►
From YouTube: Kubernetes SIG Security 20220324
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
all
right,
we're
gonna
call
this
thing
started:
it's
kubernetes,
sig
security.
Yet
again
it
is
awesome
to
see
everybody,
and,
as
always,
you
need
somebody
to
take
notes.
Please
someone
put
your
name
on
the
list
to
be
I'm
gonna
say
lead
note
taker,
because
we
all
take.
We
all
help
with
the
notes,
but
somebody
somebody
has
to
be
the
the
main
note
taker
person.
Thank
you
very
much.
Thank
you
note.
Taking
is
like
actually
the
chopped
wooden
carry
water
of
this
meeting.
So
all
right,
as
always,
it's
kubernetes
security.
A
B
Hi,
my
name
is
ian
coldwater.
I
am
the
other
co-chair
of
sig
security
and
I'm
excited
to
be
here.
Hacking
and
learning
with
y'all.
C
Hi
this
is
pushkar.
I
am
the
lead
for
six
security,
tooling
sub
project
and
here
to
make
my
and
other
people's
dreams
come
true
for
making
kubernetes
more
secure.
D
B
Hi,
I'm
mohit.
I
do
random
kubernetes
things
at
f-secure,
but
now
called
with
secure.
F
Hello,
I'm
james
coverley,
france.
I
I'm
security
consultant
at
control
play.
G
Eric
smalling
dev
advocate
at
sneak.
I
helped
buscar
occasionally
with
scanning
things
and
whatever
else
I
can
do
here.
J
Hi,
all
brian
smith,
here
with
bell
canada,
just
we're
here
to
listen
and
learn
as
well.
A
All
right
happy
to
have
everybody
here
and
happy
to
to
hear
introductions
from
everybody
who
wants
to
share
them
ray.
Can
you
can
you
tell
us
not
a
lot
going
on
right
now,
as
we
hold
our
breath
for
124,
but
how's
it
going.
D
Pretty
good
so
for
the
third
party
security
audits,
no
big
changes
still
tend
to
be
starting
in
late
spring.
Targeting
to
use
the
124
124
has
a
target
release
date
of
april
19th.
Once
again,
I'm
still
working
on
a
blog
post
on
kubernetes.dev,
just
to
kind
of
to
make
the
the
project
aware
of
this.
This
audit,
and
once
again,
ncc
group,
is
the
vendor
and
I'll
put
the
link
to
the
rfp
decision
on
the
agenda
for
for
folks
to
look
into.
H
C
D
Sounds
good:
what
do
I
think
I'm
working
on
and
also
on
how
we
run
communications
with
the
with
the
project
and
with
the
vendor
as
well
and
make
it
confidential
as
well?
So
that's
one
thing:
I'm
working
on
this
side.
A
Awesome
do
you
do
you
want
any
any
more
eyes
on
the
blog
post
as
it's
coming
together?
I
don't
know
if
it's
like
a
a
pr
yet
or
if
it's
a
google
doc
or
what,
but
if
you
want.
D
D
Yeah
I'll
drop
a
link
to
it
yeah
I
do
need
some
eyes
on
it,
so
I'm
definitely
going
to
ask
the
this
sig
co-chairs
and
folks
have
been
involved
with
what
the
their
party
security
audit.
Then
I
will
request
folks
on
the
community.they
have
folks
to
take
to
looking
at
it
or
to
take
a
look
at
that
pr,
so
yeah
I'll
have
the
link
shortly
awesome.
We
all
got
your
back.
A
Thank
you
any
any
further
thoughts
about
audit
subproject
progress.
E
Oh
yeah,
just
a
quick
thing,
so
I
mentioned
this
before:
we've
got
our
our
back
good
practices,
draft
which
we've
currently
got
hack,
md
and
we've
had
some
great
additions
to
that
from
ian
smart
adults
from
uval
some
new
extra
content.
If
anyone
has
any
ideas
of
things
they'd
like
to
add,
you
know
your
favorite,
our
back
niggle
things
that
people
should
be
very
careful
of
when
doing
our
back,
then
it'd
be
great
to
get
that
in,
but
we've
got
we're
kind
of
shaping
up
nicely.
