►
From YouTube: Kubernetes SIG Security 20220908
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right,
we're
gonna
call
this
we're
gonna
call
this
started
hello,
kubernetes
security,
I
am
I,
am
delighted
to
see
you
all
here
today,
I'm
Tabitha
I'm,
one
of
the
co-chairs,
my
yeah
pronouns.
Are
she,
and
also
they
and
always
happy
to
help
to
make
this
space
so
that
we
can
make
kubernetes
safer
for
users
together.
B
Hi
I'm
Ian
I'm,
the
other
co-chair
of
pronouns.
They
them
and
I'm
here
to
pack
the
planet
make
friends
and
hack
the
planet.
With
my
friends,
hi
friends.
C
F
Hello,
I'm,
Mohit
I
do.
C
G
E
Al
I'm
Rory
I
do
scripture
stuff
at
this
dog
and
I'm
also
helped
to
try
and
make
containers
and
kubernetes
more
secure
and
find
fun
things
to
hack
too.
A
H
Hello,
I'm
Alex
I'm
involved
with
the
security
over
at
Zora
and
I,
haven't
joined,
I,
haven't
been
involved
for
a
few
weeks
now
or
months.
I
guess
and
I
just
thought:
I'd
rejoin
and
see.
What's
going
on,
welcome
back
just
a
fly
on
the
wall
right.
G
We'll
see
got
some
sponsors
sponsorship,
thanks
and
yeah
just
here
to
learn
a
lot
more
and
do
things.
F
I
am
Craig
I
do
kubernetes
security
at
Google
I'm
here
to
learn
and
getting
back
into
things
and
help
contribute
to
the
Sig.
J
Hello,
my
name
is
Savita
I,
lead
security,
documentations
project
I'm,
here
to
me,
I,
like
my
new
friends,
learn
and
share.
K
Hey
everybody,
my
name
is
Chris.
He
him
I
am
a
senior
security
engineer
for
Sony
Global
infrastructure
in
charge
of
kubernetes
and
other
Pipeline
Supply
Chain
security,
et
cetera
I'm,
just
here
to
learn
and
try
to
keep
up
with
all
the
changes
going
on
foreign.
A
Do
first
we
will
hear
some
of
the
cool
things
that
have
been
going
on
in
subgroups.
I
will
report
for
Ray
who's
not
able
to
make
it
today.
On
behalf
of
the
audit
subgroup,
the
report
is
being
finalized.
There's
a
lot
of
there's
a
lot
of
back
and
forth
between
the
appropriate
groups
and
the
vendor
there
about
you.
D
A
About
the
the
report
figuring
out
best
way
to
respond
to
things
and
official
publication
is
currently
planned
for
early
October,
it's
processes
rolling
along.
It's
been
a
really
good
engagement.
So
far,.
A
Next
Savita,
do
you
want
to
share
some
of
the
cool
stuff
coming
out
of
Docs.
J
Yeah,
so
we
have
some
new
pages
thanks
to
all
the
contributors
who
worked
on
it,
reviewed
it,
especially
to
Rory
and
Mahi
for
addressing
over
each
of
the
PRS
have
like
over.
One
of
them
has
like
100
comments,
I
think
another
one
is
like
250,
so
that's
that's
like
a
huge
thing,
so
I
cannot
express
my
gratitude.
Thank
you
and
if
you
haven't
checked
out
these
Pages
and
the
links
in
the
agenda,
please
go
check
them
out.
J
If
you
all
like
to
add
anything
to
the
existing
checklist,
please
open
an
issue
Target
US
security
and
dogs,
and
we
will
filter
through
and
if
you
think
it
is,
it
is
good
for
a
new
contributor,
please
mark
it
appropriately
with
the
label
so
that
someone
who's
new
and
who
wants
to
take
up
some
something
and
learn
they
can
always
get
started
that
way.
J
It's
like
okay,
that's
one
way
that
I
think
that
it's
that
you
can
give
back
and
it's
like
a
great
opportunity
to
be
a
mentor
if
you
want
to
be
no,
no,
not
fortunate
just
putting
it
out
there
and
the
next
big
thing
that
I
have
is
that
next
month,
in
this
security
docs
meeting,
we
want
to
prioritize
what,
where
we
want
to
focus
next,
so
I'm
planning
the
crowd,
Source
it,
and
if
you
all,
have
any
topics,
please
feel
free
to
put
them
in
the
agenda
or
put
them
in
the
slack
Channel
or
create
an
issue.
J
I'll
go
and
consolidate
and
see
if
I
could
come
up
with
a
theme
and
then
in
the
next
meeting
we
can
go
over
and
see
where
we
want
to
focus
the
next
few
months
say
quarterly
or
like
even
offeredly.
Well,
however,
whatever
works
for
us
but
I
just
want
to
like
ask
you
all
well
which
place
do
you
all
want
to
see
some
improvements
in
the
documentation?
