CN114138590A - Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment - Google Patents

Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment Download PDF

Info

Publication number
CN114138590A
CN114138590A CN202010925468.7A CN202010925468A CN114138590A CN 114138590 A CN114138590 A CN 114138590A CN 202010925468 A CN202010925468 A CN 202010925468A CN 114138590 A CN114138590 A CN 114138590A
Authority
CN
China
Prior art keywords
node
deployed
security
cluster
monitoring application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010925468.7A
Other languages
Chinese (zh)
Inventor
郭远胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Henan Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Henan Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Henan Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010925468.7A priority Critical patent/CN114138590A/en
Publication of CN114138590A publication Critical patent/CN114138590A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Quality & Reliability (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application discloses an operation and maintenance processing method and device of a Kubernets cluster and electronic equipment, and aims to solve the problems of low reliability, high development difficulty, high upgrading difficulty, high coupling and the like of the existing method for monitoring the Kubernets cluster by means of an external agent. The method comprises the following steps: acquiring operation related parameters of a designated component in the node through a security monitoring application deployed in the Pod of the node of the Kubernetes cluster; analyzing operation related parameters of a specified component in the node based on a set abnormal analysis strategy to obtain an abnormal analysis result of the node; and carrying out operation and maintenance processing on the Kubernets cluster by using an operation and maintenance strategy matched with the abnormal analysis result of the nodes in the Kubernets cluster.

