►
From YouTube: Kubernetes SIG Security 20220811
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
usually
we
start
at
about
now
to
let
everybody
get
out
of
their
back-to-backs
and
all
of
the
stragglers.
You
know
get
up
and
join.
So
I
think
we'll
start
welcome
to
kubernetes
security
version
august
11th,
2022.
how's
it
going
today.
Everybody.
A
We're
still
just
not
going
to
talk
today,
I
really
don't
want
to
be
the
only
person
talking
today.
I
haven't
had
enough
coffee
for
this.
Hey
yeah.
A
Cool
yeah,
so,
first
off
we
have
introductions.
My
name
is
ian
coldwater.
I
am
the
co-chair
of
kubernetes
security.
My
co-chair
tabitha
is
out
today
and
sends
love
to
everybody.
I
am
here
to
make
friends
hack
the
planet
and
hack
the
planet
with
all
of
your
friends.
How
about
you.
C
Hello,
I'm
rory.
I
do
security
advertising
stuff
for
datadog
and
try
to
help
out
wherever
I
can
on
communities
and
container
security.
D
B
Hi
this
is
pushkar.
I
lead
the
six
security
tooling
sub
project,
I'm
also
tech
late
for
cncf
tax
security
here
to
make
my
and
everybody
else's
streams
to
make
kubernetes
more
secure.
E
We
always
collide
with
each
other,
hey
I'm
mohit.
I
do
kubernetes
security
thingamabobs
at
with
secure
and
you
know
always
good
fun.
So
yeah.
D
I'm
kailyn
I'm
a
senior
infrastructure
security
engineer
at
shopify
and
yeah
still
working
towards
getting
involved
and
contributing
to
open
source
kubernetes.
D
G
G
G
I
think
you
have
it
downstairs,
but
I'm
fine.
A
Totally
support
you
getting
water
if
you
need
to
taking
care
of
yourself,
is
important
in
helping
secure
all
the
things.
Hey
welcome
everybody,
so,
first
off
at
six
security
meetings,
I'm
going
to
give
my
cat.
This
look
because
he's
scratching
the
wall
and
we
have
report
backs
from
our
subgroups.
I
believe.
First
on
the
agenda,
we
have
it
from
the
audit
sub
group,
I'm
going
to
go
off
screen
and
kick
this
cat
out
real
quick.
While
the
audit
subgroup
talks.
C
I
can
do
an
audit
thing
because
I
think
ray's
not
here
today,
so
the
current
status
of
the
audit
is
that
the
draft
report
has
been
provided
by
the
company
doing
the
work
and
that's
just
getting
reviewed
in
terms
of
the
finances
being
reviewed
for
like
initial
thing
and
that's
then
something
like
a
meeting
to
update,
but
the
the
current
draft
process,
I
think,
is
going
to
run
for
another
week
or
two,
because
a
lot
of
people
are
out
this
week
so
and
the
slightest
loan
is
there.
B
Somewhat
related
update
ray-
and
I
were
chatting
about
this-
and
I
know
we
also
had
a
slack
conversation
now
the
2021-22
audit
is
coming
up.
B
I
was
thinking
it
would
be
a
good
idea
to
give
closure
to
the
last
audit
by
having
a
blog
of
what
came
out
of
the
audit
and
where
what
the
statuses
of
all
of
the
findings.
So
we
thought
it
would
be
a
good
idea
to
write
a
kubernetes
blog
on
it.
So
that
is
in
progress
now,
and
the
plan
is
like
before
the
new
audit
findings
come
over.
We
would
write
the
what
happened
with
2019
audit
blog,
so
that
people
know
like
okay.
A
G
B
D
C
C
A
B
Yeah,
I
can
try
and
continue
on
tooling,
so
looks
like
I.
There
is
an
lg
team
approved
needed
from
one
of
the
co-chairs
on
one
pr,
and
there
is
a
historical
blog
that
I
think
mahe
and
some
others
started
writing.
So
there
is
a
hack
md.
So
this
is
a
pre
review
before
we
create
like
a
blog
pr,
is
that
right,
mai.
F
Yes,
yes,
this
is
a
really
early
draft
on
the
psp
historical
context,
blog
post,
that
is
scheduled
to
be
posted,
maybe
around
the
release,
or
maybe
one
or
two
day
before
the
release.
