Design And Implementation Of Security Authentication Microservice Based On Kubernetes

Nowadays,more and more enterprises choose to migrate applications or Web services to the Container cloud.The Kubernetes container cluster management platform is currently the most common choice.There are three ways to migrate applications to Kubernetes,namely rehosting,replating and refactoring.Rehosting is unreasonable for large enterprise applications.Replating and refactoring both involve transforming a single-architecture application into a microservice architecture application.In the microservice system architecture,the authentication microservice is essential for the security and performance of the system.The security authentication of a single application is usually placed in a filter or interceptor to complete the authentication process.In the microservice architecture,the authentication function exists as a separate microservice,providing authentication services through HTTP,gRPC,etc.This way will result in a certain reduction in authentication efficiency,availability,and security.Based on this problem,this thesis proposes a stateful and master-slave cluster solution to implement authentication microservice.The main work of the thesis is as follows:(1)According to the characteristics of the microservice architecture and the component of the Kubernetes platform,the stateful container master-slave cluster operation mode and the authentication APIs which are used to regulate external access and internal access between microservices are designed.(2)Based on the OAuth2.0 protocol and RBAC(Role-based Access Control)framework,the authentication function of the microservice and the functions such as authentication-free IP,whitelist,authentication data configuration,management of tenant resources are designed.(3)A high-availability solution for authentication microservices is designed,which uses Zookeeper's cluster management function to implement the master-slave cluster mode of authentication microservices and data consistency solution to solve the fusion risk of microservices.The security authentication microservice solution of this thesis has been applied for H3 C Supercontroller project and has passed the first round of system testing in the actual operating environment.Expermental results show that the scheme can provide high-available authentication and authorization services for the system.