Dear OpenShift devs, maybe some of you are interested in my recently finished work on an evaluation and implementation of a traffic encryption technique in OpenShift (which might work in Kubernetes, too).
tl;dr: Tencrypt implements a transparent encryption proxy for network traffic originating from Pods towards Pods of the same OpenShift Project, without the need for any changes in deployment images (hence „transparent“). Feedback very welcome! I would be very happy about input, as my next (current) student thesis will extend Tencrypt. Published blog article: https://dpataky.eu/l/tencrypt-blog PDF report: https://dpataky.eu/l/tencrypt-report # # # # # # # Abstract: The aim of this work is the research of possibilities which allow automatic and transparent encryption of internal network traffic between applications of Tenants in a multi-tenant OpenShift infrastructure. Key feature is the earliest-possible encryption of network packets after packet creation, with a low impact on performance. The usage of dedicated network namespaces in container environments is taken into account. This work discusses different design alternatives. After a well-grounded choice of one design, this approach is evaluated in regards to performance using a prototypic implementation. # # # # # # # What do you think about the concept? Should the work be proceeded in this direction? Any gross errors which were overlooked in the design? Thank you all in advance! Regards, Dominik Pataky Student of Computer Science at the TU Dresden, Germany
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev