►
From YouTube: Kubernetes SIG Security 20230126
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
kubernetes
security.
It
is
absolutely
a
delight
to
see
all
of
you.
I
am
partially
back
from
my
medical
leave.
I'm,
not
I'm,
not
actually
at
my
day
job
yet
but
I'm,
starting
to
roll
into
doing
some
kubernetes
Community
things
I'm,
Tabitha,
Sable
she
or
they
and
I'm
just
happy
to
help
to
make
this
space
for
all
of
us
to
improve
kubernetes
security.
Together
as
we
do,
we
bounce
around
the
room
and
people
can
give
real
briefer
introductions
to
themselves
if
they
like.
B
Hi
I'm
Ian
Coldwater
I
am
the
co-chair
of
kubernetes
security
here.
This
is
patch
cuddled
up
angelically.
Next
to
me
and
ode
who's
going
to
be
running
around
causing
trouble
on
camera.
The
whole
meeting
I
am
here
to
help
improve
kubernetes
security
hack.
The
planet
make
friends
and
hack
the
planet.
With
my
friends.
D
I
can
go
next,
so
I'm
really
I
I,
do
security
stuff
for
this
dog
and
I'm
always
happy
to
try
and
help
out
in
any
kubernetes
related
security
stuff.
There
is
to
be
helped
out
with.
E
Hi
everyone
I
am
Grace
I,
do
a
lot
of
sick
release
stuff
currently
in
seeing
signal
and
take
release
as
well
just
happy
to
be
around
here.
F
Hey
I'm
Kaylin
I'm,
a
infrastructure
security
engineer
at
Shopify
I've
been
working
with
Sig
security
since
kubecon
EU
last
year
and
loving
it
and
right
now,
I'm
really
focused
on
6cli
stuff,
so
not
as
present
but
trying
to
infiltrate
them
and
get
them
to
do
security.
Things
so
always
got
sick.
Security
on
the
mind.
G
H
I'm
Ola
I,
head
up
the
self-assessment
sub
project
and
yeah
I
will
I
will
borrow
the
phrasing
of
I'm
here
to
learn
things
and
hack
things
and
have
fun
and
do
all
those
things
with
my
friends
I
think
I
did
a
horrible
job
paraphrasing
that
I
apologize
but
yeah.
That's
me
nice
to
be
here
pronounce
she
here,
foreign.
I
Security
engineer
over
on
the
kubernetes
hardening
team
at
Google,
under
GK
security
yeah
just
here,
to
learn
small
U
one
of
the
folks
and
maybe
contribute
a
little
bit.
It's
all
to
do
with
a
document
all
that
threats
about
it.
I,
like
my
thoughts
about
kubernetes
cbss
scoring,
so
we'll
talk
about
that
later
and
see
y'all
this
morning,.
K
L
M
A
E
And
just
here
to
see
what's
going
on
with
security
and
kubernetes.
N
Hi,
everyone
I'm
and
yeah
I
work
from
I
work
at
a
new
company
now,
which
is
a
named
ISO
Village.
You
may
know.
O
P
Hi
I'm
balata,
working
with
the
college
Contender
security
team
here
here
to
learn
more
about
about
this
group
and
possibly
contribute
thank.
A
A
All
right,
so
we
usually
start
out
by
hearing
what
has
been
going
on
in
the
various
subgroups
and
so
I
will
read
the
notes
that
Rey
has
left
for
us
on
behalf
of
the
third
party
security
audit.
Src
had
a
time
last
week
reviewing
the
last
remaining
results
from
the
third
party
security
audit
and
now
waiting
on
confirmation
from
a
couple
of
cigs
on
some
of
those
findings
before
publishing
the
audit
results
publicly.
G
Hi
so
I
wanted
to
start
by
saying
thanks
to
Rory
last
meeting
I
couldn't
make
it
I
had
a
conflict
and
I
was
going
to
join
late,
and
thank
you
Roy
for
talking
about
tech
security,
dogs.
My
behalf
I
appreciate
it
now.
