Revolutionizing Software Deployment Through

Microservices Containers
1
Utkarsh Pathak, 2 Sagar Vashist , and 3Dhawan Singh
1,2,3
Apex Institute of Technology, Chandigarh University, Mohali, India
3
University Centre for Research and Development, Chandigarh University, Mohali, India
3,*
dhawan_deor@yahoo.co.in

Abstract—In the last few years, DevOps approaches have

evolved software creation and deployment, allowing firms to
operate faster and more effectively. But these modifications
have brought out fresh dangers to security. To deal with these
issues, an entirely novel approach known as development
security operations integrates security across the whole
DevOps workflow. The philosophical thought, ideas, and
techniques of Development Security Operations are thoroughly
examined in this research work. By promoting a cooperative
mindset of security consciousness and using unchanging
facilities corporations may establish a secure-by-design setting
for growth which complies with regulatory or legal
requirements. The investigation in this paper comes to the
conclusion of DevSecOps ought to be implemented to bring
about critical mindset change in modern software
manufacturing. By integrating safety into each phase of the
DevOps lifecycle, companies may develop and put in
technology with greater safety, adaptability, and quickness, Fig. 1. DevOps workflow
offering customers an advantage to thrive in the ever-changing
online environment for right now. resource finances, as well as simplicity of administration; this
is often driven through technologies like Docker as well as
Keywords— containers, deployment, DevOps, etcd, Kubernetes. The DevOps workflow which we are using is
microservices, security defined in the given fig. 1 ahead.
I. INTRODUCTION In this research work, the sections have been organized as
follows: The issue at hand statement, which concerns
In this project, containerization of a microservice project
information encryption regarding ETCD, is covered in
will be done which is one of the best approaches for creation
Section I. The literature review is covered in section II,
and execution. In this fast-paced life there is a big
involves papers which have already been written on the
enhancement in the technology, which gives a benefit and
subject. Sections III convers methodology adapted for the
flexibility and opens many alternatives. Let us talk about
proposed work. Section IV, discusses the structure of etcd,
containerizing a microservices, it is basically a framework
which are entirely based on the K8s component ETCD and
which usually combines a structure of system and their
provides a solution to the data encryption issue that would
positive. It is an essential task to enclose and isolate
make them more secure. In section V, results are discussed
microservices, as it facilitates compatibility to the containers
and conclusion is made in final section.
on the deployment of services by using containerization.
If authors use containers, then it provides several advantages II. LITERATURE REVIEW
to them, which includes following: simplifying the T. Binz, C. Fehling, F. Leymann, A. Nowak and D.
technology management, optimizing the resource Schumm [1] DevOps might be considered an innovative
management, and other benefits include scalability, auto approach to growth, a framework, an approach, or an entire
healing, and security. All these benefits of this technology ideology. Closing the interaction divide among creation and
have been used by the containerization technologies like operation management will be its primary goal. It
Docker and Kubernetes, etc. And they all are CNCF verified recommends using processes, technologies, and expertise
projects. This primer investigates the basics of packaged that can span the whole development lifecycle for this
microservice delivery and discusses its implications for function.
developing software, delivery procedures, including the
general flexibility of contemporary platforms. As M. Paul [2] states that the notion predates the term agile
organizations strive for more flexible and adaptive systems, development; builders would tinker with system management
comprehending and utilizing packaged microservices are techniques and ideas to gain an improved awareness of how
getting much crucial to keep on the bleeding forefront of the application is to be set up, whereas IT employees might
advances in technology. periodically collaborate with the creation group to enhance
comprehension of how it works as well as ensure better
Deploying over an assortment within platforms yet performance. Thanks, with virtualization technologies or
circumstances can be done because it uses these containers adaptation on their own principles, an entirely novel type of
for computing' constant yet segregated context. It simplifies mixed engineers along with IT professionals as well as an
flexible construction by allowing groups autonomy to create, innovative software manufacturing environment have
launch, or expand micro services while impacting the entire emerged with the introduction of DevOps.
program. Advantages in containers include improved scaling,

