2024-01-24 Meeting notes for Workload Runtime Security

Created by Joe Pearson, last modified on Feb 07, 2024

Date

24 Jan 2024

Attendees

Joe Pearson

Goals

Identify basic hardening policies to be implemented out-of-the-box (dynamically insert any exceptions or configuration for the current deployment)
Edge Node protection is different than Edge Workload protection. Node protection should be enabled by default if KubeArmor is shipped with the Management Hub.
Sanjeev:
That can be a DEFAULT setup as part of USER_INPUT construct of open horizon edge node registration process.

Discussion items

Time	Item	Who	Notes

Action items

Prashant Mishra Deploy the KubeArmor Operator
Joe Pearson and Sanjeev Gupta determine best mechanism for deploying security policy updates to running operators
How do we dynamically update security policy for a node when a new workload is deployed? Security policy should be deployed and applied before the workload, or with it but before workload initialization.
Joe Pearson Confirm whether there will be an Open Horizon booth

meeting-notes