Politecnico di Torino (logo)

Towards automation of Multi Cluster Network Policies

Giuseppe Sommese

Towards automation of Multi Cluster Network Policies.

Rel. Riccardo Sisto, Fulvio Valenza, Guido Marchetto, Daniele Bringhenti. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2021

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (4MB) | Preview

In recent years, novel cloud technologies have emerged and gained interest in the field of software development. At the same time, the application development methodology has started to change, moving from the monolithic application idea to cloud-native application, composed of micro-services loosely coupled and independent from each other. Developing applications in this way has permitted the various parts to be deployed in different servers and this has contributed to the start of developing new types of software called orchestrators, capable of managing all the resource optimization, deployment, and security parts of a data center or cloud environment. One of the most successful orchestrators at the moment is Kubernetes. Kubernetes allows new applications, developed using micro-services, to be deployed in different parts of data centers and to still be able to communicate with each other. Since its first release, developers have mainly focused on the work of a single Kubernetes instance, called cluster, to try to make everything work within a single cluster. Recently, the attention has shifted to the cooperation of several Kubernetes clusters, which can also belong to different data- centers or companies, with each other to be able to develop parts of an application independently, and then make them communicate to form the entire application. Many projects have also been developed together with Kubernetes that extend it with security networking and monitoring functions. Although Kubernetes doesn't currently provide any features for connecting multiple cluster instances and discovering the services that are within them, the various projects have started to move in this area by proposing different solutions. Even if some parts have been developed using different methodologies, at the moment, the automation part of both the security functions and the creation of connections between clusters and services is missing in these projects. Automating these functions is important to prevent the possibility of a human error in the configuration both of security, which could lead to branches and the connection between clusters and services that could lead to an unwanted interruption of communication with difficult resolution. Furthermore, if it refers to the communication between services of different companies, there is some information in the configurations that could be unknown and that requires cooperation between the parties that could lead to misconfigurations and, therefore, to undesirable effects. The objectives of this work are then the analysis of the current technologies for multi-cluster communications and the development of a Multi Cluster Orchestrator able to automatically configure security and communications in multiple Kubernetes clusters. For the first objective, three software will be analyzed, highlighting their strengths and weaknesses, in particular the lack of automatic configurations features. Based on one of these technologies a new framework will be proposed, placed at a higher level of Kubernetes, that can automatically configure security policies, connect clusters, and provide service-to-service communication between services in different Kubernetes clusters.

Relators: Riccardo Sisto, Fulvio Valenza, Guido Marchetto, Daniele Bringhenti
Academic year: 2021/22
Publication type: Electronic
Number of Pages: 108
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/20419
Modify record (reserved for operators) Modify record (reserved for operators)