►
From YouTube: Kubernetes SIG Security Docs 20210304
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Today
is
march
4th
seek
security
documentation
to
project
meeting.
Welcome
everyone,
a
few
housekeeping
things.
This
meeting
abides
by
communities,
code
of
contact,
which
means
be
nice
and
kind
to
each
other,
and
this
meeting
will
be
recorded
and
available
on
youtube
right.
I
have
pasted
the
original
link
in
the
chat.
Please
feel
free
to
add
yourself
as
a
attendee
and
do
we
have
anyone
new
here
anton.
C
A
Sorry,
I'm
late,
thank
you
so
so
I
was
just
telling
rory
that
oh
it's
going
to
be
a
very
short
meeting.
I
just
have
a
couple
of
things:
if
you
have
something
added
to
the
agenda
and
we
can
discuss.
The
first
thing
is
that
I
talked
about
the
psp,
follow
a
blog
in
a
sec
security
meeting
and
they
said
that
it's
good.
A
They
encouraged
the
idea
and
everything,
but
they
are
a
little
skeptical
about
posting,
a
follow-up
on
offering
alternatives
and
stuff
before
we
have
something,
even
though
it's
our
own
bloggers
perspective,
but
it
could
just
still
be
potentially
like
cause
more
like
panic,
so
they
want
us,
they
are
supportive,
but
they
just
want
to
make
sure
that
it
just
aligns
with
everything.
So
that's
something
that
we
need
to
keep
an
eye
on.
A
We
could
include
them
and
the
reviews
and
stuff
and
ask
for
their
feedback
early
on.
It's
not
like
they're
against
it.
They
just
want
to
be
a
little
watchful.
So
that
was
one
of
the
follow-up,
and
another
thing
was
that
I
don't
know
if
you
all
noticed.
Tabby
had
posted
mentioned
something
in
the
last
security
meeting,
which
I
wasn't
there
about
the
security
goose
pop-up
kind
of
thing.
A
B
Yeah
we
were
talking
about
some
of
the
like
foot
guns,
so
things
that
could
be
they're
like
expected
behavior,
but
they
could
cause
you
problems
and
the
idea
was
to
say
we
should
like
have
some
way
of
flagging
up
and
going.
This
is
dangerous,
you
you
should
there
and
I,
like
I,
didn't
see-
I
hadn't
seen
it
before,
but
it's
really
cool.
B
A
The
warnings
are
like
so
our
brains
are
have
become
wired
to
ignore
them
because
we
see
the
same
icons
over
and
over
again
and
after
an
year
or
so
it's
the
same
like
it's
a
warning:
okay,
I'll
just
do
it
anyways,
but
this
is
calling
it
out
and
it's
a
new
thing
and
it's
the
logo
so
cute
and
I'm
just
hoping
that
people
stop
and
read
what
is.
B
A
Because
it's
something
new,
I
really
like
it.
C
I
have
one-
I
guess
so
sigdocs
had
their
quarterly
meeting
last
week
and
I
know
like
there's
efforts
to
make
a
hardening
guide
and
I
don't
know
if
we
should,
since
there's
some
overlap,
of
course,
but
sig
docs
and
six
security
docs
that
I
don't
know
if
you
want
to
to
add
that,
probably
in
the
next
quarterly
meeting
of
of
like
aligning
goals,
let's
say
like
the
harding
guide
to
like
publishing
a
harding
guide
by
the
end
of
2021
or
something
like
that.
A
C
So
that's
the
only
suggestion
I
have
just
to
you
know
just
do
there's
some
overlap,
there's
obviously
overlapping,
just
to
kind
of
make
have
them
aware
that
hey
there's,
you
know
someone's
working
on
a
harding
guide
or
something
like
that,
and
you
would
like
to
publish
it
by
this
month
or
something
like
that.
This
quarter
or
the
next
quarter.
B
Yeah,
that's
cool!
That's
actually
strange
enough.