A
C
Okay,
cool,
okay,
so
first
quick,
shout
out
to
praveen
raver
for
contributing
or
in
creating
a
new
dot.
Git
ignore
file
for
our
security
repo.
So
this
is
going
to
make
our
pull
request
cleaner
and
it
is
going
to
be
easy
to
ignore
things
that
we
don't
want
to
version
control.
So
thank
you
for
your
contributions.
C
We've
always
welcome
new
contributors
and
we'll
find
something
for
you
to
work
on
always
so
count
on
that.
Next
one
is
sort
of
a
small
logistical
change.
I
wanted
to
propose
and
discuss
with
everyone,
so
we've
been
doing
learning
sessions
for
a
bit
a
bit
as
in
last
six,
seven
months
or
so
every
other
six
security,
two
link
meeting
and
what
I
realized
is.
C
There
is
no
real
entry
point
for
anyone
who
doesn't
know
us
or
doesn't
join
meetings
to
request
a
topic
or
propose
a
topic
where
they
want
to
present
and
also
for
folks
who
have
presented.
We
want
to
give
a
single
place
for
all
of
the
youtube
videos
and
the
list
of
people
who
present
it,
where
we
can
look
at
it
and
say:
okay,
this
is
what
was
done
so
essentially
creating
sort
of
a
process
for
onboarding
and
follow-up
after
the
meeting
after
the
learning
session
is
done.
So
for
that
I'm
proposing
two
changes.
C
One
is
we
can
create
a
learning
session
request
template
in
six
security
repo.
So
if
you
open
on
github
issues
for
our
repo,
it
will
show
up
as
a
form
that
you
can
fill
in
and
then
that
allows
people
to
request
sessions.
C
Obviously
we'll
say
things
like:
don't
do
vendor
pitches
and
sales
pitches
and
things
like
that
and
then
the
second
update
is
creating
a
readme.md
file
where
we
list
all
the
learning
sessions
that
have
happened
with
speaker
names
links
to
youtube
and
the
date
when
it
happened.
C
So
those
are
the
thing
two
things
I
wanted
to
propose
as
things
to
do
and
get
everyone's
feedback.
A
I
mean,
for
my
part,
I
love
it.
Another
thing
that
comes
to
mind
for
me
is:
would
you
be
interested
in
having
a
separate
playlist
within
the
kubernetes
youtube?
A
It's
like
right
now
we
have
the
all
the
sig
security
meetings
so
that
you
can
find
them
playlist
and
that's
you
know
part
of
the
general
how
kubernetes
deals
with
with
youtube,
but
if
you,
if
you
think
it
would
be
cool
to
have
a
separate
playlist
that
was
just
like
seek
security,
tooling
learning
topics,
then
then
I
think
that's
a
thing
that
we
can
just
ask
for.
C
A
Keep
in
keep
in
touch
because
that's
a
thing
that
that
I
am
happy
to
help
with
and
otherwise
yeah
this
sounds.
This
sounds
cool.
C
And
if
you
don't
have
thoughts
now,
that's
fine
I'll,
open
up
a
couple
of
issues,
if
I
haven't
done
already
and
share
it
on
the
slack
so
feel
free
to
add
a
comment
later.
If
you
have,
if
you
come
up
with
something
and
then
we'll
keep
it
open
for
a
week
or
so,
and
then,
if
you
also
want
to
create
a
pr
that
fixes
that
issue
explaining
what
we
want
to
do,
that's
also
welcome.
A
A
C
C
Okay,
cool
so
I'll
I'll
start,
and
then
we
will
make
sure
to
keep
some
time
for
you,
so
we
don't
lose
out
on
your
topic
as
well.
So
there
has
oh
did
somebody.
L
C
Okay,
cool
no
worries
so,
as
folks
know,
there
are
always
more
issues
than
contributors
in
any
open
source
project.
