Identification of storage backends to higher-level processes to perform storage volume management
US-12393360-B1 · Aug 19, 2025 · US
Trusted and secured client-server model in kubernetes cluster pods
US2025365277A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2025365277-A1 |
| Application number | US-202418671494-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 22, 2024 |
| Priority date | May 22, 2024 |
| Publication date | Nov 27, 2025 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are provided for enabling a trusted and secured client-server model in a container orchestration environment. Various embodiments provide a trusted and secured client-server model leverages the concept of self-signed TLS certificates to automate and efficiently manage TLS connections. In some embodiments a Kubernetes API server injects a service token into each pod in a cluster. The Kubernetes API server also injects the certificate used to generate the service token. In a client server model between pods, clients can use the same service token as its identity to the server and the server can use the same certificate for validating the token. In this way, trust is established using token-based authentication between clients and servers.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method of securing communications between pods in a container orchestration platform cluster, comprising: pushing, by a container orchestration platform application programming interface (API) server, service tokens and certificates to a client pod and to a server pod; generating, by the server pod, a self-signed certificate; pushing, by the server pod, the self-signed certificate into a shared memory; pulling, by the client pod, the self-signed certificate from the shared memory; and establishing a secure transport layer security (TLS) connection between the client pod and the server pod using the self-signed certificate and the service token of the client pod. 2 . The method of claim 1 , wherein the shared memory comprises a persistent volume claim (PVC). 3 . The method of claim 1 , wherein the service tokens are JSON web tokens (JWT). 4 . The method of claim 1 , wherein the container orchestration platform comprises Kubernetes. 5 . The method of claim 1 , wherein the self-signed certificate includes a public key associated with the server pod. 6 . The method of claim 1 , further comprising: wherein a service token is also pushed to a second client pod; pulling, by the second client pod, the self-signed certificate from the shared memory; and establishing a second secure transport layer security (TLS) connection between the second client pod and the server pod using the self-signed certificate and the service token of the second client pod. 7 . The method of claim 1 , wherein the service tokens and certificates are also pushed to a second server pod, the method further comprising: generating, by the second server pod, a second self-signed certificate; storing the second self-signed certificate in memory; pushing, by the second server pod, the second self-signed certificate into shared memory; responsive to a detected failure of the client pod: pulling, by the client pod, the second self-signed certificate from the shared memory; and establishing a second secure transport layer security (TLS) connection between the client pod and the second server pod using the second self-signed certificate and the service token of the client pod. 8 . A system for securing communications between pods in a container orchestration platform cluster, comprising: a processor; a non-transitory computer-readable medium; and stored instructions translatable by the processor for executing: pushing, by a container orchestration platform application programming interface (API) server, service tokens and certificates to a client pod and to a server pod; generating, by the server pod, a self-signed certificate; pushing, by the server pod, the self-signed certificate into a shared memory; pulling, by the client pod, the self-signed certificate from the shared memory; and establishing a secure transport layer security (TLS) connection between the client pod and the server pod using the self-signed certificate and the service token of the client pod. 9 . The system of claim 8 , wherein the shared memory comprises a persistent volume claim (PVC). 10 . The system of claim 8 , wherein the service tokens are JSON web tokens (JWT). 11 . The system of claim 8 , wherein the container orchestration platform comprises Kubernetes. 12 . The system of claim 8 , wherein the self-signed certificate includes a public key associated with the server pod. 13 . The system of claim 8 , wherein the instructions further comprise: wherein a service token is also pushed to a second client pod; pulling, by the second client pod, the self-signed certificate from the shared memory; and establishing a second secure transport layer security (TLS) connection between the second client pod and the server pod using the self-signed certificate and the service token of the second client pod. 14 . The system of claim 8 , wherein the service tokens and certificates are also pushed to a second server pod, wherein the instructions further comprise: generating, by the second server pod, a second self-signed certificate; pushing, by the second server pod, the second self-signed certificate into shared memory; responsive to a detected failure of the client pod: pulling, by the client pod, the second self-signed certificate from the shared memory; and establishing a second secure transport layer security (TLS) connection between the client pod and the second server pod using the second self-signed certificate and the service token of the client pod. 15 . A computer programming product comprising a non-transitory computer-readable medium storing instructions for securing communications between pods in a container orchestration platform cluster, the instructions translatable by a processor for: pushing, by a container orchestration platform application programming interface (API) server, service tokens and certificates to a client pod and to a server pod; generating, by the server pod, a self-signed certificate; pushing, by the server pod, the self-signed certificate into a shared memory; pulling, by the client pod, the self-signed certificate from the shared memory; and establishing a secure transport layer security (TLS) connection between the client pod and the server pod using the self-signed certificate and the service token of the client pod. 16 . The computer programming product of claim 15 , wherein the shared memory comprises a persistent volume claim (PVC). 17 . The computer programming product of claim 15 , wherein the service tokens are JSON web tokens (JWT). 18 . The computer programming product of claim 15 , wherein the container orchestration platform comprises Kubernetes. 19 . The computer programming product of claim 15 , wherein the instructions further comprise: wherein a service token is also pushed to a second client pod; pulling, by the second client pod, the self-signed certificate from the shared memory; and establishing a second secure transport layer security (TLS) connection between the second client pod and the server pod using the self-signed certificate and the service token of the second client pod. 20 . The computer programming product of claim 15 , wherein the service tokens and certificates are also pushed to a second server pod, wherein the instructions further comprise: generating, by the second server pod, a second self-signed certificate; storing the second self-signed certificate in memory; pushing, by the second server pod, the second self-signed certificate into shared memory; responsive to a detected failure of the client pod: pulling, by the client pod, the second self-signed certificate from the shared memory; and establishing a second secure transport layer security (TLS) connection between the client pod and the second server pod using the second self-signed certificate and the service token of the client pod.
Assignees
Inventors
Classifications
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Performing the actions predefined by failover planning, e.g. switching to standby network elements · CPC title
- H04L63/166Primary
at the transport layer · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2025365277A1 cover?
- Systems and methods are provided for enabling a trusted and secured client-server model in a container orchestration environment. Various embodiments provide a trusted and secured client-server model leverages the concept of self-signed TLS certificates to automate and efficiently manage TLS connections. In some embodiments a Kubernetes API server injects a service token into each pod in a clus…
- Who is the assignee on this patent?
- Open Text Holdings Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Nov 27 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).