An abstract model of cloud-native networks for security enforcement and remediation

In recent years, Kubernetes has established itself as a dominant platform for container orchestration, becoming an integral component of numerous cloud infrastructures. A significant portion of Kubernetes’ popularity stems from its ecosystem of external components, including operators, network plugins, and various other tools. The proliferation of these components, each tailored to specific use cases, has resulted in a diverse and often overlapping landscape of solutions. This thesis undertakes a comprehensive analysis of several prominent Kubernetesnetwork plugins, operators, and tools, encompassing popular solutions such as Flannel, Calico, Cilium, Network Service Mesh, and Kube-router. The analysis delves into their respective features, performance characteristics, and security implications, enabling a comparative evaluation. Furthermore, this thesis introduces an abstract model that encapsulates the diverse resource types within Kubernetes. Designed to encompass a broad spectrum of Kubernetes resources, the model has been validated against real-world deployments, including GoogleBoutique, IBM Java microservices, and practical applications powered by Kubernetes, Cilium, and KubeArmor. This structured representation offers a foundation for automated processing by software tools.