►
From YouTube: Kubernetes SIG Security Docs 20210805
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi,
everyone
today
is
august
5th
security,
documentation,
project
meeting,
welcome
we
abide
by
kubernetes
code
of
conduct,
which
means
please
be
nice
to
each
other,
and
this
meeting
will
be
recorded
and
available
on
the
youtube.
So
please
be
mindful
of
what
you
say
now
that
we
we
have
those
things
in
order.
I
am
going
to
go
jump
in
the
agenda.
Let
me
share
my
screen
so
that
it's
easy
okay
so
follow
along,
like
let
me
know
like
once.
You
all
see
my
screen.
C
A
Welcome
brian,
my
name
is
avita
and
I
am
leading
this
project,
and
would
you
like
this
week
for
it.
B
Say
hello
hi,
I
won't
so
yeah
before
what
we
can
do
today.
I
did
have
a
link
to
something
I
was
going
to
put
into
the
notes.
I'm
just
trying
to
find
it.
A
A
All
right
sounds
good,
so
the
first
topic
today
is:
we
are
going
to
talk
about
the
hardening
guide.
There
was
one
published
by
nsa
cisa,
so
there
were
suggestions
that
we
would
make
a
blog
post
and
highlight
the
things
that's
going
to
change
and
call
it
out.
It's
like
it
could
be
a
reader's
digest
or
like
something
of
those
thoughts
out
there,
and
I
also
have
a
conversation
like
there
have
been
amazing
suggestions
from
tim,
pj
and
rory.
A
I
have
linked
it
in
the
agenda,
so
you
can
all
take
a
look
at
it
whenever
you
have
some
time
and
if
you
have
any
comments,
please
feel
free
to
add
it
there.
I
also
want
as
a
follow-up,
I
also
wanted
to
discuss
like
what
are
we
going
to
do
with
our
hardening
guide?
I
know
it's
not
out,
but
we
still
need
to
get
it
out
like
how
it's
going
to
differ
from
this
one
right.
B
Yeah
yeah,
I
think
I
suppose
the
nsa
one
I
have
I
haven't,
read
it
all
in
detail.
Yet
it's
about
50
pages.
I
have
had
a
look
through
it.
What
I
thought
was
it's
generally
quite
good,
but
there's
kind
of
weird
bits
where,
like
they're
out
of
date,
you
know
like
it
mentions
things
that
are
gone
like
the
insecure
report,
but
then
it
misses
things
that
are
like
the
similar
age.
B
So
I
I
I
can't.
I
can't
think
I
don't
see
any
way
for
the
nsa
one
of
feeding
back
to
them
to
say
hey.
This
is
cool,
but
you
need
to
update
these
things
and
I
think
that's
probably
where
our
or
where
a
guide
on
the
kubernetes
side
would
be
better,
because
we
can
obviously
change
it
per
release.
We
don't
have
to
wait
until
the
nsa,
whatever
publishing
process
they
have,
you
know,
do
a
new
version.
A
I
kind
of
agree
with
you,
so
I
was
also
thinking
the
same
that
we
can
put
emphasize
on
the
things
that
we
can
also.
So
I
thought
that
the
nsa
guide,
I
just
gave
a
quick
read.
I
I
didn't
go
deep
down
into
what
in
the
rabbit
hole,
but
they
have
sections
right.
We
could
just
take
our
inspiration
from
the
sections
and
they
have
and
we
can
put
our
own
whatever,
that
they
have
addressed
if
they
have
we'll
take
the
good
points
we'll
give
enough
credits
to
them.
A
Definitely,
and
we
will
also
add
our
own
stock
so
that
we
can
keep
them
updating
and-
and
we
will
we
everybody
release
like
you
said
we
will
anyways
work
on
it,
make
sure
that
it's
up
to
date
and
all
those
things
that's
what
I
was
thinking
on
like
yeah,
not
take
sentence
to
sentence
or
like
not
take
everything
from
there,
but
take
it
as
an
inspiration.
You
know
like
yeah,
it
might
have
good
points.
A
B
B
A
Yeah,
I
I
really
like
the
approach,
the
first
one
that
you
have
it's
like
it's
it's
very.
The
scope
is
too
wide,
and
I
also
think
that
it's
just
I
mean
I
will
be
able
to
help
now
that
I
don't
have
anything
on
my
plate,
but
then
it's
a
lot
for
one
person
and
we
are
not
even
able
to
divide
it
and
give
it
to
others
easily.
