Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Protecting workloads in Kubernetes

A protected, bootloader technology used in Kubernetes security to solve problems such as unsupported security models

Active Publication Date: 2022-04-12
IBM CORP
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As of now, Kubernetes does not support any security model that separates work items in pods from the Kubernetes administrator's control
Also, the Kubernetes workloads in the pods are not secured, locked, or encrypted in any way to protect the workload's data (and thus the customer) from being accessed by Kubernetes administrators

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Protecting workloads in Kubernetes
  • Protecting workloads in Kubernetes
  • Protecting workloads in Kubernetes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] One or more embodiments of the present invention allow more fine-grained protection of individual workloads in a Kubernetes cluster by providing new security boundaries for individual containers in a Kubernetes pod. This allows administrators to manage Kubernetes clusters with full transparency and existing tools.

[0015] One or more embodiments of the invention prevent a single workload from breaching a container's vulnerability to read data from other pods in the same Kubernetes worker.

[0016] One or more embodiments of the invention include having a sidecar container provided for each pod deployed on a Kubernetes cluster to help provide a runq environment for all containers of the pod.

[0017] One or more embodiments of the invention provide protection of a pod's memory and storage from a host operating system (OS).

[0018] One or more embodiments of the invention allow for the protection of bare metal servers (eg, logical partitions or "LPARs"), virtual machin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Aspects of the invention include obtaining, via a processor, an original docker image from a customer, encrypting a disk image using content from the original docker image, and encrypting a boot loader. A repacked image is created using the encrypted disk image and the secure encrypted boot loader. The repacked image is deployed by inserting the repacked image into a pod container and by using a transform webhook, granting elevated privileges to the container, and creating a protected Kubernetes pod for protecting the workload, wherein the protected Kubernetes pod has at least one virtual machine containing the pod container.

Description

Background technique [0001] The present invention relates generally to Kubernetes security and, more specifically, to securing workloads in Kubernetes. [0002] Kubernetes is an open source container orchestration system for automating application deployment, scaling, and management. Kubernetes defines a set of building blocks called primitives that together provide mechanisms for deploying, maintaining, and scaling applications based on processor, memory, or custom metrics. A Pod is a Kubernetes building block that includes one or more containers that are co-located on a host and can share resources. A node, which can be a virtual machine (VM) or a physical machine, is a worker machine in Kubernetes that includes one or more pods. Each node contains the services needed to run pods. As of now, Kubernetes does not support any security model that separates work items in pods from the Kubernetes administrator's control. Additionally, the Kubernetes workloads in the pods are n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/53G06F21/6209G06F2221/033G06F21/602
Inventor A·纽内兹门西亚斯P·莫尔简D·赫尔恩多尔弗尔P·婆勒帕里耶什万
Owner IBM CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com