►
From YouTube: TGI Kubernetes 121: Starboard
Description
Come hang out with Duffie Cooley as he does a bit of hands on hacking of Kubernetes and related topics. Some of this will be Duffie talking about the things he knows. Some of this will be Duffie exploring something new with the audience. Come join the fun, ask questions, comment, and participate in the live chat!
A
Good
afternoon
everybody
and
welcome
to
episode
121
this
week,
we're
going
to
be
exploring
aqua,
SEC
teams,
Harbor
and
so
I'm
super
excited
about
that.
But
first
let
me
say
it's
great
to
be
back
and
sharing
knowledge
and
exploring
things
together
again.
These
last
few
weeks
have
been
a
difficult
time
for
the
US
and
but
they
serve
to
highlight
an
even
more
difficult
time
that
many
have
experienced
here
in
the
US
and
around
the
world.
A
These
last
few
weeks,
we've
seen
some
change
in
solidarity
that
addresses
some
of
those
concerns,
but
this
is
the
work
of
generations
and
we
collectively
have
a
lot
to
do
to
address
it
completely
in
the
meantime,
remember
that
you
can
affect
change
by
listening
and
supporting
everyone
around
you
this
month.
We
have
a
bunch
of
celebrations.
A
You
know
here
in
the
here
in
the
bay
and
actually
all
around
the
world
we're
celebrating
or
in
the
US
for
celebrating
Juneteenth,
which
is
a
celebration
of
the
ending
of
slavery
here
in
the
US,
and
even
this
highlights
the
problem
that
have
been
a
focus
of
a
lot
of
the
protests.
Lately
the
Emancipation
Proclamation
was
set
forth
on
June
January,
1st
1863,
and
we
commemorate
June
19th
1865
as
the
date
that
the
action
associated
with
those
words
finally
took
hold
all
across
the
u.s.
two
and
a
half
years
later
after
that
proclamation
was
made.
A
This
month
is
also
Pride
Month
a
time
when
we
celebrate
and
welcome
lesbian,
gay,
bisexual,
transgender,
queer
and
questioning
people
everywhere.
We
saw
historic
legislation
passed
by
the
Supreme
Court
ruling
that
it's
unlawful
to
fire,
someone
for
being
gay
or
transgender.
This
happened
in
2020.
This
only
just
happened
to
2020.
The
federal
ban
on
sex
discrimination
in
the
workplace
covers
sexual
orientation
and
gender
identity
based
discrimination,
and
that's
amazing.
The
u.s.
is
entirely
too
slow
to
change
and
the
protests
are
another
important
step
in
driving
change
against
systemic
racism
and
inequality.
A
This
community
is
amazing
in
its
diversity
and
its
inclusion,
and
some
of
the
most
amazing
people,
I've
ever
worked
with
or
known,
are
in
important
and
critical
roles
in
our
community
and
our
explicit
community
values
ensure
that
we're
keeping
projects,
inclusive
and
positive
places
participate
in
work.
But
it's
up
to
us
to
keep
our
Commons
healthy
and
super
important
stuff.
Lastly,
I'll
say
that
I'm
super
proud
of
our
community
and
organizations
like
the
CN
CF
for
addressing
this
in
an
open
and
public
way.
Black
lives
matter.
A
Love
is
love
and
we
are
all
of
us
in
this
together.
So
all
of
that
said,
what
can
we
do?
We
can
take
some
time
to
listen
and
read
and
understand
our
history,
so
listen
and
read
and
understand
what
people
are
going
through
to
empathize
with
those
around
us.
We
can
take
some
time
to
stand
with
those
that
are
calling
for
change.
A
A
Alright,
let's
get
back
into
this.
So
again,
this
episode
is
going
to
be
starboard,
so
we're
gonna
be
talking
about
what's
happening
with
starboard
and
the
community
and
then
all
kinds
of
other
wonderful
stuff,
just
like
usual.
So,
let's
get
into
it.
There
is
a
new.
We
release
a
new
patch
release
for
kubernetes
out.
We
have
kubernetes
v1
sixteen
eleven
one,
seventeen,
seven
one,
eighteen
for
coming
up.
A
We
had
some
changes
in
the
way
the
containers
work,
so
if
you're
actually
using
containers
from
Kate's
GCR
to
I/o-
and
you
might
be
it's
moving
it's
about
two
weeks
till
this
happens.
If
you're
interested
in
digging
into
it,
you
can
jump
into
the
thread
and
understand
like
why
it's
moving
what's
happening
to
it
and
how
and
how
it
works
so
good
stuff
there,
let's
say
actually
tiful
everybody
hello
to
everybody
who's
out.
There
I
just
realized
I'm
like
totally
not
on
my
own
hustle.
A
Here,
let's
see
how
everybody's
doing
who
do
we
have
saying
hello?
