International Business Machines Corporation
Mitigating threats to container-based workloads

Abstract:

Mitigating threats to container-based workloads is provided by a process that includes detecting an attack against a container hosting environment that includes active and reserve container pools. The attack poses a potential threat of contamination to hosted containers. Based on detecting the attack, the process identifies a time-to-contamination, taken as an amount of time for an active container of the active container pool to become contaminated as a result of the attack. The process provisions new containers into the reserve container pool at a determined rate that is based on the identified time-to-contamination, and continuously removes, from the active container pool, active containers servicing the workload and concurrently deploys reserve containers from the reserve container pool to the active container pool to replace the removed active containers and takeover servicing the workload.