►
From YouTube: Kubernetes SIG Security Docs 20210415
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi
everyone
today
is
our
april
15th
six
security
documentations
of
project
meeting.
We
abide
by
kubernetes
code
of
contact,
which
means
please
be
nice
to
each
other,
and
this
meeting
will
be
recorded
and
available
on
youtube.
So
please
be
mindful
of
forever
that
you
speak,
and
with
that
I
am
going
to
paste
in
the
agenda.
A
Please
add
yourself
up
to
the
attendance
what
what
it
looks
like
do
you
want
me
to
share
the
screen
with
the
agenda
or
just
have
a
gender
open
in
your
own
windows
and
chat
about
it.
B
A
Oh,
I
won't
do
that
so.
A
So,
first
off
do
we
have
any
new.
A
Contributors
all
right,
I
I
see
someone
tv,
but
if
you'd
like
to
drop
something
in
the
chat
or
in
the
agenda,
that'll
be
great.
Welcome
to
our
meeting.
Moving
on
to
the
discussion
first
of
the
story,
so
rory
do
you
want
to
take
it
away.
B
Yeah
sure
so
it
was
just
what
I've
done
is
I've
started
having
a
bit
of
a
look
at
the
hardening
guide
and
what
I
thought
would
be
a
good
idea
is
before
like
creating,
like
you
know,
massive
quantities
of
content
it'd
be
a
good
idea
to
get
some
early
feedback
on
like
style
and
level,
and
you
know
do
we
think
this
is
going
in
the
right
direction
and
just
get
people's
feedback
early
on.
You
know
before
like
big
pages
and
pages,
so
what
I've
done
is
on
the
heart.
B
B
Cool,
so
hopefully
everyone
can
see
the
hardening
guide
come
up
now
so
yeah.
What
I
what
I
do,
what
I
do
is
I
start
with
the
control
plane.
I
figured
that
was
a
good
place
to
start,
I'm
looking
at
the
control
plane
configuration.
A
B
B
Cool
no
thanks
for
that.
That's
why
we
know
I
wondered
that
that
went
odd,
so
yeah.
So
what
I
did
was
start
with
the
with
the
control,
plane,
components
and
there's
two
bits
that
I
kind
of
started
filling
in
the
first
one
I
went
to
was,
I
thought
well
like
api
server.
B
One
of
the
problems
with
api
servers
is
a
huge
number
of
options
when
you
launch
it
and
like,
whilst
a
lot
of
them
have
some
relevance
for
security,
there
are
some
key
ones,
some
ones
people
should
look
for
in
terms
of
like
how
are
my
clusters
configured.
So
what
I've
tried
to
do
is
just
kind
of
talk
about
each
of
those,
so
things
like
allow
privileged
so
talking
about
you
know
how.
B
Whilst
it
would
be
great
if
you
can
set
that
to
false
most
clusters,
do
actually
set
it
to
true,
and
the
reason
is
because
cluster
components
tend
to
need
privileged
containers.
So
if
you
want
to
try
and
harden
it,
one
option
would
be
to
put
that
on,
but
you
need
to
understand
you
know
you
will
probably
break
things
and
so
just
gone
through.
I
think
it's
like.
What's
that
one,
two,
three,
four:
five,
six,
seven!
B
You
know
these
are
ones
I
kind
of
picked
out
that
I
either
know
of
that
I've
seen
in
the
past
or
ones.
I
think
people
should
think
about
and
just
filled
in
some
kind
of
details.
It's
kind
of
like
I've
kind
of
come
for
the
approach
of
being
kind
of
discursive.
Would
that
work
in
docs?
This
is
the
bit
I
don't
know.
Is
that
kind
of
content
going
to
go?
Okay,
or
should
I
be
more,
you
know
formal
with
it.
A
I
kind
of
like
that
you
have
added
a
little
verb
on
what
it
does
or
what
it
is.
As
an
administrator,
I
appreciate
it
because
I
I
don't
have
to
google
what
it
is.
I
can
just
see
here
and
read
about
it
and
decide
if
I
want
to
set
the
flag,
true
or
false
right
or
the
conflict
to
our
fault.
So
I
really
appreciate
it.
B
Yeah
and
what
I've
also
been
trying
to
do
is
link
out
to
anywhere
in
existing
docs,
when
I
talk
about
our
back
link
to
our
back
and
talk
to
so
where
there's
an
existing
like
more
detail,
rather
than
trying
to
recreate
that
just
just
put
that
in
in
a
link
just
to
introduce
areas,
so
I've
kind
of
looked
at
that
and
the
other
area
I
started
looking
at
was
file
permissions
and
just
talking
a
bit
about
and
again
I
was
trying
to
steer
clear
because
I
know
one
of
the
comments
we
had
from
the
brainstorming
was
around
not
recreating
the
cis
benchmark
so
like.
B
If
you
want
to
know
the
exact
permissions,
you
can
go
and
look
at
the
cis
benchmark
and
it's
got
all
of
them.
So
more
talk
about
like
a
high
level.
These
are
the
things
you
should
consider
like
static,
manifest
files.
So
you
know
you
need
to
think
about
those,
not
so
much
from
a
read
point
of
view,
but
from
a
right
point
of
view
you
need
to
make
sure
no
one
can
change
them,
but
other
files,
like
the
pki
files
and
say
well,
look
with
these
ones.
B
So
it's
just
really
to
try
and
give
people
a
high
level
view
of
saying
here's,
the
groups
of
files
that
you're
likely
to
have
in
the
control
plane
and
from
a
security
standpoint,
here's
the
kind
of
things
you
should
be
thinking
about,
and
that's
that
that
was
where
I
was
going
with
it
so
far
and
I
figured
maybe
if
we
can,
I
was
thinking,
maybe
of
leaving
it
for
comment
for
a
little
while
now
and
then
see
what
people
think
and
then,
if
you
know
take
to
take,
you
know
factor
that
back
in
and
then
work
on
like
either
expanding
that
or
starting
to
do
the
other
elements
of
the
control
plane.