Description

Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
Technical Field
The present application relates to the field of communications technologies, and in particular, to an operation and maintenance processing method and apparatus for a Kubernetes cluster, and an electronic device.
Background
The Kubernets cluster is a common container arrangement tool for managing a cross-host container cluster, is constructed on a Docker container, and a tenant can create and manage the Docker container on the Kubernets cluster and provides an arrangement system and a management platform for large-scale operation of the container for a containerized application cluster. The Kubernetes cluster is easy to suffer from malicious attacks, data stealing, service interruption and other problems caused by hackers and security control omission of internal personnel. Therefore, monitoring of kubernets clusters is of paramount importance.
At present, monitoring of the Kubernetes cluster is mainly realized by means of external Agent technology. However, due to the limitation of the security mechanism of the kubernets cluster, if the kubernets cluster is monitored through an Agent outside the kubernets cluster, authentication files such as kubeconfig and the like need to be loaded in advance, and then access to an API (Application Programming Interface) server in the kubernets cluster can be completed, so that a hacker can easily acquire the kubeconfig authentication files through an attack Agent, and a more destructive behavior is performed; if the proxy tool is integrated in the native code of the Kubernets cluster to avoid loading the authentication file, the problems of high development difficulty, high upgrading difficulty, high coupling and the like of the Kubernets cluster can be caused.
Disclosure of Invention
The embodiment of the application aims to provide an operation and maintenance processing method and device of a Kubernets cluster and electronic equipment, so as to solve the problems of low reliability, high development difficulty, high upgrading difficulty, high coupling and the like of the conventional method for monitoring the Kubernets cluster by relying on an external agent.
In order to solve the technical problem, the embodiment of the application adopts the following technical scheme:
in a first aspect, an embodiment of the present application provides an operation and maintenance processing method for a kubernets cluster, where the kubernets cluster includes a plurality of nodes, and the method includes:
acquiring operation related parameters of a designated component in the node through a security monitoring application deployed in the Pod of the node;
analyzing operation related parameters of a specified component in the node based on a set abnormal analysis strategy to obtain an abnormal analysis result of the node;
and carrying out operation and maintenance processing on the Kubernets cluster by using an operation and maintenance strategy matched with the abnormal analysis result of the nodes in the Kubernets cluster.
Optionally, the anomaly analysis strategy comprises an internet security center CIS security standard and a scoring standard, wherein the scoring standard comprises a corresponding relation between detection results of different security indexes in the CIS security standard and security scores;
analyzing the operation related parameters of the specified components in the nodes based on the set abnormal analysis strategy to obtain the abnormal analysis result of the nodes, wherein the method comprises the following steps:
determining detection results corresponding to various safety indexes of a specified component based on the CIS safety standard and operation related parameters of the specified component in the node;
determining a safety score of the specified component based on the detection result corresponding to each safety index of the specified component and the grading standard;
determining a safe score for the node based on the safe score for the specified component.
Optionally, performing operation and maintenance processing on the kubernets cluster by using an operation and maintenance policy matched with an anomaly analysis result of a node in the kubernets cluster, where the operation and maintenance processing includes:
under the condition that the safe score of the node is smaller than a first set score, acquiring a designated component with the safe score smaller than a second set score in the node as a target component to be optimized;
determining an operation and maintenance strategy matched with the Kubernetes cluster based on the detection result of each safety index of the target component;
and carrying out operation and maintenance processing on the Kubernetes cluster based on the matched operation and maintenance strategy.
Optionally, before obtaining, by a security monitoring application deployed in the Pod of the node, the operation-related parameter of the specified component in the node, the method further includes:
receiving a monitoring task deployment request from a monitoring party, wherein the monitoring task deployment request carries configuration information of a safety monitoring application to be deployed;
inquiring whether the safety monitoring application to be deployed exists in a task deployment library, wherein the deployed safety monitoring application is recorded in the task deployment library;
if the to-be-deployed safety monitoring application does not exist in the task deployment library, the to-be-deployed safety monitoring application is created in the Pod of the node based on the configuration information of the to-be-deployed safety monitoring application.
Optionally, the monitoring task deployment request further carries identity information of a user allowed to access the kubernets cluster and corresponding access authority information;
after creating the security monitoring application to be deployed in the Pod of the node based on the configuration information of the security monitoring application to be deployed, the method further includes:
and configuring an authorization policy for the Kubernets cluster in an Application Program Interface (API) server of the Kubernets cluster based on the identity information of the user and the corresponding access authority information, wherein the authorization policy is used for authenticating the user accessing the Kubernets cluster.
Optionally, after obtaining the operation-related parameters of the specified component in the node through a security monitoring application deployed in the Pod of the node, the method further includes:
and encrypting the operation related parameters of the appointed components in the node based on the Blowfish algorithm.
In a second aspect, an embodiment of the present application further provides an operation and maintenance processing apparatus for a kubernets cluster, where the kubernets cluster includes a plurality of nodes, and the apparatus includes a component security evaluation layer and a self-healing scheme implementation layer;
the component security evaluation layer is used for acquiring operation related parameters of a specified component in the node through a security monitoring application deployed in the Pod of the node, and analyzing the operation related parameters of the specified component in the node based on a set anomaly analysis strategy to obtain an anomaly analysis result of the node;
and the self-healing scheme implementation layer is used for carrying out operation and maintenance processing on the Kubernets cluster by using an operation and maintenance strategy matched with the abnormal analysis result of the nodes in the Kubernets cluster.
Optionally, the apparatus further comprises a task scheduling layer, the task scheduling layer is configured to:
receiving a monitoring task deployment request from a monitoring party, wherein the monitoring task deployment request carries configuration information of a safety monitoring application to be deployed;
inquiring whether the safety monitoring application to be deployed exists in a task deployment library, wherein the deployed safety monitoring application is recorded in the task deployment library;
if the to-be-deployed safety monitoring application does not exist in the task deployment library, the to-be-deployed safety monitoring application is created in the Pod of the node based on the configuration information of the to-be-deployed safety monitoring application.
In a third aspect, an embodiment of the present application further provides an electronic device, including:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the method of the first aspect.
Fourth aspect embodiments of the present application also provide a computer-readable storage medium, where instructions, when executed by a processor of an electronic device, enable the electronic device to perform the method of the first aspect.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
