摘要
在容器云平台中,租户共享底层的计算、存储、网络等资源,存在租户容器运行和数据安全问题。分析了Kubernetes访问控制和资源隔离实现方案基础上,提出了一种基于多租户访问控制模型的容器云平台多租户方案,涵盖多租户管理模型、多租户访问控制、计算资源隔离和网络资源隔离等,可切实提升基于Kubernetes的容器云平台的资源隔离能力,有效降低数据安全隐患。
In the container cloud platform,tenants share the underlying computing,storage,network and other resources,and there are problems with the operation of the tenant container and data security.Based on the analysis of Kubernetes scheme based on access control and resource isolation,a multi-tenant cloud platform was proposed,which covers multi-tenancy management model,multi-tenant access control,computing resources isolated and network resources,etc.The proposed model can be practically improving resource isolation capability based on containers of Kubernetes cloud platform,effectively reduce the data security hidden danger.
作者
黄丹池
何震苇
严丽云
林园致
杨新章
HUANG Danchi;HE Zhenwei;YAN Liyun;LIN Yuanzhi;YANG Xinzhang(Research Institute of China Telecom Co.,Ltd.,Guangzhou 510630,China)
出处
《电信科学》
2020年第9期102-111,共10页
Telecommunications Science
