►
From YouTube: Kubernetes SIG Security Docs Meeting 20210114
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everyone
welcome
to
sick
dog,
sick
security
dogs
project
today
is
january
14th,
and
this
is
a
pro
part
of
the
security
and
we
adhere
to
kubernetes
code
of
contact,
which
means
be
kind
and
respectful
to
others
to
and
to
yourself.
A
So
we
have
few
items
on
the
agenda
today
and
last
week
we
got
to
discuss
a
bit
about
having
a
our
back
guide
and
having
a
security
checklist
roadmap.
I
just
created
two
documentations.
If
anyone
and
posted
the
link
there,
if
anyone
wants
to
collaborate
publicly,
I
know
ellen
had
the
idea
to
work
on
the
guide
and
if
you
want
to
put
the
ideas
down
there
and
want
to
collaborate,
feel
free
to
use
it.
A
If
you
want
to
make
it
private,
just
let
me
know,
and
I
could
remove
the
access
too,
and
I
also
added
another
for
the
security
checklist
stored
roadmap
and
I
copy
pasted
whatever
that
we
had
discussed
last
week
into
it,
and
I
had
a
chat
with
michael
and
I
think
he
said
he
was
gonna
start
working
on
it
whenever
he
gets
some
time.
A
Those
are
the
two
updates
I
had,
and
one
thing
that
I
wanted
to
ask
was
this
meeting
falls
on
the
same
day
as
the
security
meeting.
How
do
folks
feel
like
if
we
move
it
by
another
week,
so
that
we
have
this
meeting
in
the
alternate
week
of
seek
security,
or
is
it
okay
to
have
both
the
meetings
on
the
same
day?
A
D
I
also
agree
with
having
it
to
be
alternate
as
well.
A
I
find
that
easy
as
well
like
not
having
to
go
to
go
to
to
it
could
be
it
could
get
confusing
easily.
So
I
I
would
also
post
on
the
slack
so
that
we
could
have
a
chat
if
whoever
couldn't
make
it
to
this
meeting
good
advice
there
concerns
are
plus
one
whatever
there
and
we
can
I'll
work
with
the
tabitha
or
ian
to
move
the
meeting
to
alternate
weeks.
A
If
that
is
the
consensus
that
we
are
award
all
right,
and
apart
from
that,
I
didn't
have
anything
and
we
have
chaitanya
yeah.
He
wanted
to
discuss
a
little
bit
about
some
security
guide
and,
and
he
made
a
presentation
so
take
it
away.
The
floor
is
all
yours.
A
If
you
could
start
with
your
introduction,
it
would
be
great,
oh
yeah.
I
should
have
started
with
that.
I'm
still
learning
I'm
sorry,
everyone.
I
should
have
asked
for
any
new
intro
newcomers.
E
Yeah,
I
don't
know
so:
yeah,
I'm
chaitany
and
I'm
an
undergraduate
in
amanda
university
and
I'm
a
member
of
bios.
That
is
a
top
india's
leading
cyber
security
team
and
like
at
bios.
Specifically,
we
learn
by
playing
ctfs,
so
yeah,
I'm
a
senior
cloud
security
researcher
at
bios,
and
I
really
like
the
idea
of
open
source
in
general
and
yeah.
I'm
for
contributing
and
learn
as
much
as
I
can
in
this
process.
A
And
do
you
want
to
shed
some
light
into
the
agenda
item
that
you
have.
E
A
When
I
have
no
idea
how
to
enable
that,
does
anyone
know
how
to
enable
screen
share.
C
There
should
be
a
security
button
below
in
the
center
and
if
you
click
it,
there's
gonna
be
a
bunch
of
options
and
then
there's
like
things.
People
can
or
cannot
do.
Oh
yeah.
E
So,
to
begin
with,
like
I've
said,
I'm
a
senior
cloud
security
researcher
at
bios
and
I
think
I've
given
a
little
bit
of
introduction
about
my
team
as
well.
We
are
a
cyber
security
team
and
we
learn
through
ctfs,
so
I
essentially
started
the
cloud
security
section
of
pi
of
the
pen,
testing
team
in
bios
and
I'm
really
passionate
about
this
field,
and
so
I
wanted
to
contribute
and
learn
as
much
as
I
could
in
the
process.
E
So
my
twitter
handle
is
auto
riff,
as
my
name
also
here
is
in
the
medium
so
and
I'm
a
like
I've,
said
a
kubernetes
security
enthusiast.