We
got
fully
good
geared
bear
saying:
hey.
We
got
Lim
at
a
signing
in
good
to
see
you
Maddie.
Thank
you
very
much
for
the
idea,
but
Jeromy
Pruitt,
saying
hello.
Mr.
Steve
Wade
he's
actually
already
played
with
this
tool.
I'm,
actually
just
playing
with
it
for
the
first
time
in
this
episode,
so
I'm
excited
to
play
with
it.
Mr.
A
It's
it's
awesome
to
be
back
everybody's,
saying
hello
from
some
folks
saying
hello
from
hungry,
fellas
and
Martine,
saying
hello
from
the
Netherlands
Arnel
front
from
Germany.
Well,
he's
saying
thank
you
and
thank
you.
Everybody
I
really
appreciate
the
the
positive
feedback
on
that
mattias
thing
from
a
signal
Oh
from
the
Netherlands
and
Marcos
saying
it's
a
Jed
from
Colorado,
oh
nice,
to
see
you
Jett
and
Satish
Sangalo
and
Hameed
from
signifier
band,
I'm
singing
from
Israel
&
pratik
from
India
again
just
a
worldwide
group.
A
A
A
bit
more
in
the
content
here,
though,
and
ice
creams
are
now
like
in
front
of
me
and
below
me
so
like
before.
You
do
usually
see
me
going
off
to
the
side
like
that,
when
I'm
checking
out
the
chat
this
time,
you're
gonna
see
me
looking
down.
That's
what
that's
all
about
so
moving
on
here
we
got
patch
updates
cig
updates.
We
got
a
bunch
of
a
bunch
of
notes
from
the
kubernetes
community
meetings.
Let's
check
these
out
real
quick,
interesting
I
got
some
updates
from
the
PSC
from
cig,
apps
and
from
cig
release.
A
Cig
release
talking
about
basically
what
they've
been
working
on
in
October
of
2019
and
for
upcoming.
This
changes
consider
leadership,
leadership
refreshes
across
the
teams
and
the
co-chairs.
That's
pretty
awesome.
We've
got
119
in
schedule,
1
xx
scheduled
for
2021
119
and
newer
will
have
one
year
of
patch
really,
which
is
a
difference.
That'll
be
interesting,
so
supporting
a
particular
release
for
a
year
rather
than
deprecating
on,
like
the
number
of
supported
versions,
things
we
need
from
you
discussion
on
the
related
pieces,
we
got
some
caps.
A
Good
stuff,
from
the
release,
folks,
we
got
Caleb
Myles,
Stephen,
Augustus
and
Tim
pepper
as
chairs
technical
leads
isolator.
Today,
these
folks
have
actually
just
been
indoctrinated
as
the
technical
leads,
which
is
super
exciting,
so
we've
got
new,
jorge
and
sasha
signing
in
as
technical
leads
for
release.
A
It's
tremendous
some
updates
from
cig
apps.
You
see
resizing
again.
So
if
you
don't
know
about
it's
actually
responsible
for
a
bunch
of
really
interesting
stuff,
it's
not
it's
not
like
one
particular
area.
It's
kind
of
like
pretty
pretty
wide-ranging
focus.
First,
a
gaps,
lots
of
stuff
going
on
there,
cuz,
if
you
think
about
it
like
kubernetes,
is
a
container
platform
because
we're
deploying
applications
on
top
of
it.
So
you
can
imagine
how
much
important
stuff
is
happening,
so
citecar
kept
is
getting
called
out
here.
A
This
is
one
that
I
think
is
super
important,
no
viable
path
forward
for
st-link
ready
projects
to
manage
proxy
sidecar
life
cycle.
We
need
to
work
with
significant.
We
need
to
work
with
signal
to
advise,
so
this
calls
out
the
need
for
a
life
cycle
object
for
sidecars.
I
think
we
talked
about
this
a
little
bit
in
a
previous
episode.
A
A
What
we're
working
on
publicly
get
involved
and
if
you
want
to
check
these
things
out,
definitely
check
them
out.
There's
some
good
stuff
in
here
there's
also
some
stuff
and
update
from
cig
Ark.
So
obviously
the
community
meeting
that
happens
is
in
court
is
awesome.
If
you
want
to
like
dig
into
like,
what's
actually
happening
monthly
in
the
community
meeting,
you
want
to
just
get
a
good
update
from
different
the
different
groups
that
make
up
our
community.
That's
a
great
place
to
jump
in
there.
A
I
just
realized,
I,
misspelled,
kubernetes,
community
values
and
I
refer
to
this
in
the
opening
statement.
Right
when
were
talking
about
the
community
values-
and
this
is
what
I'm
referring
to
right,
the
community
values
that
we
represent
as
a
community
are
documented
here
and
I.
Think
it's
it's
really
well
put.
