CN112910991B - Back-end application calling method and device, computer equipment and readable storage medium - Google Patents
Back-end application calling method and device, computer equipment and readable storage medium Download PDFInfo
- Publication number
- CN112910991B CN112910991B CN202110125672.5A CN202110125672A CN112910991B CN 112910991 B CN112910991 B CN 112910991B CN 202110125672 A CN202110125672 A CN 202110125672A CN 112910991 B CN112910991 B CN 112910991B
- Authority
- CN
- China
- Prior art keywords
- http request
- application
- gateway
- application name
- dubbo
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The application relates to a method, a device, computer equipment and a readable storage medium for calling a back-end application, wherein the function of a gateway is split through decentralization, the gateway only reserves the most basic path matching capability at the front end, and the authentication capability is sunk to each service party at the back end. And the service discovery capability depends on the application service discovery capability of Kurbenetes, so that the pressure of the gateway is greatly reduced, the pressure of the gateway is greatly relieved under the condition of large flow, and the problem that all back-end services are unavailable due to the gateway being broken down is solved.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method and an apparatus for calling a backend application, a computer device, and a readable storage medium.
Background
The existing dubbo protocol gateways are all centralized gateways and are responsible for converting http requests into dubbo service calls. Meanwhile, the centralized gateway is also responsible for functions such as authority verification, url matching, service discovery and the like.
With the increase of backend services and traffic, the centralized gateway is prone to hang-up. Once the centralized gateway is hung up, the backend services will become unavailable.
Disclosure of Invention
The application provides a method and a device for calling a back-end application, a computer device and a readable storage medium, so as to at least solve the problem that a centralized gateway in the related art is easy to hang up in a large flow.
In a first aspect, an embodiment of the present application provides a back-end application calling method, which is applied to a Kurbenetes cluster system, where the Kurbenetes cluster system is deployed with a gateway and multiple pods; the method comprises the following steps:
the gateway receives an http request sent by a user, and analyzes the http request to obtain an application name corresponding to the http request;
the gateway discovers the capability through Kurbenetes application service and obtains an IP address corresponding to the application name according to the application name; sending the http request to a corresponding Pod in the Kurbenetes cluster according to the IP address;
and the Pod executes authority verification operation on the http request and calls a corresponding back-end application according to the application name.
In some embodiments, the executing, by the Pod, the permission check operation on the http request, and calling the corresponding backend application according to the http request includes:
a Sidecar and the backend application are deployed in the Pod, and the Sidecar receives the http request;
the Sidecar executes authority verification operation on the http request; and if the verification is passed, the Sidecar calls the back-end application corresponding to the http request through a local dubbo interface according to the http request and returns the back-end application to the gateway.
In some embodiments, the gateway finds the capability through Kurbenetes application service, and obtaining the IP address corresponding to the application name according to the application name includes:
when an application is deployed, generating a corresponding IP address according to an application name, and establishing a corresponding relation between the IP address and the application name;
and the gateway obtains the IP address corresponding to the application name according to the corresponding relation.
In some embodiments, the gateway parsing the http request to obtain the application name corresponding to the http request includes:
the gateway analyzes the http request to obtain a method (POST, GET, PUT) and a url of the http request;
and the gateway forms a pattern (method: url) according to the method (POST, GET, PUT) and the url, and obtains an application name corresponding to the http request.
In some of these embodiments, the method further comprises:
the gateway inquires whether a dubbo interface corresponding to the application name exists in a database;
if the Dubbo interface corresponding to the application name exists, acquiring the per-second query rate of the Dubbo interface;
if the query rate per second exceeds a preset threshold value, returning preset error information;
and if the query rate per second does not exceed a preset threshold value, adding the application name to the head of the http request to construct a new http request, and sending the new http request to the corresponding Sidecar.
In some embodiments, the invoking, by the Sidecar according to the http request through the local dubbo interface, the backend application corresponding to the http request includes:
the Sidecar monitors a dubbo interface after being started, acquires an application name matched with the gateway from the head of an http request after receiving the http request, and acquires dubbo metadata corresponding to the application name from a database;
converting the http protocol into a dubbo protocol according to the dubbo metadata, and sending the http request to a corresponding back-end application through a dubbo interface of the back-end application to obtain a return value carrying back-end application resources;
and after receiving the return value, converting the dubbo protocol into an http protocol, and returning the return value to the gateway.
