Abstract: An edge computing gateway (ECG) includes a processor configured to establish a distributed container network that includes a plurality of interconnected ECGs, each of which includes an orchestrator and containers. The processor may determine available resources on one or more additional ECGs in the distributed container network, select one of the additional ECGs in the distributed container network to run a container based on the available resources determined by the orchestrator of the ECG, and allocate resources from the selected ECG to execute the container. In response to changes in resource demands, the processor may dynamically reallocate resources between the ECG and the selected ECG to adjust container performance across the distributed container network.

Abstract: An edge device may be configured to generate a secure container to perform a software application on the edge device. A security daemon operating on a processor of the edge device may receive a configure host request message from a container manager. In response, the security daemon may determine integrity of metadata, extract licenses from the metadata, determine image permissions, create a user or group account, and update one or more system service access-control lists (ACLs). The security daemon may generate and send a configure host response message to the container manager, which may create and/or start the container.

Abstract: An edge device may be configured to generate a secure container to perform a software application on the edge device. A security daemon operating on a processor of the edge device may receive a security policy for the software application from a secure container platform, retrieve a license associated with the software application, and determine permissions of the software application based on the retrieved license. The edge device may create a user or group account and updating a system service access-control list (ACL) based on the received security policy and the determined permissions, and generate and send a policy ready message to the secure container platform in response to creating the user or group account and updating the system service ACL.

Abstract: An edge device may be configured to generate a secure container to perform a software application on the edge device. A security daemon operating on a processor of the edge device may receive a configure host request message from a container manager. In response, the security daemon may determine integrity of metadata, extract licenses from the metadata, determine image permissions, create a user or group account, and update one or more system service access-control lists (ACLs). The security daemon may generate and send a configure host response message to the container manager, which may create and/or start the container.

Abstract: An edge device may be configured to generate a secure container to perform a software application on the edge device. A security daemon operating on a processor of the edge device may receive a security policy for the software application from a secure container platform, retrieve a license associated with the software application, and determine permissions of the software application based on the retrieved license. The edge device may create a user or group account and updating a system service access-control list (ACL) based on the received security policy and the determined permissions, and generate and send a policy ready message to the secure container platform in response to creating the user or group account and updating the system service ACL.