►
From YouTube: Kubernetes SIG Security 20220602
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
So
hey,
as
as
we
do,
we
have
let
it
arrive
to
the
top
of
a
couple
of
minutes
after
we're
all
here,
it's
wonderful
to
see
you
welcome
to
another
kubernetes
sig
security,
hey
what
do
we?
What
do
we
got
today?
Let
me
get
the
notes
over
here
on,
to
my
other,
monitor.
A
Yeah,
let's
do
that.
I
will
start
I'm
tabitha,
I'm
one
of
the
co-chairs
and
I'd
love
to
hack
things
and
make
friends
and
I'm
glad
to
help
to
make
this
space
so
that
we
can
all
do
that.
B
C
E
Oh
dude,
I
knew
myself
sorry
about
that
hi
everyone.
This
is
avita
here.
I
lead
a
security
documentation
project
and
I'm
here
to
learn
and
share
my
knowledge
and
here
for
the
awesome
community
as
well.
That
is
the
main
thing
I
should
have
said
that
first
happy
to
see
all
the
new
contributors
and
the
returning
folks.
E
D
I
am
a
security,
tooling
subproject
owner
and
here
to
make
my
and
everyone
else's
security.
Securing
kubernetes
dreams
come
true.
F
Hey
folks,
I'm
all
a
dewberry
just
camera
off.
As
I
mentioned
on
some
lunch,
I
am
a
rising
sub
project,
owner
of
security,
self
assessments
and
yeah
keep
listening
and
learning
and
making
kubernetes
more
secure
with
all.
G
H
Yes,
so
then,
let
me
introduce
myself
hi,
I'm
benjamin
I.t
security
student
from
germany
and
also
in
cdf
player.
I
Yeah,
I
think
I
think
I've
already
introduced
myself,
but
maybe
I'll
do
it
again.
If
some
of
you
were
not
here,
I
would
like
to
be
a
contributor
I'm
trying
to
learn
and
find
out
how,
where
to
begin,
and
I'm
just
here
as
a
newbie.
I
work
in
as
an
infrastructure
security
engineer
at
shopify
and
thought
it
would
be
interesting
to
join
the
kubernetes
community
and
figure
out
how
we
can
make
our
workloads
secure.
A
Hi
welcome.
We
try
really
hard
to
make
sure
that
coming
here
and
saying
hello
like
you
just
did,
is
a
good
way
to
get
started.
J
Hi,
I'm
caitlin,
I
work
with
danny
at
shopify
and
we
are
lucky
enough
to
have
shopify,
allow
us
20
of
our
time
to
do
professional
development,
and
so
we've
decided
to
use
that
time
as
well
as
our
personal
time
to
really
get
ingrained
in
the
kubernetes
community.
We're
sig
shopping
at
the
moment.
So
yesterday
we
checked
out
some
six
cli
stuff
and
yeah
been
poking
around
trying
to
contribute
making
all
sorts
of
missteps
bugging
everyone
to
try
and
get
involved.
J
So
here
we
are
listening
and
hoping
to
be
more
active
in
the
community
asap.
A
A
A
All
right:
well,
that's
how
we
that's
how
we
do
things
here,
because
consent
is
how
we
build
the
community
so
ray.
Do
you
wanna?
Do
you
have
anything
anything
cool
to
share
with
us
about
audit.
C
Yes,
so
the
third
party
security
audits
for
2021,
slash
2022,
is
in
progress,
so
we
just
had
a
status
meeting
and
we
have
status
meetings
on
a
regular
basis.
So
next
one
is
next
week
can't
really
disclose
anything
yet
from
the
status
meetings.
Of
course,
until
the
the
finance
report
is
out,
but
for
those
who
are
new,
the
last
security
third
party
security
audits
was
done
in
2019
and
I
just
I'm
going
to
paste
the
link
for
the
link
to
the
findings
for
the
2019
security
audits.
C
For
those
who
are
curious
and
we
are
currently
doing
one
in
2021-
slash,
2022.
lots
of
things
happened
20
since
2020.
So
you
know,
there's
been
a
little
bit
of
some
time
between
the
last
security
audits.
So
that's
it
for
me.
A
Awesome
you
know
keep
keep
rolling
on
with
that.
Thank
you
for
thank
you
for
sharing
how
it's
going
how's
how's
things
in
doc's
world.
E
The
wonderful
contributors,
my
benjamin
in
mohit,
have
put
together
a
security
checklist
and
it's
their
draft
stage.
I
have
a
link
on
the
agenda.
It's
been
getting
feedback,
so
please
feel
free
to
take
a
look
at
it.