Kubernetes
is
no
different
and
there
has
been
some
effort
to
support
app
armor
as
as
a
ga
feature
in
kubernetes
for
a
while.
C
I
had
to
dig
up
and
ask
some
folks
who
have
been
around
in
the
community
longer
than
me
to
understand
like
what's
the
state,
and
probably
I
don't
have
the
full
picture
also
so
I'm
happy
to
hear
from
others
who
might
have
it.
Basically,
my
understanding
is
app.
C
Armor
was
added
as
a
feature
in
1.4
kubernetes,
which
is
like
really
really
far
back
in
history
and
now
the
last
one,
when
the
last
kept
that
I
see
that
has
been
updated
for
making
it
as
a
supported
was
2016
and
then,
with
the
feature
policy
of
alpha
beta
and
ga,
there
was
another
kept
that
was
introduced,
two
caps,
rather
one
from
tim,
all
clear
and
one
from
sasha
gruner,
who
both
wanted
to
promote
app
armor
to
ga
from
the
current
feature
flag,
but
looks
like.
C
C
If
it's
a
ga,
so
I
thought
like-minded
folks
like
me,
who
want
to
make
secure,
kubernetes
more
secure.
It
might
be
worth
to
bring
it
up
and
hear
from
everyone.
If
somebody
wants
to
take
a
look
ask
for
help.
If
you
want
to
drive
it
or
help
out
and
let
somebody
drive
it
and
just
get
thoughts
on
what
people
think
about
this.
E
I
definitely
agree
that
it's
an
important
one
for
like
it's
an
important
layer
of
security
and
until
it
goes
ga,
that's
that's
not
cool,
so
yeah,
it's
one
that
I
I
mean
I
I
definitely
I
don't
think
I
could
drive
it
because,
like
I
don't
know
enough
about
that
process,
but
I'm
happy
to
try
and
help
because
yeah
it
is
one
that
that
we
would
hopefully
not
let
just
let
drift.
A
I
would
like
to
suggest
that
picking
it
up
and
driving,
it
does
not
actually
require
the
most
technical
expertise
on
the
subject
of
all
of
the
roles
involved
in
getting
it
to
ga
that.
Actually,
I
think
that
there
are
plenty
of
folks
already
within
kubernetes
development
community
that
have
deep
technical
expertise
in
it,
but
lack
the
ability
to
commit
time
to
it
on
a
regular
basis
necessary
for
essentially
following
through
with
the
paperwork,
and
so
I
would.
A
I
would
encourage
someone
who
thinks
this
is
cool
and
would
like
to
see
it
happen
to
to
to
be
more
involved
in
that,
even
if
you
don't
really
feel
qualified
for
it,
because
I
think
there's
a
lot
of
support
available
to
you.
I
mean
I'd,
be
available
to
to
provide
guidance
and
encouragement
to
people
as
far
as
like
needing
code
changes
or
whatever
I
feel
like,
there's
plenty
of
of
developers
who
would
have
an
easier
time
making.
A
C
Yeah
plus
one,
I
think
the
main
blocker
seems
like
his
commitment
for
a
longer
period
of
time
to
and
persistence
to
get
it
to
ga.
So
once
that
is
done,
and
then
there
is
a
pathway
towards
maintaining
it
a
long
term
with
a
specific
sig
or
multiple
six
owning
it.
I
think
that
would
be
good
and
like
tabby,
I
I'll
be
happy
to
support
in
any
way.
I
can.
A
Yeah,
just
like
totally
off
the
cuff,
it
feels
to
me
like
the
thing
that
is
missing
is
really
like
the
speck
of
dirt
for
the
snowflake
to
crystallize
around,
and
so,
if
somebody
has
wanted
to,
if
somebody
has
wanted
to
try
community
organizing
and
do
so
in
a
way
that
would
help
kubernetes
to
be
more
sustainable
long-term.
I
think
that's
a
really
good
opportunity
for
that.
D
In
the
point
that
there
is
a
no
perma
beta
rule
that
we
have,
this
is
my
release
hat
on
as
well,
so
this
has
been
beta
1.4.