The
thing
I
was
going
to
talk
about
was
the
hardening
guide
and
I
think,
we've
kind
of
had
the
brainstorming
document
there
for
a
little.
While
I
think
it's
probably
long
enough
now
that
we
can
say
you
know
people
wanted
to
to
like
put
things
in
on
that.
We've
had
some
great
feedback,
and
just
now
is
the
question
of
next
steps.
I
think
tim
mentions
like
a
documentation
cap.
Does
that
like
come
before?
C
B
C
Think
we
need
a
cap
for
the
for
this
one.
Maybe
justin
might
be
an
issue
just
tied
with
it
and
just
let's
say
like
a
hiding
guide
issue
or
we
need
a
hardening
guide.
I
think
there
might
be
one
already
and
just
tie
it
into
that
or
tying
that
pull
request
to
that
issue.
B
And
I
guess
in
terms
of
like
writing,
I
was
thinking
I
don't
know
if
it's
like
google
docs
or
whether
the
best
things
to
do
is
markdown
so
that
it
will
go
in
well.
This
is
the
I'm
kind
of
new
to
the
whole
concept
of
writing
docs
for
the
kubernetes
project.
So
I
don't
know
the
process.
I've
got
some
ideas
for
the
hardening
guide,
but
how
exactly
where?
To
put
it,
I'm
less
clear.
C
C
Past
so
so
when
it
goes
towards
at
the
end,
they
ask
me
it
is
a
markdown
file
and
that
is
yard.
B
Okay,
so
I
guess
in
terms
of
like
next
steps,
would
it
make
sense
to
like,
because
we've
got
kind
of
an
area,
a
list
of
areas
and
some
scope
and
stuff
to
maybe
start
like
a
proper
like
this
is
the
actual
hardening
guide
document
and
then
just
start
filling
in
bits.
Because
I
mean
I
can
definitely
film
or
like
put
starters
for
some
of
the
stuff,
and
then
we
can
get
people
to
say,
hey.
Let's
all
try
and
get
this
to
a
place
where
it's
useful.
A
So
I
mean
I,
I
just
have
one
question
for
you
rory.
So
what
is
your
vision
for
this?
Like
so?
Should
it
be
like
a
white
paper?
It's
not
technically
a
paper
paper,
but.
B
I
I
guess
for
in
my
head:
it's
like,
I
see
the
question
that
comes
a
lot
from
cluster
operators
of
like
how
do
I
harden
my
cluster
right,
so
they
have
this
thing
on
their
head.
They've
started
using
kubernetes
and
it's
like
what
do
I
have
to
do
what
to
do
to
make
my
cluster
secure
and
it's
trying
to
answer
that
question
because
to
me
it's
like
sometimes
I'll
point
them
towards
the
cs
guide,
but
the
cis
benchmarks,
they're
they're,
an
auditor's
guide,
they're,
not
a
hardening
guide
and
that's
what
worries
me
is.
B
If
I
know
I
point
someone
to
like
a
200
page
cis
benchmark.
That's
not
that's!
That's
a
really
high
barrier
to
entry
and
I
like
my
head,
it
was
like
having
something
that
was
like
a
lower
barrier
to
entry
and
you
could
say,
hey
cluster
operator
here
is
like
start
here.
You
know.
Here's
things
you
can
do
practically
here
is,
like
you
know,
here's
things
to
watch
out
for
in
our
back
so
like
here
is
you
know
this
will
cause
you
problems,
look
out
for
this.
B
Here's
things
to
watch
for
like
something
asking
for
cluster
admin.
So
you
know,
try
and
avoid
that,
and
it's
that
in
my
head
it
was
that
kind
of
thing.
It
was
like
something
for
for
end
user
companies
deploying
kubernetes.
That
was
that
was
kind
of.
B
Like
my
idea,
I
mean,
I
think,
there's
lots
of
other
documents
we
could
write,
but
that
was
just
the
one
that
I
kind
of
thought
may
be
kind
of
useful
and
it
builds
off
because
tim
mentioned
that
those
existing
ones
like
the
security,
like
I'm
securing
a
cluster,
which
is
a
good
starting
point,
but
I
think
it
could
be.
