The list of possible topics for the current academic year are the following:

#1. The "Student-as-a-Service" for CrownLabs (ASSIGNED)

Kubernetes enables the creation of generic operators that are in charge of controlling software resources and reacting properly to change of states (e.g., a modification based on the usual CRUD operations). The above software resources are rather generic and may not be strictly related to Kubernetes itself, hence paving the way to control generic objects such as "student" (or, at least, its virtual abstraction). This project aims at introducing a "student" resource in CrownLabs, which can control all the related objects (e.g., user accounts in the authentication server; courses the student it belongs to; etc.). The exact specifications about will be given in a proper Feature Request on GitHub, which captures the result of a discussion with the rest of the CrownLabs team.

Ongoing discussion: transform "students" in "users" and "courses" in "groups" in order to create a multi-tenant environment, with generic resources and permissions, in order to support the original CrownLabs use case (e.g., students, labs, courses) as well as a more generic use cases (users, groups, VMs, Docker).

(Gabriele Filaferro s273797; tutors: Alex Palesandro, Marco Iorio)

#2. GitHub Actions: Automating testing workflow for the Polycube open-source project (ASSIGNED)

Automatic testing is very important in modern software development. GitHub has recently introduced a new feature, called GitHub Actions, which is able to control sophisticated workflows that can be used to perform automated testing before merging some new code in the main repository. Currently, Polycube has a set of automated tests which are performed through an external service, based on the Jenkins software. However, this software has to be managed and operated by an external entity (currently, it runs on POLITO servers), who is also in charge of solving possible problems (e.g., the Jenkins service does not start). This project aims at migrating the Polycube testing, which involves several VMs and Docker, into a "managed" service, the one provided by GitHub, hence freeing precious CPU (and human) resources at the POLITO premises.

(Klaus Cuko 260351; tutors: Alex Palesandro, Marco Iorio, Federico Parola)

#3. From VMs to Docker: the CrownLabs case (ASSIGNED)

Currently, the CrownLabs service exploits a VM technology for running the student's "virtual desktop", although running in Kubernetes. In fact, the kubevirt extension enables Kubernetes to play with VMs in addition to containers. However, VMs consume a considerable amount of resources, compared to Docker. This project aims at exploring the possibility to transform the VMs executed by CrownLabs into containers, implementing the Feature Request #210 of the CrownLabs project. This may not apply to all services, but it would be a nice feature for applications that do not need a full desktop environment (e.g., Matlab).

(Federico Cucinella, 269149, Luca Francescato 275128 ; tutors: Hamza Rhaouati, Alex Palesandro, Marco Iorio)

#4. Introducing the support for stateful VMs in CrownLabs

One of the biggest limitation of CrownLabs is the impossibility to modify a VM, e.g., by installing new software, and save the modified image. In fact, VMs are always started from a clean state, without the option of creating "derivatives" of the current work, which is the default option for Kubevirt, the component that handles full virtualization in Kubernetes .

We foresee two ways to overcome this limitation:

This project aims at exploring the possibility of using these new features in CrownLabs, allowing users to create their own VMs that derive from existing ones.


#5. Enabling per-user VMs in CrownLabs (ASSIGNED)

The CrownLabs project was started as a way to provide remote labs to students. However, in principle, any user could create its own VMs and use the system as a remote cloud infrastructure instance. This project aims at extending the logic behind CrownLabs in order to generalize the concept of "professor", i.e., power user that can create VMs, allowing any user to create (and possibly share) its own set of VMs.

(Andrea Gron 278086, Stefano Calvo 278079 ; tutors: Alex Palesandro, Marco Iorio)

#6. Playing with Admission Webhooks in Kubernetes: Introducing the "Exam mode" in CrownLabs (ASSIGNED)

CrownLabs allows a VM to freely connect to the Internet, without any limitation. Furthermore, it allows multiple people to connect to the VM through a web-based "NoVNC" connection. This looks appropriate for normal day-by-day operations, but it is clearly not appropriate in case CrownLabs is used for an exam session.

This project aims at exploring the possibility to extend CrownLabs with the capability to turn-on an "exam" flag, upon request, that (a) enables a user-defined set of firewall rules (e.g., to block all the Internet connections), and (b) allows only selected users (e.g., professors) to connect to the VM during the exam, hence preventing students to interact together during the exam.

This project will play extensively with a recently introduced security mechanisms in Kubernetes, such as Admission Webhooks, which enable a granular control to the usage of different resources from different players.

(Sofia Munari 269157, Chiara Oggeri Breda 269333; tutors: Alex Palesandro, Marco Iorio, Mattia Lavacca)

#7. Automating the creation of VMs in CrownLabs

Currently the process of creating VMs in CrownLabs is done with a set of command-line scripts, mostly based on Ansible, which make the process not so simple to handle (see This project aims at integrating this process into the CrownLabs backend, hence enabling non-experienced users to start their VM creation process from a more user-friendly environment.

#8. Introducing the support for SSH-based access to VM (PARTIALLY ASSIGNED)

Currently, the only way to access to CrownLabs VM is through a web-based GUI, which connects to the desktop environment of the VM. In some cases, however, VMs may not require a full desktop environment, bus a simple SSH connection. This project aims at exploring this possibility by either creating the possibility to connect through a standard SSH client from the user's computer (preferred choice), or to provide a web-based interface that enables the SSH connection to the VM, similar to how currently CrownLabs works.

Claudio Usai 275756; tutors: Alex Palesandro, Mattia Lavacca

Past projects (2019/2020)

  • Integrating monitoring primitives in the Polycube network provider for Kubernetes (Giuseppe Ognibene, s257957; Tutor: Alex Palesandro)

  • eBPF-based front-end load balancer for Kubernetes services (Hamza Rhaouati, s267610; Tutor: Fulvio Risso, Alex Palesandro)

  • Kubernetes on Desktop: offloading applications to a nearby worker node (Simone Magnani, s265171; Tutor: Alex Palesandro)

  • Automating the setup of cloud computing labs with Ansible and Kubernetes (Andrea Cossio, s256681; Tutor: Alex Palesandro)

  • Build an application running on Kubernetes, using the Rook-Ceph open-source project , that (1) can autoscale against computation workload; (2) can autoscale against storage demand; (3) provides robustness (High Availability) against storage and/or compute node failures (Talaye Talakoobi, s260271; Tutor: Francesco Lucrezia)

  • Customizing Kubernetes: automating the resource provisioning and configuration for the "student-as-a-service" use case (Davide Cota, s263084; Tutor: Alex Palesandro)

  • Horizontal pod autoscaling in Kubernetes: the VPN service use case (Daniele Paliotta, s265873; Tutor: Alex Palesandro)

  • Analysis of Security Mechanisms in Istio (Tutor: Fulvio Valenza)