NORMA eResearch @NCI Library

Securing Containerized Environments: Implementing Role-Based Access Control with Google Kubernetes Engine

Shaji, Abin (2024) Securing Containerized Environments: Implementing Role-Based Access Control with Google Kubernetes Engine. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
PDF (Master of Science)
Download (398kB) | Preview
[thumbnail of Configuration Manual]
Preview
PDF (Configuration Manual)
Download (426kB) | Preview

Abstract

This project focuses on implementing a dynamic Role-Based Access Control (RBAC) policy within a Kubernetes Autopilot cluster to optimize resource management and application stability. The primary objective was to dynamically adjust user roles based on real-time CPU usage metrics. When CPU usage exceeded 1000 millicores, roles were elevated to "Owner" to handle increased resource demands, while roles were reverted to their original settings when CPU usage fell below the threshold. The implementation does include setting up a Google Cloud Platform (GCP) project by configuring APIs by creating a Kubernetes cluster and deploying a Pub/Sub topic for alert notifications. Open Policy Agent (OPA) was used to use dynamic RBAC policies. Automation scripts have been created to adjust roles based on alerts. The performance of the dynamic RBAC policy was evaluated by monitoring role adjustments and system performance. Results have been shown successful role escalations and reversion by showing improved resource management and application stability. Compared to traditional static RBAC the dynamic approach given better resource optimization by increasing security and operational performance with good improvements in response times and error rates. This approach has given a scalable solution for managing roles in cloud-native environments by securing optimal performance and security.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Sahni, Vikas
UNSPECIFIED
Uncontrolled Keywords: Dynamic RBAC; Kubernetes Autopilot Cluster; Real-time CPU Usage; Pub/Sub Topic
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Cloud computing
Divisions: School of Computing > Master of Science in Cloud Computing
Depositing User: Ciara O'Brien
Date Deposited: 04 Jul 2025 10:50
Last Modified: 04 Jul 2025 10:50
URI: https://norma.ncirl.ie/id/eprint/8054

Actions (login required)

View Item View Item