It
will
be
subject
to
rule.
I
don't.
D
That
means
like
features
in
the
beta
cannot
stay.
Our
features
that
are
in
beta
cannot
stay
in
beta,
for
I
think
three
cycles.
I
believe
I
have
to
go
back
to
see
what
the
exact
number
of
cycles,
otherwise
it
gets
reverted
back
to
alpha
or
I
think
we're
going
to
revert
it
back
to
alpha.
I
have
to
remind
myself
on
that
yeah,
so
just
want
to
point
that
out.
D
I
don't
think
I
have
the
current
cycles
for
this
in
the
next
few
months
to
to
help
guide
this,
but
like
with
tapping
in
pushkar,
I'm
I'm
more
than
happy
to
very
familiar
with
the
enhancements
process
and
how,
in
the
graduation
process
as
well,
yeah
and
anyway,
if
anyone
else
would
like
to
just
to
see
this
through
that'll
be
great.
A
Since
you
were
doing,
since
you
were
doing
quite
a
bit
of
reading
about
this
pushkar,
could
you
give
us
kind
of
a
summary
of
what
the
status
of
app
armor
in
kubernetes
is
because,
like
my
impression
of
it,
is
that
it's
one
of
the
few
things
that
we
have?
A
That
is
a
a
hardening
feature,
but
that
was
safe
enough
to
on
by
default
and
so
that
right
now,
if
you
don't
think
at
all
about
app
armor
but
you're
on
a
platform
that
supports
app
armor,
you
get
the
runtime
default
app
armor
profile
on
unless
you
opt
out
of
it
or
unless
you
opt
into
something
like
security
profiles
operator
or
your
own
manual
things,
and
then
apply
your
own
custom
profiles
and
so
like
kind
of
what
is
the
state
of
it?
What
does
it
being
in
beta
mean
like
like?
C
Yeah,
so
I
haven't
read
the
both
the
caps
in
a
cent
in
their
entirety.
My
biggest
take
away
from
this
was
there
are
there
is
there
are
clear
suggestions
in
terms
of
what
needs
to
happen.
C
D
I
also
wanted
to
follow
up
the
no
perma
beta
rule.
Act
only
affects
the
rest,
apis.
A
So
that
that
way,
the
apis
themselves
will
stay
will
will
be
more
predictable
and
such
over
time.
I
know
that
there
are
annotations
right
now
to
to
manage
the
app
armor
status
of
workloads.
A
Does
that
like
so
that
does
not
apply
to
well-known
annotations
so
like
if
app
armor
support
had
been
added
via
a
field
in
the
pod
spec,
then
we
might
be
more
worried
about
it
from
a
like
procedural
standpoint,
but
because
it's
because
it's
done
with
well-known
annotations,
it's
a
little.
It's
a
little
less
of
a
worry.
D
I
would
agree
to
that.
Okay.
C
Yeah
and
the
pr
that
tommy
just
shared
is
the
latest
one
for
sure,
and
if
you,
if
I
look
at
the
summary
really
quickly,
it
says
basically
that
we
want
to
convert
the
annotation
to
a
dedicated
field
and
then
the
feature
will
graduate
to
beta.
C
What
it
might
look
like
in
terms
of
prs,
I
mean
I
would
definitely
have
to
read
more.
There
is
a
another
linked
pr
that
was
merged
as
provisional
from
team
all
clear
in
the
same
pr,
which
is
also
quite
exhaustive,
but
it's
a
good
thing
to
read
up
for
sure
to
get
all
the
context
behind
it,
both
those
pr's
as
well
as
the
one
that
introduced
it
in
the
first
place,.
D
Yeah
for
this
to
re
for
the
annotation
to
be
re-implemented
to
another
field
or
permanent
field,
we'll
probably
have
to
be
re-implemented
in
beta
again,
one
for
at
least
yeah
at
least
be
it
again.
Then
it
would
also
go
under
would
need
a
production
readiness
review
as
well
and
for
this
cap
that
we
see
in
the
pull
request,
that's
linked.