Moving
on
to
the
updates,
we
have
a
draft
PR
from
Fabian
on
the
confidential
kubernetes,
so
it
has
gotten
a
lot
of
reviews
and
if
you
are
interested,
please
stop
at
the
pr
add
your
comments
and
thoughts
and
I
think
there
is
also
a
slack
thread.
G
I
will
find
that
and
I
will
put
that
in
the
agenda
for
that
confidential
Computing
Post
in
the
next
up.
One
is
the
hardening
guide
effort
that
Kalin
has
revived.
Thank
you.
G
The
Karen
and
Rory
have
divided
the
task,
the
guide
into
various
smaller
sections,
so
that
new
contributors,
anyone
could
pick
it
up
pick
up
a
section
and
also
like
we
can
incrementally
build
up.
So
there
is
a
authentication
section.
Draft
available
feedback
and
reviews
are
welcome.
G
I
think
I
haven't
missed
anything
the
tile
in
the
top
of
my
head.
Thank
you.
Everyone
for
helping
make
dogs
better.
D
Just
to
chime
in
real
quick
on
the
at
the
the
hack
MD
link,
that's
there!
This
is
a
really
rough
draft.
Don't
feel
afraid
you
want
to
make
major
changes.
This
is
just
ideas
I've
had
if
someone
thinks
this
is
not
a
good
way
or
we
should
totally
change
it,
I'm
very
open
to
that.
So
please
feel
free
to
read
through
and
see
what
you
think.
A
Thanks
for
tossing
that
out
there
to
make
a
start
on
it,
I
I
find
that
Loosely
organized
group
collaborative
projects
tend
to
go
really
well
when
somebody
can
start
with
something
so
that
then
folks
can
have
a
skeleton
to
hang
their
ideas
on
like,
even
if,
even
if
my
feedback
is
I
think
this
is
all
wrong
and
then
I
tell
you
what
I
think
is
right.
Then
that's
not
that's
not
a
great
way
to
approach
these
things,
but
even
even
that
leads
to
some
more
progress
than
an
empty
document.
Thank
you.
O
F
G
You,
okay,
so
I
think
you
can
just
comment
on
the
section
and
then
the
issue
owner
can
update
it.
So
we
for
now
we
can
just
keep
track
on
the
comments.
D
A
Right
chuling
looks
like
we
have
a
few
small
updates
from
tooling.
Would
anybody
like
to
present
those
otherwise
I
will
I.
N
Think
I
can
present
like
just
the
the
progress
that
were
made
on
the
like
Improvement
for
Gap,
three,
two
zero
three-
and
it's
mostly
like
the
most
of
the
comments
were
like
addressed
in
the
case:
security
and
Camera
site
PRS.
So
no
it's
mostly
about
like
merging
them
and
merging
them
like
simultaneously
like
at
the
same
time.
You
know
because
one
will
break
the
other
and
the
other
will
break
the
other.
So
far
we
cannot
break.
We
cannot
merge
just
one
it
could
be.
It
will
break.
N
Exactly
so,
I
don't
know
how
it
will
happen,
I
think
we
will
merge,
maybe
the
script,
then
the
the
HTML
website
integration
will
break
and
then
we'll
reach
the
website.
So
yeah
I.
N
Yeah
yeah
sure
but
I
think
maybe
pushkam
will
help
me
and
maybe
team
as
well
will
amend
it
on
that
things,
but
anyway,
I
will
not
merge
them.
So
no
worries
awesome.
N
Yeah
I
think
we
have
still
Sometimes
some
time
to
to
merge
them
before
127.
So
it's.
C
N
A
N
A
That
makes
sense
yeah
just
I
if
I
remember
correctly,
a
a
sick
lead
has
to
opt
it
in
on
the
on
the
form,
so
just
ping
us,
if
you
need
us
to
to
sign
a
form
for
you.
That's
that's
one
of
the
that's
one
of
the
many
things
that
we're
glad
to
do
on
behalf
of
the
rest
of
the
group.
Yeah
no
worries
thanks.
H
A
couple
of
awesome
updates,
so
just
a
reminder:
I
just
needed
an
approval
on
the
pr
to
create
a
slot
channel
for
the
vsphere
CSI
driver,
self-assessment,
I'm,
gonna
start
just
coordinating
kind
of
efforts
on
that
in
DMS.
