Identify basic hardening policies to be implemented out-of-the-box (dynamically insert any exceptions or configuration for the current deployment)
Edge Node protection is different than Edge Workload protection. Node protection should be enabled by default if KubeArmor is shipped with the Management Hub.
Joseph Pearson and Sanjeev Gupta determine best mechanism for deploying security policy updates to running operators
How do we dynamically update security policy for a node when a new workload is deployed? Security policy should be deployed and applied before the workload, or with it but before workload initialization.
