CN112910991B - Back-end application calling method and device, computer equipment and readable storage medium - Google Patents

Back-end application calling method and device, computer equipment and readable storage medium Download PDF

Info

Publication number
CN112910991B
CN112910991B CN202110125672.5A CN202110125672A CN112910991B CN 112910991 B CN112910991 B CN 112910991B CN 202110125672 A CN202110125672 A CN 202110125672A CN 112910991 B CN112910991 B CN 112910991B
Authority
CN
China
Prior art keywords
http request
application
gateway
application name
dubbo
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110125672.5A
Other languages
Chinese (zh)
Other versions
CN112910991A (en
Inventor
王文学
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tuya Information Technology Co Ltd
Original Assignee
Hangzhou Tuya Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tuya Information Technology Co Ltd filed Critical Hangzhou Tuya Information Technology Co Ltd
Priority to CN202110125672.5A priority Critical patent/CN112910991B/en
Publication of CN112910991A publication Critical patent/CN112910991A/en
Application granted granted Critical
Publication of CN112910991B publication Critical patent/CN112910991B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application relates to a method, a device, computer equipment and a readable storage medium for calling a back-end application, wherein the function of a gateway is split through decentralization, the gateway only reserves the most basic path matching capability at the front end, and the authentication capability is sunk to each service party at the back end. And the service discovery capability depends on the application service discovery capability of Kurbenetes, so that the pressure of the gateway is greatly reduced, the pressure of the gateway is greatly relieved under the condition of large flow, and the problem that all back-end services are unavailable due to the gateway being broken down is solved.