E
If
you
haven't
leave
in
your
comments-
and
there
was
also
like
a
nice
thing
at
the
end-
that
someone
suggested
that
it
would
be
nice
if
we
have
a
pdf
checklist
and
if
we
are
willing
to
manage
it,
maintain
it
and
tim
bannister
from
sick
documentation
is
a
stickley
offer
that
we
can
even
publish
it
as
a
pdf.
So
if
anyone
wants
to
take
that
on,
you
want
to
help
out,
please
feel
free
to
reach
out
in
seek
security
or
seek
security.
Docs
we'll
make
that
happen.
E
Go
if
you
ever
take
a
take,
take
a
look,
go
and
leave
your
feedback
on
thumbs
up
honk.
Anything!
So
welcome!
That's
all
we
have
we
have
meeting
after
this,
and
I
forgot
to
send
the
doodle
I
will
tell
I
will
send
a
doodle
to
change
the
meeting
time
for
our
documentation
so
project
I
forgot.
It
fell
off
my
list,
I'm
sorry
about
that.
All
so
I'll
get
that
one
going
and
we
don't
have
any
other
updates.
C
Ray
yeah
just
a
question
for
the
pdf,
would
it
be
hosted
on
kubernetes.io
I
mean
I'm
assuming
she
will
be
hosting
on
our
github
kubernetes.
Stick
security,
slash
docs
or
security
box
right.
E
I
I
haven't
actually
figured
out
a
place.
We
can
definitely
have
a
discussion
if
we
want
to
have
it
in
the
website.
For
me,
personally,
I
think
having
it
in
the
website
would
be
awesome,
because
folks
are
always
looking
at
the
website.
First
right,
like
they
can
just
print
it
out
and
keep
it
or
like
we
can
even
maintain
it
in
our
six
security
report,
add
a
link
on
the
top
of
the
page,
saying
that
hey,
if
you
want
a
pdf
go
here,
I
don't
have
like.
E
C
I
I
think,
publishing
on
sk
security
and
linking
it
out
on
kubernetes
that
I
always
is
as
easier
as
for
the
sick
tune
to
maintain
I've.
I've
recently
had
some
linking
issues
since
we
moved
the
third,
the
2019
third-party
security
audit
had
to
change
where
some
of
the
links
like
on
the
cncf,
blog
post
or
in
some
past
links
that
before
it
was
in
kubernetes
community,
slash
security,
but
now
it's
in
kubernetes
security.
C
So
I
think
it
might
be
user
maintained
on
on
our
on
our
github
repo
and
then
link
it
out
on
the
kubernetes
dot
io
site
on
that
on
that
security
checklist
page.
But
we
could
discuss
further.
A
Yeah
yeah,
with
apologies
for
having
not
read
what
tim's
suggestions
are.
Tim
has
been
a
good
one
in
the
past
for
suggesting
ways
that
some
of
the
more
clever
features
of
the
kubernetes
website,
publishing
stack
can
be
used
to
automatically
maintain
things,
and
so,
if
that
is
an
option
like
if
the,
if
the
the
document
can
be
in
get
wherever
it
is
in
some
sort
of
machine,
parsable
format
and
then
having
essentially
ci
that
rebuilds
a
pdf.
D
Save
it
to
you,
one
of
your
questions
on
should
we
need
to
do.
We
need
to
update
the
pdf
more
often
and
how
would
that
look
like
so
cup?
I
have
some
experience
doing
something
similar
with
tag
security
I
and
we
could
actually
get
cncf's
help
to
generate
a
nice
looking
pdf
for
the
checklist.
Also,
if
that's
helpful,
and
then
we
can
also
have
a
parent
kind
of
directory
where
the
markdown,
the
pdf
and
readme
can
all
exist
so
to
raise
point
of
linking
links
getting
broken.
D
E
That
sounds
cool
okay,
I
will
sync
offline
or
like
I
will.
I
can
take
this
to
say
security,
documentation
meeting
and
then
I
can
bring
it
back.
We
can
have
some
discussion
there
and
we
can
see
how
this
goes
and
thank
you.
Thank
you
ray.
Thank
you
tabi.
Thank
you.
Everyone
who
worked
on
this
so
far,
I'm
so
excited
about
this.
One.
A
All
right,
unless
there
is
other
discussion
here
about
docs,
then
pushkar,
you
wanna
tell
us
about
tooling
how's
how's
it
going
in
tooling.
D
Yeah,
so
we
started
the
version
125
cycle
as
a
community.
Now,
since
kubecon
is
over,
so
from
one
of
the
things
I
wanted
to
bring
up
and
kind
of
get
an
idea
of
based
on
folks
who
have
done
caps
and
been
released
leads
our
managers
before
there
is
an
enhancement
freeze
deadline
coming
up
on
16th
june.