according to the operation and maintenance processing method of the Kubernets cluster, the safety monitoring application is deployed in the Pod of the node of the Kubernets cluster in the form of micro-Service, so that the safety monitoring application can operate in the node of the Kubernets cluster in the form of Service in the Kubernets cluster to obtain the operation related parameters of the specified components in the node of the Kubernets cluster, whether the node is abnormal or not is further identified based on the obtained operation related parameters and the set abnormal analysis strategy to obtain the abnormal analysis result of the node, the operation and maintenance processing is performed on the Kubernets cluster by the operation and maintenance strategy matched with the abnormal analysis result of the node in the Kubernets cluster, the abnormality in the Kubernets cluster can be timely found and processed, the safety of the Kubernets cluster is monitored in advance, and the operation safety of the Kubernets cluster is guaranteed. The whole scheme is realized in a micro-service mode, the realization logic is simple, an external agent tool is not needed, the damage to the Kubernets cluster caused by the attack of the external agent tool is avoided, and the problems of high development difficulty, high upgrading difficulty, high coupling degree and the like of the Kubernets cluster caused by the integration of the external agent tool in the native code of the Kubernets cluster are also avoided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is an architecture diagram of a kubernets cluster according to an embodiment of the present disclosure;
fig. 2 is a flowchart of an operation and maintenance processing method of a kubernets cluster according to an embodiment of the present application;
fig. 3 is a flowchart of another operation and maintenance processing method of a kubernets cluster according to the embodiment of the present application;
fig. 4 is a schematic structural diagram of an operation and maintenance processing apparatus of a kubernets cluster according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of another kubernets cluster operation and maintenance processing apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Before describing the operation and maintenance processing method of the kubernets cluster provided in the embodiment of the present application, first, the kubernets cluster related to the embodiment of the present application is described. Fig. 1 is a schematic diagram of a kubernets cluster according to an embodiment of the present application.
As shown in fig. 1, the Kubernetes cluster related to the embodiment of the present application includes a plurality of nodes, all the nodes may be divided into Master control nodes and Node working nodes according to functional properties, and these nodes may be directly deployed on a physical machine or may be deployed in a virtual machine. Specifically, the Master Node is a management control center of the kubernets cluster, the Node provides a kubernets cluster runtime environment and maintains a Pod, wherein the Pod is a basic unit deployed in the kubernets cluster, and one Pod is composed of one or more containers sharing the same network namespace and IP address.
Each node contains respective components to implement respective functions. Specifically, the Node nodes include Kubelet, Proxy and other components, where Kubelet is a main Node agent, and is used to process all communications between the Master Node and the Node running the Kubelet; the Proxy maintains network rules on the host, handling the transmission of packets between the Pod, the host, and the outside world.
The Master node may include components such as an ETCD, an API Server, a Controller Manager, and a Scheduler, where the ETCD is a storage unit of the kubernets cluster and is configured to store metadata of the kubernets cluster, so as to ensure cooperation and data persistence of each component of the kubernets cluster; the API Server is used for providing API service of the Kubernets cluster; the Controller Manager is used for managing node registration, the number of copies of the container and the like; the Scheduler is used for scheduling host resources of the Kubernetes cluster, such as monitoring newly created Pod which is not allocated to Node nodes, selecting a Node for the Pod, and the like.
Because the Kubernetes cluster is easily subjected to malicious attacks, data stealing, service interruption and other problems caused by hackers and internal personnel security control omission, for example, if a Kubelet component on a Node is endowed with unreasonable authority or corresponding protection rules are not formulated, information leakage or Node disconnection and the like in the interactive communication process of the component and a Master Node may be caused, or a container is subjected to some new settings on the self and a host through the applied authority in the starting process, part of the operations is not certain security compliance, adverse effects may be caused on the container or the host, and the like, in order to realize the early discovery and repair of the potential safety hazard which may exist in the Kubernetes cluster, in one implementation mode, a security monitoring application for monitoring the potential safety hazard of the Kubernetes cluster can be deployed in a Pod of the Node, and each service is composed of Pod, the Pod may include one or more containers, so that the security application program can collect, aggregate, process, and export operation-related data of components operating in the Node, such as configuration information, mirror image usage, range of accessing Secret information, flow usage, operation state, and the like of a specific component, and further analyze the operation-related data of the components in the Node, so as to identify whether the kubernets cluster is abnormal, and further perform operation and maintenance processing on the kubernets cluster based on an abnormal analysis result of the kubernets cluster, so as to ensure the security of the kubernets cluster.
Based on the kubernets cluster shown in fig. 1, an embodiment of the present application provides an operation and maintenance processing method for the kubernets cluster, where the method is applicable to an electronic device. Referring to fig. 2, fig. 2 is a flowchart of an operation and maintenance processing method of a kubernets cluster according to an embodiment of the present application. As shown in fig. 2, the method comprises the steps of:
s22, acquiring the operation related parameters of the specified components in the nodes through the safety monitoring application deployed in the Pod of the node of the Kubernetes cluster.
The specified component in the Node may include part or all of the components in the Node, which may be set in a customized manner according to actual needs, for example, the specified component in the Node may include components such as Kubelet and Proxy.
The operation-related parameters of the specified component may include configuration information, mirror usage, a range of access to Secret information, traffic usage, an operation state, and the like of the specified component, which is not specifically limited in this embodiment of the present application.
And S24, analyzing the operation related parameters of the specified components in the nodes based on the set abnormal analysis strategy to obtain the abnormal analysis results of the nodes.
The abnormal analysis strategy can be used for analyzing whether an abnormal condition exists in the running process of the node. Specifically, the anomaly analysis policy may include a Security reference (hereinafter referred to as a CIS Security reference) issued by a CIS (Center for Internet Security), such as a CIS kubernets Benchmark reference file, a CIS Docker Benchmark reference file, and the like. The CIS security benchmark file indicates security indexes and security evaluation benchmarks of each component of each node, wherein the security indexes can include but are not limited to: attack path, attack complexity, authentication, confidentiality, availability, integrity, etc.
Of course, it should be noted that the anomaly analysis policy may also be any analysis policy set according to actual monitoring needs, and this is not specifically limited in this embodiment of the present application.
The operation related parameters of the appointed components in the nodes are analyzed through the set abnormal analysis strategy, so that whether the nodes are abnormal or not and the specific reasons causing the abnormal can be identified.
And S26, carrying out operation and maintenance processing on the Kubernets cluster by using the operation and maintenance strategy matched with the abnormal analysis result of each node in the Kubernets cluster.
In specific implementation, the operation and maintenance policy corresponds to the abnormal cause of each node, that is, a maintenance policy for the abnormal cause is preset for each abnormal cause of each node. After the abnormal analysis result of each node in the Kubernets cluster is determined, a corresponding maintenance strategy can be determined based on the node with the abnormality and the reason of the abnormality, and then operation and maintenance processing is carried out on the Kubernets cluster based on the determined maintenance strategy.
For example, if an unnecessary component is added to a Node in the Kubernetes cluster through the analysis in step S24, it may be determined that the maintenance policy matching the Kubernetes cluster is to delete the unnecessary component, and then the script corresponding to the Node in the Kubernetes cluster may be adjusted based on the information of the necessary component to delete the unnecessary component in the Node.
It should be noted that, in the embodiment of the present application, a security monitoring application may be deployed in the Pod of each node of the Kubernetes cluster, and then the security monitoring application may be operated to obtain operation-related parameters of a specified component in each node, so as to further analyze the operation-related parameters to obtain an anomaly analysis result of each node.