In some of these embodiments, sending the http request to the corresponding backend application through the dubbo interface of the backend application comprises:
the Sidecar acquires a dubbo interface exposed by the back-end application by using the downstream API capability of Kurbenetes;
and calling and obtaining a return value of the back-end application corresponding to the http request according to the dubbo interface and the local IP address of the Pod.
In a second aspect, an embodiment of the present application provides a backend application invoking device, where the device includes a gateway and a backend verification module; wherein:
the gateway is used for receiving an http request sent by a user and analyzing the http request to obtain an application name corresponding to the http request; the capability is discovered through Kurbenetes application service, an IP address corresponding to the application name is obtained according to the application name, and the http request is sent to a corresponding rear-end check module in the Kurbenetes cluster;
and the back-end checking module is used for executing authority checking operation on the http request and calling the corresponding back-end application according to the application name.
In a third aspect, an embodiment of the present application provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the steps of the method according to the first aspect when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the method according to the first aspect.
Compared with the related art, the backend application call provided by the embodiment of the application comprises the following steps: receiving an http request sent by a user, and analyzing the http request through a gateway to obtain an application name corresponding to the http request; the IP address corresponding to the application name is obtained according to the application name through the Kurbenetes application service discovery capability; and executing authority verification operation on the http request by the Pod in the Kurbenetes cluster, and calling the corresponding back-end application according to the application name. According to the method, partial capacity of the gateway is sunk to each back-end service party, so that the pressure of the gateway is greatly relieved under the condition of large flow, and the problem that all back-end services are unavailable due to the fact that the gateway is broken down is solved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow diagram of a method for backend application invocation provided in an embodiment;
FIG. 2 is a block diagram of a Kurbenetes cluster system architecture provided in an embodiment;
fig. 3 is a schematic diagram illustrating an implementation action of the gateway side according to an embodiment;
FIG. 4 is a schematic diagram of the actions performed on the Sidecar side provided in one embodiment;
FIG. 5 is a block diagram of a back-end application invocation mechanism provided in one embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clearly understood, the present application is described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that such a development effort might be complex and tedious, but would nevertheless be a routine undertaking of design, fabrication, and manufacture for those of ordinary skill having the benefit of this disclosure, given the benefit of this disclosure, without departing from the scope of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by one of ordinary skill in the art that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The use of the terms "including," "comprising," "having," and any variations thereof herein, is meant to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
Fig. 1 is a method for calling a backend application according to an embodiment, where, as shown in fig. 1, the method for calling a backend application includes steps 110 to 130; wherein:
and step 130, executing authority verification operation on the http request by the pod, and calling the corresponding back-end application according to the application name.
Compared with the prior art, the back-end application calling method provided by the application has the advantages that the function of the gateway is split, the front-end gateway only keeps the most basic path matching capability, other capabilities such as authentication capability and protocol conversion capability sink into back-end services, the service discovery capability depends on the application service discovery capability of Kurbenetes, the centralized status of the gateway is removed, the pressure of the front-end gateway is greatly reduced, and the problem that the gateway is easy to break down in large flow is solved.
In some embodiments, the gateway discovers the capability through Kurbenetes application service, and obtaining the IP address corresponding to the application name according to the application name includes:
when the application is deployed, generating a corresponding IP address according to the application name, and establishing a corresponding relation between the IP address and the application name; and the gateway obtains the IP address corresponding to the application name according to the corresponding relation.
Specifically, when the application is deployed in a Kurbenetes cluster (cluster), a service resource with the same name is created by using the application name, which is equivalent to a DNS, as shown in fig. 2, the service resource includes APP1 service, APP2 service, \ 8230 \ 8230;, APP (n) service. After receiving an http request of a user, the gateway finds a corresponding application name according to the url of the request, then finds a corresponding service resource, namely an IP address, in the DNS through the application name, and sends the http request to the Sidecar of the corresponding back-end service through an http protocol. The Sidecar acquires parameters, return values and interface name information called by the dubbo from a Database (DB) according to the http request, and then local dubbo interface calling is carried out through serialization. And the dubbo interface sends a return value to the Sidecar, the Sidecar serializes the return value into http, the http is returned to the gateway, and the gateway returns the http to the user.
kubernets, K8s for short, is an abbreviation for 8 characters "kubernet" instead of 8. Is an open source for managing containerized applications on multiple hosts in a cloud platform, the goal of kubernets is to make it simple and efficient to deploy containerized applications (powerfull), kubernets provides a mechanism for application deployment, planning, updating, and maintenance, detailed in the links:https://baike.baidu.com/item/kubernetes/22864162fr=aladdin。
in some embodiments, the executing, by the Pod, the permission check operation on the http request, and calling the corresponding backend application according to the http request includes:
a Sidecar and a back-end application are deployed in the Pod, and the Sidecar receives an http request;
the Sidecar executes authority verification operation on the http request; if the verification is passed, the Sidecar calls the back-end application corresponding to the http request through the local dubbo interface and returns to the gateway.