D
My
best
understanding
is
before
that
any
caps
that
need
to
go
in
the
current
upcoming
release
should
be
merged
in
implementable
state,
and
we
already
have
the
pr
for
the
auto
refreshing,
cva
list
cap.
We,
I
believe
we
have
lg
tms
and
approves
from
many
people,
including
tabby.
Only
one
remaining
is
elana,
which
I
can
get
it
because
she
is
given
informal
approval
already,
but
wanted
to
check
with
everyone
who
is
more
experienced
with
caps.
Is
my
understanding
correct,
or
do
we
need
to
just
do
more
than
just
merging
this
cap?
C
Okay,
yeah,
just
looking
at
the
at
the
pull
request
for
the
cup,
we
do
need
the
production
readiness
review
approved,
so
that
is
coming
from
inland
in
this
case.
Looking
for
the
lgtm
for
the
product
joining
us
to
review,
it's.
C
C
The
first
comments,
okay,
great
and
also
just
to
make
sure
that
the
that
the
cap
follows
the
new
format.
So
there
was
a
new
format
in
125
and
which
may
not,
which
involves
testing
so
so
there
is
a,
I
guess,
a
more
thorough,
detailed
testing
section
that
needs
to
be
and
I'll
take
a
look
at
to
see
if
it
does
comply
to
the
new
format
in
1.25
yeah.
So
take
a
look
I'll.
Take
a
look
at
it
offline.
C
If
there's
any
other
requirements
needed,
you
know
I'll
I'll
I'll
ping,
the
folks
on
the
security
slack
channel
other
than
that.
I
think
that
we
should
be
okay
to
take
a
look
at
the
read,
mean
gun
just
to
make
sure
there's.
No
all
the
sections
are
filled
out
and
then
and
then
the
last
of
course,
being
once
submerged
is
for
a
co-chair
for
six
security
to
to
opt
it
in
to
the
enhancements
tracking
sheets.
A
Oh
yeah
question
about
that,
like
with
your
release,
hat
on
and
my
co-chair
hat
on,
which
is.
A
We
I
feel
like
we
should
do
that
in
the
interest
of
you
know
dotting
eyes
and
crossing
t's
where,
where
possible,
but
also
for
caps,
that
do
not
end
up
affecting
released
artifacts.
A
C
Yeah
I
mean
it
would
then
it
would
be
kind
of
considered
out
of
tree.
So
there
are
plenty
of
things
considered
out
of
tree
entries,
mostly
what's
what's
in
kubernetes
kubernetes
and
of
course
anything
out
of
tree
could
be
updated
as
well.
The
the
benefits
of
being
tracked
in
part
of
a
release
is
that
you
know
it
could
also
be
part
of
the
release,
announcements
and
kind
of
feature
blogs,
and
that
will
go
that
will.
C
A
I
A
D
It
won't
be
in
kk
but
good
chance.
We'll
have
something
in
gay
website.
C
E
And
I
I
have
only
one
thing
to
add
it's
just
I
I
saw
that
elena
might
be
out
for
1.25.
So
if
we
want
to
reach
out
to
someone
in
the
pr
reviews,
just
just
keep
an
eye
for
that
like
if
they
they
might
be
swamped
because
they
they
are
low
on
the
number
of
folks
and
always
the
during
the
initial
time.
There
are
like
a
lot
of
enhancements
coming
through,
so
we
might
want
to
be
just
mindful
of
who's,
picking
up
the
slack,
so
I
I
you
you
all
might
have
known
already.
C
Yeah,
that's
actually
a
really
good
point,
because
the
production
readiness
review
deadline
is
actually
a
week
before
enhancements,
so
enhancement,
freeze
or
release
enhancements,
freeze,
freeze,
okay,
yeah,
so
it's
usually
the
week
before
enhancements.
Freeze,
there's
a
production
ratings
review
deadline
as
well,
because
the
the
production
ratings
review
teams
is
likes.
Vita
said
is,
as
it's
quite
limited
and
they
get
swamped
with
lots
of
review
requests.
So
yeah.
D
A
D
So
that's
about
this
cap
before
we
move
on
to
other
one
any
questions
from
anyone.
You
know
and
I'm
so
happy
to
see
all
the
newbie
questions,
because
those
are
important.
I
had
the
exact
same
questions
in
the
past,
so
please
keep
asking
these
questions.
D
Okay,
cool,
so
the
next
one
I
was
hoping
actually
tommy
would
be
around
in
the
call
but
looks
like
we're
missing
him
today.
It's
another
kept
that
we
discussed
in
the
meetings
in
the
past.
D
One
of
the
differences
between
the
cap
we
just
discussed,
and
this
one
is
probably
the
owning
says:
sig
is
going
to
be
different.