A
So
we
can
each
that's
what
I'm
thinking
like
I'm
gonna
do
that.
I
have
been
saying
that
I'm
gonna
go
this
weekend
and
I'm
gonna
divide
it.
I
will
put
the
chapters
or
whatever
sections
in
the
comment
and
then
we
can
go
from
there
like
it
can
then
easily
be
given
to
a
contributor,
whoever
wants
to
pick
it
up
and
add
their
own
stories
to
it.
B
I
think
that's
a
good
idea,
that's
a
good
approach.
We
split
it
up
and
then
have
like
some
sections
that
aren't
too
huge,
and
then
people
can
just
pick
a
section
and
then
you
know
once
we've
got
them
all
together.
We
can
kind
of
look
back
through
and
say
do
these
like?
Are
these
all
consistent,
but
I
think
the
main
thing
is
to
get
started
and
pick
some
small
pieces
to
get
going
on
and
for
people
to
feel
that
they
can
just
do
that,
one
section
without
getting
overwhelmed
with.
Oh,
my
god.
This
is
huge.
A
I
I
think
that
I'll
check
it
out
as
an
action
at
the
moment,
and
I
will
go
or
I'll
do
this
in
this
week
and
I'll
give
the
nsa
document
another
lead,
probably
a
couple
more
leads,
and
then
I
will
add
sections
and
then
we
can
go
from
there
and
then
I
else
I'll,
probably
think
once
I
have
it,
I
will
post
on
the
slack
channel
so
that
we
don't
have
to
wait
for
next
meeting,
which
is
next
month.
A
Then
we
can
call
for
our
contributors
and
go
from
there.
Yeah.
B
There
was
one
other
one,
which
is
just
the
the
admission
controller
thing.
B
I
just
wanted
to
kind
of
call
out
and
I'll
put
the
link
in
the
chat
for
this
meeting
and
that's
just
like
a
brainstorming
document
on
the
kind
of
admission
control
or
threat
model,
and
I
I
was
at
the
moment
I've
kind
of
like
got
some
basic
stuff
there
and,
and
the
kind
of
idea
I
had
was
to
kind
of
give
people
a
bit
of
time
to
to
actually
like
you
know,
see
how
that
looks,
and
then
we
can.
B
So
yeah,
so
just
like
that's
just
one
for
awareness
power,
people
won't
have
a
look
at
that.
That's
cool
any
suggestions.
The
document
is
open
for
editing,
so
it
can
be
edited
and
then,
by
next
meeting
we
can
kind
of
say.
Okay,
we've
got
all
the
suggestions,
we're
going
to
get.
Let's
like
move
to
the
next
step.
A
Hi
paul,
thank
you
and
welcome
to
the
community.
Hi
paul
says
in
chat
that
he
is.
I
hope
that
you
write
pronouns
to
use.
If
not,
please,
let
me
know
that
they
are
near
the
community
and
happy
to
have
the
hardening
life
right.
I
thank
you
lori
and
the
channel
name
is.
A
All
right
all
right
so,
like
rory
said
there
is
also
a
link,
I'm
gonna
link
that
type
model
and
the
engine
item,
and
so
that
whoever
has
some
inputs.
B
Yeah,
it's
just
a
it's
just
a
it's
just
a
brainstorm
document
right
now,
just
looking
for
people
who've
like
ideas
of
stuff,
they
might
want
to
see
or
anything
else
like
that,
and
then
what
we
can
do
is
once
we've
gathered,
that
we
can
kind
of
like
come
up
with
a
structure
for
a
for
a
pr
or
a
blog
post
or
whatever
else
might
work
best.
A
Sounds
good
to
me,
so
I
am
going
to
say
like
until
the
end
of
the
month,
for
the
inputs
or
like.
Do
you
want
to
unbox
it
or.
A
Sounds
good,
so
I
will
give
a
shout
out
to
this
in
the
next
security
meeting,
or
so
I
think
it's
gonna
happen
next.
B
A
B
A
So
that
probably
next
week
I
think
we
had
ours
last
week
too
many
meetings,
so
it's
gonna
happen
or
the
week
after
that,
so
I
will
definitely
bring
it
up
so
that
there
will
be
more
contributors
and
more
people
can
see
it.
I
know
you
already
brought
it
up
in
the
last
meeting
as
well.