So
pretty
soon,
if
you
have
sometimes
to
look
at
it,
it
will
be
great
if,
especially
if
you
have
some
context
about
like
like
if
you're
ever
using
this
stuff
like
a
long
time
ago,
it
would
be
very
interesting
for
me
because
it
was
mostly
some
stuff.
I
I
dug
into
a
guitar,
let's
get
to
the
whole
very
old
github
issue.
A
Well,
yeah:
I
will
totally
take
a
look
at
both
of
those
things
and
you
know
do
the
reviews
when
we
are
not
in
this
meeting.
F
A
B
B
B
We
wanted
to
share
some
more
context
and
I
some
background
behind
it.
So
there
is
a
feature
blog
coming
in.
I
have
a
deadline
of
16th
august
before
which
I
have
to
complete
it.
So
I'm
gonna
be
working
today
on
writing
that
up
any
review
I'll
send
that
link.
Once
I
have
the
first
draft
on
the
pull
request
and
then
any
eyes
from
all
of
you
would
be
greatly
appreciated.
A
I'm
excited
to
see
it.
I
yeah,
that's
that's
my
thoughts
on
it
right
now,.
B
D
No,
no,
not
too
much
I
it's
two
of
my
colleagues
that'll
be
presenting
it.
It's
not
something
I
work
on,
but
I
know
that
they've
been
talking
about
wanting
to
get
you
folks
involved
for
a
long
time.
So
I
thought
this
was
a
good
opportunity
to
kind
of
push
them
to
do
it.
So
I'm
really
excited
to
listen
in
as
well.
B
A
Def
con
week
happens:
oh
excuse
my
language,
I'm
facilitating
today,
so
just
to
read
it
out
for
kubernetes
records.
What
olive
wrote
was
al
is
planning
on
writing
up
a
workflow,
slash
recipe
book
for
how
to
do
an
assessment
with
basic
steps
and
how
to's
from
pushkar
vsphere
csi
driver
is
still
the
next
priority.
A
Allah
will
work
with
jane
to
get
an
environment,
stood
up
and
kick
it
around
when
she's
got
cycles
for
it.
She's
also
reading
the
docs
to
understand
potentially
fruitful
workflows
to
target
slash
diagram,
slash
assess
she
would
also
love
a
suggestion
for
a
first
or
first
few
sigs
to
pop
in
to
to
share
workflow
recipe
book
with
targeting
with
lots
of
sub
projects.
A
A
Now
that
we
are
done
with
the
part
of
the
agenda
where
we
have
the
scheduled
report
backs
from
the
sig
subgroups.
We
have
our
space
for
open
discussion
where
people
can
just
bring
whatever
thoughts
things.
They
are
learning
things
they're
excited
about
things
they're
concerned
about
whatever,
whatever
people
bring,
is
what
we've
got.
So
there
are
a
couple
of
things
on
the
agenda
for
open
discussion
right
now
and
if
you
have
something
that
is
totally
burning
in
your
mind,
that
you
want
to
talk
about,
feel
free
to
put
it
on
the
agenda.
A
It's
open-
and
this
has
been
a
pretty
quick
meeting
so
far
so
first
thing
listed,
is:
has
the
cfp
for
the
contributor
summit
gone
out?
We
have
a
kubernetes
contributor
summit,
every
kubecon,
pretty
much
in
different
forms.
Ray
responded
in
absentia,
which
was
to
say
that
ray
is
part
of
the
summit
staff.
The
cfp
for
the
contributor
summit
is
in
progress.
The
summit
staff
is
looking
at
historical
data
to
start
breaking
down
content
types
to
start
putting
together
the
cfp.
A
There
will
be
a
communications
campaign
on
tweets
emails,
slack,
etc
to
announce
the
cfp,
so
keep
an
eye
out
for
that,
and
we
can
submit
to
things
when
we
when
the
cfc
drops
related
to
couponing.
There
is
a
first
draft
on.
A
It
is
linked
on
the
agenda
of
the
security
couponing
maintainer
check
talk,
allah
is
going
to
re-template
it
on
the
powerpoint
template
and
that's
cool
and
start
filling
in
more
detail
about
it.