There
could
be
more
there
right.
We
could
expand
that
almost.
A
So
I
would
say
that
then
we
can,
I,
I
think,
the
list
that
you've
got
going.
A
The
brainstorming
is
a
good
starting
point
and
we
could
just
put
them
in
any
any
medium
is
fine
or
whatever
that
you
feel
comfortable
with,
and
finally,
we'll
just
put
that
put
that
in
your
markdown
you're
gonna
collaborate,
a
doc,
google,
doc
or
hackmd
is
fine
release
theme
we
used
hack,
the
hack
md
last
season
for
our
updates
and
and
it
lets
so
many
people
collaborate
and
we
liked
it,
and
it's
all
marked
down
it's
nice,
but
people
have
both
kinds
of
opinions
about
it.
A
The
large
amount
of
text
wasn't
fitting
right
or
something
of
the
sort.
It
was
like
there
wasn't
enough
space,
something
like
that.
Some
of
them
liked
it
for
the
markdown
and
another
thing
everyone
would
use
or
know
is
like
google
doc
anyways,
it's
like
low
barrier
learning.
They
don't
have
to
learn
how
to
use
it.
Basically,
they
just
can
add
their
comments
and
stuff
yeah.
A
If
you
want,
you
can
just
build
it
up,
build
it
on
top
of
what
you
have
right
now
and
if
you
want
to
delegate
or
if
you
want
to
call
for
volunteers
right,
these
are
the
sections
that,
if
it's
a
lot,
you
can
call
off
what
a
dearest
like
and
everyone
could
take
a
space
and
then
work
on
it.
And
then
we
will
sing
back
and
revise
it.
It's
not
just
one
person,
then
we
could
just
put
it
as
a
guide.
The
securing.
A
I
don't
know
where
it
would
go
if
it
go
in
tutorial
blog
or
in
the
securing
the
cluster
section.
I
we
can
just
always
go
back
and
ask
see
docs
where
what
is
the
right
place
to
put
this
hardening
guide,
but
I
think
we
can
just
start
working
on
it.
B
Yeah
that
seems
like
I
can
have
a
good,
a
good
starting
point,
and
that's
I
I
I
I
said
it's
got
a
hobbies.
Essentially
I
suppose
in
my
head,
it
probably
is
like
an
expanded
version
of
like
the
securing
a
cluster
guide.
It
kind
of
feels
a
bit
like
that,
but
we
can,
as
we
can
see
where
it
goes.
That's
just
like
I
mean
I'm
guessing
it's
probably
gonna.
It's
gonna
develop
as
we
write
stuff.
You
know
people
will
think.
Oh
hang
on.
B
Maybe
the
thing
I
think
we
do
want
to
watch
because
we've
already
had
some
like
people
have
ideas
about
other
areas.
I
think,
having
like
a
target
audience
say
this
is
the
audience
for
this
document
will
hopefully
stop
it
because
there's
loads
of
other
occupants
we
could
write,
but
you
know
because
I
know
that
craig
peters
was
keen
on
one
about
helping
people
who
are
contributing
new
features
to
know
things
to
watch
out
for,
but
that
that
to
me
is
a
different
document.
B
A
Yeah
I
like
having
the
target
audience
that
that
narrows
down
scope,
and
that
also
gives
the
users
like
what
is
going
to
be
covered
and
stuff,
and
that
would
help
us
write
more
useful.
So
if
someone
like
cluster
administrator
sees
it
and
a
cluster
developer
wants
to
know
how
to
do
more
security,
they
can
always
raise
an
issue
or
ask
for
help,
or
that
could
be
the
next
thing
that
we
can
expand
as
another
document.
A
B
Yeah,
okay
cool,
so
so
maybe
what
we'll
do
is
then
I'll
start
up
a
new
document
and
just
we'll
put
like
the
goal
and
the
audience
at
the
top
and
then
we'll
just
say:
here's
the
areas
and
then
we'll
start
breaking
it
up,
because
we
can
just
like
copy
paste
and
just
like
expand
it
and
then
yeah.
