openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragos Dascalita Haut <>
Subject Securing Action Container communication
Date Fri, 29 Sep 2017 19:05:23 GMT
I'm starting this thread based on our conversations in Slack [1].

This is a sensitive aspect, at least 2 folds:

  1.  Container isolation. making sure action containers can't invoke other containers directly,
nor other system components directly (db, kafka, kube api, mesos api). What are the best ways
to achieve this ?
  2.  Protecting restricted data on transit: securing the data plane communication via SSL
from controller -> kafka -> invoker -> action container.  Do we want to build this
into the project, or treat it optional and only document it ? Either way, it would be great
to brainstorm together on what are the best approaches. WDYT ?

Let's share our thoughts here, and then create issues for the items that we want to implement
in OpenWhisk; if we want to treat some aspects optional, we can at least open issues to document
possible approaches ?


[1] -

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message