►
From YouTube: Kubernetes SIG Security 20211216
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi,
it's
three
after
hello,
everyone
welcome
again
to
yet
another
kubernetes
sig
security.
It
is
delightful
to
see
all
of
you
hear
from
all
of
you
and
it
it
seems
from
looking
at
the
agenda
being
rather
lighter
than
it
typically
is
that
folks
are
getting
into
a
time
of
doing
fewer,
kubernetes
things,
probably
due
to
the
time
of
the
year,
and
I
really
hope
that
that
means
people
are
having
a
really
good
time.
A
Do
we
do
do
we
want
to
to
say
hello
and
introduce
ourselves
a
little
bit,
or
I
mean
I
will
hi,
I'm
tabitha,
I'm
one
of
the
co-chairs.
I
am
absolutely
delighted
to
have
the
role
of
helping
to
hold
up
the
tent.
That
is
this
space,
where
we
can
come
together
to
share
our
feelings
about
kubernetes
security,
find
the
opportunities
that
we
have
to
work
together,
to
make
things
better
in
the
project
and
for
the
end
users,
and
that's
that
that's
what
I
do
like.
C
My
name
is
ian
coldwater.
I
am
the
other
co-chair.
What
she
said
here
to
you
know,
hack
things,
make
friends,
do
stuff
and
happy
to
be
here
with
all
you.
D
Hi,
I'm
maureen,
I'm
new
here,
I'm
an
intern.
Thank
you.
I'm
an
engineer
interested
in
security.
I
have
been
contributing
localization
to
kubernetes
for
a
few
months
now,
and
I
decided
to
join
this
meeting
because
I
want
to
learn
more
about
security.
What's
going
on
in
the
project
and
see
if
I
can
contribute
something
in
that
space.
A
Awesome
hi,
thank
you
yeah.
You
know
here
in
here
in
sig
security,
most
of
the
contribution
comes
from
showing
up
and
either
having
some
kind
of
thought,
something
that
you're
concerned
about
something
that
you
wonder
about
something
that
you
want
to
ask
the
group
about
and
asking
them
or
alternately
hearing
something
that
someone
has
a
thought
or
concern,
or
whatever
about
that
they
share
with
the
group
and
saying,
oh,
I
think
I
might
be
able
to.
I
think
I
might
be
able
to
do
something
there
so
yeah
welcome.
E
Hi,
I'm
mohit,
I'm
kinda
new,
so
I
was
around
last
for
the
last
session,
like
viking
joined
halfway
through
by
the
way,
so
this
is
kind
of
like
my
first
from
beginning
session.
I
guess
all
right,
I'm
I
work
in
security,
I'm
a
pen,
tester
f-secure,
I'm
I
focus
on
things
like
cloud
and
containerization
orchestration
like
within
fcrm,
I'm
like
the
global
lead
for
pen
testing,
kubernetes
stuff,
and
I
thought
you
know
get
involved,
see
how
I
can
help
or
whatever.
A
I
always
I
always
love
to
hear
folks
who
are
working
pen,
testers
point
of
view
on
you
know
what
sorts
of
things
they're
seeing
and
and
where,
where
the
challenges
that
they're
finding
their
clients
are
having,
because
here
you
know
we
can,
we
can
pull
the
levers
that
we
have
access
to
to
try
to
make
it
easier
for,
in
the
end,
those
users
to
clean
up
those
kinds
of
difficulties
more
easily
than
they
otherwise
could,
and
so
knowing
something
about
what
those
difficulties
are
is
pretty
critical,
yeah
for
sure.
F
B
All
right
I'll
go
next.
My
name
is
ray.
My
pronouns.
Are
he
him
involved
with
other
aspects
of
kubernetes?
It
was
recently
the
123
release
lead,
but
before
kubernetes
before
cloud
data
native
I've
actually
done
some
thread
modeling
with
a
american
plane
manufacturer.
G
Oh
well,
I'm
rory,
I'm
a
recovering
pen
tester
now
in
kind
of
cloud
native
security
world,
and
I
kind
of
discovered
things
around
around
six
security
and
sig
doc.
Security,
as
well
as
help
maintain
the
cis
benchmarks
for
docker
and
kubernetes.
A
A
G
On
that
note,
if
anyone
has
any
ideas
of
things
that
have
changed
since
120
so
120
to
123
that
they
would
like
to
see
in
a
benchmark,
we've
got
some
ideas,
but
we're
about
to
kick
off
the
123
version.