According to the operation and maintenance processing method of the Kubernets cluster, the safety monitoring application is deployed in the Pod of the node of the Kubernets cluster in the form of micro-Service, so that the safety monitoring application can operate in the node of the Kubernets cluster in the form of Service in the Kubernets cluster to obtain the operation related parameters of the specified components in the node of the Kubernets cluster, whether the node is abnormal or not is further identified based on the obtained operation related parameters and the set abnormal analysis strategy to obtain the abnormal analysis result of the node, the operation and maintenance processing is performed on the Kubernets cluster by the operation and maintenance strategy matched with the abnormal analysis result of the node in the Kubernets cluster, the abnormality in the Kubernets cluster can be timely found and processed, the safety of the Kubernets cluster is monitored in advance, and the operation safety of the Kubernets cluster is guaranteed. The whole scheme is realized in a micro-service mode, the realization logic is simple, an external agent tool is not needed, the damage to the Kubernets cluster caused by the attack of the external agent tool is avoided, and the problems of high development difficulty, high upgrading difficulty, high coupling degree and the like of the Kubernets cluster caused by the integration of the external agent tool in the native code of the Kubernets cluster are also avoided.
In order to make those skilled in the art understand the technical solution provided in the embodiment of the present application, the operation and maintenance processing method of the kubernets cluster provided in the embodiment of the present application is described in detail below.
First, for the above step S24, in order to implement a comprehensive and accurate analysis on the node operation condition of the kubernets cluster, in a preferred scheme, the anomaly analysis policy in the embodiment of the present application may include a Security reference (hereinafter referred to as a CIS Security reference) issued by a CIS (Center for Internet Security, Internet Security Center), for example, a CIS kubernets Benchmark reference file, a CIS Docker Benchmark reference file, or the like. The CIS security benchmark file indicates security indexes and security evaluation benchmarks of each component of each node, wherein the security indexes can include but are not limited to: attack path, attack complexity, authentication, confidentiality, availability, integrity, etc.
In specific implementation, for each node of the Kubernetes cluster, analyzing each safety index of each specified component based on the CIS safety reference file and the operation related data of each specified component of the node to obtain a detection result corresponding to each safety index of each specified component, wherein the detection result corresponding to each safety index is used for indicating whether each safety index is abnormal or not. Further, for each node, the abnormal analysis result of the node may be generated according to the detection result corresponding to each index of the specified component in the node. For example, if the detection results corresponding to the indexes of all the designated components in the node are normal, it can be determined that the node operates normally, and no security risk exists; if the detection result corresponding to part or all of the safety indexes of the designated component in the node is abnormal, the abnormal operation of the node can be determined, and further, the abnormal operation of the node in the Kubernets cluster can be further analyzed by operation and maintenance personnel according to the safety indexes with the abnormal detection result in the output designated component and the operation related data of the designated component.
In a more preferable scheme, the anomaly analysis strategy in the embodiment of the application may include a CIS safety standard and a scoring standard, where the scoring standard includes a correspondence between detection results of different safety indexes in the CIS safety standard and a safety score. For example, table 1 shows an example of a scoring criterion.
TABLE 1
Safety index The result of the detection Safe score
Attack pathway Local/remote 0.7/1.0
Complexity of attack High/medium/low 0.6/0.8/1.0
Authentication Need/not 0.6/1.0
Confidentiality Unaffected/partial/complete 0/0.7/1
Availability Is not affectedPartial/complete 0/0.7/1
Integrity of Unaffected/partial/complete 0/0.7/1
…… …… ……
Accordingly, in the above step S24, the detection result corresponding to each safety index of the designated component may be determined based on the CIS safety standard and the operation-related parameter of the designated component in the node, the safety score of the designated component may be determined based on the detection result corresponding to each safety index of the designated component and the score standard, and the safety score of the node may be further determined based on the safety score of the designated component.
Specifically, when determining the safety score of the designated component, the weighted sum of the safety scores corresponding to the detection results of the safety indexes can be used as the safety score of the designated component; alternatively, the safe score for a given component may be determined based on actual needs. For example, taking the scoring criteria shown in Table 1 above as an example, the safe score for a given component may be determined by equation (1) below.
f is 10 × attack route × attack complexity × authentication + confidentiality × confidentiality weight + integrity × integrity weight + availability × availability weight (1)
Further, the safe score of a node may be determined by the following equation (2).
Figure BDA0002664941730000101
Wherein Tscore represents the safe score of a node; f. ofiA safe score representing the ith specified component; v. ofiIndicating the detection result of the ith specified component, wherein if the detection result of the ith specified component is passed, viOtherwise, v isi0; z represents the number of specified components.
It can be understood that the operation safety condition of the node and the operation safety condition of the designated component in the node can be quantitatively evaluated through the scheme, so that operation and maintenance personnel can clearly and accurately know the operation condition of the Kubernets cluster.
Since the security score of the node reflects that the security of the designated node is low, the lower the security score of the node is, the lower the security of the node is, a score (hereinafter referred to as "first predetermined score") may be set for the node, and in the case that the security score of the node is smaller than the first predetermined score, the node may be considered to be abnormal, and further, a corresponding operation and maintenance policy may be adopted to perform operation and maintenance processing on the Kubernetes cluster. The first set score can be set in a user-defined mode according to actual needs. In addition, it should be noted that different first set scores may be set for different nodes in the kubernets cluster, or the same first set score may also be set for all nodes in the kubernets cluster, and the setting manner of the first set score is not specifically limited in the embodiment of the present application.
Since the safety score of the designated component reflects the low safety of the designated component, and the lower the safety score of the designated component, the lower the safety of the designated component is, a score (hereinafter referred to as "second predetermined score") may be set for the designated component, and when the safety score of the designated component is smaller than the second predetermined score, it may be considered that the designated component is abnormal, and further, the operation and maintenance processing may be performed on the kubernets cluster according to the detection result of the abnormal designated component. And the second set score can be set by self according to actual needs. It should be noted that the second set score may be the same as the first set score, or may be different from the first set score, and different second set scores may be set for different specified components in the node, or the same second set score may be set for all specified components in the node.
Accordingly, the step S26 may include: and under the condition that the safe score of the node is smaller than a first set score, acquiring a designated component with the safe score smaller than a second set score in the node as a target component to be optimized, determining an operation and maintenance strategy matched with the Kubernets cluster based on the detection result of each safe index of the target component, and further performing operation and maintenance processing on the Kubernets cluster based on the matched operation and maintenance strategy.
For example, if the security score of a Node in the Kubernetes cluster is smaller than the first set score, it may be determined that the Node is abnormal. If the safety score of a certain Pod in the Node is lower than the second set score, the Pod can be used as a target component, the reason causing the Pod to have abnormality is determined according to the detection result of each safety index of the Pod, a preset operation and maintenance strategy corresponding to the abnormality reason is read, and operation and maintenance processing is carried out on the Kubernetes cluster based on the operation and maintenance strategy.