J
A
Skimming
skimming
through
these,
the
both
of
these
new
pages
are
are
pretty
sweet,
great
great
work
to
everyone
involved.
Thank
you.
So
much.
C
So
a
couple
of
quiet
weeks
compared
to
the
usual
busyness
we
have
in
the
group
One
update,
is
one
of
the
registry
for
official
kubernetes
images
changed
recently
last
couple
of
months,
or
so
so
some
of
our
scanning
tooling
was
not
able
to
redirect
to
the
new
URLs.
So
we've
been
working
on
with
sneak
for
fixing
those
things
had
a
temporary
hack
in
between
two
keep
the
scan
screen.
This,
the
fix,
actual
fix
is
now
published
from
Snick
and
we
tested
it
and
the
scans
are
running
back
up
again.
C
So
thanks
Eric
Smalling
from
snake
for
helping
us
get
through
this
and
Neha
for
triaging
between
the
group
and
the
sneak
support.
The
next
update
is
a
follow-up.
From
last
time
we
had
issues
hyphen
security
directory
under
K
website,
which
has
most
of
the
things
that
SRC
and
six
security
work
on
and
one
of
their
requests
from
Tim
Bannister,
who
is
a
Sig
dogs
Tech
lead
was.
Can
we
make
this
custom
ownership
directory
where
the
owners,
instead
of
defaulting
to
sick
talks,
approvers
and
reviewers,
will
actually
be
SRC
and
six
security
leads.
C
So
we
discussed
it
in
the
SRC
meeting.
Last
week-
and
they
were
okay
with
that
as
well,
so
I'm
going
to
open
a
PR
to
make
that
change,
and
apart
from
that
yeah
those
are
the
main
two
updates.
The
the
blog
for
the
of
official
CVA
feed
is
going
to
be
published
on
Monday
next
week
and
we
have
already
gotten
some
great
feedback
so
we'll
be
sure
to
share
that
when
it's
published
on
Monday.
A
A
L
Yeah
I
just
finished
my
my
dessert
Plum
just
in
time
to
come
on
camera
for
this,
so
hey
folks,
I'm
Mala
I
am
the
lead
for
the
self-assessments
sub
project
yeah,
so
I
I
am
making
slow
not
as
fast
as
I
want
to
progress
on
just
getting
myself
organized
in
terms
of
getting
the
self-assessment
set
up.
L
L
The
other
thing
that
I
was
working
through
in
the
Sig
contribbeck
slack
yesterday
was
I
wrote
up
from
a
meeting
with
pushker
just
like
what
the
base
sick
kind
of
processes
for
doing
a
self-assessment
and
I'd
like
to
get
that
into
the
self-assessments
folder
to
make
sure
that
I
have
something
to
point
to,
because
I'd
love
to
for
the
kubecon
maintainer
track
talk
that
we
have
be
able
to
just
show
people
like
some
resources
for,
like
oh
go
here,
to
ask
questions.
L
Here's
like
the
basic
outline
of
how
you
do
one
to
just
I
like
to
work
in
a
way
that
I,
like
Federate
knowledge
as
I,
go
so
yeah.
That's
kind
of
my
my
goal
so
I
have
a
session
set
up
with
a
friend
of
mine
to
just
like
get
me
through.
Some
of
the
just
basically
get
functionality,
so
I
can
just
create
that
file.
L
I
was
also
just
thinking
about
a
savitha
was
speaking
that,
since
it
is
documentation
that
I
could
probably
collaborate
with
you
to
get
some
feedback
on
that,
because
the
for
the
the
file
that
I
wrote
to
just
capture
like
the
basics
of
how
to
do
a
self-assessment,
so
I
might
be
reaching
out
to
you
for
some
free
time
and
also
at
some
time
we
should
meet
in
person
because
we're
both
in
Massachusetts,
which
is
red
but
yeah.
That's
everything
from
self-assessments!
L
So
far
the
vsphere
CSI
driver
is
still
kind
of
the
next
Target.
It's
the
request.
That's
been
made
by
Shing,
but
yeah
I
do
want
to
just
make
sure
that
I'm,
like
organized
I,
have
the
slack
channels
organized
and
the
documentation
and
stuff
before
I
carry
out
the
the
process
that
I
have
written
down
and
that's
where
things
are
at.
A
So
many
things
in
kubernetes
governance,
where
one
just
updates
some
yaml
and
you
know
sometimes
those
things
are
theoretically
simple
and
in
practice
can
get
to
be
kind
of
challenging
and
so,
like
honestly,.
C
A
L
A
Is
what
we
are
all
doing
all
the
time?
Thank
you
for
doing
it
with
us
thoughts
about
security,
self-assessments.
A
Well
then,
let's
let's,
let's
turn
this
over
to
Rory
for
for
a
timely
and
somewhat
funny
news
update.
