Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS FTR assesment tracker #891

Closed
22 tasks done
rksharma95 opened this issue Sep 12, 2022 · 1 comment · Fixed by #967 or #978
Closed
22 tasks done

AWS FTR assesment tracker #891

rksharma95 opened this issue Sep 12, 2022 · 1 comment · Fixed by #967 or #978
Assignees
@rksharma95
Labels
enhancement New feature or request

Comments

@rksharma95
Copy link
Collaborator

rksharma95 commented Sep 12, 2022
edited
Loading

Feature Request

Short Description

We are targeting the KubeArmor to meet all the specified requirements under AWS Foundational Technical Review. This issue tracks the progress on the same. Most of the requirements are AWS platform specific.

The spreadsheet document here can be used for remark/discussion, feel free to add your remark there. The draft document here is being used to track WIP.
Describe the solution you'd like

Action Items

  • Respond to all the requirements with required action item.

Architecture Diagram

  • Illustrate all AWS services running, demonstrate VPC and subnet requirements

Documentation

  • Introduction

  • Use cases of the Kubearmor
  • List of resources deployed and expected amount of time to complete. ref: Code refactoring: remove annotation, policy and host policy controllers from kubearmor code base #875
  • Specify the supported regions
  • Guidance fot testing/troubleshooting

  • Requirements

  • Technical prerequisites and requirements i.e. EKS Cluster, IAM Permissions etc.
  • Specify if the specilized skills and knowlege needed
  • Environment configuration that is needed, i.e. AWS account, OS, licensing etc.

  • Security

  • Specify that deployment doesn't require any root privileges
  • Specify that deployment follows policy of least privilege
  • Describe purpose of each IAM role and policy to be created by the user

  • Cost

  • List of optional/mandatory billable service
  • Licensing cost

  • Sizing

  • Either provide a script to provision required resource or provide guidance for type and size selection for the resource.
    Ref: determine and apply resource limitation for Kubearmor Daemonset #923

  • Health Check

  • how to monitor the heath of the Kubearmor i.e. using karmor probe command

  • Backup and Recovery

  • data and configuration to be backed up i.e. backup applied kubearmor policies.

  • Routine Maintenance

  • rotating system credentials and cryptographic keys i.e. karmor rotate-tls
  • guidance for software patches and upgrades i.e. karmor selfupdate
  • guidance for managing licence and AWS service limits

  • Emergency Maintenance

  • instructions on handling fault conditions and how to recover the software.

  • Support

  • guidance on how to receive support, details on different technical support tiers and SLAs.

Describe alternatives you've considered

A separate section titled "KubeArmor on EKS" that answers all the requirements specified in the AWS FTR can be added to the Documentation.
@rksharma95 rksharma95 added the enhancement New feature or request label Sep 12, 2022
@rksharma95

This comment was marked as outdated.

Sign in to view
@nyrahul nyrahul moved this to 🏗 In progress in v0.7 Backlog, Release Plan Sep 13, 2022
@nyrahul nyrahul mentioned this issue Sep 13, 2022
Closed
5 tasks
@rksharma95 rksharma95 mentioned this issue Sep 27, 2022
Merged
@Ankurk99 Ankurk99 closed this as completed Nov 3, 2022
@Ankurk99 Ankurk99 moved this from 🏗 In progress to ✅ Done in v0.7 Backlog, Release Plan Nov 3, 2022
This was referenced Nov 8, 2022
Merged
Merged
Ankurk99 added a commit that referenced this issue Nov 10, 2022
@Ankurk99
Merge pull request #978 from rksharma95/aws-ftr-arch-1
730d9c4 
Fixes #891
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rksharma95 rksharma95

Labels
enhancement New feature or request
Projects
No open projects
v0.7 Backlog, Release Plan
Status: Done
Milestone
No milestone
2 participants
@Ankurk99 @rksharma95