SAP SE
RECONCILER SANDBOXES FOR SECURE KUBERNETES OPERATORS

Abstract:

Some embodiments may be associated with a cloud-based computing environment. A computer processor of an orchestration layer platform may deploy and manage multi-tenant workloads (e.g., each being associated with a Virtual Machine ("VM")) in the cloud-based computing environment. A Kubernetes control plane operator associated with the multi-tenant workloads may detect a trigger event (e.g., an actual VM state not matching a desired VM state) that results in a reconciliation request for a particular tenant workload. Responsive to the reconciliation request, serverless tenant execution code, representing reconciler logic compiled into a Web Assembly ("WASM") module, may be spun up in a WASM sandbox to perform reconciliation for the particular tenant workload.