If
I'm
not
wrong,
it's
going
to
be
sig
node,
so
I'll
follow
up
with
tommy
later
to
figure
out
if
he
needs
any
help
there.
If
he
has
already
gotten
a
chance
to
talk
to
sig,
note
folks
and
see
if
I
can
help
out
or
if
I
can't
help
out
I'll
bring
it
up
with
everyone
else
who
can
help
out.
A
Awesome-
I
am
I
I
love
this.
I
love
this
cap,
I'm
happy
to
see
it
moving
forward
and
I'm
happy
to
see
those
of
us
here
in
this
group
doing
what
we
can
to
assist
with
that.
A
Was
gonna
say,
can
I
call
on
allah
for
for
self-assessment.
F
Yeah,
so
mostly
mostly
questions
from
me
so
yeah
I
looked
at
where
that
pr
was
in
review
and
really
just
wondering
pushkar,
I
can
work
with
you
to
understand
how
I
can
keep
moving
that
forward.
F
It
looks
like
you
know,
with
kubecon,
I'm
not
surprised
to
see
that
it's,
it
hasn't
been
touched
in
a
couple
weeks,
so
just
yeah
what
I
can
do
to
to
keep
that
to
keep
the
momentum,
but
also
to
just
understand
more
on
sort
of
where
we're
at
from
the
perspective
of
that
being
a
pilot
that
we
want
to
use
to
to
have
a
template.
So
I'm
just
understanding
more
from
you
on
that.
F
So
I
can
carry
the
vision
forward
and
also
start
to
think
about
what
are
some
other
sigs
that
we
could
or
that
might
be
interested
in
sort
of
like
okay.
Once
we
have
our
pilot
once
we
have
our
template
once
we
have
it.
Dialed
in
you
know
who
else
could
use
it
yeah
and
I
think
there
needs
to
be.
I
think
I
need
to
do
one
more
thing.
F
D
One
of
the
things
we
are
waiting
on
is
the
github
admins
for
new
contributors,
adding
you
officially
as
a
member,
so
that
the
owner's
file
doesn't
show
up
with
an
error
saying
this
member
doesn't
belong
in
the
kubernetes
org,
or
something
like
that.
So
once
that
is
done,
I
think
the
subproject
directory
will
be
there.
The
owner's
file
will
be
there,
and
then
we
can
merge
this
pr
in
terms
of
updates
from
cluster
apis
assessment.
Specifically,
I
think
I've
got
enough
feedback
where
I
feel
like.
D
If
nobody
else
has
any
comments,
we
can
merge
it
once
the
directory
exists
and
the
owner's
file
exists.
D
Next
thing
from
the
assessment
perspective
is
we've
created
a
tracker
which
is
like
a
github
project
of
all
the
issues
that
came
out
of
this
assessment,
which
are
basically
hey.
We
found
this
as
a
threat.
We
want
to
make
sure
that
this
is
mitigated,
and
this
is
an
issue
to
track
it.
So
the
project
tracker
exists
today.
D
What
we
need
to
would
need
your
help
is
getting
everyone
together
and
figuring
out,
which
ones
we
want
to
tackle.
First,
because
the
biggest
thing
I've
seen
in
assessments
in
the
past
is
it
happens,
everyone
agrees.
This
is
a
problem
and
we
should
fix
it
and
it
gets
dropped
because
priorities,
change
and
people
move
on
to
different
things.
So
I
think
that
tracker
moving
all
of
those
cards
from
to
do
to
in
progress
to
done.
D
I
think
that's
the
big
thing
from
cluster
apis
assessment,
specifically
the
next
one
from
the
overall
sub
project
perspective,
I'm
thinking
is
there
is
one
long-standing
request
for
another
self-assessment
from
this
for
vsphere
csi
provider.
If
I'm
not
wrong
and
that's
something,
we
haven't
really
found
someone
who
can
volunteer
and
start
doing
the
same
that
we
did
for
cluster
api.
So
that
may
be
one
thing
we
we
can
chat
and
happy
to
dive
deeper
on
this
also
later
on.
If
you
have
some
time.
F
Yeah
awesome
I'll
get
some
time
on
your
on
your
calendar.
I
can
also
yeah
once
the
pr
to
create
this
a
project
has
merged.
I
can
also
work
on
getting
a
meeting
on
the
calendar
bi-weekly
as
well,
and
creating
a
slack
channel.
A
Yeah
happy
happy
too
happy
to
do
that.
That
is
one
of
the
services
that
we
offer,
as
co-chairs
related
related.
Also
to
that.
If
there
is
any
difficulty
with
the
pr
for
your
org
membership,
then
you
know
ping
us
on
ping,
us
on
slack
and
and
we're
we're
here
to
we're
here.
We're
we're
here
to
help
make
things
happen.
