Tag-security: [Presentation] Cloud Custodian

Created on 26 Nov 2019  路  15Comments  路  Source: cncf/tag-security

Title: What is the title of your presentation?

Cloud Custodian

Speakers: Who will be presenting this? List names/github IDs of presenters.
Kapil Thangavelu (@kapilt)
Andy Luong (@aluong)
John Mark Walker (@johnmark)

Description: Describe in a short paragraph what the presentation is about.

Cloud Custodian is a stateless rules engine with a YAML DSL used to secure, govern, and manage cloud environments. It works across several providers from AWS, Azure, GCP, and Kubernetes.
https://cloudcustodian.io
https://github.com/cloud-custodian/cloud-custodian

Its widely used in production across many users. We're looking to incubate the project within the CNCF

Time: How long will the presentation take? (estimate)

30m

Availability: What is the availability times of the speakers to present the topic? Meeting times are listed on the landing page.

11/27/2019

TO DO

  • [x] SIG Representative (@lumjjb)
  • [x] Schedule date: 12/11/2019
presentation

Most helpful comment

Follow-on questions from the meeting, maybe you could answer them here...

I'm curious how you expect this to evolve across many clouds (e.g. if you were to support IBM Cloud Functions, SAP Cloud Functions, etc.) Do you have custom code for every cloud? Do you think at some time in the future there might be some kind of shared cloud ontology? (maybe for basic things like buckets and functions?)

Have you looked at CloudEvents? (cc @duglin)

All 15 comments

depending on dates i can have other contributors/maintainers as co-presenters, but its the holidays, and right before reinvent if this works for 11/27/2019.

Awesome! This is something that i've wanted to see for a while for evidence gathering for compliance, etc.

I believe we have a break in our meetings this week. What would be another available date for you?

12/4 or 12/11 would both work and I should be able to find another maintainer co-presenter for either date, incidentally for anyone attending AWS re:Invent we're also running a community meetup there earlier in the day on 12/4 9-11 PST https://github.com/cloud-custodian/cloud-custodian/issues/5110

Thanks @lumjjb - looking forward to it. I'm pretty sure we can do 12/4. Are there specific quorum requirements?

No quorum requirements to do the presentation.

There is already a presentation planned for 12/4. So I'm going to put this down for 12/11.

No quorum requirements to do the presentation.

There is already a presentation planned for 12/4. So I'm going to put this down for 12/11.

Thank you - 12/11 is probably better anyway. Looking forward to it.

-JM

Awesome - you guys are set for 12/11!

we will discuss today on the Policy WG.

we had a CC presentation back in august
https://youtu.be/NPnbT6nD6r4 (start at about 5:00 - 23:30)

This was a presentation linked from the discussion: https://docs.google.com/presentation/d/1N0oCbQNcyr_LGxgSjbUPwK8fQrTcYWIu79aa4oT7VxE/edit#slide=id.g526cedfb4d_0_191

The slides presented to cncf sig security on dec 11, 2019

https://docs.google.com/presentation/d/1ffnoyKVwy7-uMs4p3K7hEA5rnS45IG5yFuOb9G7WI9E/edit?usp=sharing

Next action items are going through the security sig due dilligence/assessment process.

There is a slack channel (#sec-assessment-custodian https://cloud-native.slack.com/archives/CQM9LU3JL) on the cncf slack for further coordination around that.

Follow-on questions from the meeting, maybe you could answer them here...

I'm curious how you expect this to evolve across many clouds (e.g. if you were to support IBM Cloud Functions, SAP Cloud Functions, etc.) Do you have custom code for every cloud? Do you think at some time in the future there might be some kind of shared cloud ontology? (maybe for basic things like buckets and functions?)

Have you looked at CloudEvents? (cc @duglin)

its custom code for each cloud provider. it seems unlikely we'll evolve to a shared ontology, as we're trying to allow usage/governance of cloud native attributes on each resource, an abstraction removes expressibility of policies. I've looked at cloud events, and am watching that space, but most of the event flow here is pretty specific to the provider, the events abstraction of defining struct format is actually a fairly trivial consideration as a portability detail. For the long tail on cloud integrations we're hopeful that direct integration with kubernetes will provide for greater addressability.

FYI -- here's the video on YouTube: https://www.youtube.com/watch?v=gHV1pHX2S7k

@ultrasaurus Is it OK to close this issue at this point, or do we need to make any additional notes/summaries/etc. of the presentation/topic?

Yea - okay to close!

Was this page helpful?
0 / 5 - 0 ratings