SPARK: Secure Predictive Autoscaling for Robust Kubernetes
For Kubernetes operators, it addresses the problem of slow reactive scaling and DDoS vulnerability with a combined predictive and security approach.
SPARK introduces a predictive autoscaling toolchain for Kubernetes that uses eBPF for kernel-level security and predictive models for scaling, reducing timeout errors by 32% during traffic surges compared to reactive scaling.
Achieving high availability and robust security in Kubernetes requires more than reactive scaling and standard perimeter firewalls. Traditional autoscalers, such as HPA, often fail to react quickly to traffic spikes and cannot distinguish between legitimate flash crowds and DDoS attacks. We present an open-source toolchain to provide a traffic-aware autoscaling approach that utilizes an eBPF-based networking layer to enforce security policies at the kernel level while orchestrating scaling decisions based on predictive models. Our results demonstrate that the predictive approach reduces timeout errors by 32% during sudden traffic surges compared to standard reactive scaling, while ensuring immediate network convergence and layer 7 security isolation for newly scaled pods.