Skip to end of banner Go to start of banner

2024-01-24 Meeting notes for Workload Runtime Security

Skip to end of metadata

Created by Joseph Pearson, last modified on Jan 24, 2024

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Date

24 Jan 2024

Attendees

Joseph Pearson

Goals

Identify basic hardening policies to be implemented out-of-the-box (dynamically insert any exceptions or configuration for the current deployment)
Edge Node protection is different than Edge Workload protection. Node protection should be enabled by default if KubeArmor is shipped with the Management Hub.
Sanjeev:
That can be a DEFAULT setup as part of USER_INPUT construct of open horizon edge node registration process.

Discussion items

Time	Item	Who	Notes

Action items

Prashant Deploy the KubeArmor Operator
Joseph Pearson and Sanjeev Gupta determine best mechanism for deploying security policy updates to running operators
How do we dynamically update security policy for a node when a new workload is deployed? Security policy should be deployed and applied before the workload, or with it but before workload initialization.
Joseph Pearson Confirm whether there will be an Open Horizon booth

No labels