C
Yeah,
I
actually
like
all
this.
I,
like
the
the
options
described
in
the
compared
to
this,
and
also
the
descriptions
or
just
talking
about
about
permissions
as
well.
B
This
is
just
the
first
part
there's
like
a
lot
of
sections,
but
but
but
we
you
know
if
I,
if
we
can
kind
of
get
one,
and
the
other
thing
I
was
thinking
is:
if,
if
we
get
one
kind
of
like
we're
happy
with
the
style
and
the
approach,
then
it's
going
to
make
it
easier
for
other
contributors
to
jump
in
because
they
can
see
how
the
style
looks
and
then
okay,
okay,
I
kind
of
understand
the
level
we're
pitching
this
at
and
the
kind
of
wording
we're
using
and
that'll
help
from
for
making
it
consistent.
B
A
All
right
plus
one
to
that-
I
really
like
it,
and
this
can
be
a
template
for
other
contributors
to
start
pitching
in
and
just
just
so.
There
is
another
idea
that
we
wanted
to
have
a
security
checklist
kind.
So
I'm
thinking
that
this
can
be
elaborate
to
an
extent
that
we
want
and
a
security
checklist
can
just
sit
on
top
and
have
the
things
important
things
bubbled
up,
and
then
we
can
always
link
it
back.
A
B
A
And
and
they
can
use
the
checklist
as
a
rundown
too,
whenever
they
configure
like
so
in
my
mind,
I
always
think
checklist
check
boxes,
but
it's
not,
but
that's
how
I
think
it
so
I
can
just
check,
like
okay
distribution,
cluster
check,
check,
check,
check,
check
and
then,
if
I
want
to
know
more
and
then
go
in
and
read
in
this
document
more
in
that
to
get
overall
idea
stuff
like
that.
So
I
like
it
this
way:
cool.
B
A
I
think
seven,
thank
you.
Thank
you
for
that.
So
thank
you.
Rory.
I
just
wanted
to
know
that
if
anyone
has
any
comments
on
nah
for
rory
or
the
document
just
feel
free
to
drop
it
in
here
or
in
the
chat,
that'll
be
awesome
and
I
have
only
a
couple
more
things.
I
went
through
the
community
site
and
then
this
started
seeing
what
all
the
issues
that
are
tagged
with
seek
security.
A
We
have
a
few
here,
one
I
know
you're
working
on
rory
and
then
we
have
a
couple
more
like
a
lot
of
them
and
then
we
can
just
go
over
whenever
we
have
some
free
time
add
our
thoughts
into
it
or
if
it's,
if
it
can
be
picked
by
a
new
contributor.
This
target
help
wanted
or
for
a
good
first
issue,
so
that
we
welcome
new
people
in
the
community.
A
I
just
wanted
to
bring
it
in
to
notice
and
we
do
have
one
pull
request.
If
anyone
can
with
more
security
expertise,
can
re
review,
it
they'll
be
great.
A
So
yeah,
that's
interesting.
That's
all
I
had.
I
thought
that
we
could
just
do
this
exercise
once
in
a
while
that
we
just
go
through
open
issues
or
stuff
like
that
and
filter
in
and
if
whatever
we
thought,
if
folks
would
like
that,
I'd
like
to
do
it
once
in
like
three
meetings
or
four
meetings
like
once
in
a
month
once
once
in
two
months,
just
to
go
over
in
our
whatever
is
in
our
backlog
and
add
new
things.
Whatever
we
want
to
do,
we
don't
have
a
project
board.
A
B
That's
really
cool,
though
I
didn't
know
that
that
I
hadn't
thought
of
that.
So
that's
yeah.
That's
a
really
great
idea,
because
we
can
look
through
these
and
see
you
know.
Are
there
areas
where,
where
you
know,
even
if
it's
like
small
ones
or
things
that
can
be
picked
off
easily,
that's
that's
always
good
to
kind
of
keep
on
top
of
those
and
then
yeah
that
secrets.
One
looks
like
quite
a
big
rewrite.
That'll
be
a
long
read.
A
That
that's
like
an
x
excel,
so
I
saw
that
I'm
like
okay.
This
is
gonna,
take
a
couple
hours
or
more
than
more,
but
I
just
thought
that
I
just
shed
some
light
so
that
if
anyone
offers
his
free
time
or
anyone
who's
watching,
this
video
want
to
contribute.
So
they
can
get
started
here.
C
A
Thank
you,
so
I
would
give
everyone
15
minutes
of
your
time
back
thanks
for
coming
into
the
meeting
today,
it's
good
to
see
you
all
again
and
thank
you
rory
I
am.
I
can
go
to
the
think
dogs
meeting.
So
probably
when
I
go
next
time
array,
if
you
happen
to
go,
can
you
just
bring
up
the
hardening
night
I
tried,
but
if
I
miss
it
and
just
feel
free
to
bring
it
up
so
that
they
are.
C
Yeah
I'll
bring
up
the
harding
guide,
also
looking
at
the
secrets.
Pr
as
well
cool.
A
Thank
you
so
much
thanks.
Everyone
I'll
see
you
all
in
two
weeks
or
in
a
week
at
six
security
meeting,
yeah.
A
Want
to
say,
congratulations
to
ray
for
being
the
news
for
project
owner,
so
so
cool.
C
Thank
you,
yeah.
That's
for
the
external
audits.