Description

Back-end application calling method and device, computer equipment and readable storage medium
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method and an apparatus for calling a backend application, a computer device, and a readable storage medium.
Background
The existing dubbo protocol gateways are all centralized gateways and are responsible for converting http requests into dubbo service calls. Meanwhile, the centralized gateway is also responsible for functions such as authority verification, url matching, service discovery and the like.
With the increase of backend services and traffic, the centralized gateway is prone to hang-up. Once the centralized gateway is hung up, the backend services will become unavailable.
Disclosure of Invention
The application provides a method and a device for calling a back-end application, a computer device and a readable storage medium, so as to at least solve the problem that a centralized gateway in the related art is easy to hang up in a large flow.
In a first aspect, an embodiment of the present application provides a back-end application calling method, which is applied to a Kurbenetes cluster system, where the Kurbenetes cluster system is deployed with a gateway and multiple pods; the method comprises the following steps:
the gateway receives an http request sent by a user, and analyzes the http request to obtain an application name corresponding to the http request;
the gateway discovers the capability through Kurbenetes application service and obtains an IP address corresponding to the application name according to the application name; sending the http request to a corresponding Pod in the Kurbenetes cluster according to the IP address;
and the Pod executes authority verification operation on the http request and calls a corresponding back-end application according to the application name.
In some embodiments, the executing, by the Pod, the permission check operation on the http request, and calling the corresponding backend application according to the http request includes:
a Sidecar and the backend application are deployed in the Pod, and the Sidecar receives the http request;
the Sidecar executes authority verification operation on the http request; and if the verification is passed, the Sidecar calls the back-end application corresponding to the http request through a local dubbo interface according to the http request and returns the back-end application to the gateway.
In some embodiments, the gateway finds the capability through Kurbenetes application service, and obtaining the IP address corresponding to the application name according to the application name includes:
when an application is deployed, generating a corresponding IP address according to an application name, and establishing a corresponding relation between the IP address and the application name;
and the gateway obtains the IP address corresponding to the application name according to the corresponding relation.
In some embodiments, the gateway parsing the http request to obtain the application name corresponding to the http request includes:
the gateway analyzes the http request to obtain a method (POST, GET, PUT) and a url of the http request;
and the gateway forms a pattern (method: url) according to the method (POST, GET, PUT) and the url, and obtains an application name corresponding to the http request.
In some of these embodiments, the method further comprises:
the gateway inquires whether a dubbo interface corresponding to the application name exists in a database;
if the Dubbo interface corresponding to the application name exists, acquiring the per-second query rate of the Dubbo interface;
if the query rate per second exceeds a preset threshold value, returning preset error information;
and if the query rate per second does not exceed a preset threshold value, adding the application name to the head of the http request to construct a new http request, and sending the new http request to the corresponding Sidecar.
In some embodiments, the invoking, by the Sidecar according to the http request through the local dubbo interface, the backend application corresponding to the http request includes:
the Sidecar monitors a dubbo interface after being started, acquires an application name matched with the gateway from the head of an http request after receiving the http request, and acquires dubbo metadata corresponding to the application name from a database;
converting the http protocol into a dubbo protocol according to the dubbo metadata, and sending the http request to a corresponding back-end application through a dubbo interface of the back-end application to obtain a return value carrying back-end application resources;
and after receiving the return value, converting the dubbo protocol into an http protocol, and returning the return value to the gateway.
In some of these embodiments, sending the http request to the corresponding backend application through the dubbo interface of the backend application comprises:
the Sidecar acquires a dubbo interface exposed by the back-end application by using the downstream API capability of Kurbenetes;
and calling and obtaining a return value of the back-end application corresponding to the http request according to the dubbo interface and the local IP address of the Pod.
In a second aspect, an embodiment of the present application provides a backend application invoking device, where the device includes a gateway and a backend verification module; wherein:
the gateway is used for receiving an http request sent by a user and analyzing the http request to obtain an application name corresponding to the http request; the capability is discovered through Kurbenetes application service, an IP address corresponding to the application name is obtained according to the application name, and the http request is sent to a corresponding rear-end check module in the Kurbenetes cluster;
and the back-end checking module is used for executing authority checking operation on the http request and calling the corresponding back-end application according to the application name.
In a third aspect, an embodiment of the present application provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the steps of the method according to the first aspect when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the method according to the first aspect.
Compared with the related art, the backend application call provided by the embodiment of the application comprises the following steps: receiving an http request sent by a user, and analyzing the http request through a gateway to obtain an application name corresponding to the http request; the IP address corresponding to the application name is obtained according to the application name through the Kurbenetes application service discovery capability; and executing authority verification operation on the http request by the Pod in the Kurbenetes cluster, and calling the corresponding back-end application according to the application name. According to the method, partial capacity of the gateway is sunk to each back-end service party, so that the pressure of the gateway is greatly relieved under the condition of large flow, and the problem that all back-end services are unavailable due to the fact that the gateway is broken down is solved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow diagram of a method for backend application invocation provided in an embodiment;