You
know
so
definitely
check
that
out.
A
The
cube
con
north
america
deadline
has
been
extended.
It's
been
extended
to
june
28,
so
if
you
do
want
to
actually
submit
a
talk
for
Boston
this
year,
it's
been
extended
to
June
28th,
make
sure
you
get
those
talks
in
if
you're
interested
in
being
in
presenting
at
that-
and
this
is
actually
gonna-
be
co,
co-chaired
by
constants
and
by
Stephen.
So
I'm
super
excited
to
see
what
they
can
put
on
together
at
in
Boston
and
whether
that'll
be
in-person
or
virtual
I.
A
Don't
I,
don't
really
know
yet,
but
it'll
be
exciting
to
to
see
it
happen,
one
way
or
the
other
in
the
cloud
native
ecosystem.
We
got
a
great
write-up
on
a
recent
CBE.
This
is
actually
what
I
was
referring
to
on
the
sig
and
a
product.
Security
Committee
update
I
thought
this
was
a
really
good
read.
So,
let's
read
through
this
real
quick
I
always
include
the
sig
update,
slides
at
TJ.
Okay,
so
you
can
follow
along
sorry,
so
when
it's
not
only
about
a
Cooper
new
CV,
so
this
was
actually
so.
A
Okay,
so
these
two
folks
were
eating
pizzas
and
dirty
beers
and
they
found
it
in
court
kubernetes
vulnerability
inside
kubernetes,
and
it
was
not
a
part
of
the
original
plan
for
their
winter
evening.
They
conducted
additional
analysis
inside
some
cloud
provider.
Companies
that
enabled
us
to
are
enabled
them
to
increase
the
impact
of
the
vulnerability
and
get
create
additional
crazy
bounties.
B
A
Have
to
make
sure
that
you're
not
like
just
drop
on
those
things
in
public
like
right
out
right
out
in
the
open
you
need
to
like
go
through
the
proper
channels,
contact
that
Cooper
nudists
product
security
committee,
get
a
CBE
assigned
and
then
handle
the
embargo
until
until
that
becomes
a
public
thing,
give
the
product
a
chance
to
actually
address
it
before
the
vulnerability
is
exposed.
That's
what
that's
all
about.
A
This
idea
is
that,
like
we
want
to
be
able
to
bring
up
a
kubernetes
cluster
that
may
already
that
may
be
in
a
vulnerable
States
and
you
can
explore
some
of
the
previous
see
bees
that
were
identified
in
previous
versions
of
of
kubernetes
right.
So
you
can
understand
less.
You
can
pull
apart
and
like
explore
them
and
see
how
they
work
and
see
and
understand
like
like
how
that
how
those
were
explored
so
that
you
could
then
take
that
learning
and
apply
it
to
two
other
things.
A
So,
in
this
kubernetes
goat
scenario,
thing
they've
got
different
scenarios
that
do
exactly
that
right,
using
a
home
owner
to
own
a
cluster
right
attacking
a
private
registry.
Dr.
C
is
benchmark.
Analysis
is
a
bunch
of
different
stuff
in
here
that
I
think
that's
a
really
great
job
of
exploring
the
different
vulnerabilities
that
have
been
found
within
within
kubernetes.
So
if
security
or
you
know
attacking
kubernetes
and
those
sorts
of
things,
are
interesting
to
you,
that's
a
great
place
to
jump
in
argo.
A
A
Yeah
I
hear
that
was
I
was
I
I
still
have
to
submit.
I
haven't
even
like
submitted
anything
for
that
one
yet
and
I
think
I
might
I,
think
I
might
just
take
this
year
off
and
not
submit
and
just
go
visit
instead.
Sometimes
it's
sometimes
it's
good
to
make
sure
there's
room
for
others
to
get
out
there
to
starboard
announcement.
This
happened
during
our
break
I
was
we
were
in
the
period
of
time
when
we
weren't
doing
t
GI
K,
so
I
just
called
this
out
as
a
great
lead-in
to
the
episode.
A
So
this
is
written
by
Liz
who's
here
with
us
today
talking
about
basically
what
they're,
building
here
and
I
like
that
starboard
represents
a
combination
of
a
variety
of
different
tools.
Right.
It's
it's
a
solution
that
allows
for
the
integration
with
multiple
tools
to
produce
an
output
that
is
useful
to
folks
that
are
worried
about
the
the
security
of
the
cluster
and
the
other
piece
that
really
called
out
to
me
was
that
they
use
an
octave
plugin
for
handling
this
stuff
right.
A
So
the
starboard
project
like
integrates
both
with
projects
that
came
from
out
of
aqua
slack
but
other
projects
in
the
community
to
like
really
try
and
focus
on
like
reporting
on
security
or
providing
some
analysis
for
security.