I
think
we
put
like
something
in
the
slack
just
to
say:
hey.
This
is
gonna,
be
something
we're
starting
off.
I'm
not
sure
how
long
it's
gonna
take
it
in
my
head.
I
don't
know
it.
B
A
Yeah,
so
I
think
we
could
target
we
could
target
like
next
quarter.
I
don't
know
if
this
is
panda
making.
So
many
things
comes
in
everyone's
life,
I'm
not
asking
for
a
hard
deadline,
I'm
not
even
telling
a
soft
deadline,
but
it's
just
like
it's
nice
that,
okay,
if
we
know
like
we
have
to
do,
then
we
would
do
otherwise
we'll
just
keep
putting
it
off.
B
B
Well,
I'm
changing
jobs
on
monday,
so
in
my
new
job,
I'm
kind
of
hoping
I
might
actually
get
time
dedicated
as
part
of
my
like
daytop,
instead
of
like
being
an
evening
thing
so
yeah.
If
that
happens,
I'll
be
able
to
do
more.
If
that
doesn't
happen,
then
you
know,
but
I'll
find
that
out
next
week.
A
Congratulations,
and
that
is
wonderful.
I
hope
you,
your
onboarding
goes
easy
and,
and
you
it
I,
I
hope
it's
fun
for
you.
So
hopefully.
A
So
that
is
good,
there
is
no
deadline.
I
mean
I
thank
you
ray
for
bringing
that
about
these
six
sick
dogs.
I
couldn't
attend
the
quarterly
planning,
it's
very
late
for
me,
so
I
never
make
it
to
that,
and
I
always
think
that
I
want
to
go
and
I
just
skip
so
I
would
think
and
I'll
add
that
we
are
working
on
it
so
that
they
don't
have
to
duplicate
the
efforts
and
rory.
A
Let
us
know
if
anyone
can
jump
in
and
help
some
sections.
If
you
think
that
this
can
be
like
done
by
volunteers
and
add
points
to
it,
so
you
can
always
find
and
get
some
help.
Yeah.
B
Yeah,
I
can
maybe
even
if
you
like,
because
we
could
explode
out
these
target
areas
and
then
just
like
have
some
headlines
so
say
you
know
this
is
kind
of
the
area
to
cover
and
then
you
know,
then
people
can
say
well.
I
can
do
this
area
and
expand
an
area,
so
I
think
that
might
be
a
that
seems
like
a
way
that
might
work.
I
guess
we'll
find
out
as
we
go.
A
Definitely-
and
we
can
also
have
things
like
if
we
have
already
identified
the
areas
or
as
and
when
we
identify,
we
can
add
it
to
the
issue
as
like
a
check
box
or
task
thingy
in
the
issue
and
then
assign
people
there,
so
that
they
can.
A
They
know
they
are
responsible
for
something,
and
if
they
don't
have
time,
they
can
always
give
it
to
someone
or
just
let
us
know
that
hey
something
came
my
way,
and
I
cannot
do
it
or
like
I
need
time
whatever,
but
this
is
just
one
way
to
keep
track
of
it.
That's
how
I
think,
and
it's
easy
to
refer
back,
we
don't
have
to
put
that
all
in
the
issue
right
away.
Once
we
have
identified.
That's
just
an
idea.
We
can
just
that.
A
Like
that,
I
I
I
I'm
excited
see
where
this
is
going.
Yeah.
A
Probably
this
the
first
a
document
that
would
come
out
that
would
get
merged
or
like
that,
the
first
contribution
actual
contribution
I
mean
still,
we
are
all
contributing,
but
it's
like
something:
that's
there
existing
outside.
So.
A
All
right,
then,
I
give
you
all
12
minutes
of
your
time
back,
see
you
all
soon
until
then
take
care
and
stay
safe.