By the aid of the scheme, under the condition that the safety score of the node is smaller than the first set score, the designated component with the safety score smaller than the second set score in the node is used as the target component to be optimized, and operation and maintenance processing is further performed on the Kubernets cluster based on detection results of various safety indexes of the target component, so that the operation and maintenance processing on the Kubernets cluster is more targeted, and safety of the Kubernets cluster is further improved.
Considering that, when a node in a kubernets cluster communicates with an external device (such as a client), there may be a case that related data in the kubernets cluster is stolen to damage the kubernets cluster, after the step S22 is executed, the operation and maintenance processing method for the kubernets cluster provided in the embodiment of the present application may further include: and encrypting the operation related parameters of the appointed components in the node based on the Blowfish algorithm.
By the scheme, after the operation related parameters of the specified components in the nodes are acquired, the acquired operation related parameters are encrypted and stored, so that the phenomenon that the operation related parameters are stolen and leaked in the interactive communication process of the Kubernets cluster and external equipment such as a client and the like to cause destructive behavior of the Kubernets cluster can be avoided, and the safety of the Kubernets cluster is further improved. In addition, the method of encrypting the acquired operation related parameters by adopting the Blowfish algorithm has more advantages in throughput compared with other encryption methods, is not easy to crack and has higher reliability.
In order to implement more flexible and reliable monitoring and operation and maintenance on the kubernets cluster, in a more preferred scheme, before performing step S22, as shown in fig. 3, the operation and maintenance processing method for the kubernets cluster provided in the embodiment of the present application may further include: receiving a monitoring task deployment request from a monitoring party, wherein the monitoring task deployment request carries configuration information of a safety monitoring application to be deployed; inquiring whether the safety monitoring application to be deployed exists in a task deployment library, wherein the deployed safety monitoring application is recorded in the task deployment library; if the to-be-deployed safety monitoring application does not exist in the task deployment library, the to-be-deployed safety monitoring application is created in the Pod of the node based on the configuration information of the to-be-deployed safety monitoring application.
Specifically, the monitoring party can configure the security monitoring application to be deployed according to actual monitoring needs, carry configuration information of the security monitoring application to be deployed in a monitoring task deployment request and send the configuration information to the nodes in the kubernets cluster, and after receiving the monitoring task deployment request, the nodes can judge whether the security monitoring application is deployed in the Pod or not by querying a task deployment library, and if yes, the steps S22 to S26 can be executed to monitor and operate and maintain the kubernets cluster; if not, the security monitoring application may be deployed in the Pod based on the configuration information of the security monitoring application, and the above steps S22 to S26 may be further performed to perform monitoring and operation and maintenance processing on the kubernets cluster, and further record the security monitoring application in the task deployment library to indicate that the security monitoring application is deployed in the Pod of the node of the kubernets cluster.
In order to further improve the security of the kubernets cluster, in a more preferable scheme, the monitoring task deployment request from the monitoring party also carries identity information of a user who is allowed to access the kubernets cluster and corresponding access authority information. Correspondingly, as shown in fig. 3, after the security monitoring application to be deployed is created in the Pod of the node based on the configuration information of the security monitoring application to be deployed, the operation and maintenance processing method of the kubernets cluster provided in the embodiment of the present application further includes: and configuring an authorization strategy aiming at the Kubernets cluster in an Application Program Interface (API) server of the Kubernets cluster based on the identity information of the user and the corresponding access authority information.
Specifically, the Access right information may include an Access right allowing the user, an authorization pattern, and the like, where the authorization pattern may include, but is not limited to, a RBAC (Role-Based Access Control) pattern, an ABAC (Attribute-Based Access Control) pattern, a Webhook authorization pattern, and the like, and the type of the authorization pattern is not specifically limited in this embodiment of the present application. In a preferred scheme, the authorization mode may adopt an RBAC mode, and specifically, may adopt a "Role" (including Role and ClusterRole) to define access rights of a user, define a "Role binding" (including rollbind and clusterrollbind) in a definition file yaml of a Pod or Service of a node, bind the "Role" and the "Role binding", that is, may define access right information of different users, further authenticate the Pod in an authentication manner similar to HTTP Token, so that the Pod can internally load a cluster Token, a CA certificate, and the like, and further the Pod can monitor, create, and delete resources such as Pod, Service, and namespace in a node of a kuberets cluster, thereby completing monitoring and operation and maintenance processing of the kuberes cluster.
Therefore, when a client accesses the Kubernets cluster, the API server in the Kubernets cluster can read data (such as user identity information) in the access request after receiving the access request from the client, authenticate the access user based on the authorization strategy and the read data, allow the client and the Kubernets cluster to carry out data interaction or communication after the user authentication is passed, further avoid an illegal user from accessing the Kubernets cluster to execute destructive behavior on the Kubernets cluster, and further improve the safety of the Kubernets cluster.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, the embodiment of the application also provides an operation and maintenance processing device of the Kubernetes cluster. As shown in fig. 4, the apparatus 400 includes a component security assessment layer 410 and a self-healing scheme implementation layer 420.
The component security evaluation layer 410 is configured to obtain operation-related parameters of a specified component in the node through a security monitoring application deployed in the Pod of the node, and analyze the operation-related parameters of the specified component in the node based on a set anomaly analysis policy to obtain an anomaly analysis result of the node.
The self-healing scheme implementation layer 420 is configured to perform operation and maintenance processing on the kubernets cluster according to an operation and maintenance policy matched with an anomaly analysis result of a node in the kubernets cluster.
In the present embodiment, the component security evaluation layer 410 may include one or more functional modules. Optionally, as shown in fig. 5, the component security evaluation 410 may include a component security data module, a data processing module, a data summarization module, a data evaluation module, and the like.
The component security data module may obtain the operation related parameters of the specified component in the node through a security monitoring application deployed in the Pod of the node.
The data processing module stores set abnormal analysis strategies, such as CIS safety standards and grading standards of the Internet safety center, wherein the grading standards comprise corresponding relations between detection results of the CIS safety standards for different safety indexes and safety scores. The data processing module can determine detection results corresponding to various safety indexes of the specified component based on the CIS safety standard and the operation related parameters of the specified component in the node.
The data summarization module can be used for sorting and summarizing detection results output by the data processing module and corresponding to all safety indexes of the specified component.
The data evaluation module can determine the safety score of the specified component based on the detection result corresponding to each safety index of the specified component and the grading benchmark, and determine the safety score of the node based on the safety score of the specified component.
Of course, it should be noted that the component security data module, the data processing module, the data summarizing module, the data evaluating module, and the like may also be integrated into one functional module.