So
if
anyone's
got
something
where
they're
like.
Oh
that's
a
new
thing
that
really
should
be
mentioned,
just
ping
it
my
way.
If
you
want
to
I'm
happy
to
pick
it
up
or
if
you
want
to
go
on
the
cis
benchmark
site,
you
can
totally
add
it.
G
There
too
is
do
you
have
a
link
for
that
by
chance
yeah
sure
I
can
send
you
a
link
for
the
workbook
site.
A
A
Awesome
well
hi
everyone
it
is.
It
is
always
so
great
to
see
everybody
here.
Typically,
we
will
go
through
and
and
hear
a
quick
update
from
the
folks
who
are
representing
the
various
projects
on
how
things
are
going
there
and
so
ray.
I
see
you've.
B
Written
some
notes
in
here
audit
in
progress.
There
is
yeah
not
much
to
updates
for
this
meeting,
I
like
to
say
that
it
is
still
in
progress.
A
Thank
you
very
much.
It's
it's
important
to
get
that
right.
I
see
via
slack
that
savita
has
reported
no
no
current
update
from
docs,
and
I
know
that
I
know
that
pushker
can't
make
it
today.
Does
anybody
have
any
word
from
tooling.
A
All
right
we'll
leave
that
there
for
security.
Oh.
G
Okay,
briefly
untooling
just
in
case
it's
of
use
to
anyone.
I
know
that
eric
some
only
put
in
a
post
into
six
security,
tooling
slack
on
just
a
hack
md
that
we
were
doing
for
how
to
detect
an
issue.
Some
people
may
have
had
to
deal
with
this
week,
log4j
in
container
images.
I
just
it's
just
some,
basically
some
some
tips
on
how
to
use
various
open
source
tools
to
detect
that,
if
anyone's
got
any
other
ones,
they
want
to
add.
Please
feel
free.
A
A
All
right
with
nothing
with
nothing
further
from
subgroups,
which,
like
I
said,
I
hope,
is
because
everybody
is,
is
having
an
easy
time
of
it.
Now
the
space
is
ours.
What
what
does?
What
does
anybody
have
on
their
mind?
Is
there?
Is
there
anything
fun
or
new
or
exciting,
going
on
in
kubernetes
security
that
you're
thinking
about.
F
I
will
I'll
do
an
update
from
docs
because
we
have
1.24
opening,
I
think,
as
a
as
a
thing
on
monday
and
that
docs
are
going
to
focus
on
two
things
for
the
1.24
release
and
the
first
one
is
the
removal
of
docker
shim
which
isn't
really
related
to
security.
But
you,
you
won't
be
able
to
use
docker
shim
in
124
because
it's
already
removed,
but
the
other
one
is
pod
security
graduating
to
beta.
If
that
happens
so
alpha,
no
ga
ga.
C
F
That's
the
one
yeah
the
graduation
to
ga,
which
is
penciled
in
for
1.24.
If
that
happens,
that
will
need
a
lot
of
documentation,
changes
and
so
sig
docs
is
kind
of
clearing
the
decks.
If
you're
doing
any
other
thing,
including
other
security
stuff,
there
will
be
less
support
available
from
sig
docs
for
documenting
that
in
the
next
release.
Because
of
that
focus,
so
I
guess
that's
the.
A
Psa,
I
mean
honestly,
I
I
appreciate
the
the
pragmatism
of
seeing
these
big
changes
coming
and
clearing
out
space
to
make
sure
that
you
can
handle
these
these
most
important
things.
So
yeah.
Thank
you
for
thank
you
for
telling
us
about
that.
One
thing
that
that
I
will
add,
which
is
really
a
shout
out
from
the
meeting
notes
to
slack
it
looks
like.
A
I
hope
that
they
have
with
some
some
auditing
things
that
looks
like
there
was
some
good
conversation
there,
which
I
have
not
familiarized
myself
with
yet
and
oh,
we
have
a.
We
have
a
cap
which
has
started
the
deprecation
process.
That's
actually
a
thing
to
to
point
out.
There
is
I'll
get
a
link
to
the
cap,
there's
a
there's,
a
thread
and
slack
about
this
as
well.
But
the
cap
is
1753.
A
and
rory.
Once
you
start
typing
it
then
I'll
start
editing
it
so
that
that
way,
we
don't
step
on
each
other's
step.