So
this
is
the
one
we're
going
to
be
exploring
today
and
so
I'm
looking
forward
to
getting
into
it
and
seeing
how
this
works
here.
The
projects
that
it's
going
to
integrate
with
trivy
polaris
q
bench
q
hunter.
Some
of
these
are
some
of
these
are
Aquatech
projects,
and
some
of
these
are
not
like
fair
ones.
A
Polaris
so
definitely
check
out
the
announcement
if
you're
curious
about
it
and
then
lastly,
Steve
wave
is
actually
or
has
put
together.
Some
some
focus
on
on
get
ups
as
well
right,
so
Argosy
being
released,
is
actually
an
elitist
physic
get-ups
conversation.
So
he's
put
up
a
couple
of
repos,
exploring
get
ops
with
customized
and
exploring
get
ops
with
secrets,
and
so
I
think
this
would
make
a
great
episode
just
working
through
these
things
and
my
kind
of
exploring
them
together.
A
We
might
do
that
in
a
future
episode,
so
this
is
like
get
ops
with
secrets
like
how
do
you
start
from
zero
and
get
to
a
place
where
you
have
a
cluster
deployed
while
securely
handling
those
credentials
that
are
in
that
are
important,
right
and
so
I
know
that
I've
had
a
number
of
conversations
with
Steve
on
this
topic
like
how
do
you
actually
like
like?
How
does
that
work
and
like
what
are
we
gonna
do
and
pretty
awesome
stuff?
The
last
thing
I'm
going
to
cover
from
all
of
this
is
the
media
piece.
A
I
want
to
give
a
shout
out
to
the
fact
that
kubernetes
is
six
years
old.
Now,
right
again,
this
happened.
I
think
was
last
week
or
the
week
before,
and
the
pop
cast,
which
is
a
weekly,
actually
I'm,
not
even
sure,
there's
a
schedule
to
it,
but
there's
a
a
podcast
put
on
by
dan
pop
and
drea.
We
all
know
him
as
pop
he's
in
the
community.
He
works
for
assisting
he's,
got
a
new
pot,
a
new
podcast
out,
and
you
should
definitely
check
it
out
if
you're
interested
in
things
that
happen
within
the
community.
A
A
Craig
McKee,
lucky
chibita
and
Brendan
Burns,
and
ask
some
questions
about,
like
you
know
so,
Cooper
deed
is
a
six.
What's
it
gonna?
What
was
it
like?
What
we
do
and
so
I
thought
that
was
a
great,
a
great,
a
great
presentation
on
kind
of
the
history
and
like
where
we're
at
with
kubernetes
being
the
sixth
reaching
its
sixth
year.
So
that's
that's
exciting.
A
Those
are
really
great
and
then
metal
and
then
Steve
also
put
up
a
metals
journey
toward
throwaway
clusters,
which
also
talks
about
this
stuff
in
this
space.
If
you
have
a
talk
or
a
presentation
that
you've
done,
that,
you
want
to
see
me
talk
about
on
hack,
em
D,
throw
it
into
the
throw
it
into
the
hack,
em
D.
A
We
always
put
our
Chi
GI
kata
I
own
notes,
page
up
just
before
the
show
sometimes
well
do
this
on
Wednesday
or
Thursday
as
soon
as
that's
available-
and
it
says
the
next
episode
feel
free
to
throw
those
links
in
there.
If
you,
if
you
have
a
talk
or
something
our
message
that
you
want
me
to
to
to
promote
here
or
though
you
want
us
promote
here,
feel
free
to
put
them
in.
A
We
keep
editorial
control,
but
if
you
have
a
link
that
you
want
to
put
in
there
just
make
sure
you
do
it
all
right
blog
posts,
one
from
a
CNC
F
that
stands
for
the
black
lives
matter
movement,
and
this
is
another
one.
That's
like
super
cool,
because
I
see
it
happening
across
a
bunch
of
different
projects
within
our
community,
again
kind
of
making
sure
our
communities
in
a
good,
strong
place
right
standing
with
the
black
ice
movement.
We
have
odd
non
Rasheed
has
published
a
PDF
of
a
seka,
a
notes.
A
This
is
a
recent
take
on
the
CK
a
so
if
you're
interested
in
becoming
a
CK
a
this
is
another
set
of
notes.
That
I
think
does
a
pretty
decent
job.
You
know
and
I
also
really
like
the
artistic
part
of
it
right,
like
I
love,
the
I
love
the
way
this
is
described
like
breaking
down
what
the
objects
are,
how
they
work
kind
of
getting
into
the
primitives
fun
thing
to
read,
even
if
it's
just
reading
it
in
and
CK
is
getting
it
updated
and
I.
A
Think
if
there's
supposed
to
be
a
new
certification
for
the
security
side,
soon
so
that'll
be
interesting,
and
then
these
notes
I
think
these
all
came
from
Liz
and
team
describing
what's
here
so
I'll,
be
digging
into
that
one
as
well.
