openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragos Dascalita Haut <ddas...@adobe.com.INVALID>
Subject Securing Action Container communication
Date Fri, 29 Sep 2017 19:05:23 GMT
I'm starting this thread based on our conversations in Slack [1].


This is a sensitive aspect, at least 2 folds:

  1.  Container isolation. making sure action containers can't invoke other containers directly,
nor other system components directly (db, kafka, kube api, mesos api). What are the best ways
to achieve this ?
  2.  Protecting restricted data on transit: securing the data plane communication via SSL
from controller -> kafka -> invoker -> action container.  Do we want to build this
into the project, or treat it optional and only document it ? Either way, it would be great
to brainstorm together on what are the best approaches. WDYT ?


Let's share our thoughts here, and then create issues for the items that we want to implement
in OpenWhisk; if we want to treat some aspects optional, we can at least open issues to document
possible approaches ?


Thanks,
dragos

[1] - https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1506704400000446

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message