Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Container-based cluster safety management method

A security management and cluster technology, applied in the field of container-based cluster security management, to prevent malicious damage to host resources

Inactive Publication Date: 2019-03-01
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF3 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the disadvantages are as follows: the security of the cluster is only improved from the perspective of network isolation, and there is no unified availability improvement for the cluster

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container-based cluster safety management method
  • Container-based cluster safety management method
  • Container-based cluster safety management method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0058] as attached figure 1 As shown, the cluster K8S has two security policies, Networkpolicy: network security policy and PodSecurityPolicy: container group security policy;

[0059] The network security policy is used to isolate the network of the namespace, and can also isolate the network of the container group within the namespace;

[0060] The container group security policy is used to define whether the containers in the container group can access the host machine resources. In order to ensure the security of the cluster nodes, except for the K8S system-level namespace, container groups in other namespaces are not allowed to access the host machine’s network, System configuration and other information.

[0061] A container group security policy (PSP) is a system resource that is managed through a cluster role and bound to a service account in a specific namespace through the role. The container group obtains the highest authority to operate the host through the servic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a container-based cluster safety management method. The cluster safety management method comprises the following steps: controlling the operation permissions of users for cluster resources through the cluster role management function of RBAC (Role-Based Access Control); performing network isolation on tenants through configuration of a network isolation strategy to preventoptional application access among the tenants; and limiting the super permission for a cluster through a pod safety strategy to prevent a container group from destroying a host maliciously. Compared with the prior art, the container-based cluster safety management method disclosed by the invention has the advantages that the safety level of the cluster is improved, and the high availability of thecluster is enhanced.

Description

technical field [0001] The invention relates to the technical field of containers, in particular to a container-based cluster security management method. Background technique [0002] Kubernetes is a brand-new distributed architecture based on container technology. Based on Docker technology, it provides a series of complete functions such as deployment and operation, resource scheduling, service discovery, and dynamic scaling for container-based applications, improving the performance of large-scale container clusters. Ease of management and high availability. [0003] Kubernetes cluster security includes cluster node security, cluster tenant application security, and cluster resource security. If cluster security is not managed uniformly, the cluster security level will be very low, and users can easily control cluster node resources. Some destructive actions may eventually destroy the cluster, making the cluster unavailable. How to manage cluster security is an urgent p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/10H04L63/20
Inventor 石光银潘峰王文岗
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products