FIG. 2 is a block diagram of a Kurbenetes cluster system architecture provided in an embodiment;
fig. 3 is a schematic diagram illustrating an implementation action of the gateway side according to an embodiment;
FIG. 4 is a schematic diagram of the actions performed on the Sidecar side provided in one embodiment;
FIG. 5 is a block diagram of a back-end application invocation mechanism provided in one embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clearly understood, the present application is described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that such a development effort might be complex and tedious, but would nevertheless be a routine undertaking of design, fabrication, and manufacture for those of ordinary skill having the benefit of this disclosure, given the benefit of this disclosure, without departing from the scope of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by one of ordinary skill in the art that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The use of the terms "including," "comprising," "having," and any variations thereof herein, is meant to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
Fig. 1 is a method for calling a backend application according to an embodiment, where, as shown in fig. 1, the method for calling a backend application includes steps 110 to 130; wherein:
step 110, the gateway receives an http request sent by a user, and analyzes the http request to obtain an application name corresponding to the http request;
step 120, the gateway finds the capability through a Kurbenetes application service, and obtains an IP address corresponding to the application name according to the application name; sending the http request to a corresponding Pod in the Kurbenetes cluster according to the IP address;
and step 130, executing authority verification operation on the http request by the pod, and calling the corresponding back-end application according to the application name.
Compared with the prior art, the back-end application calling method provided by the application has the advantages that the function of the gateway is split, the front-end gateway only keeps the most basic path matching capability, other capabilities such as authentication capability and protocol conversion capability sink into back-end services, the service discovery capability depends on the application service discovery capability of Kurbenetes, the centralized status of the gateway is removed, the pressure of the front-end gateway is greatly reduced, and the problem that the gateway is easy to break down in large flow is solved.
In some embodiments, the gateway discovers the capability through Kurbenetes application service, and obtaining the IP address corresponding to the application name according to the application name includes:
when the application is deployed, generating a corresponding IP address according to the application name, and establishing a corresponding relation between the IP address and the application name; and the gateway obtains the IP address corresponding to the application name according to the corresponding relation.
Specifically, when the application is deployed in a Kurbenetes cluster (cluster), a service resource with the same name is created by using the application name, which is equivalent to a DNS, as shown in fig. 2, the service resource includes APP1 service, APP2 service, \ 8230 \ 8230;, APP (n) service. After receiving an http request of a user, the gateway finds a corresponding application name according to the url of the request, then finds a corresponding service resource, namely an IP address, in the DNS through the application name, and sends the http request to the Sidecar of the corresponding back-end service through an http protocol. The Sidecar acquires parameters, return values and interface name information called by the dubbo from a Database (DB) according to the http request, and then local dubbo interface calling is carried out through serialization. And the dubbo interface sends a return value to the Sidecar, the Sidecar serializes the return value into http, the http is returned to the gateway, and the gateway returns the http to the user.
kubernets, K8s for short, is an abbreviation for 8 characters "kubernet" instead of 8. Is an open source for managing containerized applications on multiple hosts in a cloud platform, the goal of kubernets is to make it simple and efficient to deploy containerized applications (powerfull), kubernets provides a mechanism for application deployment, planning, updating, and maintenance, detailed in the links:https://baike.baidu.com/item/kubernetes/22864162fr=aladdin
in some embodiments, the executing, by the Pod, the permission check operation on the http request, and calling the corresponding backend application according to the http request includes:
a Sidecar and a back-end application are deployed in the Pod, and the Sidecar receives an http request;
the Sidecar executes authority verification operation on the http request; if the verification is passed, the Sidecar calls the back-end application corresponding to the http request through the local dubbo interface and returns to the gateway.
In the field of computer resource management technology, in order to improve the operating efficiency and capability of a server, a container cluster technology (Kubernetes, hereinafter referred to as k8 s) is generally adopted for server resource management. In k8s, container group Pod is the basic operation unit of k8s, one container group includes one or more containers container, and containers included in one Pod run on the same Node. The Pod is the minimum deployment unit in the cluster and comprises one or more containers, wherein the containers share storage and a network and run in the same docker container engine. The sdecar mode is a mode of separating application functions from the application itself as a separate process, and a proxy tool is provided for a service (application), all communication of the service (application) is completed through the proxy, and the proxy and the service are created together and destroyed together, that is, one backend application corresponds to one sdecar, and the backend application in the same Pod is called through the sdecar. Therefore, when one Pod has a problem, the calling of other back-end applications cannot be influenced. Sidecar is explained in detail in the chain:https://zhuanlan.zhihu.com/ p/40854123. In this embodiment, the Sidecar and the backend application are deployed in one Pod, and the authentication and parameter acquisition capabilities of the gateway are abstracted into one application, so that the authentication and parameter acquisition capabilities of the gateway are sunk into the Sidecar.
