| CPC G06F 9/5077 (2013.01) [G06F 9/455 (2013.01); G06F 9/5005 (2013.01); G06F 11/3409 (2013.01); G06F 11/3414 (2013.01); G06F 11/3433 (2013.01); G06F 11/3457 (2013.01); G06F 2009/45562 (2013.01); G06F 2009/45587 (2013.01); H04L 41/50 (2013.01)] | 20 Claims |
|
1. A computer-implemented method, comprising:
implementing, by a computing cluster comprising a plurality of cloud-computing edge devices, a distributed control plane in which each of the plurality of cloud-computing edge devices is configured to provision and manage cloud infrastructure resources of the computing cluster independent from communicating with a device that is external to the computing cluster, the plurality of cloud-computing edge devices being communicatively connected to one another via an intra-node switch of the computing cluster, each of the plurality of cloud-computing edge devices being individually configured to encrypt or decrypt control plane data transmitted via the intra-node switch based at least in part on each of the plurality of cloud-computing edge devices being previously provisioned with encryption keys and a root certificate for the computing cluster;
generating, by a first cloud-computing edge device of the distributed control plane, a message comprising data related to control plane operations corresponding to a first resource of the cloud infrastructure resources of the computing cluster;
generating, by the first cloud-computing edge device of the distributed control plane and based at least in part on an encryption protocol and a first data encryption key of the encryption keys provisioned on the first cloud-computing edge device, an encrypted message from the message comprising the data related to the control plane operations corresponding to the first resource of the cloud infrastructure resources of the computing cluster;
authenticating, by the first cloud-computing edge device using the root certificate, a second cloud-computing edge device of the distributed control plane;
responsive to the authentication, transmitting, by the first cloud-computing edge device to the second cloud-computing edge device of the distributed control plane, the encrypted message via the intra-node switch;
decrypting, by the second cloud-computing edge device using a second data encryption key of the encryption keys provisioned on the second cloud-computing edge device, the encrypted message to obtain the data related to the control plane operations corresponding to the first resource of the cloud infrastructure resources of the computing cluster; and
based at least in part on obtaining the data related to the control plane operations that correspond to the first resource of the cloud infrastructure resources of the computing cluster, executing, by the second cloud-computing edge device, an operation for provisioning or managing the first resource of the cloud infrastructure resources of the computing cluster.
|