F
Awesome
yeah,
I
think
yeah
pushkar
and
savitha
have
signed
off
so
yeah.
No,
I
think
the
next
step
is
for
someone
to
merge
it.
I
think.
D
F
F
Great
cool
pushkar,
unless
there's
anything
else,
I
think
that's,
that's
everything.
F
A
We
are
now
into
the
into
the
things
that
are
on
the
second
half
of
the
agenda
and
the
first
one
is.
Somebody
noticed
that
our
talk
from
kubecon
in
valencia
has
been
uploaded
to
youtube.
D
Yeah,
sorry,
I
didn't
tag
myself.
I
just
wanted
all
the
new
new
members,
as
well
as
existing
members
who
couldn't
be
at
kubecon,
wanted
to
know
what
this
sig
is
all
about,
and
what
have
we
done
in
the
past?
What
we
plan
to
do
in
future?
This
is
the
30-minute
talk
that
you
can
watch
and
then
come
over
again
on
slack
and
ask
questions.
A
I
I
put
a
link
to
it
up
at
the
top,
where
it
previously
said
most
recent
sig
security
kubecon
talk.
I
I
made
that
word
plural
and
now
there's
the
links
to
to
both
of
these
up
there,
so
so
yeah
it
was.
It
was
great
to
see
folks
that
we
could
see
in
valencia
and
now
now
it
is
here
on
youtube,
which
is
always
open
for
those
of
us
that
we
couldn't
see
there
benjamin.
I
believe
that
I
believe
that
you
are
next
here.
Talk
to
us,
please
about
ctf
challenges.
H
Yeah
exactly
so
I
talked
to,
I
think
it
was
mahe
in
the
kubernetes
flag
and
he
mentions
to
me
that
there
is
an
kubernetes
ctf
on
the
on
the
on
the
cube
kubecon.
There
were
a
kubernetes
cdf
at
least
last
year.
It
was
so
I
don't
know
if
it
was
in
the
current
year
and
I
just
want
to
know
if
the
sources
are
available.
If
it's
open
source
or
if
you
can
oh.
A
I
was
asking
like
from
from
cloud
native
security
day
from
the
from
the
like
kubecon
day,
zero
event
that
that
security
organizes.
A
H
He
just
told
me
that
there
was
a
cdf
at
least
last
year,
and
I
just
want
to
know
if
there
also
were
cdf
this
year
and
if
the
sources
are
available.
A
The
the
folks
from
cloud
native
security
day
have
had
a
ctf
at
pretty
much
every
one
of
their
events,
and
I
will
be
happy
to
go
and
ask
those
folks
about
whether
any
of
those
challenges
are
available
for
people
to
deploy
on
their
own
and
play
does.
Does
anyone
know
just
off
hand.
D
I
can
take
that
a
volunteer
responsibility
out
of
your
hands
tabby.
If
you
want,
I
okay
easier
for
me,
because
I
know
the
folks
and
kind
of
work
with
them
more
often,
but
most
likely
benjamin
they
might
be
able
to
share
something.
I
don't
know
if
it
will
be
the
full
experience
of
a
ctf
but
they'll
be
at
least
able
to
share
something
that
might
be
useful.
H
No
problem,
I'm
more
interested
not
in
the
challenges
more
interested
in
the
in
the
setup,
because
the
background
story
to
this
is
our
ctf
team
also
hosts
a
larger
ctf
event
for
like
5000
teams,
and
I
just
wanted
to
build
some
ctf
challenges
on
or
not
ctf
challenge
in
kubernetes,
but
ctf
challenges
about
kubernetes,
so
not
deploying
like
crypto
challenges
or
web
challenges
inside
of
kubernetes,
with,
for
example,
kctf,
but
really
do
challenges
about
kubernetes,
and
I
just
wanted
to
know
if
there
is
like
any
yeah
set
up
for
this,
because
what
we
need
is
kind
of
kubernetes
on
demand.
H
So
every
team
needs
its
own
kubernetes
cluster
yeah
and
I
just
want
to
know
if
maybe
the
folks
at
cubecon
did
it.
K
Link,
I
just
dropped
in
chat
there,
which
might
be
useful
unless
there's
two
links.
One
is
control,
planes
cube
simulator,
which
is
what
they
did
some
of
their
stuff
based
on
at
kubecon,
and
then
the
other
one
is
one
I
did,
which
is
uses
kind
which
is
just
like,
can
kubernetes
clusters
in
docker.
So
that
way
you
can
easily
spin
up
the
vulnerable
clusters.
K
So
it's
not
bad.
If
you
want
to
give
people
like
a
set
of
clusters,
it
obviously
means
they
can
they
can
hack
about
themselves,
but
you
want
to
give
them
a
challenge.