In the field of computer resource management technology, in order to improve the operating efficiency and capability of a server, a container cluster technology (Kubernetes, hereinafter referred to as k8 s) is generally adopted for server resource management. In k8s, container group Pod is the basic operation unit of k8s, one container group includes one or more containers container, and containers included in one Pod run on the same Node. The Pod is the minimum deployment unit in the cluster and comprises one or more containers, wherein the containers share storage and a network and run in the same docker container engine. The sdecar mode is a mode of separating application functions from the application itself as a separate process, and a proxy tool is provided for a service (application), all communication of the service (application) is completed through the proxy, and the proxy and the service are created together and destroyed together, that is, one backend application corresponds to one sdecar, and the backend application in the same Pod is called through the sdecar. Therefore, when one Pod has a problem, the calling of other back-end applications cannot be influenced. Sidecar is explained in detail in the chain:https://zhuanlan.zhihu.com/ p/40854123. In this embodiment, the Sidecar and the backend application are deployed in one Pod, and the authentication and parameter acquisition capabilities of the gateway are abstracted into one application, so that the authentication and parameter acquisition capabilities of the gateway are sunk into the Sidecar.
Specifically, after discovering the capability through Kurbenetes application service, the gateway obtains an IP address corresponding to an application name, and sends an http request to a Sidecar in a corresponding Pod, where the Sidecar performs an authority check operation on the http request, and the authority check operation may be understood as whether the identity information of the user is qualified, for example, whether a token, a sign, or a permission carried in the http request is qualified, and if the verification is passed, the Sidecar calls a backend application in the Pod through a local dubbo interface. And the local dubbo interface is the dubbo interface corresponding to the Pod. Specifically, when the Pod is deployed, the Sidecar may obtain a dubbo interface exposed by the application by using a downlink API capability of k8s, and call and obtain a return value of the backend application corresponding to the http request according to the dubbo interface and a local IP address of the Pod.
In some embodiments, referring to fig. 3, the gateway parsing the http request to obtain the application name corresponding to the http request includes:
the gateway analyzes the http request to obtain method (POST, GET, PUT) and url of the http request;
and the gateway forms pattern (method: url) according to the method (POST, GET, PUT) and url, and obtains the application name corresponding to the http request.
After receiving the http request, the gateway forms a pattern (method: url) according to the method (POST, GET, PUT) of the http request and the url of the request, obtains an application name, and searches whether a corresponding dubbo interface exists in a database according to the pattern. If the query fails, a match error is returned directly.
In some embodiments, the current limiting process is performed after the matching is successful. Specifically, acquiring a query rate per second (QPS) of the dubbo interface after successful matching; if the query rate per second exceeds a preset threshold value, returning preset error information; and if the query rate per second does not exceed the preset threshold, adding the application name to the head of the http request to construct a new http request, and sending the new http request to the corresponding Sidecar. According to the embodiment, the problem that the same back-end application is frequently accessed to cause flow accumulation and system breakdown can be prevented through flow limiting processing.
In other embodiments, an http2 protocol may also be adopted, an application name is added to a header of the http2 request to construct an http2 request, and the http2 request is sent to the corresponding Sidecar. And by adopting an http2 protocol with better performance, the data transmission is more accurate. In the following, the http2 request is sent to the Sidecar as an example.
The gateway puts the matched pattern (application name) to the head of the http2 request, and the Sidecar does not need to do secondary matching. When the back-end application is issued, the application name of the back-end application is exposed in the cluster as the service of k8s, and the application can be directly accessed through the application name plus the port number when being accessed. The http2 request is therefore passed directly through http:// application name: the form of the port number is forwarded to the backend Sidecar. The port number is the port number monitored by the Sidecar, and the returned value is returned to the user after the returned value of the Sidecar is received.
