Network Policies in Kubernetes: Performance Evaluation and Security Analysis

5G applications with ultra-high reliability and low latency requirements necessitate the adoption of edge computing solutions in mobile networks. Container orchestration frameworks like Kubernetes (K8s) have further emerged as the preferred standard to dynamically deploy edge applications on demand of end-users and third-party companies. Unfortunately, complex networking and security concerns have been highlighted as challenges that impede the successful adoption of container technology by the industry. The security challenge is exacerbated by (mis-)conceptions that secure inter-container communication comes at the cost of performance, yet both requirements are vital for 5G edge-computing use cases. Pursuing low-overhead security solutions, this paper investigates network policies, the K8s concept for controlling network isolation between tenants. We evaluate performance overheads of eBPF -based solutions by Calico and Cilium, and analyze the security of network policies, highlighting security threats to network policies and outline corresponding state-of-the-art solutions. Our assessment shows that network policies are a suitable low-overhead security solution for low-latency inter-container communication.

ISBN:978-1-6654-1526-2

Publication year:2021

BOF-keylabel:yes

IOF-keylabel:yes

Authors from:Higher Education

Accessibility:Open