Oh
wow,
alright,
so
cube
coat,
isn't
an
intentionally
isn't
in
an
intentionally
vulnerable
cluster,
just
a
regular
cluster
without
PSP
admission
controller.
Interestingly
enough,
not
the
default
is
not
to
have
a
PSP
admission.
Controller
cube,
go
from
what
I've
heard
of
it
has
a
number
of
misconfigurations.
A
A
And
what
else
we
got?
Please
provide
kubernetes
training,
I.
Think
I'm
gonna
go
with
like
that's
kind
of
what
were
you
right?
We
explore
different
projects
every
week
and
dig
into
it.
I
do
actually
hold
a
cka.
I
still
need
to
take
my
CKD,
but
I'm
a
lazy,
Buster
I'm,
a
lazy
person,
sometimes
I,
don't
get
the
certifications
done
as
fast
as
I
want
to
so
I
need
to
actually
take
some
time
off.
A
A
This
is
the
repo
for
starboard
and
we
get
into
the
induction
introduction.
So
starboard
integrates
security
tools
like
we
talked
about
before
into
the
kubernetes
environment,
so
that
users
can
find
and
view
risk,
so
that
relates
to
different
resources
and
a
kubernetes
native
way,
which
is
I
think,
is
actually
really
interesting
because
they
do
actually
make
use
of
custom
resource
definitions,
I
think
as
the
mechanism
to
go
about
this.
A
A
A
Think
it'll
be
good
I'm
looking
forward
to
it,
but
you
know
should
be
fun
so
I'm
gonna
spin
up
a
kind
cluster
with
multiple
worker
nodes,
I'm
gonna
deploy
some
stuff
we're
gonna
use,
we're
gonna,
use
strawberry
to
explore
it
and
I'm
also
going
to
be
leveraging
octant
I'm
gonna,
try
that
octant
plugin
cuz
I,
really
like
octant
and
and
where
we're
headed
with
all
of
that.
So
first,
let's
go
ahead
and
get
everything
turned.
B
A
Create
custom
resource
definitions
used
by
stubberd,
it
has
an
ass
or
an
ass
group,
which
is
interesting.
Presumably
that's
going
to
make
use
of
like
the
cube
kettle
as
stuff
the
points
to
a
HTTP
cache
certificate
authority.
Well,
it's
like
the
kind
of
implemented
cube
kit
all
almost
entirely
as
starboard.
A
A
B
A
B
B
A
B
A
Ok!
Well
that
gets
us
that
far,
let's
see
where
we
go
next
well,
we
kind
of
did
that
what
we
kind
of
didn't
do
that.
So
let's
do
that
again!
So
that's
what
we
saw
before
it's
interesting.
There
are
some
things
that
are
namespace
some
things
that
are
not
so
we
have
a
system
inch
report.
That
is
a
global
thing,
probably
because
it
has
to
do
with
actually
evaluating
the
configuration
of
the
cluster
itself,
not
necessarily
those
components
within
a
namespace.
A
We
have
a
config
audit
report,
which
is
namespaced,
which
means
you're
gonna
get
be
able
to
get
one
in
each
namespace.
A
cube
hunter
report.
I
can
probably
similar
to
the
way
that
kubernetes
itself
works
so
kind
of
exposes
the
vulnerabilities
that
are
there
or
talked
about
the
vulnerabilities.
Are
there
and
then
you
have
vulnerabilities,
which
are
names
based.
A
A
A
A
They
have
a
cleanup,
I'll
find,
which
is
the
call
for
managing
the
security
standards.
They
have
a
get
for
getting
security
reports.
I
wish
that
in
it
were
like
a
way
to
under
I,
want
to
understand
what
you're
putting
in
there
and
I.
Don't
see
that
I
don't
see
a
way
to
understand
that
from
an
it,
I
feel
like
I,
have
to
kind
of
explore
the
the
project
to
understand
what
is
happening
inside
the
space.
A
B
A
So
we
have
trivia
running
and
it
has
scanned
our
container
or
maybe
it's
pulling
a
cache
of
the
container
I.
Don't
know
really
know
yet,
but
it
has.
It
has
information
about
the
container
that
we
have
specified
for
sure
I,
don't
know
if
that's
actually
aggregated
I'm
curious
like
if
the
idea
is
that
this
is
aggregating
information
about
a
tag
that
you
have
scanned
publicly
and
you're,
just
reporting
on
that
output
or,
if
that's
actually
coming
from
a
scan
that
happened
inside
the
cluster.
A
So
if
we
do
tube
kit
all
get
all
that
and
Harvard
again
I'm
presuming
because
there's
nothing
out
there
and
I'm
not
running
trivy
locally,
that
it
has
to
be
reporting
about,
has
to
be
reporting
on
things
that
are
that
are
known
about
this
image
rather
than
this
image
itself.