So
that's
neat
check
out
the
first
draft.
If
you
have
any
thoughts
or
comments
or
whatever
on
it
and
excited
to
see
more
button.
A
E
E
If
people
remember
from
last
two
weeks
here
about
the
admission
contr
web
hooks-
and
you
know
the
fact
that
authentication's
run
through
the
api
server,
meaning
that,
if
you're
in
a
managed
cloud
provider,
you're
kind
of
stuck
I've
done
some
slight
research
into
it
still
more
to
do.
But
I
thought
I'd
give
a
quick
update,
because
I
haven't
done
much
research,
but
still
some
there
was
a
kept
for
this
kind
of.
E
So
when
admission
web
hooks
the
initial
part
of
it,
I
think
that
was
done
before
kept
for
a
thing,
however,
but
when
it
moved
to
ga
there
was
a
kept
for
it.
It
was
I'll
just
put
it
in
the
chat
quickly
that
one
and
within
there
actually
hilariously.
E
They
actually
have
this
as
a
thing
within
the
cap,
except
it
was
under
a
non-goal
and
they
never
ended
up
doing
it
following
the
issues
and
stuff
down
the
down
the
chain
is
that
it's
been
discussed
constantly
for
a
bit
and
then
the
latest
bit
was
when
was
that
again
at
the
end
of
last
year,
where
there
was
the
discussion
in
the
team,
which
was
the
doo
doo
doo's
looks
like
columbia.
Notes.
E
E
It'll,
probably
be
sorry,
god
yeah,
it's
probably
so,
there's
still
some
stuff
on
a
double
check
on
the
authentication
on
the
default
authentication
already
there,
because
I
think
someone
last
time
was
just
saying
it
automatically
tried,
mtls
and
then
dropped
back
down
to
tls,
but
if
not
after
that,
I'll
probably
raise
it
with
silver
sights
again
being
like
yo.
Is
this
something
that
you
guys
are
ever
going
to
consider
again
or
what.
C
Yeah,
if
it's,
if
they're
not
and
that's
you
know,
obviously
something
depends
people
got
time,
for
it
should
probably
go
in
the
list
of
risks
of
using
admission
control
or
stock.
We've
got
because
it's
a
risk
off.
So
people
should
be
aware
if
you're
going
to
use
these
things,
there
is
a
risk
of
interception
and
they
might
want
people
by
like
cluster
level
mitigation.
E
Yeah,
that
makes
sense
it
is
that
the
doc,
where
is
that
by
chance,
like
the
risks
of
using
a
machine,
I
don't
realize
that
was
a
thing.
C
A
Fair
enough
at
what
point
do
we
decide
that
that
is
a
thing
that
is,
that
ought
to
go
into
there
as
opposed
to
continuing
to
follow
up
on
that
in
that
direction?
Is
it
a
time
frame
thing?
Is
it
a
you
know,
okay,
we're
just
gonna.
Do
this
thing,
what
are
y'all
thinking
about
that.
E
My
thought
is:
raise
it
in
like
the
single
slack
channel
and
be
like
is
anyone
what's
the
latest
on
this?
Are
people
considering
it
or
is
it
going
to
be
a
if
we
get
time
but
there's
no
immediate
plans,
then
we
can
be
like
all
right,
cool,
we'll
just
add
it
in
there
for
now
and
then
later.
If,
once
you
do
implement
it,
we
can
revisit
fair.
A
Enough,
it's
probably
not
a
terrible
idea
if
people
have
the
capacity
for
it
to
put
it
in
there
anyway,
just
because
you
never
know
who's
using
older
workflows
or
you
know
what
I
mean
like
that'll,
probably
continue
to
come
up
for
a
minute.
E
A
G
Did
I
really
write
resources?
I
mean
researcher,
oh
okay,
you
just
read
it
out
wrong
yeah.
So
what
I
was
thinking
about,
if
you,
for
example,
do
some
research
of
let's
say
yeah,
you
try
to
find
some
misconfigured
cubelets
in
the
open
internet
and
let's
say
you
find
one:
how
do
you
contact
the
people
that,
like
yeah
that
use
the
cluster?
Because
recently
I
had?