So
to
begin
with,
let's
just
give
you
a
little
bit
idea
of
the
presence.
Now
I
think
you
would
all
know
it.
So
when
I
started
learning
about
qnet,
it
was
it's
a
huge
architecture
and
I
found
it
pretty
complex
to
just
learn
about
it,
and
I
think
that
is
the
idea
in
general
about
humanities.
E
Everyone
feels
like
it's
very
complex,
so,
let's
just
get
to
it.
Let's
just
directly
get
to
the
proposals
that
I
had
in
mind.
So
one
thing
that
I
wanted
to
point
out
was
about
the
documentation,
so
I
feel
like
there's
one
issue
that
I
found
in
github
that
the
security
documentation
needs
more
work
and
I
have
been
looking
into
it.
I
have
some
ideas
what
to
do
for
that
and
I
think
I'll
put
in
some
pull
requests
soon.
E
So
talking
about
security
like
when
we
come
to
kubernetes
and
devops
in
general,
there's
plenty
of
resources
available
online.
When
we
talk
about
development-
and
you
know
deployment
with
different
scenarios
and
with
options
that
might
be
better
and
all
those
things.
So
obviously
development
has
a
lot
of
resources
available,
but
I
feel
like
hacking,
has
really
less
resources
available.
There's
very
less
resources
and
an
official
kubernetes
guide
could
be
a
great
thing
for
beginners
and
in
general.
E
So
if
the
community
agrees,
maybe
I
would
like
I
would
love
to
work
on
that,
I
can
try
and
give
in
more.
You
know,
brs
and
just
see
how
the
process
goes.
Yeah
for
the
first
point
I
feel
like
the
documentation
can
be
improved.
There
were
two
or
three
sections
where
which
I
found
empty
in
the
already
existing
documentation,
and
I
had
a
discussion
with
one
of
the
members
about
that
and
there's
a
little
bit
of
plans
that
will
be
executed
in
the
coming
days.
For
that
coming
to.
E
The
second
point
was
about
the
code
base.
Now
this
is
a
little
bit.
It's
not
related
to
the
security
aspects,
but
this
is
one
point
that
I
wanted
to
feel
that
I
felt
like
should
be
pointed
out
now.
The
core
base
actually
has
very
limited
explanations,
and
maybe,
if
it
sounds
good
to
you
all,
you
know
there
can
be
a
little
bit
of
guide
about
how
the
workflow
is.
The
code,
like
you
know
specifically
pointing
out
about
from
the
code
base.
E
Maybe
more
points
can
be
added
as
comments
in
it
or
you
know
if
it
feels
like
something,
that's
important
to
you
guys.
Maybe
that
can
be
worked
upon
then
coming
to
the
third
and
most
important
proposal
that
I
had.
I
personally
feel
like
you
know
there
should
be
a
youtube
series
of
official
security
guide
by
kubernetes
now
beginning
with
my
learning
process.
You
know
I
started
watching
the
the
various
stocks
that
have
been
uploaded
at
the
cncf
youtube
channel
and
I
felt
like
that's
a
very
great
guide.
E
You
know
amazing
talks
and
just
amazing
stuff
out
there
I
feel
like
there
can
be
a
official
youtube
channel
for
kubernetes
security
and
maybe-
and
I
was
specifically
working
on
the
draft-
for
you-
know
the
kind
and
like
a
structured,
step-by-step
draft
of
the
contents
that
would
be
uploaded
in
it.
I
am
working
on
it
right
now.
I
wasn't
really
sure
where
to
you
know,
share
that
draft.
So
I'm
working
on
that
and
once
I
know
who
I
should
share
it
with.
E
I
think
I
can
share
that
also
in
the
upcoming
days,
so
this
series
will
essentially
cover
you
know,
beginning
from
various
vulnerabilities
like,
for
instance,
you
know,
there's
a
the
kubernetes
architecture
is
a
huge
surface,
it's
a
very
huge
surface,
so
that
makes
it
prone
to
various
vulnerabilities
and
stuff
like
that.
So
I
had
a
draft.
You
know
plans
for
that.
I
can
share
that
also
later
on.
So
I
feel,
like
a
youtube
series,
would
be
a
great
option
and
one
more
another
cool.
This
is
a
vague
idea.
E
Actually,
I'm
not
really
sure
if
this
is
up
for
the
open
source
contributions,
but
you
know
various
courses
like
osap
and
many
other
courses.
They
are
being
priced
as
such,
they
are
being.
