►
From YouTube: Kubernetes SIG Security Meeting 20201019
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
C
C
D
It's
my
first
time
here,
but
I'm
happy
to
volunteer.
If
there
isn't
a
particular
structure,
I
should
be
falling
to.
A
Just
write
down
the
things
that
happen
in
an
appropriate
level
of
detail
so
that
others
can
follow
along.
A
A
A
All
right:
well,
the
clock
has
ticked
over
to
five
minutes,
so
we're
gonna,
we're
gonna
call
this
the
beginning
of
the
second
kubernetes
sig
security
meeting.
Thank
you
all
so
much
for
coming.
A
So
since
we
are
since
we're
here
and
just
getting
started
with
this,
I
think
it
would
be
good
for
folks
to
who
are
new
to
introduce
themselves
say
briefly.
What
has
what
has
brought
you
here?
C
My
goal
is
to
help
people
work
together
and
do
their
best
work
in
security
and,
whatever
that's
going
to
look
like
I'm
excited
about
getting
community
input,
bringing
people
together
and
making
it
awesome
if
you
are
not
new,
also
because
the
people
who
are
new
have
not
seen
your
intro
yet
make
the
super
short
version
where
you're
just
like
hi,
my
name
is
so-and-so
and
I
expressed
interest
last
week
in
being
a
tech
lead
for
blah
or
whatever
it
is
that
you
want
to
say
just
so
everybody's
on
the
same
age.
A
All
right,
then,
if
we
had
like
a
table,
we
could
go
around
the
table,
but
we
don't
so
I'll.
Just
call
people
off
in
the
order.
Actually
can
we
just
go
in
the
order
that
we're
here
in
the
notes
link
starting
with
savita.
E
Hey
there,
I'm
savita,
so
I've
been
with
doing
kubernetes
work
for
about
an
year
and
a
half
and
I've
been
always
searching
for
a
place
to
security
is
one
of
my
best
passions.
So
I
want
to
do
security
work
when
and
always
starts
in
the
residency
of
security,
but
that
didn't
align
now
that
we
have
kubernetes
security
and
I
want
to
help
in
any
way
possible
and
be
involved.
E
Make
this
community
awesome-
and
I
also
volunteered
to
take
lead,
sig
security,
docs
I've
been
reaching
out
to
folks
and
if
you
are
interested,
please
bring
me
in
slack
or
reach
out
to
me.
If
I
missed
your
name
in
reaching
out.
Thank
you.
F
B
Hi
I'm
alex
alton
and
I'm
new
to
the
sig
security
group.
I'd
like
to
get
involved.
My
background
is
many
years
in
cryptography
and
network
security,
and
I'm
been
working
in
kubernetes,
probably
for
the
better
part
of
the
last
five
years
as
a
user,
and
you
know
implementer
of
it
not
implementing
in
terms
of
code,
but
you
know
getting
getting
systems
spun
up
and
put
out
to
internal
organizations.
B
The
one
of
the
things
that's
very
attractive
to
me
is
I'd
like
to
you
know,
dig
deeper
into
this
architecture
of
kubernetes
and
how
it
you
know.
Security
could
be
improved.
G
I'm
eric
smalling,
I'm
an
ex
doctor
x,
vmware
container
kubernetes
field
consultant
by
history,
but
recently
I
decided
to
change
roles
and
I'm
a
developer
advocate
at
sneak
now
and
pretty
much
covering
cloud
native
stuff
for
them
in
the
us.
So
I'm
here
to
keep
my
finger
on
the
pulse
of
what's
going
on
and
help
contribute
what
I
can
and
stop
being
a
lurker
and
start
helping
out
where
I
can.
D
Hey,
I'm
sam
stewart
confusingly
also
called
frenchy,
I'm
not
french
in
the
slightest,
as
my
accent
has
probably
already
portrayed
me,
there's
a
lot
of
french
people
in
the
docker
community.
So
I
always
like
clearing
that
one
up
I
I
was
previously
over
at
cruise
automation,
I'm
currently
a
staff
security
infrastructure
security
engineer
at
a
company
called
brex.
I
haven't
been
directly
involved
with
the
kubernetes
project,
but
I've
been
kind
of
around
the
sides.
D
At
cruz
we
released
a
couple
of
related
tools:
k
rail
is
a
admission
controller
for
applying
security
policies
and
daytona
is
away
psycho
and
for
injecting
secrets
in
containerized
environments.