G
I
had
one
of
these
cases
and
they
didn't
had,
for
example,
in
a
valid
dns
set,
and
there
was
literally,
I
literally
said
at
home
and
was
like
okay,
I
have
like
five
ip
addresses.
I
know
there's
a
misconfigured
cubelet,
but
I
don't
know
how
to
contact
the
people
because
I
didn't
know
to
which
company
it
belongs
so
yeah.
G
I
would
say
only
for
that
cluster,
so
it's
it's
it's
let's
say.
For
example,
there
is
a
a
big
company.
Let's,
let's
call
it
the
abc
company
and
this
company
has
a
cluster.
Then
you
want
to
contact
the
security
administrators
of
the
cluster,
which
is
misconfigured,
and
if
you
have
no
contact
information
as
a
researcher,
it's
yeah,
you
don't
know
what
to
do
with
the
with
your
findings.
Yeah,
because
you
want
to
give
it
to
the
people.
G
G
Everything
exactly
it
could
be
like
an
optional
thing,
where
you
from
my
point
of
view,
if
you're
like
aware
of
doing
your
cluster
security
right
and
if
a
researcher
somehow
is
able
to
find
your
wrong
configured,
endpoint
and
yeah,
he
wants
to
contact
you,
then
why
don't
give
him
the
information
to
let
him
contact
you,
because
I
also
think,
if
there's
an
rfc
available
that
does
the
exact
same
thing
for
websites.
Why
don't
do
it
for
kubernetes.
G
I
put
it
into
the
chat,
which
is
basically
like
yeah
standards,
where
you
can
generate
your
security
txt
file
and
put
it
in
the
dot
well
known,
directory
and
yeah,
there's
just
a
contact,
mail
and
pgp
key
and,
for
example,
policies
or
acknowledgements
yeah,
and
I
think
it
would
be
great
to
have
something
like
this
for
kubernetes
as
well.
C
C
I
don't
think
the
kubelet
does
that
now
and
the
cubicle
api
is
weird,
but
I
think
with
the
api
server,
it
at
least
seems
like
that's
that
concept
of
having
something
in
dot
well
known,
is
a
thing
so
adding
another
file
in
there
for
security
would
at
least
given
by
the
option.
You're
right
I
mean
like
people
might
not
fill
in,
but
some
people
will
fill
in.
We
definitely
wouldn't
do
any
harm.
G
A
D
A
D
So
I
was
saying
there
is
also
a
chance
of
slight
chance
of
getting
that
security.txt
miss
you.
She
starts
it
like
hey
somebody
accessed
my
security.txt
and
they
reached
out
to
me,
even
though
there
was
no
breach
say
that
hey
I
got
in,
and
it's
like
somebody
showing
up
to
your
door,
saying
that
I
have
access
to
your
safe
things
like
that.
So
yeah.
A
I
can
imagine
this
being
sorry.
I
I'm
just
excited
I'm
not
trying
to
be
interrupted.
I
know
you
have
nothing
to
apologize
for
yeah
no
agreed
like.
I
wonder
how
much
of
this
could
be
a
vector
for
people
demanding
bug
bounties.
You
know,
and
you
know
which
I
would
like
to
believe,
that
all
of
my
bug,
bounty
friends,
are
100.
A
You
know
doing
everything
on
a
consent
basis,
but
I'm
not
sure
that
everybody
always
does
you
know
but
like,
but
I
think
if
it
is
an
opt-in
system,
then
people
could
accept
the
risk
on
that.
You
know
just
like
okay.
Well,
I'm
putting
my
information
out
there.
You
know.
E
Thing
is:
is
people
people
are
likely
going
to
put
that
security
field
in
if
that
cluster
is
going
to
be
public?
But
what,
if
it's
accidentally
public,
is
an
interesting
call
as
well.
E
Yeah,
exactly
or
if
they
created
internal,
that
that
security
file
was
created
for
internal
use
only
or
had
internal
details
to
give
to
people
internally,
because
you
know
it's
an
intel
cluster
but
then
go
accidentally
made
public,
which
basically
makes
it
worse.
That
I
got
made
public.
A
G
H
G
I
don't
think
we
are
the
first
people
talking
about
those
potential
issues.
C
Would
be
the
right
thing
to
say?
