• International journal of advanced smart convergence
• /
• v.12 no.4
• /
• pp.126-133
• /
• 2023

Recent advancements in cloud service virtualization technologies have witnessed a shift from a Virtual Machine-centric approach to a container-centric paradigm, offering advantages such as faster deployment and enhanced portability. Container orchestration has emerged as a key technology for efficient management and scheduling of these containers. However, with the increasing complexity and diversity of heterogeneous workloads and service types, resource scheduling has become a challenging task. Various research endeavors are underway to address the challenges posed by diverse workloads and services. Yet, a systematic approach to container orchestration for effective cloud management has not been clearly defined. This paper proposes the DRA-Engine (Dynamic Resource Allocation Engine) for resource scheduling in container orchestration. The proposed engine comprises the Request Load Procedure, Required Resource Measurement Procedure, and Resource Provision Decision Procedure. Through these components, the DRA-Engine dynamically allocates resources according to the application's requirements, presenting a solution to the challenges of resource scheduling in container orchestration.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.595-596
• /
• 2023

본 논문에서는 컨테이너 오케스트레이션 플랫폼에 대하여 분석하고자 한다. 공공 클라우드 전환 로드맵 검토에 따라 클라우드 네이티브 전환을 위한 기술로 컨테이너, 마이크로서비스, 컨테이너 오케스트레이션의 중요성이 강조되고 있다. 대표적인 컨테이너 오케스트레이션 도구인 Kubernetes, Docker Swarm, Mesos를 비교하며, 이들의 초기 설치 용이성, 볼륨 관리, 애플리케이션 배포, 장애 관리 등에 대해 분석하고, 이를 통해 각 도구의 장단점과 적용 상황에 따른 고려사항을 파악함으로써, 클라우드 네이티브 전환 로드맵 수립에 도움을 제공하고자 한다.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.270-278
• /
• 2023

We propose a container orchestration system for process workloads that combines the potential of big data and machine learning technologies to integrate enterprise process-centric workloads. This proposed system analyzes big data generated from industrial automation to identify hidden patterns and build a machine learning prediction model. For each machine learning case, training data is loaded into a data store and preprocessed for model training. In the next step, you can use the training data to select and apply an appropriate model. Then evaluate the model using the following test data: This step is called model construction and can be performed in a deployment framework. Additionally, a visual hierarchy is constructed to display prediction results and facilitate big data analysis. In order to implement parallel computing of PCA in the proposed system, several virtual systems were implemented to build the cluster required for the big data cluster. The implementation for evaluation and analysis built the necessary clusters by creating multiple virtual machines in a big data cluster to implement parallel computation of PCA. The proposed system is modeled as layers of individual components that can be connected together. The advantage of a system is that components can be added, replaced, or reused without affecting the rest of the system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.7
• /
• pp.1047-1059
• /
• 2022

With the development of cloud computing technology, container technology that provides services based on a virtual environment is also developing. Container orchestration technology is a key element for cloud services, and it has become an important core technology for building, deploying, and testing large-scale containers with automation. Originally designed by Google and now managed by the Linux Foundation, Kubernetes is one of the container orchestrations and has become the de facto standard. However, despite the increasing use of Kubernetes in container orchestration, the number of incidents due to security vulnerabilities is also increasing. Therefore, in this paper, we study the vulnerabilities of Kubernetes and propose a security policy that can consider security from the initial development or design stage through threat analysis. In particular, we intend to present a specific security guide by classifying security threats by applying STRIDE threat modeling.

• KNOM Review
• /
• v.23 no.1
• /
• pp.43-50
• /
• 2020

As General Purpose Graphics Processing Unit (GPGPU) recently plays an essential role in high-performance computing, several cloud service providers offer GPU service. Most cluster orchestration platforms in a cloud environment using containers allocate the integer number of GPU to jobs and do not allow a node shared with other jobs. In this case, resource utilization of a GPU node might be low if a job does not intensively require either many cores or large size of memory in GPU. GPU virtualization brings opportunities to realize kernel concurrency and share resources. However, performance may vary depending on characteristics of applications running concurrently and interference among them due to resource contention on a node. This paper proposes GPU container co-execution framework with multiple server creation and execution based on Kubernetes, container orchestration platform for measuring interference which may be occurred by sharing GPU resources. Performance changes according to scheduling policies were investigated by executing several jobs on GPU. The result shows that optimal scheduling is not possible only considering GPU memory and computing resource usage. Interference caused by co-execution among applications is measured using the framework.

