ABSTRACT
Kubernetes operators allow custom automation for applications to be packaged with the application in a cluster-agnostic manner. This unique property eliminates the need for inhouse operational expertise with the application --- such domain knowledge, encoded once, can be distributed to any environment --- but requires trusting the operator to run arbitrary actions across an entire cluster. Little is known about the security or reliability implications of this paradigm. We present results from a survey of 54 Kubernetes developers and an analysis of 215 feature requests against 19 operator repositories demonstrating the ways users have experienced nontrivial safety issues with operators. We further propose the development of Suture, an access-control mechanism that seeks to prevent the majority of these safety issues with operators.
- Red Hat Inc. 2020. OperatorHub. (2020). https://operatorhub.io/Google Scholar
- Kubernetes. 2020. Authorization Overview. (2020). https://kubernetes.io/docs/reference/access-authn-authz/authorization/Google Scholar
- Kubernetes. 2020. Using RBAC Authorization. (2020). https://kubernetes.io/docs/reference/access-authn-authz/rbac/Google Scholar
- Brandon Philips. 2016. Introducing Operators: Putting Operational Knowledge Into Software | Coreos. (2016). https://coreos.com/blog/introducing-operators.htmlGoogle Scholar
Recommendations
The induced generalized OWA operator
We present the induced generalized ordered weighted averaging (IGOWA) operator. It is a new aggregation operator that generalizes the OWA operator, including the main characteristics of both the generalized OWA and the induced OWA operator. This ...
Constructing Choquet integral-based operators that generalize weighted means and OWA operators
A new class of aggregation operators is proposed to generalize weighted means and OWA operators.SUOWA operators are defined by using Choquet integral.These operators are continuous, monotonic, idempotent, compensative and homogeneous of degree 1 ...
Distributivity between semi-t-operators and Mayor's aggregation operators
The problem of distributivity was first posed over forty years ago and it has been investigated for families of certain operations such as t-norms, t-conorms, uninorms, and nullnorms. In this paper, we investigate this topic further by focusing on Mayor'...
Comments