In
the
meantime,
I
can
take
out
so
yeah
we're
getting
the
the
meeting
invite
set
up
for
self-assessments
and
Tabby
we're
coordinating
on
that.
So
I'm
just
going
to
take
that
out
of
the
notes,
I
don't
need
to
cover
that
so
very
exciting.
H
Last
week,
wait
last
week
week
before
I,
don't
know.
Sometime
in
the
past
few
weeks,
I
sent
out
a
survey
I
hit
up
a
couple
of
different
mailing
lists,
put
it
in
a
few
slack
channels,
so
just
assess
the
appetite
for
threat.
Modeling
workshops
at
kubecons
and
I
just
wanted
to
go
through
some
of
the
responses,
because
I
thought
they
were
really
interesting.
So.
H
Overview
of
the
of
the
feedback
so
far,
so
there
were
12
responses,
which
I
think
is
a
I,
wasn't
really
sure
what
to
expect
in
terms
of
participation
but
I
think
it's
a
pretty
healthy
response.
H
Everyone
expressed
High
interest,
and
actually
would
it
be
okay
if
I
shared
my
screen
really
quick
to
just
like
scroll
through
the
survey
results.
Would
that
be.
H
H
Okay,
so
yeah
there
were
12
responses.
Everyone
expressed
very
much
interest
in
this,
which
was
really
exciting.
I
I,
honestly,
wasn't
you
know
it's
a
survey
to
assess
interest
and
I
was
like
I,
don't
know.
Maybe
some
folks
won't
be
excited
about
this,
but
everyone
who
replied
is
very
excited,
I'll,
just
scroll
past
the
emails,
real
quick
and
then
there
was
of
the
12
responses
a
lot
of
folks.
H
You
know
it's
pretty,
even
in
terms
of
both
the
as
it
were
physical
in
person
sessions
to
for
this
year,
but
I
also
was
a
little
bit.
H
I
was
like
oh
I,
didn't
I,
wasn't
really
sure
like
what
the
live
or
online
Workshop
option
would
be,
and
I
was
actually
really
pleased
to
see
that
people
were
open
to
that,
because
I
just
think
that
that
you
know
thinking
about
like
our
mission
here
and
making
security
like
accessible
collaborative
open,
like
you
know,
it's
just
like
I
wanna,
it's
like
being
physically
at
kubecon,
isn't
realistic
for
people
who
you
know
just
have
lives
and
children
and
just
work
commitments
and
stuff.
H
So
I'm
just
really
glad
that
there's
appetite
for
you
know
an
online
version.
H
They're
yeah
lots
of
different
suggestions
for
projects
to
threat
model
within
kubernetes,
so
that
was
great
and
then
what
I
also
thought
was
interesting
was
that
this
is
weird
yeah
Google's
having
a
hard
time
was
that
yeah,
a
lot
of
folks
replied
that
they
don't
have
a
data
flow
diagram,
which
is
of
course,
the
kind
of
the
foundation
that
you
start
from
when
you
do
a
threat
model,
so
that
definitely
gives
me
a
strong
signal
that
making
sure
that
these
are
in
place
and
of
high
quality.
H
Before
we
do
something
like
this
as
much
as
possible.
Of
course,
we,
you
know,
we
only
increase
likelihoods,
we
don't
actually
control
anything,
but
just
making
sure
that
people
are
as
prepared
as
they
can
be.
Is
is
a
really
good
starting
point
here
and
then
you
know
a
fair
amount
of
folks
were
interested
in
either
volunteering
themselves
to
help
with
this
kind
of
thing
or
knew
someone
who
could
be
a
coach.
You
know
for
the
session
as
it
were
so
and
then
yeah,
that's
that's.
H
Basically
it
so
yeah
I'm
I
definitely
feel
a
lot
more
confident
now
that
I
have
some
visibility
until
like
the
appetite
and
kind
of
the
Dynamics
around
this
stuff.
So
just
given
that
you
know
lead
time
to
Amsterdam
is
closing
I
I'm,
not
entirely
sure
that
I'll
be
able
to
get
something
organized
in
time,
for
that
also
I'm,
not
entirely
sure
that
I'll
be
physically
present.
H
But
the
fact
that,
like
an
online
option,
is
something
that
people
are
interested
in
again
gives
us
just
more
flexibility,
and
then
you
know
Chicago
is
is
easier
for
me
to
get
to
so.
Yeah
there's
definitely
interest
there
as
well.
H
And
I
think
that's
it
for
yourself
assessments
any
or
at
least
on
my
side.
What
questions
are
there
from
the
game
here.
A
And
so,
even
if
a
few
of
us
who
would
like
to
plan
on
leading
such
efforts
may
not
be
in
Amsterdam,
it
seems
like
there
is
an
opening
there
if
folks
get
together
at
cantrip
Summit
to
just
purely
peer-to-peer
that
so
so
that's
a
that's
a
thing,
I
think
for
us
to
keep
in
mind
as
we
are
evaluating
whether
or
not
we're
going
to
be
in
Amsterdam
like
can
we
do
anything
to
if
we're
not
there
can
we
do
anything
to
set
Folks
up
to
succeed
while
they
are
there.
Oh.
H
Cool,
how
would
so
would
that
be
just
working
with
the
the
folks
who
are
setting
up
contrib
Summit
for
like
hey?
Can
you
know
of
the
people
who
are
there
like
organizing
kind
of
a
session
for
like
a
the
data
flow
diagram
session
or
something
like
which
is
just
generally
great
to
have,
but,
like
oh
fun
fact,
you
could
use
this
to
build
a
threat
model
at
Chicago.
If
you
wanted
to
or
something
like
yeah,
how
was
that?
How
would
we
go
about
setting
up
such
Mischief?
There's.
F
I
happened
to
be
volunteering
for
content
for
contributor
Summit,
so
would
be
up
for
helping
with
that
and
I
will
obviously
be
there.
D
B
Nice
I
assume
that
what
a
security
Village
is
is
it
would
be
on
the
Defcon
model
of
like
you
have
one
large
conference,
and
then
you
have
kind
of
smaller
spaces
that
are
dedicated
to
specific
topics.
So
at
Defcon,
because
the
whole
thing
is
security
related.
They
have
like
a
red
team
Village
and
a
hacking
saddle
Lakes
Village,
and
you
know
a
blue
team,
Village
and
whatnot,
and
in
this
case
maybe
security
would
be
just
a
sort
of
sub-topic
that
could
have
a
kind
of
smaller
space
dedicated
to
it.
A
J
Hi
yeah
so
actually
I
think
that
right
now,
I've
reached
the
first
Milestone
of
of
that
work.
J
That
I've
started
when
joining
this
Team,
which
is
to
create
a
blog
post
to
describe
to
the
community
the
problem
that
that
is
that
we,
that
are
what
I'm
trying
to
help
solve
and
and
the
the
direction
overall,
meaning
that
first
of
all
make
sure
that
people
are
aware
of
the
fact
that
microservices
are
vulnerable,
even
if
they
did
everything
right,
even
if
they
carried
on
all
the
requirements,
as
sets
for
development
and
deployment
still
their
micro
services
are
vulnerable
and
they
should
consider
them
as
vulnerable
and
therefore
they
need
to
monitor
them
and
be
able
to
control
them.
J
They
could
just.
They
can't
just
assume
that,
because
they
they
don't
have
cves,
then
they
are
safe,
for
example,
so
that
awareness
doesn't
exist
in
my
understanding
with
many
devops
and
and
that
blog
post
is
the
first
step
in
increasing
that
awareness,
the
question
I
have
and
I
have
it
for,
for
everyone.
Here
is
what
should
be
the
next
step.
J
I
would
just
say
that
my
end
goal
is
twofold.
One
awareness,
awareness
awareness
make
sure
that
that
people
get
really
comfortable
with
the
fact
that,
yes,
we
have
microservices,
we
do
everything
that
we
can
to
make
them
secure,
but
they
are
not
so
anyways.
Therefore,
we
need
to
monitor
them.
We
could
kind
of
just
have
them
running
out
for
for
a
month
on
end
and
assume
that
no,
not
nothing
bad
will
happen
so
that
that's
the
first
thing.
J
The
second
thing
is
that
we
that
there
is
that
open
source
work
that
that
I've
started
in
in
k-native
open
source
for
for
monitoring
and
controlling
microservices.
J
J
There
is
a
version,
one
which
is
now
already
useful,
but
there
is
tremendous
amount
of
things
that
can
be
done
to
actively
Monitor
microservices
and
make
sure
that
when
the
microservice
misbehaves,
we
can
identify
that
when
a
request
comes
in,
which
is
looks
suspicious,
we
can
identify
that
and
report
about
that
and
so
on.
So
there
is
much
to
be
done
there
and
and
I
want
to
open
that
for
everyone
here.
J
If
people
have
ideas,
what
to
do
next,
I
I
can
think
about
maybe
putting
something
in
the
documentation
on
top
of
the
blog
post,
maybe
start,
maybe
starting
to
think
about
from
a
design
point
of
view.
What
what
is
how
to
integrate
it
better
for
with
kubernetes
and
and
make
it
easier
for
people
to
consume,
and
there
are
multiple.
J
But
I
think
many
of
them
require
some
people
in
the
community
chipping
in
and
identifying
that
that
this
is.
This
is
important
enough
for
them
to
to.
J
C
J
And
definitely,
if
people
who
were
here
and
didn't
read
it
I
encourage
you
strongly
to
have
a
look
at
this
blog
post.
K
Hey
David
great
great
post
I
was
reading
earlier
this
week
and
yeah
I
think
maybe
like
a
follow-up
that
might
be
interesting
to
see
and
I.
Don't
know
if
this
is
something
you'd
be
interested
in
doing
or
would
look
for
help
on
would
be.
K
You
know
going
from
this
kind
of
conceptual
model
in
the
blog
of
like
Behavior,
Analysis
and
microservice
versus
a
monolith
and
then
taking
a
guard
in
like
the
Standalone
mode
for
kubernetes
and
not
a
k
native
phase
cluster
and
taking
like
a
known,
vulnerable
microservice
like
something
from
Olas
for
like
one
of
the
you
know
vulnerable
things
and
then
showing
like
practically
how
guard
can
be
used
to
prevent,
prevent
that
I.
K
Think
for
like
for
me,
like
I'd,
be
really
curious
to
see
like
Garden
practice
and
a
standalone
cluster
I
know
that's
kind
of
like
the
newer
mode
for
it,
but
I
just
thought
that
would
be
kind
of
cool.
A
A
I
can
do
that
too,
that
that
is
a
thing
that
that
is
a
thing
that
people
love
and
with
with
this
particular
issue,
I
think
there
is
a
a
kind
of
an
awkwardness
to
it,
because
a
lot
of
the
discussion
that
I
have
been
aware
of
about
this
sort
of
problem
has
been
really
vendor
focused,
because
this
is
a
place
where
there
are
a
lot
of
vendors
working.
You
know,
there's
there's
a
lot
of
different
companies
that
you
can
buy
a
open
source
or
partially
open
source
or
totally
proprietary
product.
A
As
a
larger
as
a
larger
issue,
it's
it's
a
more
interesting
thing
than
just
trying
to
convince
someone
to
buy
some
particular
product.
You
know
in
general,
you
want
to
know
what
you
want
to
know
what
machines
are
doing
and
there
is
a
good
opportunity
with
kubernetes
to
tie
the
deployment
and
life
cycle
management
things
that
you're
using
kubernetes
for
in
with
that
and
get
something
out
of
it
like
separate
from
making
a
sales
pitch
for
some
particular
product
or
whatever,
and
so
that's
that
is
I.
A
A
J
C
J
To
comment
that
that
two
things
one
is
that
I
think
there
is
not
I
didn't
find
truly
open
source
tool
that
people
can
use,
which
is
I
mean
there
are
stuff
that
that
companies
offer
that's
true,
like
an
open
source
tool
which
is
being
developed
by
the
community
and
grow
with
the
different
problem
that,
as
a
problem
grows,
I
didn't
find
that
there
are
tools
who
monitor,
for
example,
Falco
and
and
this
as
sisdig
and
so
on.
