Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

recording: 30 minutes

Attendees



Goals

  1. Demonstrate KubeArmor deployment to:

      ...

        1. Kubernetes clusters
        2. bare Linux hosts
      1. Facilitate Day 1 & Day 2 operations on deployed workloads
      2. Integrate with monitoring and observability solutions
      3. Define and deliver an embedded KubeArmor

      Discussion items

      • Goal 1: What is left to do so we can declare success?
      • Goal 2: Detailed work breakdown should include:
        • Default hardened security policy
          • How should Open Horizon service definition files know about a security policy?  Assume it can be tied to specific service versions.
          • Default policies should be able to be public, used by all organizations
          • Or is this really a property of a deployment policy which may or may not be specific to a node's purpose or other attributes?
          • What role(s) will likely be involved in maintaining the security policy, mapping it to deployments?
        • Built-in deployment policy properties
          • provenance
          • auditing
          • trustworthiness
          • BOMs?
          • security scans?
          • Both for services and models
        • Script to deploy KubeArmor alongside Open Horizon
        • Any CLI command integration?
        • ...
      • GaTech students would like to contribute to this effort
        • Are there existing issues we could point them to?
        • Are there small-ish items they could work on, with or without supervision?

      Action items

      •  Create documentation for bare Linux host deployments, to finish out Goal 1.