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

 Among the objectives underlying the DevOps
methodology is to shorten the software delivery cycle [3].
The goal aims to allow any modifications to get seamlessly
built into the structure as it is still in manufacturing, while
simultaneously upholding and guaranteeing a high standard
of excellence [4]. Netflix is currently using chaotic design
approaches, that allow concepts such as continuous delivery
and deployment inside the DevOps framework [5] Balalaie et
al. [6] describe the process of moving to a monolithic mobile
back-end as a service (MBAAS) to a microservice design.
Apart toward the usual pains and hardships of transitioning
Fig. 2. Containers hierarchy in k8s.
from old systems to service-based designs, they also
experienced some interesting things regarding the DevOps
part of the procedure and the end result.
At first, it was necessary to change their development,
quality assurance, and operational groups' horizontally
organizational layout to include more vertically
organizations, having every level managing the more
compact functions. In their last piece, that talks about
leveraging containers to bridge the gap between the
development and production stages, researchers also address
the need for system supervision. The issue of containers, an Fig. 3. Kubernetes basic architecture.
innovation that renown had only recently grown, is
scalability, as well as automatic scaling. The issue has containerization orchestration tool. Kubernetes enables
already been studied and handled by practitioners as well as autonomous deployment, scaling, and management of
researchers. Actually, scalability may be related with the microservices, ensuring efficient utilization of resources and
hosts of virtual computers or the containers in question. continuous pod inspection. In the given fig. 2 hierarchy of
Numerous answers, using a focus on the second type, Kubernetes has been illustrated.
enable container scalability. Notable choices include A. Deploying through Automating:
Kubernetes from Google [7], [8], Docker Swarm in
conjunction with Docker Compose [9], [10], the native Kubernetes optimizes the whole deployment procedure
orchestrating services of Docker, and Mesos [11]. There is by utilizing manifest documents to set up the ideal settings.
insufficient proof of this capacity using the present These settings specify the number of pods to be deployed, the
instruments. For a client-server system, previous study has amount of assets needed to run them, and additional
proposed layer performance models [12], yet not in cloud- deployment parameters. Kubernetes subsequently employs
based or containerized apps. Unknown latencies must be constraints along with readily accessible assets to plan to
taken into account while using cloud, like the following deploy pods, or containers, to form cluster nodes.
paragraphs show. Structures to modify inactive aspects, B. Continuous Pod Tracking:
particularly efficiency, with regard of parameter estimations
Kubernetes continuously monitors the state of health and
were given by Woodside et al. [13] and Epifani et al. [14].
functionality of the pods running within the entire cluster. It
D. Lee, T. Lim and D. Arditi [15] provide a Probabilistic collects information on several aspects, such as CPU and
method for revising probability. It is applicable to a number memory use, pod preparedness, and connectivity to the
of formalized designs, such as Markov chains and queuing network. Watching systems such as Prometheus gather such
networks. The approach employed in this research, which data and preserve it for further examination and visualization.
relies on Kalman filters, emphasizes maximizing a complex
C. Automated Correction:
on multi-tier efficiency models as well as how it can be
utilized to dynamically adapt the application architecture in Kubernetes uses auto-healing mechanisms to ensure the
response to shifts in volatile settings such as the cloud. reliability and accessibility of microservices. When an error
or shortage of resources causes a container to grow sick or
III. METHODOLOGY incoherent, Kubernetes instantly detects the issue and
Essentially, this section will discuss the architecture of initiates steps to fix it. This may include ramping up more
containers and address the issue with container deployment copies, moving the pod to a safe node, or rebooting them just
databases that arises with the Kubernetes component, i.e., to maintain the necessary reliability.
etcd. This design has a cluster at the top, on which several D. Smart Management of Resources:
nodes are operating, numerous pods operating on the node,
Kubernetes facilitates precise management of the distribution
and multiple containers operating on the pod.
of resources and their utilization. This makes handling
Now the authors are going to focus on the Kubernetes resources easier. Resources, needs, and limits, in addition to
architecture and how the deployment happens, and they will the maximum and minimum CPU and memory use, may all
look at their architecture in detail. It orchestrates be customized to suit every pod. Through allocating pods
microservice deployments within a packaged ecosystem according to the resources available, Kubernetes encourages
using Kubernetes, a powerful effective utilization as well as avoids competition for
resources. In the given fig. 3 above, authors have showed
basic architecture of Kubernetes.
E. A horizontal Pod Self-scaling:
 This characteristic of Kubernetes enables a cluster to
change the number of pod replicas in response to traffic
needs. For best efficiency and resource consumption, HPA
adjusts the number of duplicates according to factors it
tracks, like CPU use or customized measurements.
The authors here have examined the internal design of
etcd, an internal Kubernetes component that functions
essentially as a distributed file system and database. It works
on NoSQL databases. Therefore, the authors can say that data
related to clusters, containers, and pods is handled by
Kubernetes components, i.e., ETCD. For more details ETCD
architecture can be referred, given in Fig. 4.
Further apart, talking about ETCD, it is a special database
that is distributed, highly consistent, key-value stored, and
last but not least, it is the only stateful component of the
whole Kubernetes components. For tasks like managing