A
Oh,
like
from
like
from
a
looking
at
whatever
the
API
that
a
particular
service
is
offerings
traffic
kind
of
standpoint.
Yes,.
C
J
J
You
want
to
monitor
the
first
one,
the
clients,
because
you
want
to
block
some
of
some
of
the
requests
or
you
want
to
at
least
alert
about
requests
which
are
suspicious,
and
you
want
to
monitor
the
the
micro
service,
because
you
want
to
see
when
the
microservice
itself
has
reached
that
point
where
it
is
probably
already
taken,
so
that
that,
if,
if
you
are
able
to
make
the
the
encapsulate
those
two
areas,
then
you're
you're
able
to
do
quite
a
lot,
especially
from
those.
J
If
you
have
vulnerability
and
you
you
can
show
very
easily
how
how
such
a
vulnerability,
for
example,
I'll.
Just
give
you
a
very
simple
example.
If,
if,
in
order
to
use
that
vulnerability,
you
need
to
use
some
special
characters
such
as
you
know
semicolon,
and
the
semicolon
doesn't
normally
appear
on
that
string.
That
is
being
sent
as
part
of
the
query
string
or
as
part
of
the
body
or
whatever.
J
J
J
Get
the
community
to
take
that.
A
A
A
A
I
Try
that
again,
do
you
hear
me
now?
Yes,
yeah
yeah,
I'm
saying
this
is
now
the
cdss
support
group,
so
you
know
I'm,
sorry
for
all
your
injuries,
yeah,
you
know
put
together
a
document.
The
link
is
in
the
notes
there
over
in
Google
space
as
I'm
sure
everyone
has.
We
just
like.
We
end
up
CVS
scoring
a
lot
of
documents
and
it
or
vulnerabilities,
and
it
doesn't
really
matter
if
you're
super
experienced
or
you're
brand
new.
I
It's
it's
a
painful
process,
but
especially
for
the
folks
that
we're
onboarding
in
our
security
teams.
It's
it's
a
nightmare
to
try
to
wrap
your
head
around
how
we
think
about
scoring
these
things
and
even
getting
to
the
heuristics
I
think
of
like
where
we
should
land.
I
So
this
document
captures
a
lot
of
the
thoughts
that
have
been
brewing
me
over
the
last
nine
months
or
so
of
doing
into
the
response,
vulnerabilities
and
CVSs
scoring
over
in
GK
security,
yeah
and
I'm
really
interested
in
everyone's
thoughts.
So
it
kind
of
like
goes
through
a
problem
statement,
calls
out
some
of
the
I
think
thornier
areas
that
I've
run
into
there's
I.
I
Think
one
specific
proposal
which
is
settling
on
kind
of
what
is
it
that
we're
actually
scoring,
and
you
know
so
that
that's
one
of
the
more
solid
things
that
I
was
trying
to
call
out
directly
and
then
there's
a
couple
of
like
straw
man
proposals
at
the
end
to
get
the
discussion
going
around
like
what
are
the
ways
that
we
could
approach
tailoring
CVSs
scoring,
whether
that's
at
a
conceptual
framework
level
or
really
just
breaking
it
down
into
the
nitty-gritty
of
saying,
okay,
we
are
going
to
score
kubernetes
native
Concepts
and
then
map
those
back
to
like
CVSs
levels
and
vectors,
and
so
those
proposals
at
the
end
there's
work
examples.
I
Eventually,
it's
just
like
I
need
to
get
this
out,
so
the
first
one
is
a
little
more
fleshed
out
in
the
second,
but
really
just
looking
for
everyone
to.
If
you
have
a
moment,
take
a
read:
I'd,
really
appreciate
it
and
comment
voluminously
yeah.
This
is
my
first
talk
for
the
community,
so
not
sure
what
the
correct
permission
is.
Should
I
give
people
editor
access
I
just
like
gave
anyone
with
the
link
commenter
but
yeah
I'm
happy
to
change
that.
I
Yeah
and
yeah,
so
my
thought
was
I
want
to
introduce
at
this
meeting,
give
everyone
a
chance
to
read
through
comment
and
in
follow-up
meetings.
If
we
want
a
broader
discussion
on
thoughts,
details
nitpicky
points,
we
can
either
do
that.
