Politecnico di Torino (logo)

Enabling Multi-Tenancy and Fine-grained Security in a Multi-Cluster Architecture

Andrea Terzolo

Enabling Multi-Tenancy and Fine-grained Security in a Multi-Cluster Architecture.

Rel. Fulvio Giovanni Ottavio Risso, Alex Palesandro. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2021

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (3MB) | Preview
[img] Archive (ZIP) (Documenti_allegati) - Other
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB)

In the last two decades, the cloud has gained growing relevance. The current trend is to engineer the new web applications to be cloud-native, thus to be split up into loosely coupled micro-services, each one containerized and deployed as a part of a bigger application. The use of containers allows to cut oneself off the hosting physical hardware and operating system, letting to focus on the main purposes of a web application: to be widespread and high-available. The cloud allows to achieve this goal by gathering the infrastructure control under the cloud provider tenants and implementing the IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) paradigms: the computational, networking and storage resources are provided on demand to the cloud provider's customers as if they were services. A technology that broke through the cloud market is Kubernetes. This project, kicked off by Google, allows to automate deployment, scaling, and management of containerized applications. In recent years also the edge computing has gained growing importance. This is a distributed computing paradigm that brings the computational and storage resources close to the final user. The idea is to improve the QoS standards in terms of latency and bandwidth. The goal of the project behind this thesis is to create a Kubernetes clusters federation. Many different tenants are connected to cooperate in creating a federation of clusters with computational, storage, and networking resources shared between them. In this scenario, every tenant can make its cluster resources available to others by sharing or leasing them out in a common environment. This project needs a standard solution to take advantage of the resources offered by the federated clusters. The current implementation allows to create multi-cluster topologies, but without giving the tenant strict control in the use of shared resources. Furthermore, sharing resources requires full privileges on all federated clusters. This requirement in terms of privileges can undermine the support of a multi-ownership model where different companies are involved. This thesis has two core purposes: to provide tenants with fine-grained controls over the shared resources and to minimize the privileges required to allow solutions based on the multi-ownership model.

Relators: Fulvio Giovanni Ottavio Risso, Alex Palesandro
Academic year: 2021/22
Publication type: Electronic
Number of Pages: 85
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: Politecnico di Torino
URI: http://webthesis.biblio.polito.it/id/eprint/20618
Modify record (reserved for operators) Modify record (reserved for operators)