Implementing Network Policies in Kubernetes

AUTOR(I) / AUTHOR(S): Sava STANISIC , Vladimir MLADENOVIC   

Download Full Pdf   

DOI:  10.46793/ALFATECHproc25.165S

SAŽETAK / ABSTRACT:

Managing network traffic and ensuring security has become critical for maintaining robust Kubernetes environments. This paper aims to investigate the implementation of Kubernetes Network Policies to enhance network security and operational efficacy. The objectives of these research include exploring the configuration of NetworkPolicy resources, employing label selectors, and managing namespaces. The methodology presented in this paper involves leveraging advanced tools like Flannel and Calico to enforce network policies effectively. The results indicate significant improvements in traffic control and workload security, offering a comprehensive guide for optimizing Kubernetes clusters with refined network policy management techniques.

KLJUČNE REČI / KEYWORDS:

Egress Traffic; Ingress Traffic; Kubernetes; Network Policies; Security

PROJEKAT / ACKNOWLEDGEMENT:

LITERATURA / REFERENCES:

• K. Li, X. Xiao, C. Gao, S. Yu, X. Tang and G. Tan, „Implementation of HighPerformance Automated Monitoring Collection Based on Kubernetes,“2024 3rd International Conference on Cloud Computing, Big Data Application and Software Engineering (CBASE), Hangzhou, China, 2024, pp. 838-843, doi: 10.1109/CBASE64041.2024.10824649.
• H. Jeong and S. Pack, „An Implementation Study of 3GPP Network Data Analytics Function on Kubernetes,“ 2024 15th International Conference on Information and Communication Technology Convergence (ICTC), Jeju Island, Korea, Republic of, 2024, pp. 1931-1933, doi: 10.1109/ICTC62082.2024.10827460.
• M. Usman, S. Ferlin, and A. Brunstrom, „Performance Analysis of Lightweight Container Orchestration Platforms for Edge-Based IoT Applications,“ 2024 IEEE/ACM Symposium on Edge Computing (SEC), Rome, Italy, 2024, pp. 321332, doi: 10.1109/SEC62691.2024.00032.
• J. Yin, Y. Zhao and H. Wang, „A Static Task Allocation and Scheduling Algorithm for Kubernetes Cluster,“ 2024 IEEE 7th International Conference on Information Systems and Computer Aided Education (ICISCAE), Dalian, China, 2024, pp. 175-179, doi: 10.1109/ICISCAE62304.2024.10761792.
• H. Zhou and C. H. Yong, „Implement HPA for Nginx Service Using Custom Metrics Under Kubernetes Framework,“ IEEE Access, vol. 12, pp. 189722189734, 2024, doi: 10.1109/ACCESS.2024.3509876.
• K. Islam, S. F. Hassan and A. Orel, „An Architecture for Edge Driven Networks,“ 2024 International Symposium on Networks, Computers and Communications (ISNCC), Washington DC, DC, USA, 2024, pp. 1-5, doi: 10.1109/ISNCC62547.2024.10758977.
• S. , F. O. Catak, and Y. Dalveren, „Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes,“IEEE Access, vol. 12, pp. 172980-172991, 2024, doi: 10.1109/ACCESS.2024.3501192.
• K. P. Sah, N. Jain, P. Jha, J. Hawari and B. M. Beena, „Advancing of Microservices Architecture with Dockers,“ 2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT), Kamand, India, 2024, pp. 1-6, doi: 10.1109/ICCCNT61001.2024.10724035.
• G. Koukis, S. Skaperas, I. A. Kapetanidou, L. Mamatas and V. Tsaoussidis, „Performance Evaluation of Kubernetes Networking Approaches across Constraint Edge Environments,“ 2024 IEEE Symposium on Computers and Communications (ISCC), Paris, France, 2024, pp. 1-6, doi: 10.1109/ISCC61673.2024.10733726.
• N. T. Nguyen and Y. Kim, „A Design of Resource Allocation Structure for Multi-Tenant Services in Kubernetes Cluster,“ 2022 27th Asia Pacific Conference on Communications (APCC), Jeju Island, Korea, Republic of, 2022, pp. 651-654, doi: 10.1109/APCC55198.2022.9943782.
• flannel-io, ‘flannel,’   GitHub     Repository,             [Online].   Available: https://github.com/flannel-io/flannel
• Tigera, ‘About Calico,’ Calico Documentation, [Online]. Available: https://docs.tigera.io/calico/latest/about