In some embodiments, referring to fig. 4, the invoking, by the sidecar, the backend application corresponding to the http request through the local dubbo interface according to the http request includes:
the method comprises the steps that a Sidecar monitors a dubbo interface after starting, obtains an application name matched with a gateway from the head of an http request after receiving the http request, and obtains dubbo metadata corresponding to the application name from a database;
converting the http protocol into a dubbo protocol according to the dubbo metadata, and sending the http request to a corresponding back-end application through a dubbo interface of the back-end application to obtain a return value carrying back-end application resources;
and after receiving the return value, converting the dubbo protocol into an http protocol, and returning the return value to the gateway.
As shown in fig. 4, when the application is released, the Sidecar and the backend application are deployed in the same pod, and the networks of all containers in the pod are intercommunicated. After the Sidecar is started, the gateway monitors the 8831 port, performs permission check after receiving the http2 request, and directly returns an error code to the front-end gateway if the permission check fails. After the verification is passed, the pattern matched with the front-end gateway is obtained from the http2 request header, and then the dubbo metadata corresponding to the pattern is obtained through the database. And converting the http protocol into a dubbo protocol according to the dubbo metadata, and then sending a dubbo call to a 127.0.0.1 port according to the acquired dubbo port. And after receiving the dubbo return value, converting the dubbo protocol into an http2 protocol, returning the protocol to the front-end gateway, and returning the gateway to the user.
It should be noted that the dubbo metadata corresponding to the pattern acquired by the database may be acquired by the gateway and then sent to the Sidecar together, or may be acquired from the database by the Sidecar.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not limited to being performed in the exact order illustrated and, unless explicitly stated herein, may be performed in other orders. Moreover, at least a portion of the steps in fig. 1 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The present embodiment further provides a calling device based on a backend application, where the device is used to implement the foregoing embodiments and preferred embodiments, and details of which have been already described are not described again. As used below, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware or a combination of software and hardware is also possible and contemplated.
In one embodiment, as shown in fig. 5, there is provided a back-end application calling apparatus, including: a gateway 510 and a back-end verification module 520, wherein:
the gateway 510 is configured to receive an http request sent by a user, and parse the http request to obtain an application name corresponding to the http request;
the gateway 510 is further configured to obtain, through the Kurbenetes application service discovery capability, an IP address corresponding to the application name according to the application name, and send an http request to a corresponding back-end check module 520 in the Kurbenetes cluster according to the IP address;
the back-end checking module 520 is configured to perform an authority checking operation on the http request, and call a corresponding back-end application according to the application name.
In some embodiments, the gateway is further configured to send the http request to a Sidecar in the corresponding Pod according to the IP address, where the Sidecar and the backend application are deployed in one Pod in the Kurbenetes cluster; sidecar is used for performing permission verification operation on the http request; and if the verification is passed, the Sidecar calls the back-end application corresponding to the http request through the local dubbo interface according to the http request and returns the back-end application to the gateway.
In some embodiments, when the Kurbenetes cluster system deploys an application, a corresponding IP address is generated according to an application name, and a corresponding relation between the IP address and the application name is established; the gateway 510 is further configured to obtain an IP address corresponding to the application name according to the correspondence.
In some of these embodiments, the gateway 510 is further configured to: analyzing the http request to obtain a method (POST, GET, PUT) and url of the http request; and forming pattern (method: url) by the method (POST, GET, PUT) and url, and obtaining the application name corresponding to the http request.
In some of these embodiments, the gateway is further configured to: inquiring whether a dubbo interface corresponding to the application name exists in a database; if the dubbo interface corresponding to the application name exists, acquiring the per-second query rate of the dubbo interface; if the query rate per second exceeds a preset threshold value, returning preset error information; and if the query rate per second does not exceed the preset threshold, adding the application name to the head of the http request to construct a new http request, and sending the new http request to the corresponding Sidecar.
In some of these embodiments, the Sidecar is further configured to: monitoring a dubbo interface after the Sidecar is started, acquiring an application name matched with a gateway from the head of an http request after the HTTP request is received, and acquiring dubbo metadata corresponding to the application name from a database; converting the http protocol into a dubbo protocol according to the dubbo metadata, and sending the http request to a corresponding back-end application through a dubbo interface of the back-end application to obtain a return value carrying back-end application resources; and after receiving the return value, converting the dubbo protocol into an http protocol, and returning the return value to the gateway.
In some of these embodiments, the Sidecar is further configured to: acquiring a dubbo interface exposed by a back-end application by utilizing the downstream API capability of Kurbenetes; and calling and obtaining a return value of the http request corresponding to the back-end application according to the dubbo interface and the local IP address of the Pod.