You
can
do
something
based
on
kind.
I
think
it's
quite
useful
for
that
kind
of
thing.
D
A
Also,
I've
also
set
up
and
run
a
few
different
kubernetes
based
ctf
challenges
or
or
ctfs,
one
of
which
we
did
with
provisioning
a
bunch
of
google
cloud
resources
and
assigning
them
to
attendees
and
so
on,
and
one
of
which
is
crammed
inside
a
vm
on
the
try,
hackme
platform,
and
so
if
I
can
also
if
I
can
share
any
of
that
experience
with
you,
I'd
be
happy
to
so
yeah
reach
out
to
me
also
yeah,
we'll
do
I
have
some
questions,
something
like
this.
Thank
you.
D
As
a
specific,
maybe
action
item,
benjamin
is
it
possible
for
you
to
join
the
cncf
slack
workspace?
I
can
send
you
a
link
and
I
can
help
you
make
intros
with
the
people
who
did
the
ctf
in
securitycon
and
then
you
can
take
it
forward
and
ask
whatever
you
can
and
whatever
they
can
help.
I'm
sure
they'll
help.
H
A
A
A
I
I
typically
do
them.
This
is
the
one
aspect
of
my
life
where
I
actually
kind
of
wish.
I
had
a
high
performance
computer
as
opposed
to
a
acute
computer
that
feels
good
when
you
carry
it
around
all
day,
but
cpu
is
chewing
through
a
bunch
of
renderings
of
some
backlog
of
videos,
and
we
should
see
those
up
on
youtube
pretty
soon,
robert.
L
Great
okay,
I
can
never
know
on
these
zoom
calls
so
yeah.
Several
people
have
mentioned.
I
think,
even
on
previous
calls
here
the
interest
in
setting
up
some
sort
of
group
around
confidential
computing.
You
know
enclaves
could
also
incorporate
fully
homomorphic
encryption
or
even
zero
knowledge
proofs.
All
all
things
related
to
how
you
might
deploy
these
or
supports
using
kubernetes.
L
I
L
In
slack,
if
others
who
you
know
aren't
on
this
call
want
to
join,
if
we,
if
we
judge
that,
there's
a
lot
of
interest,
then
I
guess
you
know.
I
L
A
Based
on
the
history
of
us
growing,
various
kinds
of
community
governance
groups
out
of
affinity
groups
that
have
emerged
here,
I
would
say
start
having
the
conversations
with
the
folks
see
where
it
goes,
and
then
we
can
match
up
the
various
sorts
of
governance
organizations
that
exist
like
like
cigs
working
groups,
sub-projects
sub-projects
of
kubernetes
sig,
sub-projects
of
cncf
sigs.
You
know
we
can.
We
can
play
ma,
we
can
play
match
up
between
the
various
governance
options
that
are
available
and
what
needs
your
group
turns
out
to
have.
A
A
Then
perhaps
a
sub,
a
subproject
of
this
sig
is
the
right
way
to
do
it
or
if
the
scope
grows
outside
of
kubernetes,
and
is
you
know
confidential
computing
in
cloud
native
generally,
then,
perhaps
a
sub-project
of
tag
security
is
a
better
home
for
it,
but
I
say,
get
together
start
start
doing
your
things
and
then
we
will
make
sure
to
provide
whatever
sort
of
governance
support
matches.
Your
needs.
B
L
Is
a
broader
discussion
to
be
had
at
the
cncf
level
and
of
course,
a
lot
of
the
projects
that
are
working
on.
This
are
cncf
sandbox
projects.
That
said,
I
think,
there's
you
know
there
needs
to
be
a
a
narrowing
of
the
scope
to
to
get
to
some
output.
Typically.
I
L
I
I
would
I
myself
I'm
just
speaking
for
myself.
Of
course,
I
would
say
that
starting
with
kubernetes
puts
enough
of
a
boundary
around
it
to
make
it
productive,
whereas
if
you
try
to
boil
the
ocean
outside
of
the
broader
scope
of
all
things,
cloud
native
might
might
be
a
little
bit
difficult
to
get
a
foothold,
but
oh
yeah
for
sure.
A
It's
you
know
it's.
It's
got
to
start
with
a
group
of
people
who
are
small
enough.
They
can
agree
on
what
they
want
to
do
and
then
start
doing
those
things
together.
So
yeah,
yeah,
literally
literally
anything
that
we
can
do
from
a
you
know
procedural
governance,
kind
of
perspective
to
make
a
space
for
whatever
y'all.
Whatever
you
all
agree
on
together,
we
got
you.
H
So
actually,
I
also
talked
to
savita.