So
I
worked
on
a
couple
of
those
tools.
There
kind
of
new
to
this
figuring
out
how
it
works,
but
put
my
name
down
for
a
couple
of
things
such
as
the
security
audit
and
the
security
certification
stuff,
but
really
pretty
new
and
just
trying
to
figure
out
how
stuff
works.
H
Hi
here
I
guess
I've
been
working
in
kubernetes
security
space
for
like
a
year
and
a
half
now
mostly
I'm
just
hoping
to
make
some
contributions
either
technical
organizational.
I
haven't
really
don't
really
know.
What's
on
the
table
yet.
J
Hello,
I'm
sam
samara,
I'm
a
engineer
at
bloomberg.
Mostly,
I
have
used
docker
and
kubernetes
like
as
a
consumer.
I
am
interested
in
learning
more
about
how
it
works
internally
and
how
it
can
be
made.
You
know
to
be
more
usable
in
a
secure
fashion,
so
just
here
to
learn
thanks.
K
I
am
joyce
kind
of
echoing
sound
sentiment,
I'm
pretty
new
to
kubernetes
as
both
a
project
and
a
community
so
just
want
to
learn
some
more.
L
F
A
M
Hey
mike
foster
here
thanks
for
the
second
week
back
quick
note
by
the
way
the
google
meets
link
is
also
in
the
calendar,
invite
just
got
redirected
the
wrong
way
but
yeah.
So
I
come
from
a
consulting
background
working
with
kubernetes
for
over
three
over
three
years
now
and
recently
have
been
transitioned
to
more
of
a
security,
focused
role
so
looking
forward
to
helping
the
community
documentation
demos
any
way
I
can.
N
P
Hey
sorry
about
that
and
tim
all
claire
I've
been
involved
with
kubernetes
for
five
years,
co-chair
sigoth
and
help
out
with
the
product
security
committee
and
yeah.
B
P
Most
excited
about
how
security
can
bring
in
more
of
the
community
to
the
vulnerability
management
process.
That's
currently
run
by
the
product
security
committee.
O
I'm
aaron
last
year
I
helped
run
the
third-party
security
audit
and
I'd
like
to
tech
lead
that
again.
Q
Hi
kirsten
newcomer
been
working
on
kube
for
about
three
years,
although
I've
not
been
spending
as
much
time
upstream
as
I'd
like
to
so
my
focus
is
security.
So
looking
forward
to
joining
this
group,
not
just
vulnerabilities
policy,
compliance
multi-tenancy
is
also
an
interest
so
great
to
meet
everybody.
A
A
It
was
a
chance
for
you
know
for
us
to
go
around
the
room
like
this,
which
took
a
while,
and
you
know
for
everybody
to
get
some
ideas
out
about
what
they
were
hoping
to
do
and
to
find
some
more
find
some
more
folks
who
were
also
interested
in
the
same
things
that
they
were
so
we
we
all
had
our.
A
We
all
had
our
our
chance
to
talk
about
that
and
then
went
over
a
bit
how
we
got
here,
which
is
that
you
know
we
came
out
of
the
the
working
group
that
did
the
third
party
security
audit,
but
that
there
were
a
lot
more
other
interesting
things
that
could
be
done
upstream
and
said
that
we
would
talk
to.
A
You
know
some
more
some
more
dedicated
time
in
with
each
other
to
be
more
serious
about
what
exactly
they
wanted
to
do
so
now
here
we
are,
and
it's
a
chance
to
do
that
ian.
Do
you
have
anything
to
add
to
that.
C
To
be
clear
for
everybody,
it's
my
last
day
of
work
today
and
I'm
getting
like
lots
of
offboarding
pings,
and
so
I
am
very
distracted
today
and
I
will
be
less
so
next
week
so
yep.
That
is
pretty
much
it.
We
were
going
to
have
breakout
rooms.
We
have
not
done
that.
We
would
be
interested
if
people
are
interested
this
week
around
in
doing
breakout
rooms
for
reals.
C
Now
that
we
have
the
technical
ability
to
do
that,
so
that
folks,
who
are
interested
in
being
involved
in
different
sub-projects
of
the
of
the
sig,
can
get
a
little
bit
of
time
to
talk
with
one
another
and
then
come
back
and
report
back
about
what
it
is
that
they
see
that
looking
like
and
what
they're
interested
in
doing
together.
