A Secure, Resource-Efficient, and Pluggable Kubernetes for Multi-Tenancy
Flexible Confidential Kubernetes with Control Plane Protection
Introduction
This work aims to achieve the best of both worlds with two prominent techniques adopted in cloud computing systems: hardware trusted execution environments (TEEs) for data processing security, and Kubernetes (k8s) for efficient container orchestration and resource management for multi-tenancy. A secure, resource-efficient, and pluggable container orchestration system, called Pyramid, is proposed, which incurs minimal intrusive modifications to the commercial k8s. Pyramid puts a separate trusted k8s on top of the original k8s cluster and carefully cooperates between the two layers. The workflow within each layer is maximally preserved without significant changes. The untrusted layer manages resource scheduling across different tenants to improve utilization and passes the resource information to the trusted layer to launch actual computations secured by TEEs, with the help of carefully designed interface and protection mechanisms. Evaluation results show that Pyramid achieves 1.4× higher throughput on the data plane, with comparable control-plane performance to previous work.