I
think
it
was
like
three
weeks
ago
or
something
like
this
and
some
I
also
talked
with
her
about
and
confidential
kubernetes,
let's
say
blog
post
or
something
like
this,
where
you,
where
we
would
explain
some
basic
concepts
and
also
how
you
can
make
yeah
the
kubernetes
infrastructure
itself
fully
con
confidential
yeah.
That's
also
something
I
talked
with
savita
about,
and
maybe
that's
also
like
a
bit
of
of
a
starting
point.
Something
like
this.
L
Just
a
quick
thought:
since
there
are
some
resources
there
may
be
that
article
there's
my
kubecon
slides,
should
we
should
we
maybe
put
a
pr
to
some
document
and
then
that
can
actually
those
who
review
that
can
basically
be
the
list
of
people
interested
in
informing
this
group
is
that
I
mean
just
thinking,
get
opsy.
D
Maybe
robert,
this
might
be
a
blog
post
suggestion
to
sick
dogs
that
how
to
how
does
con
confidential
computing
mean
or
look
like
in
kubernetes
set
up
and
if
they're
interested
that
could
be
the
pr
you're.
Looking
for
and
obviously
with
any
blog,
we
would
need
tech
reviews
so
folks
who
are
interested
or
know
about
it,
will
jump
in
and
you
might
get
a
set
of
people
that
are
interested.
A
Yeah
I
I
encourage
that.
I
encourage
that
very
highly
and
in
particular
I
encourage,
if
you
have
a
blog
post,
that
is
the
right
sort
of
blog
post
for
the
kubernetes
blog
like
you
know,
that
is
to
say,
if
you,
if
you
have
a
dream
in
your
heart,
to
pull
together
a
bunch
of
these
kinds
of
resources
about
confidential
computing
inside
kubernetes
into
a
blog
post,
that
is
of
general
community
value,
then
write
the
thing
and
you
know.
I
A
The
thing
talk
to
sig
security,
docs
talk
to
sig,
docs
and
open
the
pr
for
that
there
is
no.
There
is
no
need
in
my,
in
my
experience,
in
my
opinion,
to
ask
sick
docs
for
permission
to
write
a
blog
post,
the
blog
post.
You
know
the
blog
post
lives
in
your
heart.
The
blog
post
lives
in
the
hearts
of
the
folks
who
want
to
contribute
to
it
and
starting
by
writing
it,
and
then
saying
here
is
this
thing
that
we
have
done
for
the
love
of
the
community?
A
E
E
We
can
publish
that
and
in
that
blog
post
also,
then
we
can
say
like
if
you
are
interested
like
that
is
also
another
way
of
sourcing
the
community
asking
the
community
that
if
they
want
this
group
or
not,
you
know
like
put
out
a
a
disc,
not
a
disclaimer.
This
wrong
word
put
out
a
line
telling
that
hey,
if
you
are
interested,
you
want
to
see
this
more
come
join
us
in
the
sec
security
meeting
or
like
the
slack
channel,
so
that
to
gain
the
interest.
E
A
Yeah
to
make
this
kind
of
meta
community
organizations
reproduce
by
budding,
and
so
you
know
one
of
the
one
of
the
great
things
about
the
sig
security
meeting
here
and
like
the
broader
sig
security
slack
channel,
is
that
we
can
do
things.
We
can
provide
a
space
to
do
things
and
we
are
people
together.
A
Who
can
do
things,
and
so
you
know
if
there
is,
if
there
is
a
feeling
that
that
things
should
be
done
around
confidential
computing
like
come
under
the
security
umbrella,
do
things
around
confidential
computing
and
then
as
that
grows
and
matures,
then
you
have
access
to
all
of
our
resources
to
make
make
whatever
other
changes
you
need.
You
know,
that's
that's
how
we
that's
how
we
got
a
subproject
for
doing
security,
self-assessment,
guided
programs
inside
kubernetes
is
somebody
said:
hey?
A
Could
we
do
this
and
we're
like
yeah
come
we'll?
Do
it
inside
security,
and
if
it
has
legs
it
will
it
will
get
what
it
needs
and
it
does
have
legs
and
now
we're
giving
it
what
it
needs.
L
B
Super
quick
psa,
the
kubecon
north
america
cfp
for
detroit,
this
fall
closes
tomorrow
at
1,
59
a.m,
pacific
time
or
no
11,
59
p.m.
Pacific
time,
1
59
a.m.
My
time
in
central
so
make
sure
to
get
your
talks
in.
If
you
want
to
submit
a
talk
for
kubecon,
I
am
very
excited
to
read
them
as
a
member
of
the
programming
committee.
B
If
you
are
a
first-time
speaker,
especially
if
you
are
underrepresented-
and
you
want
a
pair
of
eyes
on
your
talk
abstract
or
your
talk
idea,
I
put
this
out
there
every
time
and
I'm
gonna.