Specifically, after discovering the capability through Kurbenetes application service, the gateway obtains an IP address corresponding to an application name, and sends an http request to a Sidecar in a corresponding Pod, where the Sidecar performs an authority check operation on the http request, and the authority check operation may be understood as whether the identity information of the user is qualified, for example, whether a token, a sign, or a permission carried in the http request is qualified, and if the verification is passed, the Sidecar calls a backend application in the Pod through a local dubbo interface. And the local dubbo interface is the dubbo interface corresponding to the Pod. Specifically, when the Pod is deployed, the Sidecar may obtain a dubbo interface exposed by the application by using a downlink API capability of k8s, and call and obtain a return value of the backend application corresponding to the http request according to the dubbo interface and a local IP address of the Pod.
In some embodiments, referring to fig. 3, the gateway parsing the http request to obtain the application name corresponding to the http request includes:
the gateway analyzes the http request to obtain method (POST, GET, PUT) and url of the http request;
and the gateway forms pattern (method: url) according to the method (POST, GET, PUT) and url, and obtains the application name corresponding to the http request.
After receiving the http request, the gateway forms a pattern (method: url) according to the method (POST, GET, PUT) of the http request and the url of the request, obtains an application name, and searches whether a corresponding dubbo interface exists in a database according to the pattern. If the query fails, a match error is returned directly.
In some embodiments, the current limiting process is performed after the matching is successful. Specifically, acquiring a query rate per second (QPS) of the dubbo interface after successful matching; if the query rate per second exceeds a preset threshold value, returning preset error information; and if the query rate per second does not exceed the preset threshold, adding the application name to the head of the http request to construct a new http request, and sending the new http request to the corresponding Sidecar. According to the embodiment, the problem that the same back-end application is frequently accessed to cause flow accumulation and system breakdown can be prevented through flow limiting processing.
In other embodiments, an http2 protocol may also be adopted, an application name is added to a header of the http2 request to construct an http2 request, and the http2 request is sent to the corresponding Sidecar. And by adopting an http2 protocol with better performance, the data transmission is more accurate. In the following, the http2 request is sent to the Sidecar as an example.
The gateway puts the matched pattern (application name) to the head of the http2 request, and the Sidecar does not need to do secondary matching. When the back-end application is issued, the application name of the back-end application is exposed in the cluster as the service of k8s, and the application can be directly accessed through the application name plus the port number when being accessed. The http2 request is therefore passed directly through http:// application name: the form of the port number is forwarded to the backend Sidecar. The port number is the port number monitored by the Sidecar, and the returned value is returned to the user after the returned value of the Sidecar is received.
In some embodiments, referring to fig. 4, the invoking, by the sidecar, the backend application corresponding to the http request through the local dubbo interface according to the http request includes:
the method comprises the steps that a Sidecar monitors a dubbo interface after starting, obtains an application name matched with a gateway from the head of an http request after receiving the http request, and obtains dubbo metadata corresponding to the application name from a database;
converting the http protocol into a dubbo protocol according to the dubbo metadata, and sending the http request to a corresponding back-end application through a dubbo interface of the back-end application to obtain a return value carrying back-end application resources;
and after receiving the return value, converting the dubbo protocol into an http protocol, and returning the return value to the gateway.
As shown in fig. 4, when the application is released, the Sidecar and the backend application are deployed in the same pod, and the networks of all containers in the pod are intercommunicated. After the Sidecar is started, the gateway monitors the 8831 port, performs permission check after receiving the http2 request, and directly returns an error code to the front-end gateway if the permission check fails. After the verification is passed, the pattern matched with the front-end gateway is obtained from the http2 request header, and then the dubbo metadata corresponding to the pattern is obtained through the database. And converting the http protocol into a dubbo protocol according to the dubbo metadata, and then sending a dubbo call to a 127.0.0.1 port according to the acquired dubbo port. And after receiving the dubbo return value, converting the dubbo protocol into an http2 protocol, returning the protocol to the front-end gateway, and returning the gateway to the user.
It should be noted that the dubbo metadata corresponding to the pattern acquired by the database may be acquired by the gateway and then sent to the Sidecar together, or may be acquired from the database by the Sidecar.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not limited to being performed in the exact order illustrated and, unless explicitly stated herein, may be performed in other orders. Moreover, at least a portion of the steps in fig. 1 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The present embodiment further provides a calling device based on a backend application, where the device is used to implement the foregoing embodiments and preferred embodiments, and details of which have been already described are not described again. As used below, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware or a combination of software and hardware is also possible and contemplated.
In one embodiment, as shown in fig. 5, there is provided a back-end application calling apparatus, including: a gateway 510 and a back-end verification module 520, wherein:
the gateway 510 is configured to receive an http request sent by a user, and parse the http request to obtain an application name corresponding to the http request;
the gateway 510 is further configured to obtain, through the Kurbenetes application service discovery capability, an IP address corresponding to the application name according to the application name, and send an http request to a corresponding back-end check module 520 in the Kurbenetes cluster according to the IP address;
the back-end checking module 520 is configured to perform an authority checking operation on the http request, and call a corresponding back-end application according to the application name.
In some embodiments, the gateway is further configured to send the http request to a Sidecar in the corresponding Pod according to the IP address, where the Sidecar and the backend application are deployed in one Pod in the Kurbenetes cluster; sidecar is used for performing permission verification operation on the http request; and if the verification is passed, the Sidecar calls the back-end application corresponding to the http request through the local dubbo interface according to the http request and returns the back-end application to the gateway.
