Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

recording: 30 minutes

Attendees



Goals

  1. Demonstrate KubeArmor deployment to:
    1. Kubernetes clusters
    2. bare Linux hosts
  2. Facilitate Day 1 & Day 2 operations on deployed workloads
  3. Integrate with monitoring and observability solutions
  4. Define and deliver an embedded KubeArmor

Discussion items

...

Action items

  •  

  • Goal 1: What is left to do so we can declare success?
  • Goal 2: Detailed work breakdown should include:
    • Default hardened security policy
      • How should Open Horizon service definition files know about a security policy?  Assume it can be tied to specific service versions.
      • Default policies should be able to be public, used by all organizations
      • Or is this really a property of a deployment policy which may or may not be specific to a node's purpose or other attributes?
      • What role(s) will likely be involved in maintaining the security policy, mapping it to deployments?
    • Built-in deployment policy properties
      • provenance
      • auditing
      • trustworthiness
      • BOMs?
      • security scans?
      • Both for services and models
    • Script to deploy KubeArmor alongside Open Horizon
    • Any CLI command integration?
    • ...
  • GaTech students would like to contribute to this effort
    • Are there existing issues we could point them to?
    • Are there small-ish items they could work on, with or without supervision?

Action items

  •  Create documentation for bare Linux host deployments, to finish out Goal 1.