Well,
we
can
prove
that
right
because
it's
very
unlikely
you've
scanned
it
image
that
I've
got
run,
create
deployment
like
oh
ma,
equals
and
and
emits
echo
server.
A
A
A
A
All
controllers
still
I
think
it
would
still
be
so
Daniel
says
that's
what
that's
happening
there
I
think
it
cuber
it's
a
minute.
Some
previous
I
think
that's
true
of
him
and
then
ryo
saying
I
think
it
would
still
be
the
upper
controllers
operating
on
the
sierra
DS.
That
would
report
those
metrics.
Actually
starboard
on
master
has
a
better
error:
propagation
from
Kate's
job
to
standard
out
of
the
CLI,
so
how
we're
created
in
the
starboard
namespace,
whereas
the
reports
are
in
the
same
ayah,
that
makes
sense
okay.
A
A
A
A
A
A
A
A
Yeah,
okay,
so
I
did
call
it
deploy
and
it
is
running
so
I
know
the
image
is
there,
but
Turbie
doesn't
seem
to
be
able
to
scan
that
image
for
whatever
reason.
So
that's
kind
of
interesting
logs
of
the
scan
job
in
the
starboard
namespace,
but
I
can't
seem
to
get
the
logs
because
the
job
is
immediately
deleted.
A
B
A
A
B
A
A
A
Oh,
so
that's
actually
a
positive
result.
Right,
I
see:
okay,
good
point:
it
is
this
one.
A
A
A
A
Description,
oh,
that's
cool,
so
that
basically
just
pulling
back
the
content
from
the
trivia
scanner.
For
that
image,
one
of
my
questions
is:
does
tribbey
is:
are
we
treating
trivia
the
service
here
right?
So,
if
I
had
an
image
that
I
built
locally
instead
of
one
that
was
up
in
the
cloud,
it
wouldn't
be
able
to
scan
it
locally,
would
it.
A
B
B
A
You
got
this
working
it,
so
what
I'm
doing
here
is
I'm
just
basically
building
a
couple.
Local
version
of
quired
I'm
gonna
call
it
something
completely
different
than
quired,
and
then
we're
gonna
see
how
see,
if
tribute
is
able
to
scan
that
and
then
we'll
push
our
image
up
into
my
own
docker
repo
and
then
we'll
use
tribute
to
see
if
I
can
scan
that.
That's
all
that
should
be
fun.
A
A
A
B
B
B
A
A
Vulnerability,
aqua
sec,
you
have
died.
Oh
is
invalid
report
vulnerabilities
invalid
value,
no
report,
vulnerabilities
in
body
must
be
type
array,
no
okay.
So
basically
what
I
did
here
was
I.
Think
I
built,
fired,
I
built
a
card
image.
I
was
able
to
deploy
it,
but
now
we're
getting
a
different
error
from
the
tribute
piece
digging
into
saying.
Basically,
that's
a
response
from
vulnerability
to
Aqua
sectio.
A
A
A
A
A
A
A
A
A
A
So
that's
actually
pretty
neat.
One
of
the
things
I'm
curious
about
is,
if
there's
a
way
to
make
that
database
available,
that
isn't
something
that
it's
pulled
every
time
I'm
like
making
it
so
that
you
could
actually
make
this
offline
mode
kind
of
thing.
So
awesome,
okay,
well,
cool!
So
that's
actually
pretty
neat.
That
means
that
if
I
didn't
have
it
up
loaded,
actually
that's
pretty
cool.
Let's
try
this!
So
what
I'm
going
to
do
now
is
I'm
going
to
do
a
docker
tag.
A
A
Now
what
this
is
doing
is
its
gonna
make
a
new
image.
If
you
will
and
it's
gonna
like
host
it,
it's
gonna
be
local
on
my
nodes,
so
I
can
refer
to
it
in
a
deployment
but
I'm
not
gonna,
pull
it
down
from
doctrine.
I'm
not
gonna,
push
it
up
to
docker
either
right,
and
so
the
will
be
interesting
to
see.
What
happens
here.
I
think
what'll
happen
is
that
card?
A
A
A
A
This
is
a
whole
different
set
of
assumptions
fascinating,
so
this
is
happening
because
you're
presuming
docker
and
I'm
actually
using
container
D.
This
is
also
happening
because
it
can't
pull
the
manifest
from
the
image.
That's
been
pushed
cuz
I
didn't
report
that
push
that
image
up
to
a
public
place,
and
so
I
think
this
is
your
point.
Liz
is
that,
right
now,
it's
not
in
an
offline,
supported
model.