In some embodiments, when the Kurbenetes cluster system deploys an application, a corresponding IP address is generated according to an application name, and a corresponding relation between the IP address and the application name is established; the gateway 510 is further configured to obtain an IP address corresponding to the application name according to the correspondence.
In some of these embodiments, the gateway 510 is further configured to: analyzing the http request to obtain a method (POST, GET, PUT) and url of the http request; and forming pattern (method: url) by the method (POST, GET, PUT) and url, and obtaining the application name corresponding to the http request.
In some of these embodiments, the gateway is further configured to: inquiring whether a dubbo interface corresponding to the application name exists in a database; if the dubbo interface corresponding to the application name exists, acquiring the per-second query rate of the dubbo interface; if the query rate per second exceeds a preset threshold value, returning preset error information; and if the query rate per second does not exceed the preset threshold, adding the application name to the head of the http request to construct a new http request, and sending the new http request to the corresponding Sidecar.
In some of these embodiments, the Sidecar is further configured to: monitoring a dubbo interface after the Sidecar is started, acquiring an application name matched with a gateway from the head of an http request after the HTTP request is received, and acquiring dubbo metadata corresponding to the application name from a database; converting the http protocol into a dubbo protocol according to the dubbo metadata, and sending the http request to a corresponding back-end application through a dubbo interface of the back-end application to obtain a return value carrying back-end application resources; and after receiving the return value, converting the dubbo protocol into an http protocol, and returning the return value to the gateway.
In some of these embodiments, the Sidecar is further configured to: acquiring a dubbo interface exposed by a back-end application by utilizing the downstream API capability of Kurbenetes; and calling and obtaining a return value of the http request corresponding to the back-end application according to the dubbo interface and the local IP address of the Pod.
For specific limitations of the backend application invoking apparatus, reference may be made to the above limitations on the backend application invoking method, which are not described in detail herein. The modules in the back-end application calling device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In addition, the method for calling the back-end application in the embodiment of the present application described in conjunction with fig. 1 may be implemented by a computer device. Fig. 6 is a hardware structure diagram of a computer device according to an embodiment of the present application.
The computer device may comprise a processor 61 and a memory 62 in which computer program instructions are stored.
Specifically, the processor 61 may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
Memory 62 may include, among other things, mass storage for data or instructions. By way of example, and not limitation, memory 62 may include a Hard Disk Drive (Hard Disk Drive, abbreviated HDD), a floppy Disk Drive, a Solid State Drive (SSD), flash memory, an optical Disk, a magneto-optical Disk, tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 62 may include removable or non-removable (or fixed) media, where appropriate. The memory 62 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 62 is a Non-Volatile (Non-Volatile) memory. In particular embodiments, memory 62 includes Read-Only Memory (ROM) and Random Access Memory (RAM). The ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or FLASH Memory (FLASH), or a combination of two or more of these, where appropriate. The RAM may be a Static Random-Access Memory (SRAM) or a Dynamic Random-Access Memory (DRAM), where the DRAM may be a Fast Page Mode Dynamic Random-Access Memory (FPMDRAM), an Extended data output Dynamic Random-Access Memory (EDODRAM), a Synchronous Dynamic Random-Access Memory (SDRAM), and the like.
The memory 62 may be used to store or cache various data files that need to be processed and/or used for communication, as well as possible computer program instructions executed by the processor 61.
The processor 61 implements any of the back-end application calling methods in the above embodiments by reading and executing computer program instructions stored in the memory 62.
In some of these embodiments, the computer device may also include a communication interface 63 and a bus 60. As shown in fig. 6, the processor 61, the memory 62, and the communication interface 63 are connected via a bus 60 to complete communication therebetween.
The communication interface 63 is used for implementing communication between various modules, apparatuses, units and/or devices in the embodiments of the present application. The communication interface 63 may also enable communication with other components such as: the data communication is carried out among external equipment, image/data acquisition equipment, a database, external storage, an image/data processing workstation and the like.
Bus 60 comprises hardware, software, or both coupling the components of the computer device to each other. Bus 60 includes, but is not limited to, at least one of the following: data Bus (Data Bus), address Bus (Address Bus), control Bus (Control Bus), expansion Bus (Expansion Bus), and Local Bus (Local Bus). By way of example and not limitation, bus 60 may include an Accelerated Graphics Port (AGP) or other Graphics Bus, an Enhanced Industrial Standard Architecture (EISA) Bus, a Front-Side Bus (FSB), a Hypertransport (HT) Interconnect, an ISA (ISA) Bus, a wireless bandwidth (InfiniBand) Interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a microchannel Architecture (mcma) Bus, a PCI-Express (PCI-interface) Bus, a PCI-Express (PCI-X) Bus, a Serial Advanced Technology Attachment (vladvanced Technology, SATA) Bus, a Video Association (Video Association) Bus, or a combination of two or more of these or other suitable electronic buses. Bus 60 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the present application, any suitable buses or interconnects are contemplated by the present application.
The computer device may execute the back-end application calling method in the embodiment of the present application based on the obtained program instruction, thereby implementing the back-end application calling method described in conjunction with fig. 2.
In addition, in combination with the method for calling the backend application in the foregoing embodiments, the embodiments of the present application may provide a computer-readable storage medium to implement. The computer readable storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement a method of any of the back-end application calls in the above embodiments.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the claims. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent application shall be subject to the appended claims.