configurations, and finding configurations it is used like an
authentic database, which stores all the information and
makes the process smoother. The design on which ETCD is
built is of high reliability and has failure tolerance and
stability.
IV. STRUCTURE OF ETCD
The structure of ETCD is described as below:
1. Raft Consensus: It is built on the concept of Raft
Consensus, which states that there are many nodes,
and between nodes, there is an election held between
them. Each node gives a vote, and the node that has
the highest number of votes becomes the leader node.
And when data is received, it is first received by the
leader node and then is replicated to other nodes.
2. ProtoBuf: It uses Protobuf to deserialize or serialize
the data faster. It uses WAL (Write Ahead Log),
which means operations are logged before they
happen to ensure high consistency and data integrity.
Data is stored in a multi-version key-value data model.
On a very high level, keys store some value and their
subsequent versions.
3. Key-Value Database: Etcd maintains information
within a distributed key-value database. Each
combination of values in a cluster is replicated across
many nodes. Users may perform actions such as
acquire, state, and remove information stored within
ETCD. Reads and writes typically aim for the primary
node, which then replicates the modifications to the
remaining cluster nodes.
4. API Component: Etcd exposes a simple HTTP API
through which clients can interact within the clusters.
Amongst other functions, users utilizing this
programming interface may query cluster positions,
access and modify information, and maintain track of
modifications. The API is designed to be easy to learn
and compatible with plenty of different coding
languages and frameworks.
5. Encryption: Etcd provides several safety precautions
to protect data and interactions inside the cluster. This
works for both identification and privilege control
functions in role-based access control (RBAC) setups.
This can additionally encode information while it is
moving or while it is resting in order to maintain
Fig. 4. Architecture of etcd
confidentiality. Etcd has to encode what it stores in
order to ensure the safety and confidentiality of
sensitive information stored in the key-value store.
When information stored in etcd does not have
encryption, it poses a significant danger, particularly
in environments where safety is a primary issue. The
issue of unencrypted information in etcd can be
resolved by doing the following steps:
6. Enable Transportation Encrypting: Etcd permits
encryption for communication among cluster nodes to
avoid hacking and spying. That is achieved by turning
on transport layer security (TLS) and encrypting each
network communication. One can generate certificates
using TLS and configure ETCD to utilize these for
secure interactions among nodes. Enable information-
at-rest encryption to ensure that, regardless of the
unlikely event that a hacker gains entry to the
underlying storage systems, the attacker is unable to
access the information without an encryption key.
Etcd allows data that is encrypted to be stored on
storage using encryption techniques such as AES.
When information is never fully utilized, users may
protect their privacy by turning on information-at-rest
encryption.
7. Look over the permissions that regulate: Verify that
all of the access limits are configured appropriately to
use the simplest method for controlling the usage of
private data. Employ role-based access control
(RBAC) approaches to set assigned permissions and
roles to various individuals or applications that utilize,
ETCD. Regularly review and verify access limits to
detect and fix any mistakes or illegal entry efforts.
8. Update and Repair Often: To keep ETCD technology
up to date, installing most current safety patches and
updates is done. Basically, the authors have a bunch of
records for security purposes, and it is very necessary
to regularly check the records because, most of the
time, complex vulnerabilities lead to the containers
being broken down and hackers easily attacking and
accessing them. Therefore, to make it safe, it is
required to scan it properly, check the vulnerability,
and fix it. It is also possible to use tools like Trivy and
many more to scan each layer and get the result, and
with the proper monitoring, it is possible to make it
safe and secure.
For more security, it is possible to add more
enhancements to authentication and authorization. In the
admission controller system, changes can be made in
such a way that they give access to any illegal requests
and block them instantly. The workflow of ETCD
encryption gives us a strong root in finding the issue to
ensure safety of private information that is in distributed
 systems. Basically, ETCD works on tiers or levels, and It reduces the risk of storing private data in ETCD by
every layer has different functionality, which will give a making it typical for unauthorized users to access this
structured way to measure security and make the process private data, which may be a big loss to the users. In the
reliable. For the structure in ETCD, first the author meets whole system of an ETCD, the protocol that is mostly being
with the customer layer, through which users are used is TLS (Transport Layer Security).
communicating, and then there is TLS (Transport Layer
Security), which is basically a protocol in it that ensures
security. This layer plays an important in the data
encryption, which is an important factor for the security
purposes and because of that, it maintains the
confidentiality.
Examining the design in more detail, its client-to-etcd
interaction is carried out via the Application Programming
Interface Layers. For this instance, the Hypertext Transfer
Protocol (HTTP) Interface facilitates interaction using TLS
encryption. This layer provides users with an easy-to-use
interface for ETCD functionalities while ensuring that
information is protected throughout transmission. The
encrypted layers, which are in the position of implementing
mechanisms for encryption when information is in transit and
at relaxation, occupy the core of the architecture. Transport
Layer Security (TLS)-encrypted interactions between ETCD
servers guarantee the confidentiality and reliability of
agreement procedures and information duplication.

