Secure Kubernetes at the Edge

How strict confinement enables a secure IoT landscape

Internet of Things (IoT) devices bring compute power closer to where data is generated, enabling unprecedented levels of efficiency and automation. But as IoT use cases and capabilities evolve, so do the risks.

In the past, there were far fewer devices deployed in the field, and they typically remained in a fixed state throughout their entire lifecycle. Today, organisations often rely on Kubernetes to manage millions of devices, all of which receive a regular stream of updates and communicate with external data sources. Each of these interactions represents a window of vulnerability that can potentially be exploited.

This whitepaper puts forth an approach to mitigate security risks with strict confinement, a feature that provides complete isolation for containerised applications.

The whitepaper provides:

  • An exploration of the IoT edge and how it differs from other edge computing categories.
  • Security concerns for IoT edge deployments.
  • An introduction to MicroK8s, Canonical’s lightweight, CNCF-certified, pure upstream Kubernetes distribution designed for IoT.
  • An introduction to Ubuntu Core, Canonical’s embedded Linux distribution.
  • An overview of strict confinement and sample use cases, demonstrating how users can run sophisticated and otherwise high-risk IoT workloads in a safe way.
Contact information
  • In submitting this form, I confirm that I have read and agree to Canonical's Privacy Notice and Privacy Policy.