In a more preferred scheme, after obtaining the operation related parameters of the specified component in the node through the security monitoring application deployed in the Pod of the node, the component security evaluation layer 410 may further encrypt the operation related parameters of the specified component in the node based on a Blowfish algorithm.
Specifically, the data processing module in the component security evaluation layer 410 may encrypt the operation-related parameters of the specified components in the node based on the Blowfish algorithm.
In the embodiment of the present application, the self-healing scheme implementation layer 420 may include one or more functional modules. Alternatively, as shown in fig. 5, the self-healing scheme implementation layer 420 may include a component security self-healing scheme formulation module, a component security self-healing scheme execution module, an implementation logging module, and the like.
The component safety self-healing scheme making module can acquire a designated component with a safety score smaller than a second set score in the node as a target component to be optimized under the condition that the safety score of the node is smaller than the first set score, and determine an operation and maintenance strategy matched with the Kubernetes cluster based on detection results of various safety indexes of the target component.
The component security self-healing scheme execution module may perform operation and maintenance processing on the kubernets cluster based on the matched operation and maintenance policy.
The implementation log recording module can record the operation and maintenance processing result of the Kubernetes cluster, and generate and store an operation and maintenance log based on the operation and maintenance result and the corresponding operation and maintenance strategy.
Of course, it should be noted that the component security self-healing scheme formulation module, the component security self-healing scheme execution module, the implementation logging module, and the like may also be integrated into one functional module.
In another embodiment of the present application, as shown in fig. 5, the apparatus 400 may further include a task deployment layer 430, where the task deployment layer 430 is configured to receive a monitoring task deployment request from a monitoring party, where the monitoring task deployment request carries configuration information of a security monitoring application to be deployed, query whether the security monitoring application to be deployed exists in a task deployment library, where the deployed security monitoring application is recorded in the task deployment library, and create the security monitoring application to be deployed in the Pod of the node based on the configuration information of the security monitoring application to be deployed when the security monitoring application to be deployed does not exist in the task deployment library.
In the embodiment of the present application, the task scheduling layer 430 may include one or more functional modules. Alternatively, as shown in fig. 5, the task scheduling layer 430 may include a task management module, a task scheduling module, a scheduling logging module, and the like.
Wherein the task management module is operable to perform any of the following operations: creating a task, canceling a task, updating a task and deleting a task. Specifically, the task management module may receive a monitoring task deployment request from a monitoring party, where the monitoring task deployment request carries configuration information of a security monitoring application to be deployed; inquiring whether the safety monitoring application to be deployed exists in a task deployment library, wherein the deployed safety monitoring application is recorded in the task deployment library; if the to-be-deployed safety monitoring application does not exist in the task deployment library, the to-be-deployed safety monitoring application is created in the Pod of the node based on the configuration information of the to-be-deployed safety monitoring application.
The task scheduling module may schedule the security monitoring application stored in the task scheduling repository.
The scheduling log recording module may record a scheduling condition of the security monitoring application stored in the task deployment library, and record a deployment result of the security monitoring application after the security monitoring application to be deployed is deployed in the Pod of the node.
Of course, it should be noted that the task management module, the task scheduling module, the scheduling logging module, and the like may also be integrated into one functional module.
In a more preferred scheme, the task management module may further configure, in an application program interface API server of the kubernets cluster, an authorization policy for the kubernets cluster based on the identity information of the user and the corresponding access authority information, where the authorization policy is used to authenticate the user accessing the kubernets cluster.
With regard to the apparatus in the above-described embodiment, the specific manner in which each unit performs the operation has been described in detail in the embodiment related to the method, and will not be described in detail here.
According to the operation and maintenance processing method of the Kubernets cluster, the safety monitoring application is deployed in the Pod of the node of the Kubernets cluster in the form of micro-Service, so that the safety monitoring application can operate in the node of the Kubernets cluster in the form of Service in the Kubernets cluster to obtain the operation related parameters of the specified components in the node of the Kubernets cluster, whether the node is abnormal or not is further identified based on the obtained operation related parameters and the set abnormal analysis strategy to obtain the abnormal analysis result of the node, the operation and maintenance processing is performed on the Kubernets cluster by the operation and maintenance strategy matched with the abnormal analysis result of the node in the Kubernets cluster, the abnormality in the Kubernets cluster can be timely found and processed, the safety of the Kubernets cluster is monitored in advance, and the operation safety of the Kubernets cluster is guaranteed. The whole scheme is realized in a micro-service mode, the realization logic is simple, an external agent tool is not needed, the damage to the Kubernets cluster caused by the attack of the external agent tool is avoided, and the problems of high development difficulty, high upgrading difficulty, high coupling degree and the like of the Kubernets cluster caused by the integration of the external agent tool in the native code of the Kubernets cluster are also avoided.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 6, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 6, but that does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the operation and maintenance processing device of the Kubernetes cluster on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
acquiring operation related parameters of a designated component in a node through a security monitoring application deployed in a Pod of the Kubernetes cluster node;
analyzing operation related parameters of a specified component in the node based on a set abnormal analysis strategy to obtain an abnormal analysis result of the node;
and carrying out operation and maintenance processing on the Kubernets cluster by using an operation and maintenance strategy matched with the abnormal analysis result of the nodes in the Kubernets cluster.
The method executed by the operation and maintenance processing device of the kubernets cluster as disclosed in the embodiment of fig. 2 of the present application may be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The electronic device may further execute the method in fig. 2, and implement the functions of the operation and maintenance processing apparatus in the kubernets cluster in the embodiments shown in fig. 2 and fig. 3, which are not described herein again in this embodiment of the present application.
Of course, besides the software implementation, the electronic device of the present application does not exclude other implementations, such as a logic device or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or a logic device.
Embodiments of the present application also provide a computer-readable storage medium storing one or more programs, where the one or more programs include instructions, which when executed by a portable electronic device including a plurality of application programs, enable the portable electronic device to perform the method of the embodiment shown in fig. 2, and are specifically configured to:
acquiring operation related parameters of a designated component in a node through a security monitoring application deployed in a Pod of the Kubernetes cluster node;
analyzing operation related parameters of a specified component in the node based on a set abnormal analysis strategy to obtain an abnormal analysis result of the node;
and carrying out operation and maintenance processing on the Kubernets cluster by using an operation and maintenance strategy matched with the abnormal analysis result of the nodes in the Kubernets cluster.
In short, the above description is only a preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

