Masaharu Imai

Kyoto College of Graduate Studies for Informatics (KCGI), Japan

Systematization of Kubernetes Configuration and Prototyping of A Security Tool for Enhanced Security

Abstract

Kubernetes is one of the most popular open-source container orchestration systems. Kubernetes allows users to easily build and efficiently manage large numbers of container clusters. On the other hand, as the core of the new cloud computing distributed architecture, Kubernetes clusters are composed of many components, and their complexity brings new challenges for security protection.

In this study, a method to help users securely configure Kubernetes clusters and minimize the security risks associated with the configuration by systematizing Kubernetes configuration is proposed. To validate the effectiveness of the proposed method, an automatic security configuration detection platform for Kubernetes clusters was developed. Then the effectiveness of this platform was confirmed through the experiments using a 6-node production-grade Kubernetes cluster by changing the configuration parameter values.