A
A
A
A
A
A
A
So
there's
our
plugin,
so
we
had
the
person
who
wrote
the
plug-in
and
the
person
who
wrote
the
framework
for
the
plugin
all
in
the
same
call
here
so
curious
to
hear
what
you
thought
of
writing
a
plugin
for
the
opt-in
piece
and
whether
that
was
like
super.
Oh
yeah.
You
know
whether
there
was
like
some
feedback
around
that
like
how
that
went.
I,
don't
think,
we've
really
I,
don't
think.
We've
really
explored
writing
plug-ins
for
octant
inside
the
show
yet,
but
be
great
to
get
some
feedback
on
that
piece.
A
A
B
A
A
A
A
A
A
A
A
A
A
A
A
So
they're
vulnerable,
Easter
bird
relies
on
labels
and
labels
electors
to
associate
vulnerability
reports
for
the
specified
deployment
for
deployment
with
in
container
images,
stars
creates
and
instances
of
vulnerability
resources.
In
addition,
each
instance
has
a
starboard
container
name
label.
That
makes
sense,
so
you
can
actually
figure
out
what
it
is
kubera
and
then
that
way
you
could
actually
catch
the.
A
A
A
A
That
seems
like
oh
I,
see
note
that
currently
polar
sub
commands
cancel
all
workloads
in
all
namespaces.
However,
once
we
resolve
this
issue
we'll
be
able
to
scan
specific
ones,
that
makes
more
sense.
So
right
now,
we've
just
pulled
back
we've
scanned
to
everything
and
everything,
and
then
now
we
can
actually
pull
back
the
configuration
record
for
just
this
one
yeah
that
makes
sense.
Thank,
You,
Daniel,
I,
appreciate
it.
I.
A
A
A
Which
don't
read
super
intuitively,
but
it's
I?
Presumably
it's
trying
to
make
a
testament
privilege
escalation
allowed
true
message:
precise
privilege,
escalation
not
allowed
severity
error.
True
success,
true
hard
to
actually
understand
what
the
output
of
that
is
like
from
those
from
these
four
lines.
It's
hard
to
understand
what
happened.
A
Hi
I,
get
that
it
ran
a
check.
Privilege
escalation
allowed
the
message,
but
I'm
not
sure.
If
the
message
is
from
the
result
of
the
check
or
from
the
results,
it
says,
privilege
escalation
not
allowed,
and
the
severity
error
is
true
and
whether
it
was
successful
or
not
was
I
mean
it
was
a
successful
check
or
is
it
successfully
blocking
privilege
escalation
well,
dig
into
that
a
little
bit.
A
A
A
A
A
Yeah,
that
makes
sense,
I
mean
it's
not
super
intuitive
and
that
it
could
be
done
like
I,
wouldn't
know
from
here
that
it
would
that
it
would
not
link
me
back
like
it
just
says
these
are
these
reports
are
not
available.
That's
not
super
easy
to
understand,
but
I
get
why
that
I'll
get
why
that
is
so.
The
result
is
that
the
object
is
stored
at
the
deployment
object.
Not
the
pod
object,
so
here
are
oh
wow.
A
I
did
just
now
noticed
that
we
also
extend
the
status
object,
at
least
visually
in
the
UI,
with
critical
vulnerabilities,
high
vulnerabilities,
that's
really
cool
and
then
down
into
fig
audit
reports.
It
was
generated
six
minutes
ago.
The
scanner
was
Polaris
by
Fairwinds.
The
version
was
latest.
The
mornings
are
eight.
A
A
A
A
A
All
right
there
couple
more
piece
of
this
that
I
want
to
hit
before
we're
done
with
our
episode.
So
what
I
want
to
dig
into
next
is
I
want
to
look
at
the
okay,
I'm
gonna,
explore
this
more
I'm
really
curious,
but
I
mean
I
know
that
if
I
look
at
the
resource
viewer
here,
no
I'm,
sorry
the
mo,
like
the
object
itself.
A
A
Memory
limits
missing
also
true
memory
requests
missing.
Also
true,
I
didn't
put
any
of
that
into
my
deployment
wow.
That
makes
more
sense
now.
I
think
you're,
right,
liveness
probe
missing,
not
ready,
not
read-only,
root.
Filesystem
I
mean
it's
a
great
set
of
tests.
It
just
is
a
non
intuitive
result,
tag
not
specified,
so
we
passed
it
and
then
false
CPU
request
yeah.
That
makes
that
makes
way
more
sense
when
we
think
about
it.
From
that
context,
right,
what's
like
I
would
say,
evaluated,
pass
or
fail,
makes
more
sense
to
me.
A
A
B
A
A
A
A
So
that's
another
interesting
one.
We
kind
of
fun
to
dig
into
that
a
little
bit
more
we're
at
232,
though
so
we're
already
at
this
for
about
an
hour
and
a
half
here.
