Date
recording: 30 minutes
Attendees
Goals
- Demonstrate KubeArmor deployment to:
- Kubernetes clusters
- bare Linux hosts
- Facilitate Day 1 & Day 2 operations on deployed workloads
- Integrate with monitoring and observability solutions
- Define and deliver an embedded KubeArmor
Discussion items
...
Action items
- Goal 1: What is left to do so we can declare success?
- Goal 2: Detailed work breakdown should include:
- Default hardened security policy
- How should Open Horizon service definition files know about a security policy? Assume it can be tied to specific service versions.
- Default policies should be able to be public, used by all organizations
- Or is this really a property of a deployment policy which may or may not be specific to a node's purpose or other attributes?
- What role(s) will likely be involved in maintaining the security policy, mapping it to deployments?
- Built-in deployment policy properties
- provenance
- auditing
- trustworthiness
- BOMs?
- security scans?
- Both for services and models
- Script to deploy KubeArmor alongside Open Horizon
- Any CLI command integration?
- ...
- Default hardened security policy
- GaTech students would like to contribute to this effort
- Are there existing issues we could point them to?
- Are there small-ish items they could work on, with or without supervision?
Action items
- Create documentation for bare Linux host deployments, to finish out Goal 1.