For specific limitations of the backend application invoking apparatus, reference may be made to the above limitations on the backend application invoking method, which are not described in detail herein. The modules in the back-end application calling device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In addition, the method for calling the back-end application in the embodiment of the present application described in conjunction with fig. 1 may be implemented by a computer device. Fig. 6 is a hardware structure diagram of a computer device according to an embodiment of the present application.
The computer device may comprise a processor 61 and a memory 62 in which computer program instructions are stored.
Specifically, the processor 61 may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
The memory 62 may be used to store or cache various data files that need to be processed and/or used for communication, as well as possible computer program instructions executed by the processor 61.
The processor 61 implements any of the back-end application calling methods in the above embodiments by reading and executing computer program instructions stored in the memory 62.
In some of these embodiments, the computer device may also include a communication interface 63 and a bus 60. As shown in fig. 6, the processor 61, the memory 62, and the communication interface 63 are connected via a bus 60 to complete communication therebetween.
The communication interface 63 is used for implementing communication between various modules, apparatuses, units and/or devices in the embodiments of the present application. The communication interface 63 may also enable communication with other components such as: the data communication is carried out among external equipment, image/data acquisition equipment, a database, external storage, an image/data processing workstation and the like.
The computer device may execute the back-end application calling method in the embodiment of the present application based on the obtained program instruction, thereby implementing the back-end application calling method described in conjunction with fig. 2.
In addition, in combination with the method for calling the backend application in the foregoing embodiments, the embodiments of the present application may provide a computer-readable storage medium to implement. The computer readable storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement a method of any of the back-end application calls in the above embodiments.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the claims. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent application shall be subject to the appended claims.
Claims (10)
1. A back-end application calling method is characterized by being applied to a Kurbenetes cluster system, wherein the Kurbenetes cluster system is provided with a gateway and a plurality of Pods; the method comprises the following steps:
the gateway receives an http request sent by a user, and analyzes the http request to obtain an application name corresponding to the http request;
the gateway discovers the capability through Kurbenetes application service and obtains an IP address corresponding to the application name according to the application name; sending the http request to a corresponding Pod in the Kurbenetes cluster according to the IP address;
and the Pod executes authority verification operation on the http request and calls a corresponding back-end application according to the http request.
2. The method of claim 1, wherein the Pod performing an authority check operation on the http request and invoking a corresponding backend application according to the http request comprises:
a Sidecar and the backend application are deployed in the Pod, and the Sidecar receives the http request;
the Sidecar executes authority verification operation on the http request; and if the verification is passed, the Sidecar calls the back-end application corresponding to the http request through a local dubbo interface according to the http request and returns the back-end application to the gateway.
3. The method according to claim 1, wherein the gateway finds the capability through Kurbenetes application service, and obtaining the IP address corresponding to the application name according to the application name comprises:
when an application is deployed, generating a corresponding IP address according to an application name, and establishing a corresponding relation between the IP address and the application name;
and the gateway obtains the IP address corresponding to the application name according to the corresponding relation.
4. The method according to claim 1, wherein the gateway parsing the http request to obtain the application name corresponding to the http request comprises:
the gateway analyzes the http request to obtain a method (POST, GET, PUT) and a url of the http request;
and the gateway forms a pattern (method: url) according to the method (POST, GET, PUT) and the url, and obtains an application name corresponding to the http request.
5. The method of claim 1, further comprising:
after obtaining an application name corresponding to the http request, the gateway queries whether a dubbo interface corresponding to the application name exists in a database;
if the dubbo interface corresponding to the application name exists, acquiring the query rate of the dubbo interface per second;
if the query rate per second exceeds a preset threshold value, returning preset error information;
and if the query rate per second does not exceed a preset threshold value, adding the application name to the head of the http request to construct a new http request, and sending the new http request to the corresponding Sidecar.
6. The method according to claim 2, wherein the step of the Sidecar calling the backend application corresponding to the http request through the local dubbo interface according to the http request comprises:
the Sidecar monitors a dubbo interface after being started, acquires an application name matched with the gateway from the head of an http request after receiving the http request, and acquires dubbo metadata corresponding to the application name from a database;
converting the http protocol into a dubbo protocol according to the dubbo metadata, and sending the http request to a corresponding back-end application through a dubbo interface of the back-end application to obtain a return value carrying back-end application resources;
and after receiving the return value, converting the dubbo protocol into an http protocol, and returning the return value to the gateway.
