A Multi-pronged Self-adaptive Controller for Analyzing Misconfigurations for Kubernetes Clusters and IoT Edge Devices

Abstract

Kubernetes default configurations do not always provide optimal security and performance for all clusters and IoT edge devices deployed, making them vulnerable to security breaches and information leakage if misconfigured. Misconfiguration leads to a compromised system that disrupts the workload, allows access to system resources, and degrades the system’s performance. To provide optimal security for deployed clusters and IoT edge devices, the system should detect misconfigurations to secure and optimize its performance. We consider that configurations are hidden, as they are some sort of secret key or access token for an external service. We aim to link the clusters and IoT edge devices’ undesirable observed performance to their hidden configurations by providing a multi-pronged self-adaptive controller to monitor and detect misconfigurations in such settings. Furthermore, the controller implements standardized enforcement policies, demonstrating the controls required for regulatory compliance and providing users with appropriate access to the system resources. The aim of this paper is to introduce the controller mechanism by providing its main processes. Initial evaluations are done to assess the reliability and performance of the controller under different misconfiguration scenarios.