D
The
kep
yaml
format
will
have
to
be
updated
to
the
current.
I
think
it's
pretty
close
to
the
current
format,
but
I
think
there's
just
a
few
minor
changes
to
it.
C
Yeah
I
mean
it
seems
like
for
sure,
like
a
multi-month
work
item
just
for
people
to
understand
the
effort
needed
but,
like
we
said
we'll,
you
will
have
support
for
sure
from
multiple
people,
not
just
in
this
sick
but
other
sigs
as
well.
A
Thank
you
so
much
for.
Thank
you
so
much
for
bringing
this
up.
I
think
that
that's,
I
think,
that's
the
first
step,
because
I'm
you
know
just
scrolling
through
the
history
of
this
and
and
it
seems
like
there's,
it
seems
like
there's
a
lot
of
good
input,
a
lot
of
good
support
from
from
folks
who
are
who
are
very
knowledgeable
in
the
code
base
and
have
been
been
around
the
code
base
for
a
long
time
and
that
and
then
yeah.
A
C
One
thing
I'll
also
share
being
on
the
both
sides
of
the
dynamic,
is
sometimes
it's
harder
to
convince
your
leadership
or
boss
that
this
is
important,
and
I
want
to
spend
my
time
on
this
or
you
end
up
working
on
it
on
weekends.
So
if
anyone
wants
that
kind
of
help
and
want
to
like
bounce
off
ideas
about
how
can
I
convince
my
boss
to
work
so
that
I
can
work
on
this
during
my
day
time
happy
to
have
a
dm
conversation
with
you?
C
J
A
quick
comment
on
that.
Sometimes
it's
helpful
to
find
an
end
user.
Who
wants
the
the
improvement
that
you're
looking
for
as
well
and
to
get
them
to
ask
for
for
that
help
and
that
way
that
it
prioritizes
it,
because
very
often
it's
the
you
have
to
convince
the
pms
and
the
pms
are
just
saying:
oh,
we
want
features,
we
don't
care
about
security
or
stability
or
similar,
so
I
happen
to
be
at
one
of
those.
J
So
if
there's
something
there
that
you
think
is
super
important,
that's
not
getting
covered,
definitely
hit
me
up
and
I'll
see.
If
there's
something
I
can
do
on
my
side
as
well.
E
This
is
just
a
one,
I
think,
twitter.
You
know
where
you
find
these
things
twitter.
I
missed
this
when
it
came
out
it's
like
22
days
ago,
so
there
is
a
container
d
vulnerability
and
what's
interesting
about
it
is
the.
I
think
I
linked
it
in
the
thing.
There's
a
there's,
a
the
write
up
from
the
person
who
found
it
project
zero
is
in
there
yeah
the
bug,
the
chromium
bugs
and
he's
actually
got
a
cubelet
reproducer.
E
So
that's
actually
what
his
target
was
when
he
was
doing
it
and
it
turns
out,
it
seems
to
be
a
path:
traversal,
the
old
dot,
dot,
slash,
dot,
dot,
slash
dot,
slash
in
a
volume,
and
it
mounts
it
from
the
host,
including
mounting
the
cubelet
pti
keys,
which
is
bad
into
a
container
with
a
crafted
volume.
I
I
was
crafted
image.
I
haven't
been
able
to
get
it
reproduced.
E
Yet
I
have
asked
on
twitter
to
see
if
he's
got
his
like
he's
going
to
actually
release
his
proof
of
concept,
but
it's
a
fun
one.
I
almost
tried
playing
with
it.
My
current
thinking
is
that
it
might
need
the
builder
tool
chain
because
in
an
oci
field
in
the
spec
rather
than
docker,
so
I'm
wondering
whether
you
have
to
build
using
an
oci
spec
build
tool
rather
than
docker
build.
So
that's
where
I
am
it's
just
creation
of
putting
all
the
tool
chain
together.
