Securing Pods in a Container Orchestration Environment

Securing Pods in a Container Orchestration Environment

Securing pods in a container orchestration environment is provided. A container runtime interface command is verified to perform an orchestration action on a set of containers comprising an application workload that corresponds to a service based on matching the container runtime interface command t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Nunez Mencias, Angel, Magowan, James Robert, Ohara, Moriyoshi, Liesche, Stefan
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Securing pods in a container orchestration environment is provided. A container runtime interface command is verified to perform an orchestration action on a set of containers comprising an application workload that corresponds to a service based on matching the container runtime interface command to a rule contained in a trusted execution environment contract included in a pod sandbox virtual machine of a trusted execution environment. It is determined whether the container runtime interface command to perform the orchestration action on the set of containers is valid based finding a matching rule in the trusted execution environment contract. In response to determining that the container runtime interface command to perform the orchestration action on the set of containers is valid, the container runtime interface command is executed to perform the orchestration action on the set of containers in the pod sandbox virtual machine of the trusted execution environment.