XML

Word

Printable

Epic Name:
Custom Kata Agent policy support in CoCo & peer-pods
Activity Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Feature Link:
KATA-3248 - Custom Kata Agent policy support in CoCo & peer-pods
Parent Link:
KATA-3248Custom Kata Agent policy support in CoCo & peer-pods
Hierarchy Progress Bar:

67% To Do, 0% In Progress, 33% Done
Release Note Text:

Hide
.Kata Agent policy customization

The Kata agent policy is a security mechanism that controls agent API requests for pods running with the Kata runtime. This policy determines which operations are allowed or denied. You can override the default policy with a custom policy for _testing_ or _development_ by adding an annotation to a peer pod manifest. In production environments, use `initdata` to change the policy.

Show
.Kata Agent policy customization The Kata agent policy is a security mechanism that controls agent API requests for pods running with the Kata runtime. This policy determines which operations are allowed or denied. You can override the default policy with a custom policy for _testing_ or _development_ by adding an annotation to a peer pod manifest. In production environments, use `initdata` to change the policy.
Release Note Type:
Feature
Release Note Status:
Done
Product Documentation Required:
Yes

Epic Goal

Agent policy performs additional validation for each ttRPC API requests in the Guest VM, this epic goal is to allow to configure it.

Why is this important?

Users of peer-pods/CoCo may wan't to be able to block certain calls, due to suspecting that some components were compromised or simply to change the defaults (CoCo)

https://issues.redhat.com/browse/KATA-3073 (development has been completed as part of this phase)