O
A
One
thing
that
I
will
note
technical
note:
as
the
person
running
the
zoom
to
make
the
breakout
rooms
I
have
to
define
them
and
then
assign
each
of
you
individually
to
the
one
that
you
prefer
so
right
now.
I
know
that
the
folks
who
wanted
to
work
on
documentation
had
been
talking
about
wanting
to
have
a
to
have
a
breakout
room.
Zavita.
Do
you
still
feel
still
feel
good
to
facilitate
that
looks.
C
A
Do
folks
want
to
go
to
their
name
in
the
attendance
role
and
put
the
breakout
room
that
you
want
that
way,
I
can
assign
it
to
you
without
us
all
having
to
call
them
out.
Does
anybody
else
want
to
make
any
other
breakout
rooms.
A
Should
I
make
one
for
unassigned
so
that
folks
can
have
a
have.
P
A
M
I
was
gonna
ask:
is
there
an
option
to
join
too
or,
if,
like
we
facilitate
like
other
meetups
after
or
you
know,
zoom
calls
that
aren't
necessarily
the
main
group
if
we
could
be
kind
of
streamlined
into
two.
C
Books
who
are
interested
in
doing
one
specific
subgroup
thing
to
figure
out
what
what
they
wanted,
that
to
look
like
for
themselves.
A
You
know,
channels
or
or
anything
else
all
right
looks
like
looks
like
we
have
some
some
breakout
rooms
coming
into
the
notes
here.
So
we'll
give
maybe
two
more
minutes
we'll
go
until
21
after
and
in
the
meantime,
how.
A
Room's
gonna
be
yeah.
How
long
would
we,
how
long
would
we
like,
I
would
propose
just
purely
out
of
the
air
15
minutes.
L
C
A
And
if
anybody,
if
I
have
put
anybody
in
the
wrong.
B
A
Then
send
me
a
chat
on
the
on
the
zoom
chat
and
I
will
fix
that
for
you,
I've
got
everybody
assigned,
I'm
going
to
open
the
rooms
and
then
it'll
prompt
you
to
join
them.
If
you.
A
Q
G
N
G
A
I
sure
am,
I
believe,
you're
assigned
to
other
now
eric.
So
if
you
want
to
hop
in
there,
you
can
and
hello
juan
pablo.
We
are
currently
doing
some
breakout
room
discussions
around
things
that
you
know
areas
of
interest
that
people
in
the
meeting
had
those
are
currently
documentation,
improvements,
third-party
security,
audit,
vulnerability,
disclosure
processes
and
other.
Would
you
like
to
jump
into
one
of
those.
A
A
L
L
D
O
O
C
O
Happy
too,
so
we
met
very
briefly
with
the
goals
of
establishing
a
cadence
and
making
sure
that
the
group,
like
the
project,
is
something
people
want
to
contribute
to.
We
outlined
what
we
did
last
year
and
I
kind
of
laid
out
some
things
that
I
hope
we
can
do
a
little
bit
differently.
O
This
year,
we
set
some
goals
for
ourselves
like
people
who
are
new
to
the
project,
have
some
assigned
reading
and
I'm
taking
an
action
item
to
set
up
a
like
a
straw
poll
to
figure
out
what
a
good
cadence
is
seems
like
everybody
was,
is
on
board
to
help
and
feeling
pretty
good
we're
hoping
to
maybe
meet
I'm
hoping
next
week
on
the
off
weeks.
For
for
this
slot,
but
we'll
we'll
see
how
this
drop
hole
goes
cool.
E
Hi
yeah,
we
were
even
great.
We
were
mainly
brainstorming.
We
had
some
ideas
and
to
have
we
were
mainly
discussing
where
to
what
what
we
would
be
the
home
like.
Do
we
use
the
kubernetes
website
security
section
and
improve
on
top
of
it
and
where
would
if
we
divide
whatever
we
want
to
do
into
concept
stuff
tutorial
and
where
would
they
go?
E
How
would
we
search
it
and
there
were
amazing
ideas,
like
blog
posts
and
some
best
practices
and
stuff
like
that,
so
we
were
discussing
on
those
lines
and
we
were
also
talking
about
we.