• Informatization Policy
• /
• v.26 no.3
• /
• pp.90-106
• /
• 2019

The cloud services market is growing rapidly from the on-premises environment to the cloud computing environment and the domestic cloud software market in Korea is expected to grow at a CAGR of around 15%. In Korea, research teams are providing open cloud platforms using open source software under the government taking the initiative, which intends to enhance the reliability and functionality of open cloud platforms, provide users with a world-class open cloud platform-based and developer-friendly environment that is managed on heterogeneous cloud infrastructure and supported by full-lifecycle management of application software. In this paper, we propose a method to utilize CaaS in the open cloud platform, through incorporating the platform with the container orchestration platform. Finally, by providing users with the application runtime and container runtime, it presents how the two platforms can coexist and cooperate in the same ecosystem.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.3
• /
• pp.1063-1075
• /
• 2022

In recent years, container techniques have been broadly applied to cloud computing systems to maximize their efficiency, flexibility, and economic feasibility. Concurrently, studies have also been conducted to ensure the security of cloud computing. Among these studies, moving-target defense techniques using the high agility and flexibility of cloud-computing systems are gaining attention. Moving-target defense (MTD) is a technique that prevents various security threats in advance by proactively changing the main attributes of the protected target to confuse the attacker. However, an analysis of existing MTD techniques revealed that, although they are capable of deceiving attackers, MTD techniques have practical limitations when applied to an actual cloud-computing system. These limitations include resource wastage, management complexity caused by additional function implementation and system introduction, and a potential increase in attack complexity. Accordingly, this paper proposes a software-defined MTD system that can flexibly apply and manage existing and future MTD techniques. The proposed software-defined MTD system is designed to correctly define a valid mutation range and cycle for each moving-target technique and monitor system-resource status in a software-defined manner. Consequently, the proposed method can flexibly reflect the requirements of each MTD technique without any additional hardware by using a software-defined approach. Moreover, the increased attack complexity can be resolved by applying multiple MTD techniques.

• The Journal of Korea Robotics Society
• /
• v.17 no.2
• /
• pp.118-123
• /
• 2022

We implemented a real-time cloud robotics application by offloading robot navigation engine over to 5G Mobile Edge Computing (MEC) sever. We also ran a fleet management system (FMS) in the server and controlled the movements of multiple robots at the same time. The mobile robots under the test were connected to the server through 5G SA network. Public 5G network, which is already commercialized, has been temporarily modified to support this validation by the network operator. Robot engines are containerized based on micro-service architecture and have been deployed using Kubernetes - a container orchestration tool. We successfully demonstrated that mobile robots are able to avoid obstacles in real-time when the engines are remotely running in 5G MEC server. Test results are compared with 5G Public Cloud and 4G (LTE) Public Cloud as well.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.81-89
• /
• 2023

Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments

• Journal of the Korea Institute of Military Science and Technology
• /
• v.27 no.1
• /
• pp.60-69
• /
• 2024

The importance of geospatial information is increasingly highlighted in the defense domain. Accurate and up-to-date geospatial data is essential for situational awareness, target analysis, and mission planning in millitary operations. The use of high-resolution geospatial data in military operations requires large storage and fast image processing capabilities. Efficient image processing is required for tasks such as extracting useful information from satellite images and creating 3D terrain for mission planning, In this paper, we designed a cloud-based operational situation mixed reality visualization system that utilizes large-scale geospatial information distributed processed on a cloud server based on the container orchestration platform Kubernetes. We implemented a prototype and confirmed the suitability of the design.