NCI WEBSITE
NORMA eResearch @NCI Library

Container Image Security with Trivy and Istio Inter-Service Secure Communication in Kubernetes

Tools

Saxena, Prawal (2023) Container Image Security with Trivy and Istio Inter-Service Secure Communication in Kubernetes. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (3MB) | Preview
[thumbnail of Configuration manual]
Preview
 PDF (Configuration manual)
Download (2MB) | Preview

Abstract

Containers eliminate the need for manual deployment by using images that have already been constructed. However, the images that are associated with a particular service have a risk of being corrupted, which may result in damage to the whole system. This case study describes the security measures where Trivy tool will scan a Docker Image, and it will connect with an AWS CI/CD pipeline. This ensures that the image will be scanned each time the pipeline is run, and it will be uploaded to the ECR repository. This will prevent any harm from coming to the system. The methods consist of first scanning the image to check for any vulnerabilities and then saving the results to the repository for container images. Because Kubernetes has a complicated design and one of its primary concerns is its level of security, the platform includes a mesh of services, but interestingly its internal services are not encrypted. It is composed of a large number of distinct clusters that are separated from one another and provide a variety of services, however, each and every one of them is linked to the same network. If a malicious request is submitted to the cluster and bypasses the front-end security, it has a good chance of causing harm to one of the services, and if even one service or component of the cluster is compromised, the entire cluster is at risk. It is critical to ensure that the cluster is protected, and as part of this investigation, I am using an Istio tool implementation for service mesh, which will configure rules and proxies for incoming requests. The request will be validated when it passes through these predetermined rules, and then it will be sent to the appropriate request pod.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Heeney, Sean
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Cloud computing
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cloud Computing
Depositing User: Tamara Malone
Date Deposited: 19 Apr 2023 14:52
Last Modified: 19 Apr 2023 14:52
URI: https://norma.ncirl.ie/id/eprint/6491

Actions (login required)

View Item View Item