Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Docker white list execution control method for k8s environment

An execution control and whitelist technology, applied in the docker field, can solve the problem of inability to transfer the whitelist, and achieve the effect of reducing policy configuration time, improving work efficiency, and shortening the effective time.

Active Publication Date: 2020-08-11
BEIJING HUATECH INFORMATION TECH CO LTD
View PDF5 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In view of the above-mentioned deficiencies in the prior art, a docker whitelist execution control method for a k8s environment provided by the present invention solves the problem in the prior art that the whitelist cannot be transferred when the docker container is migrated

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Docker white list execution control method for k8s environment
  • Docker white list execution control method for k8s environment
  • Docker white list execution control method for k8s environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The specific embodiments of the present invention are described below so that those skilled in the art can understand the present invention, but it should be clear that the present invention is not limited to the scope of the specific embodiments. For those of ordinary skill in the art, as long as various changes Within the spirit and scope of the present invention defined and determined by the appended claims, these changes are obvious, and all inventions and creations using the concept of the present invention are included in the protection list.

[0028] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0029] like figure 1 As shown, a docker whitelist execution control method for k8s environment includes the following steps:

[0030] S1. Monitor the migration events of docker containers between clusters on the k8s system, and determine the host ID and docker container ID before and after migratio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a docker white list execution control method for a k8s environment, and the method comprises the following steps: monitoring a migration event of a docker container in a k8s system between clusters, determining host IDs before and after migration, obtaining a white list strategy, and uploading the white list strategy to a management center; transferring a docker container corresponding to the host ID before migration through a k8s system, and sending a white list strategy to the host after migration; and judging whether the target docker container executive program is in a white list or not, if so, allowing the target docker container executive program to run, otherwise, intercepting the target docker container executive program, generating audit and uploading the audit to a management center. According to the method, the docker internal program execution control strategy can take effect along with migration of the docker container in the K8S server cluster, a user does not need to deploy the same security strategy again, the working efficiency of the user is improved, and the strategy configuration time is shortened.

Description

technical field [0001] The invention belongs to the technical field of docker, and in particular relates to a docker whitelist execution control method used in a k8s environment. Background technique [0002] In the current environment of rapid development of cloud platform technology, problems such as server load, maintenance, and energy consumption have seriously affected the management efficiency of cloud platform resources. The emergence of Docker improves the management efficiency of cloud platform resources and accelerates the development, deployment and maintenance of applications. K8S integration speeds up the deployment of docker; however, the existing docker security policies, such as the whitelist protection policy, are static policies for docker, which can only be applied to specific clients and cannot be migrated; and when users deploy After K8S, K8S will migrate docker according to load, fault tolerance and other mechanisms; after docker becomes migratable, th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/51G06F9/455
CPCG06F21/51G06F9/45558G06F2009/4557Y02D10/00
Inventor 王晓娜刘凯刘秀玲
Owner BEIJING HUATECH INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products