• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.6
• /
• pp.1545-1559
• /
• 2023

In the cloud environment, microservices are implemented through Kubernetes, and these services can be expanded or reduced through the autoscaling function under Kubernetes, depending on the service request or resource usage. However, the increase in the number of nodes or distributed microservices in Kubernetes and the unpredictable autoscaling function make it very difficult for system administrators to conduct operations. Artificial Intelligence for IT Operations (AIOps) supports resource management for cloud services through AI and has attracted attention as a solution to these problems. For example, after the AI model learns the metric or log data collected in the microservice units, failures can be inferred by predicting the resources in future data. However, it is difficult to construct data sets for generating learning models because many microservices used for autoscaling generate different metrics or logs in the same timestamp. In this study, we propose a cloud data refining module and structure that collects metric or log data in a microservice environment implemented by Kubernetes; and arranges it into computing resources corresponding to each service so that AI models can learn and analogize service-specific failures. We obtained Kubernetes-based AIOps learning data through this module, and after learning the built dataset through the AI model, we verified the prediction result through the differences between the obtained and actual data.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.16 no.3
• /
• pp.99-105
• /
• 2021

The cloud computing evolution has brought us increasing necessity to manage virtual resources. For this reason, Kubernetes has developed to realize autonomous resource management in a large scale. It provides cloud computing infrastructure to handle cluster creations and deletions in a secure virtual computing environment. In the paper, we provide a monitoring scheme in which users can observe securely encrypted protocols while each Kubernetes component exchanges their packets. Eventually, users can utilize the proposed scheme for debugging as well as monitoring.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.7
• /
• pp.1047-1059
• /
• 2022

With the development of cloud computing technology, container technology that provides services based on a virtual environment is also developing. Container orchestration technology is a key element for cloud services, and it has become an important core technology for building, deploying, and testing large-scale containers with automation. Originally designed by Google and now managed by the Linux Foundation, Kubernetes is one of the container orchestrations and has become the de facto standard. However, despite the increasing use of Kubernetes in container orchestration, the number of incidents due to security vulnerabilities is also increasing. Therefore, in this paper, we study the vulnerabilities of Kubernetes and propose a security policy that can consider security from the initial development or design stage through threat analysis. In particular, we intend to present a specific security guide by classifying security threats by applying STRIDE threat modeling.

• Journal of Platform Technology
• /
• v.11 no.4
• /
• pp.71-79
• /
• 2023

In this paper, we analyze the characteristics of machine learning workloads and, based on them, propose a distributed in-memory caching technique to improve the performance of machine learning workloads. The core of machine learning workload is model training, and model training is a computationally intensive task. Performing machine learning workloads in a Kubernetes-based cloud environment in which the computing framework and storage are separated can effectively allocate resources, but delays can occur because IO must be performed through network communication. In this paper, we propose a distributed in-memory caching technique to improve the performance of machine learning workloads performed in such an environment. In particular, we propose a new method of precaching data required for machine learning workloads into the distributed in-memory cache by considering Kubflow pipelines, a Kubernetes-based machine learning pipeline management tool.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.15 no.3
• /
• pp.129-137
• /
• 2020

Kubernetes is one of the most widely used tool in cloud computing environments. It m anages POD as a basic operational unit, providing a isolated environments through container tech nology. Basically, its scheduler properly allocates POD, considering the utilizations of CPUs, mem ories and volumes on hosts. In our work, we develop a customized scheduling framework additio nally considering network resources. In the framework, we can monitor the dynamic variations of resources and make it possible to utilize the resources for the scheduler. This framework offers not only observing necessary information but also visualizing the data to scheduler for providing convenience.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.16 no.5
• /
• pp.201-207
• /
• 2021

Edge Computing enables image-based inference in close proximity to end users and real-world objects. However, since edge servers have limited computational and accelerator resources, efficient resource management is essential. In this paper, we present HeteroAccel system that performs optimal scheduling in Kubernetes platform based on available node and accelerator information for various inference requests. Our experiments showed 25.3% improvement in overall inference performance over the default scheduling scheme in edge computing environment in which four types of inference services are requested.

• Journal of Information Processing Systems
• /
• v.17 no.6
• /
• pp.1071-1082
• /
• 2021

Since the smart factory has been recently recognized as an industrial core requirement, various mechanisms to ensure efficient and stable operation have attracted much attention. This attention is based on the fact that in a smart factory environment where operating processes, such as facility control, data collection, and decision making are automated, the disruption of processes due to problems such as facility anomalies causes considerable losses. Although many studies have considered methods to prevent such losses, few have investigated how to effectively apply the solutions. This study proposes a Kubernetes based system applied in a smart factory providing effective operation and facility management. To develop the system, we employed a useful and popular open source project, and adopted deep learning based anomaly detection model for multi-sensor anomaly detection. This can be easily modified without interruption by changing the container image for inference. Through experiments, we have verified that the proposed method can provide system stability through nondisruptive maintenance, monitoring and non-disruptive updates for anomaly detection models.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.10
• /
• pp.77-86
• /
• 2020

In this paper, we propose a technique for blockchain service replication and recovery using kubernetes(BR2K) that robustly executes blockchain services based on replication and supports systematic recovery in case of the service failure. Blockchain services are being developed and applied in various fields such as administration, finance, and medical systems based on the features of blockchain, such as decentralization, high security, and data integrity. In such areas where service continuity is important, it is necessary to provide robustness for execution of blockchain services, and a recovery plan for service failure is also required. To this end, BR2K provides an execution replication technique that systematically supports the sustainable execution of blockchain application services. Also, it introduces a robust container registry based on the blockchain service registry, systematically supporting the recovery of service failures by using it. In addition, Truffle, a blockchain service development framework, is extended to utilize the Kubernetes container management tool, and BR2K provides a technique for rapidly deploying blockchain services using the extended framwork.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.81-89
• /
• 2023

Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.1
• /
• pp.11-19
• /
• 2021

The emerging Fifth Generation (5G) network technology brings us a new demand for low latency services. However, it may not be possible for long-distanced cloud computing servers to support users with satisfactory low latency services. For this reason, Multi-access Edge Computing (MEC) technology are gaining attraction since it is designed to provide low latency services to users by placing cloud computing resources to base-stations or mobile switching centers nearby users. Accordingly, it is necessary to verify the deployed containers on the MECs are reliable enough to provide low latency services empirically. For the purpose, we develop a testing tool to verify the reliability as well as network resources status of running MECs by deploying containers on the MECs in a Kubernetes environment.