User data security protection method in Kubernetes environment

Abstract

The invention relates to a user data security protection method in a Kubernetes environment. The user data security protection method comprises encryption storage and access decryption. The encryptionstorage is implemented by the steps of: arranging and splicing non-empty fields in a test.yaml file into a character string according to a lexicographical order, and storing the character string intoa stringA in the test.yaml file; after a client receives the test.yaml file sent by a KubernetesAPISserver, decrypting a sign field in the file by using a private key, using an SHA1 signature algorithm to encrypt a stingA field by the client, comparing a decrypted abstract sign_d with a sign_2 obtained after the stingA is encrypted by the client, and ensuring that the fields are not tampered after comparison abstract results are the same; and encrypting the fields in the test.yaml by using a public key. The access decryption is implemented by the steps of: receiving an encrypted file by meansof the KubernetesAPISserver, and sending a request to an etcd; after the Kubernetes APIServer receives the information, sending the encrypted yaml configuration file to the client; receiving a test.yaml file sent by the APIServer by the client; decrypting, by means of the client, the data by using the private key; sending the decrypted file to the KubernetesAPISserver through an https protocol; receiving the data of the client by the KubernetesAPISserver; decrypting an abstract of the field sign; andensuring that the field is not tampered after confirming that abstract text results are the same.

Description

technical field [0001] The invention relates to data security technology, in particular to a user data security protection method in a Kubernetes environment. Background technique [0002] Enterprises, governments, and individuals generate all kinds of data every day. Data storage has also become a growing concern for us. With the development of the big data era, various information leakage incidents have caused more and more attention to security issues. In order to ensure data security, it is necessary to do a good job in the safe storage and management of data. [0003] Kubernetes (k8s) is a management platform for automatic deployment, expansion, and operation and maintenance of container clusters. It provides a mechanism for application deployment, planning, updating, and maintenance. Kubernetes deploys applications through containers. Each container is independent of each other and has its own file system. It has the characteristics of fast deployment and low resou...

AI Technical Summary

Problems solved by technology

On the Master node, Kubernetes cannot verify whether the scheduling request comes from a trusted user

[0007] 3) Although the authentication mechanism for data transfer between components is provided in "Authentication Mechanisms to Ensure Kubernetes Security", the certificate cannot guarantee that the call request is issued by the user himself

For example, the computer is used by others and a request is sent to the server. At this time, the server cannot verify the real identity of the user.

Images