The layout maintains integrity and controls interaction

among ETCD nodes by utilizing the RAFT consensus
method within the cluster level. Encryption channels of
communication formed using TLS strengthen the safety of
clusters by preventing unauthorized utilization of
information and ensuring the reliability of dispersed
operations. The data obtained will be stored in Kubernetes in
the form of key-value pairs. If the data is at rest, meaning it
is not used for sharing anywhere, then it is better to encrypt
it. So that it can provide better security and make the system Fig. 5. Architecture of ETCD after data encryption.
compatible.

To talk about security, the authors observed on the

admission control where 60–70% security will be given. It is
possible to make a policy so that only legal users can get
authorization, and all the illegal links or requests will be
terminated and blocked instantly. Now the question arises:
How will permission be given? Therefore, permissions can
be given, and all the workflows’ responsibilities are
controlled by RBAC (role-based access control), which
means that you authenticate only those parts those parts
that are suited to your role or match the profile. There
should be a system through which entries can be found,
which can benefit the admin in finding out the user who has
done the unusual things. Companies should have proactive Fig. 6. Showing the analysis of security and dependencies.
and tracking tools that can have the logs of all the users,
which can ping the request to the system. It enhances The information that the admin has in ETCD will be moving
security, and users can be identified and permanently from one node to another; therefore, there might be a chance
blocked. of a breakdown of the containers, and information can be
leaked. Therefore, it provides security by encrypting and
V. RESULT decrypting the data. As you can see in the given fig. 5.