E
So
this
project
used
to
be
it's
a
project
under
sig
docs
and
it's
if
it's
gonna
live
in
the
same
website,
you
might
want
to
go
and
ask
them
chat
with
them
and
see
if
they
have
any
feedback
or
comments
and
the
goals
and
stuff.
E
We
talked
about
a
little
bit
about
that
and
we
talked
where
what
is
the
first
thing
is
the
cadence.
Yes,
we
talked
about
it,
I'm
sorry,
I'm
just
jumping
all
around.
I'm
super
excited,
so
we
decided
to
meet
once
a
month
and
then
we
will
have
an
asynchronous
communication
and
if
it,
if
it's
required,
then
we
would
increase
the
frequency
to
meet
more
often.
E
So
that
is
the
cadence
piece
and
we
also
have
some
logistics
like.
Where
would
we
chat?
Would
we
have
a
separate
channel
in
the
slack
or.
E
That's
awesome
so
that
we
can
link
stuff
and
we
can
pull
in
people.
If
we
need
a
review
from
someone
else,
we
can
always
bring
them
there
and
it's
on
the
open,
it's
organized,
so
we
were
discussing
about
this
overall,
it's
been
good
and
we
are
planning
to
chat
asynchronously
a
little
bit
more
about
all
this
stuff.
C
C
Fig
docs
is
super
excited
about
this,
and
also
the
working
group
for
naming
under
sig
docs
reads:
at
the
same
time
as
we
do,
which
is
a
thing
that
everybody
decided
they
wanted
to
solve
but
has
not
been
solved
yet
so
they'll
be
excited
to
talk
to
you
when
you,
when
that
contact
happens,.
E
They
have
a
meeting
tomorrow,
so
probably
I'm
gonna
go
there
and
introduce,
and
just
just
let
them
know
that
yeah
we
have
kick-started
this
and
gather
just
start.
The
conversation
awesome.
A
It
looks
like
there's
a
ton
of
good
notes
here
from
the
vault
management
from
the
vault
management
breakout.
Does
somebody
want
to
summarize
them
briefly
for
those
of
us.
N
Yeah,
I
can
so
we
talked
primarily
initially
just
with
an
overview
of
kind
of
our
release
procedure,
and
then
we
we
talked
for
the
longest
amount
of
time
about.
B
N
Of
adding
cbes
to
the
changelogs,
because
often
when
there's
a
cve
patch
that
gets
sent
in
not
called
out
necessarily
as
a
security
issue
and
is
only
for
medium
issues,
especially
and
so
having
there's
it's
painful
to
go
and
edit
the
release.
Notes
for
that.
So
there's
some
work
being
done
in
progress
about
making
that
better
having
having
automated
ce
release
notes.
N
So
we've
discussed
actions
on
that
and
then
also
just
started
just
briefly
discussing
kind
of
a
release
or
disclosure
procedure
for
companies
that
use
kubernetes,
but
might
not
be
distributors,
apparently
to
be
on
an
embargo
getting
embargoed
a
pre-release
for
an
issue.
N
Organizations
need
to
be
a
distributor,
so
no
decisions
or
anything
made.
But
it's
just
it's
a
topic
for
discussion
that
we
want
to
continue.
A
A
To
would
somebody
like
to
report
back
from
unassigned.
C
I
can
I
can
report
back
from
unassigned
if
I
can
figure
out
how
to
make
my
mouth
form
words.
Folks.
There
were
interested
in
building
bridges
between
us
and
other
things
and
we're
figuring
out
what
what
that
looked
like
in
terms
of
what
areas
of
interest
that
they
had
included
cryptography
architecture
and
how
to
get
the
most
secure
architecture
possible.
C
Multi-Tenancy
and
tooling,
and
people
were
talking
about
various
cigs
deal
with
issues
that
touch
a
lot
of
those
issues
and
how
to
get
sig
security
to
optimally
to
optimally
work
best
with
the
folks
in
those
six
who
are
responsible
for
those
different
parts
of
the
code.
So
there
is
lots
of
work
to
be
done
and
lots
of
interesting
questions
to
be
asked,
and
we
didn't
necessarily
come
up
with
ways
to
definitively
solve
all
of
that.
But
there
is
interest
and
we
are
excited
to
talk
to
other
stakes
about
it.
A
Is
there
anybody
who
folks
should
talk
to
if
they
want
to
talk
about
inter-sig,
bridge
building.