7. The method of claim 6, wherein sending an http request to a corresponding backend application through a dubbo interface of the backend application comprises:
the Sidecar acquires a dubbo interface exposed by the back-end application by using the downstream API capability of Kurbenetes;
and calling and obtaining a return value of the back-end application corresponding to the http request according to the dubbo interface and the local IP address of the Pod.
8. An apparatus for calling a backend application, the apparatus comprising:
the gateway is used for receiving an http request sent by a user and analyzing the http request to obtain an application name corresponding to the http request;
the gateway is further used for discovering the capability through Kurbenetes application services, obtaining an IP address corresponding to the application name according to the application name, and sending the http request to a corresponding back-end check module in a Kurbenetes cluster according to the IP address;
and the back-end checking module is used for executing authority checking operation on the http request and calling the corresponding back-end application according to the application name.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110125672.5A CN112910991B (en) | 2021-01-29 | 2021-01-29 | Back-end application calling method and device, computer equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110125672.5A CN112910991B (en) | 2021-01-29 | 2021-01-29 | Back-end application calling method and device, computer equipment and readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112910991A CN112910991A (en) | 2021-06-04 |
CN112910991B true CN112910991B (en) | 2022-10-04 |
Family
ID=76120992
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110125672.5A Active CN112910991B (en) | 2021-01-29 | 2021-01-29 | Back-end application calling method and device, computer equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112910991B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114490834B (en) * | 2022-04-07 | 2022-06-21 | 梯度云科技(北京)有限公司 | Method and device for replacing big data calculation operation data source based on Kubernetes |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10812366B1 (en) * | 2017-08-31 | 2020-10-20 | Google Llc | System and method for deploying, scaling and managing network endpoint groups in cloud computing environments |
CN110098947B (en) * | 2018-01-31 | 2021-01-29 | 华为技术有限公司 | Application deployment method, device and system |
CN109067914B (en) * | 2018-09-20 | 2019-12-13 | 星环信息科技(上海)有限公司 | web service proxy method, device, equipment and storage medium |
US11012475B2 (en) * | 2018-10-26 | 2021-05-18 | Valtix, Inc. | Managing computer security services for cloud computing platforms |
CN111124589B (en) * | 2018-10-30 | 2022-12-13 | 中移(苏州)软件技术有限公司 | Service discovery system, method, device and equipment |
CN111796858B (en) * | 2020-07-07 | 2024-03-22 | 金蝶软件(中国)有限公司 | Method, system and related equipment for detecting access of application programs in Kubernetes cluster |
-
2021
- 2021-01-29 CN CN202110125672.5A patent/CN112910991B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN112910991A (en) | 2021-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10951495B2 (en) | Application signature generation and distribution | |
CN110447208B (en) | Network slice management method, unit and system | |
KR101562155B1 (en) | Service process control method and network device | |
US20140219101A1 (en) | Feature Extraction Apparatus, and Network Traffic Identification Method, Apparatus, and System | |
CN114124451B (en) | Data processing method and system for Internet of things equipment and computer storage medium | |
CN108965203A (en) | A kind of resource access method and server | |
US8543679B2 (en) | Method and device for creating management object instance in management tree of terminal device | |
JP6004410B2 (en) | Service scheduling method and apparatus, and network device | |
CN108200158B (en) | Request Transmission system, method, apparatus and storage medium | |
CN111258627A (en) | Interface document generation method and device | |
CN110225045A (en) | Full link data method for authenticating, device, equipment and storage medium | |
CN113992738A (en) | Reverse proxy method, device, equipment and storage medium based on micro service gateway | |
CN112910991B (en) | Back-end application calling method and device, computer equipment and readable storage medium | |
EP3096492B1 (en) | Page push method and system | |
CN108270591B (en) | Method for configuring network equipment and related equipment | |
CN114238703A (en) | Event flow arrangement method, device and application | |
CN110597783A (en) | Database management method, device, equipment and storage medium | |
CN114615285B (en) | Physical machine deployment method and device, electronic equipment and storage medium | |
EP3151520B1 (en) | Quarantining an internet protocol address | |
CN106209666B (en) | Link multiplexing method and system based on load balancer | |
CN115514799A (en) | TCP connection method, system, network device and storage medium | |
CN112861188A (en) | Data aggregation system and method for multiple clusters | |
CN111857764A (en) | Offline data updating method, device, equipment and storage medium | |
CN106487916B (en) | Statistical method and device for connection number | |
CN113992732B (en) | Terminal management control method, device, server and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |