Eclipse Kanto Is Maturing With M2 Release
The Eclipse Kanto project was created to resolve the challenges of complex edge development for edge devices that integrate AI and IoT. Eclipse Kanto is a modular IoT edge software stack that enables devices for IoT with all the essentials — cloud connectivity, digital twins, local communication, container management, and software updates — all configurable and remotely manageable by an IoT cloud ecosystem of choice. Since the project launched in February 2022, significant work has been completed.
At launch, the goal was to get the project out there with its key features: a true minimum viable product (MVP). As adoption has grown, we’ve been making a conscious effort to mature the project and improve its reliability and security, among other things. The M2 release, published on September 27, 2022, included several changes to enhance Kanto’s flexibility and improve its usability. Here are the highlights.
Changed Licensing to Accommodate Other Domains
One of the strengths of Eclipse Kanto is that it’s domain-agnostic. It addresses the digital transformation and challenges it poses to connected buildings, mobility, goods, and manufacturing. We started out licensing it with the Eclipse Public License v2.0, and initially that worked fine.
But one of the things we discovered along the way is that some domains are very particular about their licensing arrangement. For example, the automotive in-vehicle solutions seem to lean towards more permissive licensing schemes that give them the opportunity to do extensions and contributions as it best suits their needs and use cases. To ensure the needed flexibility, we are now making Kanto available under the Apache v2.0 license as well.
By making this change, we aim to combine both OSS evolution paths. We encourage contributions and the community via the Eclipse Public License for organizations and interested parties considering the license’s OSS values imposed in it, as well as easing adoption for use cases and domains that would benefit from a more flexible contributions approach by enabling usage of the more permissive Apache 2.0.
Improved Container Images Security
Ultimately, when you’re developing an edge application, your application logic needs to be able to run at the edge. This, however, can potentially be a vulnerable environment for both the logic and managed data. Thus, security should always be first in mind.
Securing the applications runtime via isolation is already available in the Kanto container management component. We now further enrich it with the ability to spin containers from encrypted images. The main idea behind this feature is to ensure that the full or specifically desired content of a containerized application is encrypted and secure, so that only authorized parties can run the containers and manage them.
One of the other big steps forward was an enhancement to deployment. There are multiple components to this: Yocto, RPM, and advanced cloud connectivity via local digital twins and automatic bootstrapping.
In embedded domains, like the automotive sector, the device palette can be really colorful regarding constrained capabilities and legacy hardware modules. To address that, we provided an Eclipse Kanto Yocto meta layer that contains recipes for all the Eclipse Kanto building blocks out-of-the-box. It can be easily integrated into customized Yocto build configurations and widely adopted to create tailored Linux images for embedded and IoT devices.
With the much-appreciated help of new contributors to the project and exploring new use cases and OSs together, we also managed to release an RPM package for Eclipse Kanto alongside the already existing Debian one. This is our first step into supporting the variety of RPM-based Linux distributions, like Fedora IoT.
Alongside the already existing cloud connectivity capabilities, we introduced two new components to improve handling of the so-called offline use cases as well as to provide a smooth, zero-touch device provisioning process.
The new local digital twins component is essentially a lightweight replica of a cloud-based digital twin that lives on the device. It improves offline scenarios handling and advanced edge computing use cases by providing synchronization mechanisms designed to significantly reduce data traffic and efficiently prevent data loss from long-lasting disruptions. The component manages the cloud connectivity while also ensuring that the digital twin state is always available locally. This keeps the local applications communication intact even when there are remote connectivity issues.
Additionally, a zero-touch mechanism for automated provisioning and configuration of devices is supported by the new suite bootstrapping Eclipse Kanto component. It also enhances load balancing by enabling device distribution across multiple field subscriptions.
Enriched Edge Management
In M1, our focus was really on getting the very basic components that would be needed to connect and manage devices via an IoT cloud ecosystem of choice. With M2, we equipped Eclipse Kanto with key monitoring and recovery mechanisms to complete the essentials, providing the capabilities needed to ensure a robust runtime and enhanced device and applications performance.
Gathering and optionally filtering system and applications metrics is provided via a unified API for both the newly introduced system metrics component and the already existing container management one. The unified produced data can easily be used to further perform an analysis of choice.
As well, system-critical resources can be backed up and then restored on a regular basis or ad-hoc if needed. This allows the system to be recovered to a last-known working state via the backup and restore component.
Check Out the Documentation and Get Involved
As Kanto continues to mature, we’re looking for feedback from the community, particularly with regards to the new components we’ve added. Feedback on how well Kanto fits into the Yocto and Fedora worlds would also be welcome. Our community page is the best place to go if you’re interested in learning more about the project or getting involved. If you are keen on trying Kanto out, our how-to guides will walk you through, supported by configuration references and concept insights for a deeper dive.
About the Author
Dr. Konstantina Gramatova is a product architect for the Bosch IoT Edge Agent and the technology project lead for Eclipse Kanto.
More from this Edition
Learn about the Eclipse eCAL project, where it fits into the software-defined vehicle paradigm, and how it debuted its capabilities at the recent SDV Hackathon at BCX.
Eclipse Adoptium has been working on SLSA compliance for the Eclipse Temurin project for some time. Stewart Addison takes a look at the work that's been done so far and what's next.