Yeah
yeah.
B
A
I
know
pj
and
pj
couldn't
make
it,
but
he's
going
to
come
and
check
the
notes
later,
and
he
might
also
be
interested
in
it,
so
I
will
think
about
them
as
well.
C
Hey
it's
brian
here
yeah.
I
like
the
idea.
I
actually
just
got
the
nsa
report
and
I
just
took
a
skim
through
it
before
this
call
actually,
and
I
like
the
idea
of
doing
a
commentary
on
it,
possibly
could
figure
out
a
way
of
feeding
it
back.
C
One
thing
that
is
missing
from
it,
I
guess,
is
that
it
doesn't
really
have
a
versioning
control,
meaning
which
version
of
kate's
it's
actually
aimed
at,
which
is
a
good
point.
So
I
think.
B
C
B
Yeah,
that
is
a
good
point
about
version,
because
from
my
reading
of
it
so
far,
they've
got
kind
of
an
odd
mix
somewhere
they're
mentioning
like
quite
old
controls
that
haven't
been
up.
You
know
relevant
for
a
while
and
other
places
are
mentioning
relatively
new
ones.
So
there's
a
little
bit
of
a
kind
of
unusual
mix
there
so
yeah,
that's
a
good
point.
C
Where's
the
best
place
to
do
that.
Are
you
guys
running
like
a
google
hangout
or
how
is
that
done
and
for
the
security
group
here,
email
list.
A
Yeah
more
or
less
right
now
we
are
only
using
slack,
but
if
there
are
important
things
we
can
also
send
it
out
to
the
email
list
and
we
are
currently
we
are.
We
are
a
very
new
say,
so
we
are
still
finding
our
footing
and
then
figuring
out.
What
is
right,
what
is
not
like
working
what
is
not
working,
but
that
we'll
take
any
suggestions.
A
We
have
slack
right
now.
We
also
have
a
github
up,
so
we
also
have
a
mailing
list,
so
we
can
mail
to
everyone
and
like
if
we
want
this
bombard
there.
My
ladies
mailing
list
as
well
and
what
else
we
have
and
we
do
track
issues
on
github,
so
brian,
if
you're
interested
once
I
have
I'm
gonna,
make
a.
A
We
already
have
a
holiday
guide
issue
up
on
k
website.
So
let
me
just
dig
that
for
you
and.
C
A
That
will
directly
take
you
to
security
docs,
and
there
are
also
other
other
channels
that
you
might
be
interested
in.
Let
me
just
put
that
here.
This
one
is
for
six
security.
It's
like
the.
A
Sick,
that
is
supporting
all
the
sub
projects
and
we
also
discuss
a
lot
of
security
there.
We
have
come
more
of
new
contributors,
new
people
who
want
to
share
and
learn,
and
there
is
a
main
motto
and
we
do
it
collaboratively.
A
All
right,
thank
you,
that'll
be
nice,
so
we'll
link
it
to
the
agenda
dog
so
that
you
can
get
it
from
there
whenever
you
want
it,
and
it's
also
available
for
others.
Is
there
anything
else
that
you'd
like
to
add.
A
C
A
If
you
have
any
questions
or
anything,
please
feel
free
to
reach
out
to
anyone
office
and
slack
just
post
it
in
the
channel.
Someone
on
the
other
will
be
always
there
to
help
in
any
way
or
take
a
look
at
if
you,
if
you
are
working
on
an
issue,
security
related
kubernetes
website
or,
like
any
other
any
other
place
in
the
community's
ecosystem,
and
just
put
your
pr
or
issues
there
and
someone
on
the
other
will
always
be
like
willing
to
take
a
look
provide
feedback.
A
If
you
need-
and
it's
like
another
set
of
eyes
and
that's
always
nice,
I
get
to
learn
a
lot
from
that
show
it's
just
my
plug
telling
how
how
we
do
things
here
anyways
before
I
I
don't
have
anything
else
to
add.
If,
if
you
all
have
something-
and
if
you
think
of
something
later
just
add
it
to
the
item
for
the
next
meeting
or
put
it
in
slack
for
a
synchronous
discussion,
we
can
do
it.
Do
that
as
well.
A
You
don't
have
to
wait
for
a
month
and
that's
it
for
me.
So
I
till
I
meet
you
all
next
time,
stay
safe
and
take
care
bye.