On
each
other's
toes.
A
Log
sanitization
had
some
some
fairly
serious
implementation
challenges
related,
mostly,
I
think,
to
performance
and
the
folks
who
are
maintaining
that
code
have
decided
that
it's
better
just
to
retract
that
that
the
that
the
challenges
that
would
need
to
be
solved
aren't
the
juice,
isn't
worth
the
squeeze,
and
so
that's
that
deprecation
process
has
started
elena
sent
a
email
to
kdev,
letting
everyone
know
and
kind
of
starting
a
a
lazy
consensus
period
for
that
so
log
sanitization
log
sanitization
cup
has
started
the
process
of
being
deprecated
from
alpha.
A
And
that's
that's
the
news
that
I
have.
G
And
I
was
thinking
of
last
minute:
kubecon!
It's
tomorrow
is
the
final
day.
So,
if
you
want
to
submit
for
the
cfp,
an
important
deadline
is
make
sure
you
guys
are
done
by
tomorrow.
C
H
H
Kept
defecation
so
I'd
worked
on
the
static
analysis,
pre-submit
portion
of
that,
and
that
was
hoping
for
the
field
tags
on
structs
that
we
used
to
hold
secrets
that
had
fallen
under
the
header
of
1753.
H
H
A
Like
that
sounds
a
lot
lighter
weight
than
than
the
like
real
time.
Sanitization
cap
and
like
on
one
hand,
it's
kind
of
a
code
maintenance
overhead
thing,
but
on
the
other
hand,
it's
like
keeping
your
room
clean.
If
you
keep
your
room
clean,
then
you
don't
have
to
clean
the
whole
thing
top
to
bottom,
every
single
time.
You
want
to
look
for
something,
and
so
it
kind
of
feels
like.
H
H
A
Yeah,
do
you
know
was
any
of
the
alpha
implementation
of
1753
was
any
of
what
was
done
there,
including
adding
annotations
to
struts,
or
was
that,
like
a
next
step.
H
So
there
it
was
hit
and
miss
because,
like
some
people
were
some
some
pr's
adding
annotations
did
get
submitted
and
some
did
not
so
it's.
It
was
a
best
effort
at
the
time
some
of
it
was
just
like.
There
was
delay
with
a
pr
review
and
I
think
it
was
kind
of
right
around
the
time
where,
where
people
were
starting
to
work
on
other
things,
so
it
didn't
get
pushed
as
hard
as
maybe
it
should
have.
Oh
okay,
but
I
I'm
pretty
sure
all
of
the
prs
are
tagged.
A
Yeah,
I
would,
I
would
offer
a
bit
of
advice
there,
then,
since
the
sick,
instrumentation
folks
have
volunteered
to
pull
out
the
alpha
code
from
1753
reaching
out
to
them
and
and
like
forming
a
game
plan
around
whether
they
also
remove
whatever
annotations
currently
exist
that
had
been
added
or
whether
it's,
whether
it's
better
to
just
leave
them.
H
Okay
cool-
I
I
will
try
to
carve
out
some
time
to
write
that
up
to
talk
to
sick
instrumentation
and
maybe
write
that
cap.
A
A
Nah
I
mean
like,
if
you,
you
clearly
have
a
level
of
interest
in
it,
and
so,
if
you
also
you
know,
if
you
also
have
time
to
work
on
it,
then
like
go
for
it
and
and
find
find
friends
and
compatriots
here
in
this
here
in
this
group,
and
probably
also,
I
guess
in
like
like
cig
architecture,
but
even
if
you,
even
if
you
don't,
you
know
filing
an
issue
like
under
the
sig
security
repo,
just
as
a
place
to
write
the
idea
down
publicly
so
that
in
the
future
somebody
else
might
be
able
to
come
along
and
pick
it
up.
A
A
So
much
for
coming
slack
is
open
all
the
time,
and
so
when
you,
when
you
have
something
that
you
think
about
you
know,
feel
free
to
bring
it
up
there,
and
we
will
see
you
all
when
the
next
meeting
happens,
which
I'm
I'm
gonna
start
a
slack
thread
asking
people
how
they
feel
about
the
next
scheduled
meeting,
which
I
think
is
on
the
27th
of
december,
so
so
I'll
I'll
post
on
slack
about
that
and
we'll
see
how
we
all
feel.