E
Yeah
because
everyone's
thinking,
of
course,
you've
gone
Detroit
but
I
know
today
is
the
cfp
open
for
cubco
in
Amsterdam,
EU
2023
it'll
come
up
quicker
than
we
think
this
time
looks
like
the
cfps
open
a
bit
longer
than
it
was
in
previous
I.
Think
it's
open
till
November,
so
you
don't
quite
have
that
kind
of
like
in
Detroit
rushing
thinking.
Oh,
let's
see,
if
he's
a
vegetables
thing,
so
that's
nice.
E
No,
no,
it's
like
everyone,
they
call
Race
Museum,
but
I
know
it's
about
it's
like
worldly,
Old
Masters,
doing
these
big,
huge
canvases,
where
there's
lots
of
stuff
going
on
and
the
painting
is
just
amazing
yeah
you
can
spend
like
or
I
can
spend
like
half
an
hour
stunning
one
of
them.
Looking
at
it.
It's
great.
A
E
I
had
one
very
quickly,
just
like
box
say
when
it
was.
We
were
talking
about
docs
and
I
should
have
said
it
then,
which
was
one
of
the
things
that
we
chatted
about,
or
it's
been
a
chat
about
on.
The
slack
was
around
host
path
volumes
and
what
exactly
are
the
risks
of
Hose
path
volumes
like
in
what
scenarios
is
it
safe?
In
what
scenarios
is
it
not
safe?
And
why
and
I
think
that
the
kind
of
conclusion
we
came
to
is
like
people
aren't
100
certain
like?
E
E
It
would
be
nice
to
have
a
page
clarifying
that
and
the
people
with
ideas
of,
like
you,
know,
scenarios
where
they've
seen
what
is
good
or
you
know
I
think
it'd
be
nice
to
kind
of
drill
down
into
that
and
just
like
flesh
it
out
because
I
just
even
talking
around
you
know,
I,
don't
know
everyone's
got
like
100
I'm
sure
someone
does.
But
it's
not
me.
E
So
I've
got
initials,
I
think
in
there
and
there's
a
there's,
a
an
issue
link
and
if
you've
got
some
ideas
and
then
we
could
maybe
do
a
hack,
MD
or
something,
and
just
like,
let's
hear
some
ideas.
E
A
I've
just
pasted
what
I.
E
A
This
feels
to
me
like
one
of
those
places
where
kubernetes
security
gets
especially
complicated,
because
it
has
a
lot
of
the
same
feeling
to
me
as
like,
when
is
it
okay,
to
have
a
world
writable
directory
on
a
Unix
system,
sort
of
kinds
of
concerns
where,
like
it's
obvious
to
everyone,
that
has
been
like
super
deeply
involved
in
those
issues
for
decades?
But
that
means
it
isn't
actually
ever
obvious
to
anyone,
and
there
are
a
lot
of
ways
to
do
it
that
are
okay
and
there's
a
lot
of
ways
to
do
it.
A
That
are
super
dangerous
and
it's
not
necessarily
clear
to
anyone
when
all
those
cases
are
or
aren't-
and
it
seems
like
folks
just
have
to
reason
through
that
from
first
principles,
every
time,
name
or
kind
of
lean
on
Long
established
habits
and
so
having
a
docs
page
about
that
one
benefit
that
I
see
to
it
is
once
there
is
a
docs
page
about
it.
Then
there
is
like
a
public
way
to
argue
about
these
things.
I
Yeah
completely
agree
because
the
I
think
the
person
that
was
asking
the
question
originally
on
slack
red
warning
on
the
osbusting
and
was
a
bit
scared
about
that
and
didn't
know
how
to
deal
with
that.
So
yeah
I
think
it
would
be
interesting
to
have
a
dive
deep
into
that
stuff
and
what
you
say
for
the
sensation.
E
Yeah,
because
there's
so
many
different
ways,
people
could
or
don't
or
can
use
them,
but
I
think
yeah
having
that
just
yeah
you're
right,
you're
totally
right,
even
like
some
ideas
that
then
that
will
I'm
sure
spawn
people.
Thinking
of
hey,
they
haven't
covered
my
favorite
Niche
Edge
case
here,
which
would
be
good
with
get
extra
input.
C
I
just
added
a
last
minute
topic,
since
we
had
a
bit
of
time,
so
there
has
been
a
pull
request
open
for
a
while
to
add
a
readme
to
our
six
security
repo
thanks
to
Rory
for
bringing
it
up
by
adding
a
comment
recently,
and
there
is
I
think
good
bit
of
content.
That
is
nice
and
useful,
but
it
is
required.
It
needs
probably
once
one
or
two
set
of
reviews
and
then
we
should
maybe
be
ready
to
merge
it.
So
I
was
just
wondering
what
are
everyone's
thoughts
on.
C
How
can
we
help
ayushman
get
the
pr
merged
or
give
him
any
feedback
that
is
actionable,
so
he
can
work
on
it.