Systems like ETCD will prove beneficial for large
businesses because they have worked on security and
authentication, and the main thing is that the admin can
identify the scammers who usually try to hack our data
systems.
Sometimes data is in the rest position; it can neither move
nor be shared with anyone; therefore, it is also necessary to
encrypt the data, which will provide security such that
whatever information, i.e., private or public, will be stored
safely. Sensitive information is abstracted from customers to
protect it from any unwanted usage, and it is done by
restricting usage of ETCD and by using an advanced client
authentication system and access rules. The permission part
here is handled by role-based access control, and it
guarantees that only those who have permission can interact
with ETCD.
Giving regular updates to the security system of ETCD with
the most advanced security measures helps in avoiding
hackers taking unusual advantage and accessing sensitive
information. To ensure all the ETCD clusters are safe and
protected, all the updates can be deployed in very little time,
providing real-time security updates. By using this,
businesses now know who can access information in ETCD,
and they can track down any unusual behaviour by
implanting devices that record and audit the system.
Continuously monitoring any kind of malicious activity and
unwanted access attempt helps in taking care of safety. As
you can see the analysis on the given fig 6.
VI. CONCLUSION
At last, the conclusion of this paper is that due to the
complex vulnerability, there is a chance of the container
breakdown, so secure it. The author just implemented the
security on the database, i.e., ETCD.
In the ETCD, most of the time, data is not encrypted, which
will make it easier for hackers to hack it. With the help of
TLS (Transport Layer Security), security is enhanced, which
provides the encryption and decryption of the data while
transferring it from one place to another.
For compatibility and reliability, we just handle 70% of the
security from the admission controller system. A tool like
Kyverno will help to change the policy according to the
situation at any time. The biggest advantage is that we will
implement a procedure in the ETCD so that we get the logs
of every user who is trying to enter in our database, and the
system will check if the user's authentication and
authorization are valid or not; if they're not, it will block
them instantly. Also, the author has implemented RBAC
(role-based access management), through which only users
can get authentication according to their roles.
REFERENCES
[1] T. Binz, C. Fehling, F. Leymann, A. Nowak and D. Schumm,
“Formalizing the Cloud through Enterprise Topology Graphs,” IEEE
Fifth International Conference on Cloud Computing, 2012.
[2] M. Paul, “Fill the Gap Between CI and CD Pipelines With Continuous
Testing - DZone DevOps,” dzone.com, 2017. [Online].
Available:https://dzone.com/articles/fill-the-gap-between-ci-andcd-
pipelines-with-cont.
[3] D. Stahl, K. Hallen, and J. Bosch, “Achieving traceability in large
scale continuous integration and delivery deployment, usage, and
validation of the Eiffel framework,” Empirical Software Engineering,
vol. 22, no. 3, pp. 967-995, 2016. Available: 10.1007/s10664-016-
9457-1.
[4] K. Wiklund, S. Eldh, D. Sundmark, and K. Lundqvist, “Impediments
for software test automation: A systematic literature review,”
Software Testing, Verification and Reliability, vol. 27, no. 8, p. e1639,
2017. Available: 10.1002/stvr.1639.
[5] G. Adzic, “Bridging the Communication Gap: Specification by
Example and Agile Acceptance Testing,” London: Neuri, 2009.
[6] M. Ilyas, “Software Integration Challenges for GSD Vendors: An
Exploratory Study Using a Systematic Literature Review,” Journal of
Computers, pp. 416-422, 2017. Available: 10.17706/jcp.12.5.416-
422.
[7] R. Vaasanthi, S. Philip and V. Prasanna, “Comparative Study of
DevOps Build Automation Tools,” International Journal of Computer
Applications, vol. 170, no. 7, pp. 5-8, 2017. Available:
10.5120/ijca2017914908.
[8] M. Shahin, M. Ali Babar, and L. Zhu, “Continuous Integration,
Delivery and Deployment: A Systematic Review on Approaches,
Tools, Challenges, and Practices,” IEEE Access, vol. 5, pp. 3909-
3943, 2017. Available: 10.1109/access.2017.2685629.
[9] M. Meyer, “Continuous Integration and Its Tools,” IEEE Software,
vol. 31, no. 3, pp. 14-16, 2014. Available: 10.1109/ms.2014.58.
[10] L. Chen, “Continuous Delivery: Huge Benefits, but Challenges Too,”
IEEE Software, vol. 32, no. 2, pp. 50-54, 2015. Available:
10.1109/ms.2015.27.
[11] S. Asmus, A. Fattah and C. Pavlovski, “Enterprise Cloud
Deployment: Integration Patterns and Assessment Model,” IEEE
Cloud Computing, vol. 3, no. 1, pp. 32-41, 2016. Available:
10.1109/MCC.2016.11.
[12] J. Wettinger, U. Breitenbucher, M. Falkenthal and F. Leymann,
“Collaborative gathering and continuous delivery of DevOps solutions
through repositories,” Computer Science - Research and
Development, vol. 32, no. 3-4, pp. 281-290, 2016. Available:
10.1007/s00450-016-0338-z.
[13] P. Ajibade, E. M. Ondari-Okemwa, and M. M. Matlhako,
“Information technology integration for accelerated knowledge
sharing practices: challenges and prospects for small and medium
enterprises,” Problems and Perspectives in Management, vol. 17, no.
4, pp. 131-140, 2019. Available: 10.21511/ppm.17(4).2019.11.
[14] J. Kanjilal, “DevOps - Bridging the Gap between Dev and Ops –
InsightsSuccess,: InsightsSuccess, 2017. [Online].
Available:https://www.insightssuccess.com/devopsbridging-the-
gapbetween-dev-and-ops/.
[15] D. Lee, T. Lim and D. Arditi, “Automated stochastic quality function
deployment system for measuring the quality performance of
design/build contractors,” Automation in Construction, vol. 18, no. 3,
pp. 348-356, 2009. Available: 10.1016/j.autcon.2008.10.002.
[16] D. Farley and J. Humble, “Continuous delivery,” Addison-Wesley
Professional, 2010.
[17] D. Stahl and J. Bosch, “Modeling continuous integration practice
differences in industry software development,” Journal of Systems
and Software, vol. 87, pp. 48-59, 2014. Available:
10.1016/j.jss.2013.08.032.
[18] M. Virmani, “Understanding DevOps and bridging the gap from
continuous integration to continuous delivery,” Fifth International
Conference on the Innovative Computing Technology, 2015..
[19] J. Hernantes, G. Gallardo and N. Serrano, “IT Infrastructure-
Monitoring Tools,” IEEE Software, vol. 32, no. 4, pp. 88-93, 2015.
[20] M. Virmani, "Understanding DevOps and Bridging the Gap from
Continuous Integration to Continuous Delivery", Proc. 5th Int’l Conf.
Innovative Computing Technology, pp. 78-82, 2015.
[21] D. Spinellis, “Don’t Install Software by Hand,” IEEE Software, vol.
29, no. 4, pp. 86-87, 2012.