Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Date

Attendees



Goals

  • Identify basic hardening policies to be implemented out-of-the-box (dynamically insert any exceptions or configuration for the current deployment)
  • Edge Node protection is different than Edge Workload protection.  Node protection should be enabled by default if KubeArmor is shipped with the Management Hub.
    Sanjeev: 

    That can be a DEFAULT setup as part of  USER_INPUT construct of open horizon edge node registration process.

Discussion items

TimeItemWhoNotes




Action items

  • Prashant Deploy the KubeArmor Operator
  • Joseph Pearson and Sanjeev Gupta determine best mechanism for deploying security policy updates to running operators
  •  How do we dynamically update security policy for a node when a new workload is deployed?  Security policy should be deployed and applied before  the workload, or with  it but before workload initialization.
  • No labels