Optimizing Spot Instance Reliability and Security Using Cloud-Native Data and Tools
Muhammad Saqib, Shubham Malhotra, Dipkumar Mehta, Jagdish Jangid, Fnu Yashu, Sachin Dixit
TL;DR
Cloudlab presents a Google Cloud–based, GitOps‑driven cloud‑native lab designed to advance network security research and training. It weaves together Kubernetes, serverless computing, and automated CI/CML pipelines with tools such as CN‑Series firewalls, Bridgecrew, and Kyverno to enable secure, containerized workloads and policy‑driven workflows. The work details an end‑to‑end infrastructure including IaC in GitHub, two GKE clusters for CI and ML, a private GCR registry, and Tekton‑driven pipelines with automated security scans, illustrating RBAC, Policy as Code, and Security as Code in practice. The platform aims to bridge theory and application, offering a scalable, reusable environment for hands‑on security experiments, multi‑cloud considerations, and red‑team testing to enhance resilience in modern cloud ecosystems.
Abstract
This paper represents "Cloudlab", a comprehensive, cloud - native laboratory designed to support network security research and training. Built on Google Cloud and adhering to GitOps methodologies, Cloudlab facilitates the the creation, testing, and deployment of secure, containerized workloads using Kubernetes and serverless architectures. The lab integrates tools like Palo Alto Networks firewalls, Bridgecrew for "Security as Code," and automated GitHub workflows to establish a robust Continuous Integration/Continuous Machine Learning pipeline. By providing an adaptive and scalable environment, Cloudlab supports advanced security concepts such as role-based access control, Policy as Code, and container security. This initiative enables data scientists and engineers to explore cutting-edge practices in a dynamic cloud-native ecosystem, fostering innovation and improving operational resilience in modern IT infrastructures.