E
So
it
doesn't
like
munch
that
when
you
put
up
the
register
and
get
it
back
down,
but
it
might
be
a
fun
one
for
someone
to
try
playing
with
exploiting
the
zero
just
reviewer
research
described
it
as
surprisingly
easy,
but
in
their
terms
I
don't
know
what
that
means.
I
mean
I've
seen
some
of
the
stuff
they've
used.
E
Their
version
of
easy
could
well
not
be
anyone
else's
version
of
easy.
I
would
not
be
surprised,
find
that
out,
but
yeah.
It
seems
a
concept
like
it
might
be.
So
hopefully
we
might
hear
about
more
back
from
him
and
I'll
put
it
in
slack
if
we
do,
but
if
anyone
gets
a
chance
to
have
a
dig
with
I'm
probably
going
to
the
weekend,
if
no
one
else
has
managed
to
do
it
yet
by
then
just
to
see
if
I
can
work
on
what's
going
on,
because
it
looks
like
a
fun
one.
E
Someone
saying
that
they
were,
they
had
another
learning
channel
cv
and
they
were
bummed
because
you
couldn't
get
out
of
kctf,
which
is
google's
bug
bound
table
kubernetes
cluster.
So
google
have
a
bug,
bounty,
kubernetes
cluster.
If
you
can
break
it,
you
get
ten
thousand
dollars,
so
there's
a
clear
target.
If
you're,
you
know,
maybe
a
student
researcher
you're
like
10
grand,
that's,
not
an
inconsiderable
amount
of
money,
and
it's
worth
digging
into
like
a
linux
kernel,
our
linux
kernel
privacy
like
a
local
level.
E
If
you
can
get
that
working
so
yeah,
absolutely
we
just
need
to
be
getting
a
ration.
The
one
other
fun
thing
just
to
mention
about
this
one
is
it
works
even
if
you're
using
g,
visor
or
firecracker,
because
it's
a
volume
mount
so
g
visor
will
not
save
you
and
firecracker
will
not
save
you.
According
to
the
report,
and
that
that
which
is
going
to
annoy
some
people
who
are
perhaps
relying
on
that
as
their
as
their
defense
mechanisms.
A
A
I
saw
frederick
you
had
you
had
the
the
zoom
hands
up
gesture
come
on
jump
in.
J
Okay,
so
yeah
one
of
the
things
that
I
noticed-
and
I
I'm
sure
most
of
you
saw
this
as
well-
is
as
when
we
start
looking
at
how
the
industry
is
changing
I'll
use
this
as
an
example.
It's
not
purely
this
one
thing
that
that's
having
issues,
but
we,
I
think
the
the
pattern
is
what
I'm
is,
what
I'm
looking
for.
J
So
if
you
look
at
something
like
rootless
containers
like
the
entire
linux
kernel
and
the
way
that
the
initial
assumptions
were
all
set
up
were
based
around
things
like
oh
cap's
disadvantage,
there's
no
way
you
can
tap
get
caps
has
happened
once
it's
been
once
it's
been
removed
and
then
once
we
started
to
move
away
from
those
assumptions,
then
basically
the
kernel
developers
have
to
go
and
scan
the
entire
set
of
code
in
order
to
try
to
to
fix
them
and
of
course
they
miss
things,
and
so
it
would
be
interesting
to
see
if
there
was
some
way
of
identifying
high-risk
areas
and
that
that
are
a
focus
of
these
types
of
fundamental
changes,
because
that
would
give
us
some
target
or
something
to
be
aware
of.
J
So
we
can
focus
more
on
like
well.
How
do
we
mitigate
these
type
of
these
type
of
issues,
or
how
do
we
make
sure
that
these
type
of
things
are
are
less
likely
to
affect
us
as
they
undergo
that
development?
I
don't
know
if
there's
somewhere,
that
does
this
already
or
if
this
would
be
an
effective
use
of
time,
but
just
just
a
thought.
E
E
Says
like
as
soon
as
you
start
doing,
volume
mounting
bad
things
happen
and
yeah.
I
think.