Does
this
concept
seem
like
things
and
it
would
be
because
if
it's
gonna
be
horribly
difficult
to
implement,
I
can
see
it
not
being
a
thing.
But
if
it's
not
super
hard
at
end,
point
allow
people
to
create
a
config
map,
probably
that
get
that
populates
endpoint
yeah,
for
example,.
A
Yeah,
I
think
this
is
probably
an
api
machinery
implementation
thing
it
might
be
worth
posting
in
their
slack
channel
or
hollering
at
them.
I
don't
actually
know
how
their
meetings
work,
but
you
know.
D
A
Yeah,
I
think,
if
I
think,
if
you're
feeling
strongly
about
it,
yeah
contacting
those
folks
either
in
their
selection
or
by
going
to
other
meetings
and
being
like.
I
have
this
idea.
What
do
y'all
think
of
this?
Does
it
seem
like
a
thing
that
you
would
want
to
implement?
Does
how
doable
does
this
seem?
You
know,
and
you
know
I'm
seeing
what
they
have
to
say
come
back
here
and
report
back
and
we
can
all
talk
about.
You
know
the
cap
process
or
whatever.
A
If
you
know,
depending
on
how
that
goes
yeah
I
mean
what
do
y'all
think
it
does
about
right.
G
Okay,
then
I
will,
I
will
do
it
and
I
will
report
in
two
weeks
then
to
you
guys.
That's
you
folks,.
A
Anybody
have
any
other
questions.
Thoughts,
comments
on
that
one.
F
Yes,
so
the
idea
is
that
I
wrote
a
small
issue.
Oh
yeah,
sorry,
I
wrote
a
small
issue
about
the
situation
with
the
security
context,
denier,
admission
plugin
and
had
some
feedback
from
from
some
people
from
seagate,
and
I
was
wondering
what's
the
next
step
like,
should
we
try
something
else?
Should
we
try
to
write?
Okay?
Actually?
What
do
you
think?
Because
we
talked
about
that
like
two
weeks
ago
and.
F
A
E
B
Okay,
so
I'll
try
I'll
go
first,
then
in
please
start
after
me
as
well.
So
looks
like
on
the
issues
comments
looking
at
the
people
reviewing
it,
there
are
sea
gods,
sick
dogs
and
security.
People,
everyone
more
or
less
is
saying,
looks
good
candidate
for
removal.
B
I,
my
guess
would
be
how
much
of
an
effort
it
would
be
for
you
my
to
open
a
pull
request
to
remove
it.
If
it's
going
to
be
too
much
effort,
you
would
want
to
be
sure
to
remove
before
working
on
it.
Then
it
might
be
worth
getting
some
confirmation
by
going
in
their
meetings
and
saying,
like
looks
like
people
are
in
favor.
B
Are
you
can
you
confirm
and
then
get
more
people
saying,
plus
one
plus
one
on
the
issue,
because
if
it's
too
much
of
an
effort-
and
then
people
push
back
after
you
have
a
pr
open,
I
don't
want
like
your
effort
to
go
to
waste.
So
that's
what
my
main
concern
is.
A
It
looks
pretty
non-controversial
to
me
just
looking
at
those
comments
so
far,
although
you're
right,
like
there,
are
not
a
ton
of
comments
on
there
yeah,
I
think
you
know
you
could
further
solicit
feedback,
asking
just
making
sure
that
nobody
feels
any
type
of
way
about
this.
A
It's
so
non-controversial
looking
that
I'm
not
entirely
sure
if
the
right
thing
to
do
would
be
to
just
do
a
pr
remove
it
or
to
put
in
a
kept
to
remove
it
like
governance,
wise
and
if
other
people
have
thoughts
on
that,
I
don't
feel
100
sure
about
that,
but
nobody
seems
like
they
have
any
kind
of
problem
with
it
did
people
know
on
the
top.
F
A
Having
a
warning
for
some
time
seems
wise
yeah
I
mean,
generally
speaking,
when
we
deprecate
things,
we
start
a
clock
and
you
know
say:
okay
like
this
is
going
to
be
removed
in
some
period
of
time,
fyi
and
then
you
know,
give
people
a
chance
to
plan
around
that
in
case.
Anybody
is
using
it
for
some
reason.
F
Yeah,
I
don't
know
because
I
think
it's
quite
easy
to
write
a
pr
for
removing
that
stuff.
