2024-01-24 Meeting notes for Workload Runtime Security

Owned by Joseph Pearson
Last updated: Feb 07, 2024
1 min read

Date

Jan 24, 2024

Attendees



  • @Joseph Pearson



Goals

  • Identify basic hardening policies to be implemented out-of-the-box (dynamically insert any exceptions or configuration for the current deployment)

  • Edge Node protection is different than Edge Workload protection.  Node protection should be enabled by default if KubeArmor is shipped with the Management Hub.
    Sanjeev: 

    That can be a DEFAULT setup as part of  USER_INPUT construct of open horizon edge node registration process.

Discussion items

Time

Item

Who

Notes

Time

Item

Who

Notes









Action items

@Prashant Deploy the KubeArmor Operator
@Joseph Pearson and @Sanjeev Gupta determine best mechanism for deploying security policy updates to running operators
 How do we dynamically update security policy for a node when a new workload is deployed?  Security policy should be deployed and applied before  the workload, or with  it but before workload initialization.
@Joseph Pearson Confirm whether there will be an Open Horizon booth