Multi-Tenant Kubernetes Guardrails as Code
DOI:
https://doi.org/10.63282/3050-922X.IJERET-V2I3P112Keywords:
Kubernetes, Multi-Tenancy, Guardrails-As-Code, Policy-As-Code, Cloud-Native Security, Devsecops, Infrastructure as Code, Rbac, Governance, AutomationAbstract
Kubernetes has rapidly emerged as the fundamental technology enabling the effective management of multiple-tenant environments. Through using it, organizations can practically and effectively manage the mix of different types of workloads. But, the handling of such power poses great difficulties in, among other things, maintaining an even security, compliance, as well as operational governance across the tenants. Regular manual methods of policy implementation often fail in such turbulent ecosystems, thus resulting in security posture loopholes, compliance drift, and unpredictability in the system's performance. To solve the problem, the idea of Guardrails-as-Code has been conceived - a solution where guardrails no longer represent only the rules set out in law books but are automatically done, codified, and security-wise ensured through programs applied across different clusters. This paper is presenting the path, the very way, to achieve such type of work, named as the method of version control, testing and auditing of code artifacts, which facilitate security and compliance directly in the development and operations work rather than being added later on. Such a large-scale Kubernetes deployment acts as a practical example to the presented research where the case study Clerus is shown, and it is demonstrated how the usage of guardrails as code helped in maintaining the multi-tenant boundaries, natively securing the networking configurations and also ensuring different regulatory requirements were met all the while developer friction was kept to an absolute minimum. The results point to substantial increases in security, with the decreasing of operational overhead, and the raising of developer-led initiatives along with the conclusion that incorporating this technique into organizations leads to the accomplishment, both, of agility and robustness on a larger scale.
References
[1] Nguyen, Xuan. "Network isolation for Kubernetes hard multi-tenancy." Aalto University, MSc Thesis in Security and Cloud Computing (SECCLO) (2020).
[2] Chaillan, Nicholas, and D. E. D. I. Co-Lead. "How did this department of defense move to kubernetes and istio." 2020,
[3] Lee, Chun-Hsiang, et al. "Multi-tenant machine learning platform based on kubernetes." Proceedings of the 2020 6th International Conference on Computing and Artificial Intelligence. 2020.
[4] Patchamatla, Pavan Srikanth. "Optimizing Kubernetes-based Multi-Tenant Container Environments in OpenStack for Scalable AI Workflows." International Journal of Advanced Research in Education and Technology (IJARETY). https://doi. org/10.15680/IJARETY (2018).
[5] Boag, Scott, et al. "Dependability in a multi-tenant multi-framework deep learning as-a-service platform." 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE, 2018.
[6] Beltre, Angel, Pankaj Saha, and Madhusudhan Govindaraju. "Kubesphere: An approach to multi-tenant fair scheduling for kubernetes clusters." 2019 IEEE cloud summit. IEEE, 2019.
[7] Guntupalli, Bhavitha. "Clean Code in the Real World: Principles I Actually Use." International Journal of Emerging Trends in Computer Science and Information Technology 1.1 (2020): 66-74.
[8] Jayaram, K. R., et al. "FfDL: A flexible multi-tenant deep learning platform." Proceedings of the 20th International Middleware Conference. 2019.
[9] Beranek, Marek, Vladimir Kovar, and George Feuerlicht. "Framework for Management of Multi-tenant Cloud Environments." International Conference on Cloud Computing. Cham: Springer International Publishing, 2018.
[10] Truyen, Eddy, et al. "Feasibility of container orchestration for adaptive performance isolation in multi-tenant SaaS applications." Proceedings of the 35th Annual ACM Symposium on Applied Computing. 2020.
[11] Kumar, Tambi Varun. "Designing Resilient Multi-Tenant Applications Using Java Frameworks." (2017).
[12] Parakala, Adityamallikarjunkumar. "Building Analytics-Driven Bots: RPA Meets Business Intelligence." International Journal of Emerging Research in Engineering and Technology 2.1 (2021): 77-87.
[13] Song, Hui, Franck Chauvel, and Phu H. Nguyen. "Using microservices to customize multi-tenant software-as-a-service." Microservices: Science and Engineering. Cham: Springer International Publishing, 2019. 299-331.
[14] Kuriata, Andrzej, and Ramesh G. Illikkal. "Predictable performance for QoS-sensitive, scalable, multi-tenant function-as-a-service deployments." International Conference on Agile Software Development. Cham: Springer International Publishing, 2020.
[15] Guntupalli, Bhavitha. "How I Debug Complex Issues in Large Codebases." International Journal of Emerging Research in Engineering and Technology 1.1 (2020): 67-76.
[16] Chen, Chen, et al. "Design and Implementation of Multi-tenant Vehicle Monitoring Architecture Based on Microservices and Spark Streaming." 2020 International Conference on Communications, Information System and Computer Engineering (CISCE). IEEE, 2020.
[17] Han, Jungsu, Yujin Hong, and Jongwon Kim. "Refining microservices placement employing workload profiling over multiple kubernetes clusters." IEEE access 8 (2020): 192543-192556.
[18] Xiong, Jinjun, and Huamin Chen. "Challenges for building a cloud native scalable and trustable multi-tenant AIoT platform." Proceedings of the 39th international conference on computer-aided design. 2020.