Claims (10)

1. A back-end application calling method is characterized by being applied to a Kurbenetes cluster system, wherein the Kurbenetes cluster system is provided with a gateway and a plurality of Pods; the method comprises the following steps:
the gateway receives an http request sent by a user, and analyzes the http request to obtain an application name corresponding to the http request;
the gateway discovers the capability through Kurbenetes application service and obtains an IP address corresponding to the application name according to the application name; sending the http request to a corresponding Pod in the Kurbenetes cluster according to the IP address;
and the Pod executes authority verification operation on the http request and calls a corresponding back-end application according to the http request.
2. The method of claim 1, wherein the Pod performing an authority check operation on the http request and invoking a corresponding backend application according to the http request comprises:
a Sidecar and the backend application are deployed in the Pod, and the Sidecar receives the http request;
the Sidecar executes authority verification operation on the http request; and if the verification is passed, the Sidecar calls the back-end application corresponding to the http request through a local dubbo interface according to the http request and returns the back-end application to the gateway.
3. The method according to claim 1, wherein the gateway finds the capability through Kurbenetes application service, and obtaining the IP address corresponding to the application name according to the application name comprises:
when an application is deployed, generating a corresponding IP address according to an application name, and establishing a corresponding relation between the IP address and the application name;
and the gateway obtains the IP address corresponding to the application name according to the corresponding relation.
4. The method according to claim 1, wherein the gateway parsing the http request to obtain the application name corresponding to the http request comprises:
the gateway analyzes the http request to obtain a method (POST, GET, PUT) and a url of the http request;
and the gateway forms a pattern (method: url) according to the method (POST, GET, PUT) and the url, and obtains an application name corresponding to the http request.
5. The method of claim 1, further comprising:
after obtaining an application name corresponding to the http request, the gateway queries whether a dubbo interface corresponding to the application name exists in a database;
if the dubbo interface corresponding to the application name exists, acquiring the query rate of the dubbo interface per second;
if the query rate per second exceeds a preset threshold value, returning preset error information;
and if the query rate per second does not exceed a preset threshold value, adding the application name to the head of the http request to construct a new http request, and sending the new http request to the corresponding Sidecar.
6. The method according to claim 2, wherein the step of the Sidecar calling the backend application corresponding to the http request through the local dubbo interface according to the http request comprises:
the Sidecar monitors a dubbo interface after being started, acquires an application name matched with the gateway from the head of an http request after receiving the http request, and acquires dubbo metadata corresponding to the application name from a database;
converting the http protocol into a dubbo protocol according to the dubbo metadata, and sending the http request to a corresponding back-end application through a dubbo interface of the back-end application to obtain a return value carrying back-end application resources;
and after receiving the return value, converting the dubbo protocol into an http protocol, and returning the return value to the gateway.
7. The method of claim 6, wherein sending an http request to a corresponding backend application through a dubbo interface of the backend application comprises:
the Sidecar acquires a dubbo interface exposed by the back-end application by using the downstream API capability of Kurbenetes;
and calling and obtaining a return value of the back-end application corresponding to the http request according to the dubbo interface and the local IP address of the Pod.
8. An apparatus for calling a backend application, the apparatus comprising:
the gateway is used for receiving an http request sent by a user and analyzing the http request to obtain an application name corresponding to the http request;
the gateway is further used for discovering the capability through Kurbenetes application services, obtaining an IP address corresponding to the application name according to the application name, and sending the http request to a corresponding back-end check module in a Kurbenetes cluster according to the IP address;
and the back-end checking module is used for executing authority checking operation on the http request and calling the corresponding back-end application according to the application name.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202110125672.5A 2021-01-29 2021-01-29 Back-end application calling method and device, computer equipment and readable storage medium Active CN112910991B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110125672.5A CN112910991B (en) 2021-01-29 2021-01-29 Back-end application calling method and device, computer equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110125672.5A CN112910991B (en) 2021-01-29 2021-01-29 Back-end application calling method and device, computer equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN112910991A CN112910991A (en) 2021-06-04
CN112910991B true CN112910991B (en) 2022-10-04