A
B
J
A
Does
anybody
else
have
anything
that
they
want
to
bring
up
from
the
breakouts?
Otherwise
we
have
a
couple
of
couple
of
questions
that
we
can
that
we
can
bring
up
here.
A
C
There's
actually
two
there's
one
in
the
cloud
native
computing
foundation,
slack,
which
is
for
cncf
security
and
one
in
the
kubernetes
slack,
which
is
in
for
kubernetes
security,
which
segues
very
nicely
into
the
next
question,
which
was
what
so,
if
you're
looking
for
us,
I
recommend
sig
security
in
the
kubernetes
slack.
A
So
does
anybody
here
feel
like
they
have
a
good
starting
point
for
talking
about
the
relationship
between
cncf,
sig
security
and
kubernetes
security?
H
Q
H
A
I
can
I
can
talk
about
my
opinions
on
this.
A
little
bit.
I've
been
a
member
of
cncf
sig
security
for
like
nine
months
now,
or
something
like
that,
and
the
the
work
that
they're
doing
is
really
focused
around
supporting
cncf
projects,
especially
that
are
going
through
the
through
the
like
sandbox.
I
don't
remember
the
life
cycle
of
a
cncf
project,
but
you
know
they
have
some
responsibilities
to
help
orgs
do
like
a
security
self-assessment
as
part
of
getting
promoted
to
higher
levels
within
the
cncf
project
life
cycle.
A
They're
working
on
a
on
a
cloud
native
security
architecture,
white
paper
for
like
large
enterprise
environments
that
haven't
started
to
do
anything
in
in
cloud
native
yet
and
want
to
have
an
overview
of
what
that
looks
like.
So
they
do
a
lot
of
very
broad.
A
You
know:
support
for
security,
related
concerns
across
across
projects
that
are
joining
cncf,
so
how
we
want
to
interoperate
with
them.
You
know
this
is
this:
is
our
house
collectively,
so
obviously
we
can
we
can
make
whatever
choices
are,
are
right
for
us
and
kubernetes.
A
A
You
know
if,
if
they're
doing
something
like
if
they're
riding
one
of
these
big
docs
that
goes
across
a
lot
of
different
cloud
native
technologies,
if
they
wanted
to
reach
out
to
find
kubernetes
people
that
might
want
to
be
involved,
then
I
would
imagine
that
we
could
be.
You
know
a
place
that
they
could
come
and
say
hey.
Who?
Who
wants
to
do
this.
C
And
the
short
version
for
wait:
what's
the
difference
between
what
we're
doing
and
what
they're
doing
is
that
was
a
lot,
but
what
they're
doing
we
are
dedicated
to
kubernetes?
It's?
Why
we're
kubernetes
security,
and
so
if
it
is
a
cncf
project
that
is
not
kubernetes,
probably
it
is
not
our
jurisdiction.
However,
it
is
kubernetes,
it
is
probably
ours.
A
You
know
I
will,
I
will
ask
them
what
they
think,
because
you
mean.
Certainly
all
of
us
are
welcome
to
attend
their
meetings,
and
you
know
whether
we
need
a
formal
liaison
with
them
or
not
is
a
matter
for
discussion.
But
I
would
encourage
anybody
who
is
interested
in
doing
that
to
just
start
doing
it,
because
I'm
sure
it
won't
hurt.
A
Looks
like
we're
coming
up
really
close
to
time,
so
we've
got.
We've
got
this
question
about
about
slack
channels,
and
I
think
that
that's
a
good
question
which
I
would
propose,
ironically,
that
we
take
to
slack.
A
C
Very
very
very
quickly,
I
think,
generally
speaking,
the
way
that
that
has
historically
been
used-
and
everything
is
up
for
discussion-
is
that
kubernetes
security
has
been
for
security
questions.
Sig
security
is
for
things
specific
to
the
sig,
but
yes,
let's
bring
that
to
slack.
We
can
do
slackception
two
weeks
from
now
is
kubecon.
Nobody
is
going
to
want
to
meet
during
kubecon.
C
C
All
right
so,
two
weeks
from
now
same
that
time
same
about
channel
people
who
agreed
to
be
in
subgroups
talk
to
one
another.
Slack
is
open
for
anybody
to
talk
about
whatever
we
really
appreciate
you
all
coming
and
taking
the
time.
Thank
you
all
so
much
we're
here.