That's
like
security
or
if
this
spins
out
into
a
broader
discussion
that
could
be
a
working
group.
A
I'm
I'm
gonna
say
every
every
bit
of
that
seems
to
reflect
how
how
kubernetes
security
gets
things
done
so
like
Bravo.
Thank
you
for
thank
you
for
bringing
this
I
look
forward
to
reading
it.
I
assume
that
I
assume
that
others
do
as
well
and
yeah
I,
think
it'll
I
think
it'll
generate
some
interesting
discussions
in
the
coming
weeks.
A
A
N
Sorry
sorry,
yeah
yeah
finally,
finally
had
some
news
from
so
I
I
put
some
stuff
in
the
Stick
of
the
meeting
nuts,
but
I
I
was
not
able
to
attend
like
I,
don't
know
why,
but
every
time
they
have
a
meeting,
I'm
I'm
not
available,
but
they
finally
discussed
this
without
me.
N
So
I
think
I
had
some
notes
from
from
see
God
people
and
basically
they
capture
like
a
few
action
items
and
they
they
thought
that
maybe
a
cap
is
not
that
useful
and
not
at
least
required
to
to
do
the
changes.
So
I
might
just
like
do
the
PRS
and
and
merge
these
things.
N
So
that's
cool
and
I
think
that's
less
work
and
I'm
pretty
happy
with
that
like
that
review
also,
so
it
seems
that
they
are
okay,
I
think
there
are
some
people
from
single
out
here,
but
I
don't
know
if
they
are
like
listening
actively
but
but
yeah.
That's
the
only
update,
I
think
I
will
create
these
PRS
like
soon
and
and
hopefully
match
them.
So
that's
it's
removed.
E
I
think
legit
mentioned
in
in
the
issue
about
that
they
are
looking
to
use
a
retroactive
cap
just
from
a
release
team
perspective.
Even
if
you're
not
changing
the
cap,
you
still
have
to
like
object,
Milestone
and
stuff
and
then
like
for
any
form
of
like
deprecation
or
removal.
We
like
strongly
recommend
that
you
wear
blogs
and
communicate
about
that
as
well,
so
if
you're
not
sure
feel
free
to
check
in
with
the
comms
team
for
1.27.
E
N
Yeah
yeah
I
think
it
said
that
we
they
typically
used
these
caps,
but
that
maybe
it's
not
needed
for
for
for
this
one.
That's
how
I
understood
the
the
thing,
but
maybe
not
but
I
I
think
with
like
we
don't
need
to
write
the
whole.
Maybe
you
don't
understand
like
I
did
and
I
understood
it
wrong.
But
what
do
you
think.
R
Yeah
I
was
in
the
cigarth
meeting.
Can
you
provide
a
little
more
context?
This
feature,
this
feature
predates
chips,
so
there's
no
there's
no
cap
written
for
it.
R
There's
no
design
doc,
I,
don't
even
know
what
we
have
in
the
way
of
regular
documentation
and
so
I
think
the
decision
was
like
for
for
removing
this,
it
didn't
seem
worth
writing
a
retroactive
cap
just
to
say
this
is
what
we're
deleting
if
this,
if
the
decision
or
if
the,
if
the
task
was
instead
to
promote
this
to
GA,
that's
where
the
retroactive
cap
would
come
in.
E
A
Oh,
like,
like
a
almost
metadata
only
cap.
A
A
That
would
be
a
nice
place
to
include
links
to
historical
information
that
folks
have
uncovered
during
the
research
that
has
led
up
to
this,
like,
like
pretend
you
were
going
to
write
a
retroactive
cap,
assemble
your
notes
and
then
don't
actually
write.
The
retroactive
cap,
just
like
put
the
notes,
put
the
notes
together
in
some
kind
of
raw
form
and
give
it
a
kept
number.
Is
that
sort
of
where
the
discussion
is
heading.
N
Yeah
yeah
I
think
it's
fine,
like
I,
was
going
to
use
the
the
original
issue
that
I
Linked
In.
The
notes
to
like
do
the
umbrella
thing,
but
it's
the
same.
