we’d like to share our experience for ROS2 with Kubernetes in security aspect. this is also explained in KubeCon EU 2021 Edge Day a little bit.
any comments are always welcome and we’d like to have some feedback from the community.
thanks in advance.
Background
thinking about consumer devices, edge distributed system within LAN, and even with 3rd party application, there should or must be security certificate or key to control authorization and access permission for each endpoint.
(unfortunately) security tends to be considered after development but once it comes to production phase, that something we cannot just ignore.
Problem
we can create bunch of security enclaves for nodes, but how can we manage them? several robots are just fine, but what if it comes to hundreds and thousands nodes running at the same time? how can we bind only required security enclaves to specific nodes dynamically?
Overview
it describes how to manage security enclaves as administrator and user, and how security enclaves are attached to appropriate containers dynamically with using Kubernetes ConfigMap and Secrets.
1st, administrator registers security enclaves for each endpoint.
and give them appropriate access permission via API-server, so that we can control the access permission in the 1st place.
for example, 3rd party application developer only can see a couple of security enclaves for 3rd party application.
and when we need to run the application, we can just say what we need to use for this container as security enclaves.
the rest will be taken care by Kubernetes, it will check the permission if the user is allowed to use that security enclave.
and then loads and attaches the required security enclave dynamically on the container as volatile storage on that physical machine.
application containers can be agnostic from this binding by Kubernetes, but it just uses security enclaves to participate distributed system and access the data objects.
once containers are shutdown, security enclaves will be gone too.
so far, we confirmed that everything works okay with ROS2 security feature like this.
Note
- in case of not using Kubernetes, we can also use network filesystem or distributed storage to share enclaves in nodes.