SPARK: Secure Predictive Autoscaling for Robust Kubernetes
Zhijun Jiang, Amin Milani Fard
TL;DR
SPARK is an open-source, traffic-aware autoscaling tool for Kubernetes that uses kernel-level security enforcement and predictive models to improve responsiveness and security during traffic surges.
Contribution
It introduces a novel autoscaling approach combining eBPF-based security policies with predictive traffic models, enhancing Kubernetes robustness.
Findings
Reduces timeout errors by 32% during traffic surges
Ensures immediate network convergence and security isolation
Improves responsiveness over standard reactive autoscaling
Abstract
Achieving high availability and robust security in Kubernetes requires more than reactive scaling and standard perimeter firewalls. Traditional autoscalers, such as HPA, often fail to react quickly to traffic spikes and cannot distinguish between legitimate flash crowds and DDoS attacks. We present an open-source toolchain to provide a traffic-aware autoscaling approach that utilizes an eBPF-based networking layer to enforce security policies at the kernel level while orchestrating scaling decisions based on predictive models. Our results demonstrate that the predictive approach reduces timeout errors by 32% during sudden traffic surges compared to standard reactive scaling, while ensuring immediate network convergence and layer 7 security isolation for newly scaled pods.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.