It's
not
all
over
the
place,
and
I
stated
that
habitat's,
like
mostly
non-usable
at
this
day,
so.
A
I
don't
know,
but
generally
speaking,
when
we
deprecate
and
remove
things,
we
do
let
people
know
in
advance.
You
know
like
there
is
a
clock
assigned
to
the
deprecation
process
in
kubernetes,
so
probably
starting
back
clock
seems
sensible.
I
have
not
had
enough
coffee
this
morning
to
know
off
the
top.
If
writing
a
cap
is
the
best
thing
to
do
here,
so
somebody
who
has
had
more
coffee
than
I
have
should
probably
chime
in
on
this
one.
A
Yeah
this
is
this
is
why
I'm
saying,
like
my
my
governance,
doc,
remember
like
remembering
right
now
is
not
as
good
as
it
would
be
in
like
two
hours
after
another
cup
of
coffee,
so
I
think
that
the
cap
process
makes
sense
here.
How
do
you
feel
about
writing
a
cap?
Does
that
feel
like
a
thing
that
you
have
the
capacity
for
and
desire
to
do.
F
A
F
A
A
I
mean
it
would
be
slower,
but
because
of
the
way
that
the
deprecation
process
in
kubernetes
has
a
clock
attached
to
it,
it
will
take
some
period
of
time
to
remove
to
never
can
remove
things
anyway.
I
think,
generally
speaking,
that's
how
we
do
things,
so
I
think
writing
a
kepler
sense,
though.
What
do
you
all
think.
H
H
Yeah,
maybe
like
link
it
to
that
issue
and
mention
it
in
there.
It
seems
like
there's
some
good
eyes
on
that
on
that
issue
you
raised,
so
maybe
that's
like
the
way
to
get
exposure
or
drop
it
and
like
we
were
talking
like.
I
think
it
was
decent
sig
off,
maybe
their
slack
channel
for
quick
review.
I
can't
imagine,
there's
gonna
be
much
conversation
with
you,
like
you
mentioned,
just
to
have
the
paperwork.
H
B
Yeah
on
the
experience
of
writing
the
three
two
zero
three
cap,
what
I
can
share
what
I
did
might
be
helpful
for
you.
In
summary,
it
was
like
create
a
google
doc
or
a
hack
md
talk
with
the
same
template
as
the
camp
template
and
write
up.
What
you
think
is
absolutely
needed
in
that
dock
and
skip
everything
else
then
share
that
doc
with
relevant,
sick
slacks
and
maybe
in
mailing
list.
B
If
you
want
auth
security,
maybe
architecture,
those
three
seem
like
good
candidates
and
then
get
some
early
feedback
from
the
people
who
are
interested
in
this
on
the
google
doc
or
the
hack
md.
After
you
get
that
initial
feedback,
then
once
you
have
resolved
those
very
important
or
early
comments,
then
you
can
open
that
issue
on
the
kubernetes
enhancement,
repo
that
creates
an
issue
id
that
is
your
kpid
and
once
that
is
created,
then
you
can
open
a
pr
to
actually
put
the
same
thing.
B
You
had
in
google
doc
or
hack
md
into
a
markdown
pr,
and
that
will
give
like
the
official
way
to
start
the
cap,
and
then
we
can
start
figuring
out
what
milestone
we
want
to
track
and
then
let
people
plus
one
on
the
pr
add
more
comments,
etc.
F
A
A
I've
been
trying
to
fill
them
in
a
little
bit
and
you
know
don't
know
if
I'm
doing
them
justice,
but
we
all
we
all
work
together
here
to
make
the
thing
happen.
Teamwork
makes
the
dream
work.
A
Okay,
anybody
have
any
more
thoughts
on
that
one
major
you're
gonna
work
on
the
cap
and
then
get
eyes
on
it.
When
you
got
it.
C
I
thought
it
was
kind
of
very
interesting,
so
basically,
the
the
kind
of
the
tldr
of
it
is
that
golang
changed
how
it
handles
certain
urls
characters
in
version
117,
so
things
written
before
117
will
parse
a
url
and
have
a
different
outcome
than
things
after
go
117
and
what
these
researchers
went
and
did
was,
went
hey
where
are
places
where
one
part
of
a
chain
is
one
goal
117
or
later,
and
the
other
parts
of
the
chain
are
before
and
where
might
that
be
interesting
and
they
came
up
with
two
at
least
places
where
that
was
interesting,
so
different
ways
of
url
parsing
position.