They
are
so
useful
in
general
and
they're,
very
famous
right
now,
like
in
india,
for
instance,
I
see
many
of
my
contacts
working
on
them
and
you
know
getting
those
certifications
now,
like.
E
I
said
I'm
not
really
sure
if
the
course
could
be
something
that's
open
sourced
and
you
know
worked
upon
by
me
or
in
general,
any
other
people,
but
I
felt
like
maybe
kubernetes
security
could
be
a
new
course.
You
know
like
an
official
guide
of
step
by
step,
something
related
to
networking
and
different
aspects
of
the
security
and
yeah.
So
I
these
were
like
four
points
that
I
really
felt
like
should
be
covered
and
that's
all
for
the
presentation
yeah.
D
So
I
could
speak
to
the
course
so
since
kubernetes
is
under
the
cncf
and
the
cncf
is
kind
of
under
the
lf
linux
foundation,
linux
foundation
released
the
course
on
january,
8th
call
it
lf260,
which
is
kubernetes
security
already.
So
that's
out
it's
not
an
it's,
not
an
open
source.
I'm
sorry!
It's
not
an
open
course.
It
is.
You
do
have
to
pay
for
the
course,
but
there
is.
There
is
a
course
out
there
from
from
lf.
E
Yeah,
I
was
aware
of
that
course,
but,
like
I
said
no,
it's
not
open
source.
Maybe
the
course
section
might
not
be
that
important.
B
I
think
in
general
yeah
there's
something
about
the
youtube
series.
I
don't
think
there's
a
as
far
as
I'm
aware
people,
please
regret
me
if
I
I
might
just
don't
know
about
it,
I
don't
think
there's
a
youtube
series
like
from
cncf
focusing
on
kubernetes
security.
I
may
be
wrong,
but
I'm
not
aware
of
that.
If
there
is
one.
E
C
C
I
think
all
the
ideas
are
good,
but
we
need
to
like
choose
one
and
start
and
see
if
it
takes
off
and
then
expand
from
there
if
it
takes
off
because
like
something
that
we
see
all
the
time
is
like
lots
of
grand
ideas
that
just
don't
take
off
because
they're
too
big,
so
you
had
like
four
different
things
to
look
at.
I
think
we
should
like
pick
one
and
start
working
and
as
it
progresses,
then
we
decide.
Okay.
Now
we
have,
I
don't
know,
half
a
dozen
cool
guides
in
writing.
C
E
E
B
Just
an
idea,
I
suppose
it
might
make
sense
with
the
with
the
kind
of
existing
proposals
around
our
back
and
and
security
checklist.
It
might
make
sense
to
say
well,
we
could,
as
we
develop
those
look
at
whether
it
makes
sense
to
do
youtube
videos-
it's,
like
kind
of
you,
know
an
explainer
to
say.
B
Oh
here's,
the
armback
guide
and
here's
a
video
about
this
part
of
the
our
back
guide,
because
some
people
like
visual
learning
and
other
people
which
you
want
to
read,
but
some
people
like
videos
and
they
want
to
consume
the
learning
that
way.
So
that
might
be
another
like
an
angle,
as
you
say
like
not
like
start
off
like
five
different
things,
we
have
like
two
work
on
them
and
then
do
the
videos
as
well.
C
Yeah
I
mean
I,
I
do
a
lot
of
videos
for
work
and
like
once,
you
have
an
article
written,
you
put
it
on
the
teleprompter
and
it's
like
not
really
difficult
to
turn
it
into.
Like
a
spoke,
a
speaking
head,
I
think
that's
what
it's
called
like
a
speaking
head
version
of
it,
and
then
we
would
need
like
someone
who
has
some
design
experience
to
come
up
with
some
graphics
and
like
diagrams
or
stuff
to
show.
C
A
Thank
you,
chaitanya.
All
these
ideas
are
great
and
I
agree
with
all
the
inputs.
I
have
like
questions
for
the
group,
so
when
we
talk
about
the
youtube
channel,
does
it
have
to
be
if
it
has
to
be
official,
do
we
have
to
talk
to
the
youtube
management
or
something
like
that?
Is
it
gonna
fall
under
like?
Are
we
looking
for
a
separate
channel
or
are
we
looking
to
add
to
where
would
it
fall
under
like?
C
B
A
A
A
Yeah
so
and
chaitanya
we
already
have
two
of
the
guides
and
if
you
feel
like
creating
another
one
where
you
want
to
collaborate
with
your
ideas
and
proposals,
please
feel
free
to
do
and
post
a
link
in
the
slack
channel
and
in
this
document,
so
that
folks
can
come
back
and
refer
and
verify.
