analysis
has
no
performance
cost,
so
you
can
introduce
a
static
analysis
that
does
very
little
and
no
one's
going
to
object
to
it
because
it
runs
in
pre-commit,
correct.
It's
like
like.
There's
no
blockers
like
you
just
and
it's
super
easy
to
do
like
it.
Just
you
just
yeah,
it's
like
it's.
It's
like
yeah.
D
Yeah
yeah
patrick
already
running
it
on
his
workstation.
We
already.
Actually
we
actually.
I
already
found
one
bug
and
and
fix
this,
so
so
we're
already
doing
this,
it's
absolutely
absolutely
right.
It's
something
that,
like
we
can
just
do
it
like.
No,
we
don't
even
need
to
ask
like
it
would
be
nice
to
do
it
every
submit,
but
we
are
running
it
on
a
regular
basis
and
we
find
something
we
reported
yeah.
D
I
I
think
I
I
think,
but
do
you
think
it
has
a
relevance
on
this
camp
like
would
you
do
you
think
it
changes
anything
in
the
what
this
cab
proposes.
A
Yes,
because
mostly,
I
think
everyone
was
wondering
about
the
static
analysis
about
during
this
cap
so
like.
If
the
second
analysis
question
was
answered,
then
basically
you'd
be
like
oh
yeah.
We
already
have
the
static
analysis,
we're
supplementing
this
and
then
explain
the
dynamic
interactions
between
the
two,
as
opposed
to
we're
doing
this
dynamic
analysis
thing
first,
but
it's
like
there's
a
performance
class.
We
so
I
mean
yeah,
that's
how
I
think
of
things
and
possibly
other
people
will
may
go
through
that
cycle
of
god.
D
C
I
think
we're
out
of
time
thanks
everyone,
and
especially
the
presenters
today
and
we'll
see
everyone
next
week.
A
All
right,
yeah,
thank
you
and
yeah.
The
the
proposal
looks
good
to
me
and
you
know
I'm
I'm,
okay
with
it.
If
yeah
the
the
luck
things
or
whatever
so.
D
Well,
thank
you.
Thank
you
so
much
for
for
your
time.
It
was
it
was.
It
was
very
nice
of
talking
to
you
guys,
so
hopefully
we
can
we
can.
We
can
make
this
make
forward
on
this
really
appreciate
your
feedback
thanks.