...
Attendees
Goals
- Identify basic hardening policies to be implemented out-of-the-box (dynamically insert any exceptions or configuration for the current deployment)
- Edge Node protection is different than Edge Workload protection. Node protection should be enabled by default if KubeArmor is shipped with the Management Hub.
Sanjeev:That can be a DEFAULT setup as part of USER_INPUT construct of open horizon edge node registration process.
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
...
- Prashant Deploy the KubeArmor Operator
- Joseph Pearson and Sanjeev Gupta determine best mechanism for deploying security policy updates to running operators
- How do we dynamically update security policy for a node when a new workload is deployed? Security policy should be deployed and applied before the workload, or with it but before workload initialization.
- Joseph Pearson Confirm whether there will be an Open Horizon booth