Claims (10)

1. An operation and maintenance processing method of a Kubernetes cluster, wherein the Kubernetes cluster comprises a plurality of nodes, and the method comprises the following steps:
acquiring operation related parameters of a designated component in the node through a security monitoring application deployed in the Pod of the node;
analyzing operation related parameters of a specified component in the node based on a set abnormal analysis strategy to obtain an abnormal analysis result of the node;
and carrying out operation and maintenance processing on the Kubernets cluster by using an operation and maintenance strategy matched with the abnormal analysis result of the nodes in the Kubernets cluster.
2. The method according to claim 1, wherein the anomaly analysis strategy comprises an Internet security Center (CIS) security benchmark and a scoring benchmark, wherein the scoring benchmark comprises the corresponding relationship between detection results of different security indexes in the CIS security benchmark and security scores;
analyzing the operation related parameters of the specified components in the nodes based on the set abnormal analysis strategy to obtain the abnormal analysis result of the nodes, wherein the method comprises the following steps:
determining detection results corresponding to various safety indexes of a specified component based on the CIS safety standard and operation related parameters of the specified component in the node;
determining a safety score of the specified component based on the detection result corresponding to each safety index of the specified component and the grading standard;
determining a safe score for the node based on the safe score for the specified component.
3. The method of claim 2, wherein performing operation and maintenance processing on the kubernets cluster according to the operation and maintenance policy matched with the abnormal analysis result of the node in the kubernets cluster comprises:
under the condition that the safe score of the node is smaller than a first set score, acquiring a designated component with the safe score smaller than a second set score in the node as a target component to be optimized;
determining an operation and maintenance strategy matched with the Kubernetes cluster based on the detection result of each safety index of the target component;
and carrying out operation and maintenance processing on the Kubernetes cluster based on the matched operation and maintenance strategy.
4. The method of claim 3, wherein before obtaining the operation-related parameters of the specified component in the node via a security monitoring application deployed in the Pod of the node, the method further comprises:
receiving a monitoring task deployment request from a monitoring party, wherein the monitoring task deployment request carries configuration information of a safety monitoring application to be deployed;
inquiring whether the safety monitoring application to be deployed exists in a task deployment library, wherein the deployed safety monitoring application is recorded in the task deployment library;
if the to-be-deployed safety monitoring application does not exist in the task deployment library, the to-be-deployed safety monitoring application is created in the Pod of the node based on the configuration information of the to-be-deployed safety monitoring application.
5. The method according to claim 4, wherein the monitoring task deployment request further carries identity information of a user allowed to access the Kubernetes cluster and corresponding access authority information;
after creating the security monitoring application to be deployed in the Pod of the node based on the configuration information of the security monitoring application to be deployed, the method further includes:
and configuring an authorization policy for the Kubernets cluster in an Application Program Interface (API) server of the Kubernets cluster based on the identity information of the user and the corresponding access authority information, wherein the authorization policy is used for authenticating the user accessing the Kubernets cluster.
6. The method of claim 1, wherein after obtaining the operation-related parameters of the specified component in the node via a security monitoring application deployed in the Pod of the node, the method further comprises:
and encrypting the operation related parameters of the appointed components in the node based on the Blowfish algorithm.
7. An operation and maintenance processing device of a Kubernetes cluster, which is characterized in that the Kubernetes cluster comprises a plurality of nodes, and the device comprises a component security evaluation layer and a self-healing scheme implementation layer;
the component security evaluation layer is used for acquiring operation related parameters of a specified component in the node through a security monitoring application deployed in the Pod of the node, and analyzing the operation related parameters of the specified component in the node based on a set anomaly analysis strategy to obtain an anomaly analysis result of the node;
and the self-healing scheme implementation layer is used for carrying out operation and maintenance processing on the Kubernets cluster by using an operation and maintenance strategy matched with the abnormal analysis result of the nodes in the Kubernets cluster.
8. The apparatus of claim 7, further comprising a task orchestration layer configured to:
receiving a monitoring task deployment request from a monitoring party, wherein the monitoring task deployment request carries configuration information of a safety monitoring application to be deployed;
inquiring whether the safety monitoring application to be deployed exists in a task deployment library, wherein the deployed safety monitoring application is recorded in the task deployment library;
if the to-be-deployed safety monitoring application does not exist in the task deployment library, the to-be-deployed safety monitoring application is created in the Pod of the node based on the configuration information of the to-be-deployed safety monitoring application.
9. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the method of any one of claims 1 to 6.
10. A computer readable storage medium, wherein instructions, when executed by a processor of an electronic device, enable the electronic device to perform the steps of the method of any of claims 1 to 6.
CN202010925468.7A 2020-09-03 2020-09-03 Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment Pending CN114138590A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010925468.7A CN114138590A (en) 2020-09-03 2020-09-03 Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010925468.7A CN114138590A (en) 2020-09-03 2020-09-03 Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment

Publications (1)

Publication Number Publication Date
CN114138590A true CN114138590A (en) 2022-03-04

Family

ID=80438397

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010925468.7A Pending CN114138590A (en) 2020-09-03 2020-09-03 Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment

Country Status (1)

Country Link
CN (1) CN114138590A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826939A (en) * 2022-04-25 2022-07-29 神州灵云(北京)科技有限公司 Network traffic analysis method of K8S cluster
CN114884838A (en) * 2022-05-20 2022-08-09 远景智能国际私人投资有限公司 Monitoring method of Kubernetes component and server
CN116170341A (en) * 2022-12-23 2023-05-26 中国联合网络通信集团有限公司 Virtualization platform monitoring method, device, system and storage medium

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826939A (en) * 2022-04-25 2022-07-29 神州灵云(北京)科技有限公司 Network traffic analysis method of K8S cluster
CN114826939B (en) * 2022-04-25 2024-04-23 神州灵云(北京)科技有限公司 Network traffic analysis method of K8S cluster
CN114884838A (en) * 2022-05-20 2022-08-09 远景智能国际私人投资有限公司 Monitoring method of Kubernetes component and server
CN114884838B (en) * 2022-05-20 2023-05-12 远景智能国际私人投资有限公司 Monitoring method and server of Kubernetes component
CN116170341A (en) * 2022-12-23 2023-05-26 中国联合网络通信集团有限公司 Virtualization platform monitoring method, device, system and storage medium
CN116170341B (en) * 2022-12-23 2024-04-09 中国联合网络通信集团有限公司 Virtualization platform monitoring method, device, system and storage medium

Similar Documents

Publication Publication Date Title
US10154066B1 (en) Context-aware compromise assessment
EP2759956B1 (en) System for testing computer application
CN110620753A (en) System and method for countering attacks on a user's computing device
US10073980B1 (en) System for assuring security of sensitive data on a host
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
Papamartzivanos et al. A cloud-based architecture to crowdsource mobile app privacy leaks
CN113614718A (en) Abnormal user session detector
US20230362142A1 (en) Network action classification and analysis using widely distributed and selectively attributed sensor nodes and cloud-based processing
EP3172692A1 (en) Remedial action for release of threat data
CN109271807A (en) The data safety processing method and system of database
US20230388278A1 (en) Detecting and mitigating forged authentication object attacks in multi - cloud environments with attestation
US11658996B2 (en) Historic data breach detection
Ferrari et al. NoSQL breakdown: a large-scale analysis of misconfigured NoSQL services
CN114189383A (en) Blocking method, device, electronic equipment, medium and computer program product
CN116522308A (en) Database account hosting method, device, computer equipment and storage medium
CN116319026A (en) Trust assessment method and device in zero-trust architecture and electronic equipment
US20230069731A1 (en) Automatic network signature generation
CN114386047A (en) Application vulnerability detection method and device, electronic equipment and storage medium
CN113765673A (en) Access control method and device
US11611570B2 (en) Attack signature generation
Aranitasi et al. Anomaly Detection in Cloud Based Application using System Calls
CN114422183B (en) Micro-service access control method, system and device based on security attribute
US20230214533A1 (en) Computer-implemented systems and methods for application identification and authentication
US20230094066A1 (en) Computer-implemented systems and methods for application identification and authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination