...
- CPU: 100m (millicore) 100m = 1/10th of a vcpu (ref)
- Memory: 100Mi 150Mi (ref)
- karmor cli connects to kubearmor on port TCP/32767.
Deployment Mode
SEDIMENT Deployment Mode
...
KubeArmor Deployment Mode
- Deployed in systemd mode
- Discovery Engine provides visibility into app behaviour and runs as host process.
Security use-cases to target with KubeArmor
...
Task | Description | Status | ETA | Owner | ||
Document | For arch, sys requirements, deployment model etc | WIPDone | 20th April 2023 | AccuKnox to create, and Peraton to update as necessary | ||
Brief plan to 5G SBP WG | Discuss details of the use case demo plan with the 5G SBP WG in a bi-weekly meeting | WIPDone | 2nd May 2023 | Peraton + AccuKnox | ||
SEDIMENT app containerization | WIPDone | 5th, May, 2023 | Peraton Labs | |||
Provision a common VM that can be used for tests | ssh sbp@172.173.219.229 … | credentials will be provided to relevant folks | Done | 20th April 2023 | AccuKnox | |
Provide containerized SEDIMENT to run on a | sample Linux VM | TODO/Host | Done | 5th May, 2023 | Peraton Labs | |
Identify prover device and camera | TODO | Peraton | ||||
Deploy KubeArmor on same VM as SEDIMENT | TODO Done | AccuKnox | ||||
Get KubeArmor visibility for SEDIMENT app | TODODone | AccuKnox | ||||
Apply protection policies for securing SEDIMENT | TODODone | AccuKnox | ||||
Identify lab requirements | Based on the VM used above, identify lab requirement | TODO | Peraton + AccuKnox +Kaloom | |||
Implement in Kaloom lab | TODO | Peraton + AccuKnox +Kaloom | ||||
Joint Demo to 5G-SBP | TODO | Peraton + AccuKnox |
- Ganesh Venkatraman , what is the status of current IBM environment/solution in Kaloom?
- Document proposed observability capabilities. Define observability capabilites/use case