So
let's
explore
this
just
a
little
bit
more
and
then
we'll
go
play
with
the
other
thing.
So
what
I'm
going
to
do
here
is
I'm
going
to
do
cube
kit.
All.
A
A
B
A
A
A
A
I'm
confused
okay,
I'm
gonna
I'm
gonna
go
with
you
on
that
one
because
I
don't
see
any
output.
A
A
A
B
A
A
A
A
That's
true
either
that
or
just
like
make
it
a
hidden
field
until
it's
a
thing,
alright,
well,
I
learned
a
lot
about
this
tool
and
I
also
learned
a
lot
about
a
really
cool,
plugin
implementation
that
it
makes
use
of
with
octant,
which
I
think
is
actually
super
interesting,
and
we
can
see
that
we're
able
to
see
in
our
dota
namespace
they
were
able
to
get.
You
know
certain
things
back,
so
I
could
figure
out
it
reports
for
each
of
the
things
inside
of
the
space.
A
And
vulnerabilities
the
vulnerability
json.parse
our
needs,
and
we
found
a
couple
bugs
it's
always
good
whenever
it's
pouring
stuff
to
see
if
we
can
find
things
that
aren't
worth
quite
working
the
way
we
expect
one
thing
I
did
not
look
at
that.
I
was
curious.
About
was
whether
there
were
any
events
that
are
surfaced
by
starboard.
A
Like
if
it
weren't
able
to
find
something
that
we're
a
top
priority
like
I
guess
right
now,
the
UX
is
that
I
would
look
at
the
report.
Right
so
like
I
would
understand
for
a
given
deployment,
and
this
might
be
the
link
to
the
pot
object
that
I'm,
referring
to
here
right
so
like
if
I'm
looking
at
a
deployment
within
my
name's
P
or
within
my
environment
and
I.
Look
at
that
like
NGO
next,
one
that
we
looked
at
before
I
can
see.
I
could
see
results
here,
hi
vulnerabilities,
medium
motor
abilities,
low
burn
abilities.
A
If
this
were
represented
as
a
event,
then
I
might
be
able
to
associate
that
event
with
the
pot
object
or
with
with
any
pod
that
is
making
use
of
that
particular
image
that
was
found
to
have
vulnerabilities
and
that
way
the
event
stream
would
show
up
like
whenever
this
report
was
run.
I'd
be
able
to
see.
You
know
that
there
was
an
event
that
there
were
critical
vulnerabilities
or
hi
vulnerabilities
associated
with
a
specific
pod
deployed
in
my
world.
B
A
I
hope
that
was
helpful.
I
hope
you
all
enjoyed
yourselves
I
had
a
great
time.
There
is
a
ton
of
other
stuff
to
explore
with
this.
It's
a
project,
that's
just
getting
off
of
the
ground
to
be
perfectly
clear.
I
am
like
totally
hammering
on
this
project
before
it
is
like
a
super
stable
project
like
I.
Think
it's
a
great
place
to
play
with
it
and
explore
it
and
use
it.
It's
immediately
useful.
A
Justjust
super
excited
to
see
this
stuff
kind
of
head
in
the
direction
that
it's
headed.
So
let
me
kick
back
to
the
face
scene
here.
Give
me
one
moment
wrap
up
so
again.
Thank
you
so
much
for
this
project,
and
for
and
for
like
you
know,
trying
to
further
the
art,
the
state
of
the
art
for
security
within
kubernetes
and
the
and
the
community
in
general,
like
this
is
tremendous
I
mean
and
then
and
again
like
one
of
the
neatest
things
about
it.
For
me
is
like
when
you
look
at
tooling,
like
starboard.
A
Its
goal
is
to
provide
you
more
information,
but
not
necessarily
stand
in
the
way
of
you
of
deploying
these
things
right,
it's
not
going
at
starboard.
It's
not
going
to
say,
like
look,
you
can't
deploy
this
container
because
it
has
critical
vulnerabilities.
Instead,
it's
just
trying
to
provide
you
that
information
or
that
context
around
those
containers,
and
that's
that's
like
an
incredible
feature-
an
incredible
capability,
so
yeah
play
with
it,
see
what
you
think
and
provide
feedback
to
the
starboard
team.
A
If
you
want
to
do
that,
like
they
have
an
issues
repository
I'm
sure
that
they
have
an
issues
repository
for
for
providing
feedback
or
what
you
found
or
things
that
you
think
are
important,
definitely
put
those
things
in
there.
I'm
gonna
try
my
best
to
actually
open
tickets
for
those
things
that
I
found
but
yeah.
You
know,
as
always,
it's
been
a
great
day,
happy
Juneteenth
and
enjoy
Pride
Month
here
in
the
US
and
all
across
the
world,
and
thank
you
all
so
much
for
your
time
and
I'll
see
you
next
time.