C
D
Oh
yeah,
more
of
an
fyi
super
excited
to
see
that
change
merged.
D
It
was
a
huge
pr
and
like
thanks
to
people
who
reviewed,
I
tried
reviewing
and
chrome
kept
crashing,
so
I
had
to
review
commit
by
commit,
but
I'm
super
excited
to
see
at
least
this
work
for
like
stateless
pods,
which
don't
have
like
volumes
or
something,
but
still,
I
think,
still
a
good
change.
Security-Wise.
D
A
Yeah,
it's
big
okay,
we're
all
gonna
go
read
that
one
tommy
is
next
thoughts
on
including
app
barber
default
alongside
ga,
similar
to
the
second
default.
H
Yeah
so
kind
of,
first
of
all,
just
a
quick,
quick
update
on
this.
This
kept
like
we
got
it
finally
tagged
and
reviewed,
so
it's
targeting
for
160
126-
and
I
was
thinking
kind
of
has
where
like
right,
like
125,
is
like
about
to
release
for
like
really
early
in
like
126.,
so
I'm
wondering
like
if
anyone
has
kind
of
any
experience
or
guidance
like
about
like
it
doesn't
seem
like
there's
a
huge
change
to
basically
flip.
H
There
was
a
feature
added,
I
can't
remember,
which
maybe
124
123,
where
you
could
enable
the
google
to
set
a
set
comp
profile
by
default,
and
it's
certainly
in
a
future
gate.
I
think
it's
maybe
be
there
alpha.
I
can't
remember
anyway,
since
we're
early,
and
it
doesn't
seem
like
that
big
of
a
lift
and
app
gate
or
app
armor
still
isn't
like
at
ga.
I'm
wondering
like.
Does
anyone
think
that
needs
to
be
a
separate
feature
or
like?
H
They
seem
pretty
like
close
together
and
I
feel
like
to
have
all
the
kind
of
theme
is
like,
let's
get
feature
parody
with
setcomp,
and
I
also
somehow
realized
that
I
added
that
that
flag
in
my
kind
of
draft
pr
by
accident
and
then
it
kind
of
prompted
me
to
think
like
hey.
Why
don't?
We
just
include
that
feature
alongside
this,
because
it
doesn't
seem
like
that.
Big,
a
lift.
I
don't
know
if
anyone
has
any
opinions
on
that
or
not,
but
I
thought
I'd
just
kind
of
share
my
thought
processes.
A
I
wonder
off
the
top
that
second
default
took
forever
to
go
through,
like
it
took
such
a
long
time.
It
doesn't
seem
controversial
now
but,
like
I
think
there
were
were
there
some
breaking
changes
attached
like.
Why
did
that?
Take
so
long
I
feel
like
it
was.
It
was
not
a
super
easy
put
in
it's
also
sasha's
baby,
like
sasha
gruner,
and
I
wouldn't
I
don't
know
how
to
pronounce
that
person's
last
name.
Apologies!
If
I
did
that
wrong,
kubernetes
record.
A
I
wonder
if
I
that
person
isn't
here,
but
I
wonder
if
he
could
give
more
historical
context
on
that,
because
if
it
is
a
really
easy
ad,
then
then
it's
a
really
easy
ad.
But
I
know
that
that
one
did
not
seem
like
the
easiest
process
going
in
and
I
wonder
if
he
might
be
able
to
give
some
historical
context
on
what
may
make
that
I
farmer,
equivalent
and
easier
process
or
what
or
like
what
kind
of
blockers
there
might
be.
A
B
Sig
note
contributor
so
looks
like
you've
already
got
an
eyes
from
an
important
signal
contributor
so
that
that
seems
a
good
step,
but
I
I
agree,
I
think
talking
with
sasha
and
maybe
learning
from
what
he
had
to
go
through
for
a
second
might
be
useful,
but
otherwise
keeping
it
separate
seems
right
to
me
in
my
own
personal
opinion,
with
my
personal
hat
on,
because
even
though
they
sound
similar,
we
don't
want
to
create
a
sense
that
they
are
all
the
same
and
create
some
level
of
scope
creep,
while
putting
all
of
them
together.
