| In recent years,cloud computing technology has developed rapidly and many revolutionary technologies have emerged.Container technology,represented by Docker,is replacing traditional Hypervisor virtualization technology and gradually becoming the preferred technology in the cloud computing industry.Kubernetes which is a container orchestration technology has become the de facto standard in the container orchestration field due to its open source nature,versatility,active community ecosystem,scalability,and strong support from many manufacturers.However,Kubernetes’ multi-tenancy capabilities still have some shortcomings,and further improvements are needed in many aspects such as tenant resource quota management,access control,data isolation,tenant management,and tenant network isolation.Today,with the development of cloud computing technology and a deeper understanding of multi-tenant shared resource pools,ensuring the security of cloud platform operation and data security in a multi-tenant environment is a barrier that must be overcome in the development of cloud computing.In order to solve the above problems,this thesis focuses on access control,compute resource isolation,and multi-tenant network and proposes a strong multi-tenancy model solution based on the existing multi-tenancy capabilities of Kubernetes.In the multitenant access control module,the thesis designs the tenant API which defines tenants in the strong multi-tenancy model.User authentication and management are implemented by introducing the Keystone identity service component.An RBAC controller is also designed to provide automatic authorization and authentication functions for users.In the compute resource isolation module,a solution is proposed for trusted and untrusted containers to use different container runtimes.By introducing the Kata secure container engine,kernel isolation of applications inside containers is ensured,and the problem caused by kernel sharing is solved.In the multi-tenant network management module,the Contiv-VPP network plugin is used to build a tenant network,achieving multi-tenant network isolation.Based on the Kubernetes plug-in thinking,the Contiv Plugin,Networkmanagement,and Network-cli plugins are designed to achieve multi-tenant network management and automatic configuration of Pod networks.Finally,functional and performance tests are conducted on the Kubernetes strong multi-tenancy model solution proposed in this thesis.The test results show that the solution proposed in this thesis can meet the design goals of the Kubernetes strong multitenancy model,achieve the expected results,provide real strong multi-tenancy capabilities,and meet the requirements of most production environments. |
PDF Full Text Request