Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attendees



Goals

  • Identify basic hardening policies to be implemented out-of-the-box (dynamically insert any exceptions or configuration for the current deployment)
  • Edge Node protection is different than Edge Workload protection.  Node protection should be enabled by default if KubeArmor is shipped with the Management Hub.
    Sanjeev: 

    That can be a DEFAULT setup as part of  USER_INPUT construct of open horizon edge node registration process.

Discussion items

TimeItemWhoNotes




...

  •  Prashant Deploy the KubeArmor Operator
  •  Joseph Pearson and Sanjeev Gupta determine best mechanism for deploying security policy updates to running operators
  •   How do we dynamically update security policy for a node when a new workload is deployed?  Security policy should be deployed and applied before  the workload, or with  it but before workload initialization.
  •  Joseph Pearson Confirm whether there will be an Open Horizon booth