Family

ID=76120992

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110125672.5A Active CN112910991B (en) 2021-01-29 2021-01-29 Back-end application calling method and device, computer equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN112910991B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114490834B (en) * 2022-04-07 2022-06-21 梯度云科技(北京)有限公司 Method and device for replacing big data calculation operation data source based on Kubernetes

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10812366B1 (en) * 2017-08-31 2020-10-20 Google Llc System and method for deploying, scaling and managing network endpoint groups in cloud computing environments
CN110098947B (en) * 2018-01-31 2021-01-29 华为技术有限公司 Application deployment method, device and system
CN109067914B (en) * 2018-09-20 2019-12-13 星环信息科技(上海)有限公司 web service proxy method, device, equipment and storage medium
US11012475B2 (en) * 2018-10-26 2021-05-18 Valtix, Inc. Managing computer security services for cloud computing platforms
CN111124589B (en) * 2018-10-30 2022-12-13 中移(苏州)软件技术有限公司 Service discovery system, method, device and equipment
CN111796858B (en) * 2020-07-07 2024-03-22 金蝶软件(中国)有限公司 Method, system and related equipment for detecting access of application programs in Kubernetes cluster

Also Published As

Publication number Publication date
CN112910991A (en) 2021-06-04

Similar Documents

Publication Publication Date Title
US10951495B2 (en) Application signature generation and distribution
CN110447208B (en) Network slice management method, unit and system
KR101562155B1 (en) Service process control method and network device
US20140219101A1 (en) Feature Extraction Apparatus, and Network Traffic Identification Method, Apparatus, and System
CN114124451B (en) Data processing method and system for Internet of things equipment and computer storage medium
CN108965203A (en) A kind of resource access method and server
US8543679B2 (en) Method and device for creating management object instance in management tree of terminal device
JP6004410B2 (en) Service scheduling method and apparatus, and network device
CN108200158B (en) Request Transmission system, method, apparatus and storage medium
CN111258627A (en) Interface document generation method and device
CN110225045A (en) Full link data method for authenticating, device, equipment and storage medium
CN113992738A (en) Reverse proxy method, device, equipment and storage medium based on micro service gateway
CN112910991B (en) Back-end application calling method and device, computer equipment and readable storage medium
EP3096492B1 (en) Page push method and system
CN108270591B (en) Method for configuring network equipment and related equipment
CN114238703A (en) Event flow arrangement method, device and application
CN110597783A (en) Database management method, device, equipment and storage medium
CN114615285B (en) Physical machine deployment method and device, electronic equipment and storage medium
EP3151520B1 (en) Quarantining an internet protocol address
CN106209666B (en) Link multiplexing method and system based on load balancer
CN115514799A (en) TCP connection method, system, network device and storage medium
CN112861188A (en) Data aggregation system and method for multiple clusters
CN111857764A (en) Offline data updating method, device, equipment and storage medium
CN106487916B (en) Statistical method and device for connection number
CN113992732B (en) Terminal management control method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant