2024-01-24 Meeting notes for Workload Runtime Security
Date
Jan 24, 2024
Attendees
@Joseph Pearson
Goals
Identify basic hardening policies to be implemented out-of-the-box (dynamically insert any exceptions or configuration for the current deployment)
Edge Node protection is different than Edge Workload protection. Node protection should be enabled by default if KubeArmor is shipped with the Management Hub.
Sanjeev:That can be a DEFAULT setup as part of USER_INPUT construct of open horizon edge node registration process.
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
Action items
@Prashant Deploy the KubeArmor Operator
@Joseph Pearson and @Sanjeev Gupta determine best mechanism for deploying security policy updates to running operators
How do we dynamically update security policy for a node when a new workload is deployed? Security policy should be deployed and applied before the workload, or with it but before workload initialization.
@Joseph Pearson Confirm whether there will be an Open Horizon booth