Actually
thinking
about
we've
got
one
neat
part
of
the
stack:
we've
got
run
c,
a
container
d
and
a
cube
loop,
so
you
can
have
a
volume
mounting
cv
in
all
different
parts
of
your
container
stack,
but
yeah
theming
is
definitely
interesting.
I
think,
from
that
perspective,
turtle's.
E
A
E
A
A
A
E
Specs
fun
because
the
ocean
spec's
complicated
everyone's
ever
tried
reading.
I
have
tried
and
failed,
but
yeah
there's
a
lot
of
things.
A
lot
complex
in
there,
which
always
complexity
leads
to
bugs.
So
I
think
it's
fun
to
be
had,
and
this
is
yeah
a
really
good
place.
E
A
I
like
this,
I
like
this-
I
mean
I've.
I've
been
the
person
who
has
net
cat
pipe
to
said
pipe
to
netcat
in
order
to
modify
the
oci
specs
as
they
are
on
their
way
from
your
container
runtime
like
like
there's
good,
there's
good
stuff
in
there.
I
highly
encourage
anybody
to
learn
about
the
oci
spec
and-
and
maybe
this
could
maybe
this
could
motivate
somebody.
E
A
G
Yeah
this
whole
discussion
kind
of
reminds
me:
I'm
gonna
do
a
shameless
plug
for
our
book
club,
carlos
santana,
from
ibm
from
k
native
group,
and
I
run
a
kubernetes
related
book
club.
That's
we're
in
the
middle
of
liz
rice's,
container
security
book,
and
this
like
fits
that
right
now
and
if
anyone
is
interested
ping
me
I'll,
put
the
link
in
here,
but
we
meet
every
friday,
we're
about
halfway
through
container
security
now
and
we're
going
to
be
doing
hacking
kubernetes.
Next,
I
think
I
mean
those
are
both
those.
A
B
Think
it's
an
egyptian
goose
if
I'm,
if
I'm
looking
at
it
closely
through
the
thumbnail,
you
know
because
it
has
that
eye
marking.
But
I
could
be
wrong
because
I've
looked
at
it
on
a
tiny
thumbnail.
G
And
just
to
sell
a
little
more
we're,
usually
pretty
good
about
being
able
to
get
the
authors
on
at
least
for
the
last
show.
So
if
you
ever
want
to
talk
to
them,
we
had
james
on
for
networking
and
kubernetes.
We
had,
I
think,
the
entire
crew
from
tanzu
for
production
kubernetes.
That
was
our
first
book.
That
book
took
us
a
year
to
get
through,
though,
because
it's
a
big
book.
B
A
G
Yeah,
if
you're
interested
go
to
the
link,
I
just
posted
and
we
just
we
it's
a
zoom
session.
Every
friday
we
don't
record
so
we
don't
have
to
worry
about
people
talking
security,
things
that
they
don't
want
recorded,
but
good
awesome.
That
link
will
take
you
the
indirectly,
to
the
discord.
The
raw
code
run
hosts
our
discord
for
us.
So.
I
Yeah,
hey
folks,
I
would
love
to
be
yeah
ian
and
tabby.
I
booked
you
on
slack
to
be
the
I
guess,
leader
of
the
security
best
practices
subproject,
so
I
guess
pushker.
If
I
could
lean
on
you
to
figure
out
what
the
paperwork
is.
I
can
and
just
you
know
like
getting
the
meeting
scheduled
and
just
get
into
that
groove.
I
can
start
doing
that.
C
Yes,
I'm
very
happy
to
hear
that
and
definitely
can
help
out
in
the
logistics
and
because
I
haven't
done
that
similar
stuff
for
tooling
and
yeah
great
to
have
you
here
and
look
for.
I
have
some
thoughts
about
where
we
can
take
the
project,
but
I'm
sure
you
it
will
be
in
good
hands
thanks.
A
All
right
we've
fallen
off
the
end
of
the
main
function.
Thank
you
all.
Thank
you
all
so
much
for
coming
and
for
you
know
for
for
sharing
our
ideas
and
working
together
to
make
things
better
in
kubernetes.