But
that's
all
for
me.
This
is
cool.
B
I
I
have
a
question:
if
it's
okay,
if
this
is
okay
time,
I
I'm
hoping
to
have
some
more
time
to
help
contribute
to
this
this
year.
I'm
kind
of
actually
kind
of
fingers
crossed
I'll
have
a
decent
amount
of
time.
Would
it
be
useful?
I
mean
in
terms
of
the
our
back
guide
and
security
checklist,
would
any
help
out
there
be
useful
at
the
moment,
or
would
I
be
better?
You
know
people
have
kind
of
got
that
up
that
bit
that
they're
working
on
holding
off
on
that
in
the
moment.
C
I
can
speak
for
the
our
back
guy,
so
I
had,
you
know,
live
stuff,
so
the
stuff
I
was
gonna
do
in
the
vacations
didn't
happen,
I'm
picking
it
up
again.
Now
I'm
hoping
to
have
like
an
overview
of
what
the
content
should
be
and
once
there's
like
this
basic
thing,
we
can
start
like
ping-ponging
ideas
or
if
you
want
to
start
with
like
an
overview
of
what
it
should
have
and
then
I
join
in.
B
C
B
The
one
other
one
and
it
kind
of
casts
back
a
long
way
that
we've
got
discussed
is
is
a
hardening
guide.
B
So
one
of
the
things
I've
done
in
the
past
is
I
worked
on
the
cis
benchmarks
and
I've
talked
to
quite
a
few
people
about
how
it
would
be
nice
to
have
a
cncf
guide,
that's
kind
of
like
the
ci
benchmarks,
but
isn't
under
cis,
because
everyone's
used,
the
cis
benchmarks,
you've
found
they're,
pretty
prescriptive,
they're
very
kind
of
like
pass
fail,
which
doesn't
it
it's
led
to
quite
a
few
problems.
I
think,
with
customers
trying
to
use
them
or
companies
trying
to
implement
them.
Where
they're
like.
B
I
can't
check
all
the
boxes,
and
I
thought
I
would
say
that
you
don't
have
to,
but
with
cis.
If
you've
ever
read
one
of
their
benchmarks,
you
don't
really
get
that
flexibility.
It's
very
you
know.
So
one
of
the
things
I
kind
of
hope
to
help
out
with
and
if
it's
something
that
would
be
of
interest
is
trying
to
come
up
with
that
hardening
guide.
A
That
sounds
really
cool,
so
we
could
definitely
work
on
that
as
well.
If
you
like
to
take
a
lead
and
you
want
folks
to
collaborate
and
we
can
check
in
and
see
if
we
like,
if
we,
I
think,
none
of
the
things
that
we
are
doing
is
overlapping
or
I'm
not
sure
if
the
checklist
is
going
to
overlap
the
ordering
guide
or
anything.
A
But
if
it
does,
then
we
can
just
pull
ideas
from
both
the
places
and
in
my
mind,
I
think
they
are
two
distinct
things,
but
I
don't
know
it
could
also
be
like.
A
Complementing
each
other
in
some
ways
or
the
other,
it's
it's
really
great.
I
think
we
should
we
talked
about
it
and
the
last
time
we
figured
that
we
would
start
with
those
two.
But
if
we
have
more
volunteers
and
if
you
got
some
time
to
work
on
that,
it's,
why
not.
B
Awesome
yeah!
Well
I
I
definitely
I'm
hoping
I'm
fingers
crossed.
I'm
gonna
have
some
time
I'll
definitely
have
some
time,
I'm
hoping
to
have
a
lot
of
time,
but
we'll
see
how
that
goes.
A
So
this
folks
have
anything
else
to
discuss.
A
That's
it
for
today,
I'd
give
everyone
six
minutes
of
the
time
back.
Thank
you
for
coming
to
today's
meeting.
We
can
also
check
in
asynchronously,
and
I
will
keep
you
all
posted
on
the
meeting
if
it's
gonna
be
moved
to
next
week
or
we
meet
in
three
weeks.
So
if
we
don't
meet
next
week,
then
we'll
only
meet
in
three
weeks.
A
We
might
have
to
check
in
asynchronous
asynchronously,
so
I'll
keep
you
all
posted
on
that
and
until
we
see
again
take
care
and
stay
safe
everyone
and
have
a
good
rest
of
the.