If
we
do
that
in
you
know,
camping,
and
there
is
like
a
number
if
it's
better
for
the
whole
Community,
it's
definitely
better.
So
why
not?
If
I
don't
have
to
write
the
the
cap
in
the
end?
It's
it's
a
win-win.
So.
C
F
A
B
I
might
be
imagining
things,
but
I
had
thought
that
there
was
a
thing
about
confidential
kubernetes
on
this
agenda,
and
now
it's
gone
did
I.
Imagine
that
molini
did
you
have
anything
you
wanted
to
say
or
whoever
wrote
that
if
I'm
imagining
things
that's
on
me,
I
just
want
to
make
sure
that
if.
A
A
E
F
A
F
B
F
E
F
C
F
I
N
Is
it
going
to
be
a
big
thing
like
do
you
know
like.
F
It's
called
sharing
security
Secrets
how
to
promote
a
security
Advocate
culture
at
your
company
and
yeah.
That's
going
to
it's
going
to
be
pretty
good
talking
about
lots
of
the
education
stuff
that
I've
done
at
Shopify
for
trying
to
get
people
not
in
the
trust
org
to
think
about
security
at
all
and
ever
and
know
what
we
do.
F
B
Very
excited,
that's
awesome,
so
I
had
a
talk.
My
first
big
conference
talk
was
also
the
last
talk
on
the
last
day
and
I
was
super
bummed
about
it
and
then
a
friend
who
was
Bridget
crompout,
who
some
of
you
might
have
encountered
at
some
point
somewhere?
Who
is
a
long
time
conference
organizer,
who
is
local
to
me,
was
like?
No?
No,
you
don't
understand.
A
Workshop
I
was
like
oh
no,
everybody's
gonna
be
brain
fried
and
not
want
to
hack
their
own
clusters
at
you
know:
3
P.M,
on
a
Friday,
but
we
filled
every
seat
and
had
people
standing
around
with
laptops
in
the
hallways
and,
like
all
of
the
kubernetes
security
Community
showed
out
like
totally
unprompted,
to
help
the
participants
and,
like
a
great
time,
was
had
by
all
so
like
plus
one
to
everything
that
they
just
said.
The
last
slot
on
the
last
day
is,
is
a
chance
like
for
you
to
make
people
feel
glad
they
stuck
around.
A
A
What
I'm
hearing
here
yeah
anybody
anybody
wants
stickers
from
that
kubecon
talk:
yeah
DM
me
on
kubernetes,
slack,
I'll
mail.
You
some
stickers
was
called.
Oh,
my
gosh
I,
don't
remember
what
it
was
called.
But
if
you
go
to
securecubernetes.com,
that's
where
the
write-up
is
and
the
there's
a
link
to
the
recording
and
you
can
self-host
it
yourself
still
on
a
Google
Cloud
account
and
I
haven't
tested
it
in
a
while.
But
I
have
not
heard
in
a
while
that
it's
broken.
B
It
would
be
worth
testing
Rory
can
Fouch
for
the
time
that
I
tried
to
do
a
demo
at
kubecon
with,
like
some,
you
know,
vulnerable
cluster
that
had
updated
core
DNS
like
seven
layers
down
and
then
the
entire
thing
had
a
cascading
failure
like
if
you
know
we
had
talked
at
the
time
and
I,
don't
think
anybody
got
around
to
doing
it
about
like
have
it
like
hosting,
like
full
fat
binaries
of
like
all
of
the
dependencies
with
vulnerabilities
in
them,
so
that,
like
vulnerable
demos,
don't
depreciate
in
quite
the
same
way
that
they
do
I,
don't
know
that
anybody
got
around
to
doing
it,
but
it
would
still
be
a
fabulous
thing
to
do
if
anyone
has
the
energy
for
it.
D
I've
done
a
little
bit
of
it
with
kind
so
I've
like
maintained
old,
kubernetes
versions,
but
you're
getting
the
point
now
where
you
need
kind
of
like
old
kind
versions
to
run
an
old
kubernetes
versions.
So
it's
getting
trickier
and
trickier.
It
is
a
it's
yeah,
it's
worth
doing,
because
the
old
demo
was
breaking
it's
a
real
shame.