Do
it
again
feel
free
to
holler
at
me?
Send
a
google
doc
my
way
totally
happy
to
take
a
look
and
provide
feedback.
If
that's
a
helpful
thing
for
you,
new
speakers
are
awesome
and
yeah
everybody's
welcome.
So
that's
all
submit
your
talks.
A
Can
I
say,
plus
one
to
literally
everything
that
they
said
also
as
program
committee
member?
I
am
also
looking
forward
to
reading
everybody's
fabulous
proposals
and
also
as
a
person
who
has
both
submitted
and
reviewed
a
lot
of
cfps
and
who
loves
doing
cfp
reviews
come
and
you
know
feel
feel
free
to
ping
me
about
things.
If
you,
if
you
want,
because
I
I
love
to
do
those.
A
All
right,
then,
a
thing
that
that
I
wanted
to
bring
to
the
rest
of
the
group
here
came
out
of
a
conversation
with
one
of
the
folks
who
was
in
attendance
at
the
security
maintainer
track
session
at
kubecon.
A
Unfortunately,
I
do
not
remember
his
name,
but
he
was
asking
what
I
thought
about
some
of
the
maintainability
struggles
that
he
was
having
with
implementing
network
policy
and
like
the
example
that
was
brought
up
was,
if
we
have
a
pod,
that
we
want
to
do
bi-directional
network
policy
control
on,
so
that
it
can
only
make
outgoing
connections
to
the
appropriate
things
that
we
expect
it
to.
A
I
do
not
have
a
great
answer
for
you
in
my
pocket,
but
I
can
talk
to
people
about
it
and
so
then,
later
that
week
I
ended
up
running
into
dan
winship
and
some
other
sig
network.
Folks-
and
I
I
brought
this
up
to
them,
and
one
of
the
things
that
came
out
of
this
conversation
was
that
one
thing
that
currently
exists
to
make
that
sort
of
problem
easier
is
the
ability
to
put
names
on
port
definitions.
A
When
you
know,
services
and
things
are
being
defined
and
then
reference
those
port
names
rather
than
having
to
put
hard-coded
port
number
references
into
the
policy
a
that
was
not
a
thing
that
I
was
aware
of,
and
it
was
cool
to
learn
b.
A
Would
you
be
interested
in
a
in
a
pr
to
add
names
to
some
of
these
ports,
and
so
that's
my
whole
spiel
there?
It
is,
if,
if
that's
cool,
then
then
I'm
happy
to
make
connections
with
people.
If
that
is
an
exciting
thing
to
you,
then
it
is
probably
a
good
place
to
be
able
to
get
involved
with
something.
J
Yeah
I'm
currently
dealing
with
that
at
work
and
would
love
to
be
involved,
we're
trying
to
manage
better,
better
filtering
on
our
network
policies
that
are
automatically
deployed.
So
I
would
love
love
love
to
do
that
with
someone
who
has
a
bit
more
experience
and
knowledge
than
me.
A
Oh,
that's.
That's
awesome
if
you
know
who
to
talk
to
go
talk
to
him.
If
you
don't
know
who
to
talk
to
slack
is
a
great
place
to
to
ask
you
can
ask
questions
and
seek
security.
Slack,
I'm
happy
to
make
introductions
with
people
so
so
yeah
talk
to
me
I'll,
be
happy
to
to
point
you
at
the
places
and
the
people
where
these
things
can
be
done.
A
F
I
was
getting
chatty
and
in
chat
robert
about
the
confidential
computing
interest
that
you
have,
whether
it
becomes
a
sig
or
working
group
or
whatever.
How
can
we
get
a
hold
of
you
if
we
want
to
connect
you
with
other
people
who
might
be
interested
in
just
participating
in
that
discussion?.
L
I
I
would
guess
slack
is
probably
the
easiest
for
everybody,
I'm
on
the
wg
policy
channel
all
the
time,
but
we
can
just
post
it
in
the
sig
security
channel.
Here
start
a
thread.
L
H
Don't
think
that's
what
we
should
do.
I
think
we
create
an
slack
thread
where
everyone
who
wants
to
contribute
can
then
yeah
contribute
to
kind
of
like
the
threat,
and
then
we
make
like
a
shared
document
some
where
they
can
write
down
their
yeah
whatever
they
want
to
write
down
or
yeah,
but
then
whatever
they
want
to
add
to
the
document
or
the
blog
post.
H
Are
you
in
the
slack
ella,
then
I
can
send
you
the
then
I
can
send
you
the
slack
thread.
F
Yeah,
no
I'm
at
a
dewberry,
I
believe
and
yeah
I'm
in
the
security
channel.
Oh
okay,.