Repository logo
 

Kubernetes and Istio as a Zero Trust Overlay

dc.contributor.advisorCiprian Popoviciu
dc.contributor.authorRoach, Collin
dc.contributor.committeeMemberTe-Shun Chou
dc.contributor.committeeMemberBiwu Yang
dc.contributor.committeeMemberJohn Pickard
dc.contributor.departmentTechnology Systems
dc.date.accessioned2025-06-05T17:25:54Z
dc.date.available2025-06-05T17:25:54Z
dc.date.created2025-05
dc.date.issuedMay 2025
dc.date.submittedMay 2025
dc.date.updated2025-05-22T21:14:53Z
dc.degree.collegeCollege of Engineering and Technology
dc.degree.grantorEast Carolina University
dc.degree.majorMS-Network Technology
dc.degree.nameM.S.
dc.degree.programMS-Network Technology
dc.description.abstractThe emergence of Zero Trust security frameworks led to multiple solutions proposed for creating dynamic, point-to-point overlays for the endpoints of an enterprise information technology (IT) fleet. Some of these solutions reuse old technologies such as virtual private networks (VPNs) and generic route encapsulation (GRE) tunnels which add significant overhead and come with scalability constraints. On the other hand, the rapid adoption of Cloud based services led to the development of hyperscale frameworks to support the creation and maintenance of dynamic overlays. For example, Istio is a management infrastructure that supports Kubernetes with respect to end-to-end authentication, authorization and secure resource connectivity of server instances in a cloud-based application. In application platforms, this is handled by tools such as Kubernetes which orchestrates workloads between nodes; Istio is a management platform that supports Kubernetes to handle end-to-end verification and authentication for these platforms. The objective of this research is to investigate the feasibility of using Istio as an end-point authentication and authorization mechanism combined with dynamic overlay management in support of a zero-trust deployment model. This implementation would adapt Istio to distributed endpoints rather than cloud compute resources used in a micro services application infrastructure. With Istio, traffic between endpoints was inspected at a central location where relevant policies are applied. With Istio, every endpoint was identified and verified while traffic to and from that endpoint is scrubbed and logged. Following a review of the current research on this topic, the conceptual model was presented, and the practical tests performed in support of the envisioned architecture. To test the alternative hypothesis, Istio’s ability to support cloud-based endpoints outside a Kubernetes infrastructure was evaluated. Then, Istio’s ability to support endpoints outside a cloud infrastructure was evaluated on devices such as a Raspberry Pi or a laptop encompassing both ARM and Intel-based processors. The impact of Kubernetes and Istio as a Zero Trust framework on intra-cluster communication was promising; however, Kubernetes and Istio experienced high latency during tests evaluating inter-cluster communications. Kubernetes and Istio can be used to effectively manage endpoint assets; however, it may not be ideal for all assets or scenarios.
dc.etdauthor.orcid0009-0009-9315-620X
dc.format.mimetypeapplication/pdf
dc.identifier.urihttp://hdl.handle.net/10342/14032
dc.language.isoEnglish
dc.publisherEast Carolina University
dc.subjectInformation Technology
dc.titleKubernetes and Istio as a Zero Trust Overlay
dc.typeMaster's Thesis
dc.type.materialtext

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
ROACH-PRIMARY-2025.pdf
Size:
1007.78 KB
Format:
Adobe Portable Document Format