|1.0||Initial Version||September 25, 2020|
Applications intended for deployment and operation using the SLATE platform differ from standard Kubernetes applications in a number of ways. Given SLATE’s role in providing an edge services platform, the cybersecurity requirements must align and satisfy those of Edge Cluster host institutions. In particular, applications (often containerized services) must adhere to the following:
Application Developers should submit new applications and modifications as pull requests to the application catalog repository.
Packaged applications must have a Helm chart which defines how the application is installed in Kubernetes, and may also contain the sources for container images used by the application. Unless an image is drawn from a source on SLATE’s allow-list of trusted external image maintainers/sources, its sources must be included in the catalog with the chart which uses it.
The chart must have a README which provides basic guidance on what the application is for and how to install and use it. It must contain a reference or link to any more complete documentation for the application which is maintained elsewhere. When possible, Application Developers should provide guidance on how to test the functioning of the application with widely, or at least publicly, available tools.
The default configuration of an application should, as much as possible, be chosen to be reasonably safe to operate (e.g. proxies should not default to being open to the entire internet, etc.). Any features of the application which have significant security implications must be clearly mentioned in the README with explanations of the concerns an operator should be aware of.
Application developers are encouraged to test their applications by installing them directly to a Kubernetes cluster (such as minikube) with Helm, or in the miniSLATE test environment to ensure proper functionality before submitting them for review, as this makes the review more efficient for all parties.
Every application must be reviewed by at least one person not responsible for its development or packaging.
An Application Reviewer must examine each pull request to the application catalog. The reviewer should:
Applications previously reviewed by an Application Reviewer and curated into the SLATE catalog can receive regular updates for maintenance purposes, feature updates, security updates, etc. All of the principles and obligations of the Application Development section above apply.
Any change to an application must include an update of the chart’s version number. While this is annoying to remember for small changes, it is necessary to ensure that versions are distinguishable, and that Helm will actually use the new version, rather than a stale one from its local cache.
This document is a policy of the SLATE (Services Layer at the Edge) project, supported by the National Science Foundation Office of Advanced Cyberinfrastructure: “CIF21 DIBBs: EI: SLATE and the Mobility of Capability”, award number OAC-1724821