B
A
I
think
that's
solid,
especially
because
the
second
one
has
has
been
such
a
process.
However,
because
that
one
is
so
fully
formed,
it
has
been
such
a
process.
I
bet
that
there's
a
lot
of
sort
of
templating
and
context
that
could
be
used
to
like
help
the
app
firmware
version
along
so
that
you
don't
have
to
do
all
of
that
by
yourself
from
scratch.
H
Yeah,
absolutely
I
also,
I
guess,
like
the
failure
case
like
say,
app,
armor
default
can't
go
through
and
126.
that
doesn't
we
don't
want
that
to
hold
up
the
entire
literally
just
changing
you
know,
ga
making
the
the
whole
feature
ga.
So
I
think
that's
a
good
point
just
to
they
could
both
go
in
126
if
we
got
it
there
but
yeah.
I
think
that's
a
good
idea
to
keep
them
separate.
H
C
I'm
just
really
looking
forward
to
say
company
farmer
being
finally
g8
and
I'll
be
awesome.
Yeah.
A
Last
but
not
least,
benjamin
has
a
shout
out
to
the
def
con
30
container
securities
ctf.
Do
you
know
where
that
starts.
G
I
don't
know,
I
think
it's
that
friday
on
10
a.m.
In
pacific
time
they
have
a
website
like.
G
G
I
just
want
to
mention
it
so
if
you're
a
defcon
and
want
to
play
remotely
go
ahead,
I
never
played
it,
but
I
think
it's
a
cool
thing
because
you
get
like
a
kubernetes
environment
from
what
I
feared
and
then
you
can.
You
know,
try
to
hack
this
one
and
it's
limited
to
just
the
30
teams,
so
yeah.
A
And
from
previous
experience
with
a
specific
ctf
do
not
ignore
that
we
need
a
list
of
all
ip
addresses
your
team
will
be
operating
from,
because
if
somebody
comes
up
with
a
surprise
ip
address,
it
will
get
wonky.
I
say
this
because
I
have
done
it
so
yeah
be
careful
of
that.
A
This
is
not,
I
am
not
one
of
the
creators.
This
is
not
the
first
year
that
a
similar
looking
container
security
ctf
has
happened.
I
don't
know
if
this
is
literally
the
same
container
security
ctf,
but
it
appears
to
be
done
by
the
same
flux
according
to
roughly
the
same
rubric
so
like.
I
know
that
like
pay
attention
to
the
pre-advanced
registration
and
ip
address
requirements,
because
I
know
that
that
has
tripped
me
up
at
least
before.
G
A
Yeah
this,
this
is
a
familiar
looking
thing,
but
I
heard
it
was
fun
last
time
around
so
yeah.
If
anybody's
got
time
tomorrow
and
is
feeling
ctfe
like
could
be
a
fun
thing.
A
And
if
anybody
is
feeling
ctfe
and
wants
a
team,
we
have
a
security
slack
channel
on
kubernetes
slack
if
you
want
to
find
teammates,
and
that
is
a
fun
thing
to
do.
A
That
is
the
last
thing
on
our
agenda
for
the
day
and
we
have
six
minutes
left
in
this
meeting.
So
if
anybody
has
anything
else
that
they
want
to
talk
about,
got
a
little
bit
of
time
and
if
nobody
else
has
anything
else
that
they
want
to
talk
about,
then
I
think
that
is
the
end
of
the
meeting.
What
are
y'all
thinking
anything
in
particular
that
is
hanging
out
in
your
head.
A
Fair
enough,
I
hope
everybody
has
a
lovely
rest
of
your
defcon
week
and
a
lovely
next
week,
and
we
will
see
you
all
at
the
next
kubernetes
security
meeting
two
weeks
from
today.
At
the
same
time,
keep
in
mind
the
slack
channel
is
open,
24
7
all
the
time,
and
we
can
all
talk
there
if
you
want
to
talk
between
them-
and
I
hope
thank
you
all
for
being
here.
I
really
appreciate
all
of
you
and
your
work
and
I
will
see
you
soon
take
care.