CN115712545B - Method, device, equipment and medium for realizing service topology awareness of cluster - Google Patents
Method, device, equipment and medium for realizing service topology awareness of cluster Download PDFInfo
- Publication number
- CN115712545B CN115712545B CN202310023589.6A CN202310023589A CN115712545B CN 115712545 B CN115712545 B CN 115712545B CN 202310023589 A CN202310023589 A CN 202310023589A CN 115712545 B CN115712545 B CN 115712545B
- Authority
- CN
- China
- Prior art keywords
- node
- cluster
- service
- container
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012544 monitoring process Methods 0.000 claims abstract description 30
- 238000012216 screening Methods 0.000 claims abstract description 13
- 230000004044 response Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 230000008447 perception Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 5
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a device, equipment and a medium for realizing service topology awareness of a cluster, wherein the method comprises the following steps: adding a preset label to each node in the cluster; creating a program of monitoring service in the cluster and creating a Map of ebpf program in the cluster; responding to a program of the monitoring service to monitor that the cluster service changes, acquiring detailed information of the service, screening a rear-end container according to a topology sensing rule of the service, and storing the container in a Map; and mounting the ebpf program to a preset position of a node kernel in the cluster, and selecting a rear-end container corresponding to the service by inquiring Map before a data packet accessing the cluster enters a kernel network protocol stack. By using the scheme of the invention, the selection of the back-end container corresponding to the service can be completed by reading the Map before the data packet enters the kernel protocol stack, thereby improving the network forwarding efficiency.
Description
Technical Field
The present invention relates to the field of computers, and more particularly, to a method, an apparatus, a device, and a readable medium for implementing service topology awareness of a cluster.
Background
Most of the current container cloud platforms are based on a kubernets (open source container arrangement architecture with the largest usage amount of the container cloud platform, and can realize automatic scheduling, expansion, fault recovery and the like of containers) framework, and provide a functional system taking application management as a core for users. A group of Pod (management unit scheduled by kubernets, which is composed of 1 or more containers, and the containers share a process, a network and other namespaces) is created for a specific service through k8s, and external services are provided through service. Service (one resource in k8s, which can access a group of specific Pod through Service and provides a load balancing function) load balancing is mainly realized by acquiring the Pod corresponding to the Service from an API Server through a kube-proxy process on a node, and then realizing operations such as receiving, forwarding, deleting and the like of a data packet through an iptables (information packet filtering system in a Linux operating system kernel) or an ipv (running on a fourth layer of a Linux kernel network protocol stack and providing load balancing capability) rule according to a specific matching condition. When a client accesses a specific service through a service, access traffic may be routed to any backend Pod corresponding to the service, so although service forwarding performs load balancing, if the forwarded Pod is far away, network delay of traffic forwarding is relatively high in the past, network performance may be affected accordingly, and in some cases, even extra traffic cost may be paid, so that a scheme is required to implement service forwarding nearby, that is, a Pod after load balancing is determined according to the position of an access origin, which is called service topology awareness. In service of native k8s, topology awareness can be achieved by specifying topologyKeys tags. When the service containing the topologyKeys label is created, the kube-proxy selects a part of Pod which accords with the current topological domain according to the screening condition to generate iptables or ipv rules, and the rear end is set as the Pod on the k8s node which accords with the topologyKeys label requirement, so that the near access is realized. However, iptables or ipv rules need to pass through a lengthy linux operating system kernel network protocol stack, which is relatively low in efficiency, and may cause a certain network delay, which cannot fully satisfy the application access requirements of high bandwidth and low delay.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, a device, and a readable medium for implementing service topology awareness of a cluster, and by using the technical solution of the present invention, selection of a backend container corresponding to a service can be completed by reading a Map before a data packet enters a kernel protocol stack, so as to improve network forwarding efficiency.
Based on the above object, an aspect of the embodiments of the present invention provides a method for implementing service topology awareness of a cluster, including the following steps:
adding a preset label to each node in the cluster;
creating a program for monitoring service in the cluster and creating a Map of an ebpf program in the cluster;
responding to a program of the monitoring service to monitor that the cluster service changes, acquiring detailed information of the service, screening a rear-end container according to a topology sensing rule of the service, and storing the container in a Map;
and mounting the ebpf program to a preset position of a node kernel in the cluster, and selecting a rear-end container corresponding to the service by inquiring Map before a data packet accessing the cluster enters a kernel network protocol stack.
According to an embodiment of the present invention, in response to a program monitoring a service monitoring that a cluster service changes, obtaining detailed information of the service and screening a backend container according to a topology awareness rule of the service, and storing the container in a Map includes:
responding to a program of the monitoring service to monitor cluster creation or update service, analyzing specific information of a back-end container corresponding to the service, and acquiring information of a node where the container is located;
and comparing the label information of the node where the container is located with the label information of the current node, and storing the container in the Map based on the comparison result.
According to one embodiment of the present invention, the label information includes a label of a node name, a label of an available area where the node is located, and a label of a domain where the node is located.
According to an embodiment of the present invention, comparing the label information of the node where the container is located with the label information of the current node, and storing the container in the Map based on the comparison result includes:
comparing the label of the node name of the node where the container is located with the label of the node name of the current node;
and responding to the condition that the label of the node name of the node where the container is located is the same as the label of the node name of the current node, and storing the container in the Map.
According to an embodiment of the present invention, further comprising:
in response to that the label of the node name of the node where the container is located is different from the label of the node name of the current node, comparing the label of the available area where the node where the container is located with the label of the available area where the node of the current node is located;
and responding to the label of the available area where the node of the node where the container is located is the same as the label of the available area where the node of the current node is located, and storing the container in the Map.
According to an embodiment of the present invention, further comprising:
in response to that the label of the available area where the node of the node where the container is located is different from the label of the available area where the node of the current node is located, comparing the label of the domain where the node of the node where the container is located with the label of the domain where the node of the current node is located;
and responding to the label of the domain in which the node of the node where the container is positioned is the same as the label of the domain in which the node of the current node is positioned, and storing the container in the Map.
According to an embodiment of the present invention, further comprising:
and in response to the label of the domain in which the node of the node where the container is positioned is different from the label of the domain in which the node of the current node is positioned, storing all the containers in the Map to ensure the availability of the service.
According to one embodiment of the invention, storing the container into the Map based on the comparison comprises:
the container is stored into the value in the key-value pair of the Map.
According to an embodiment of the invention, the mounting of the ebpf program to the preset position of the node kernel in the cluster comprises the following steps:
and mounting the ebpf program to a socket layer of a node kernel in the cluster.
According to an embodiment of the present invention, before a packet accessing a cluster enters a kernel network protocol stack, selecting a backend container corresponding to a service by querying a Map includes:
and responding to the fact that the nodes or containers in the cluster initiate access through the service, and reading the Map according to the destination address of the data packet to obtain the back-end container corresponding to the service.
According to an embodiment of the present invention, the mounting the ebpf program to a preset position of a node kernel in a cluster includes:
and mounting the ebpf program to the XDP position of the node kernel in the cluster.
According to an embodiment of the present invention, before a packet accessing a cluster enters a kernel network protocol stack, selecting a backend container corresponding to a service by querying a Map includes:
and responding to the initiation of access by a client outside the cluster through the nodeprot, and reading the Map according to the destination address of the data packet to acquire the back-end container corresponding to the service.
According to an embodiment of the present invention, adding a preset tag to each node in the cluster includes:
each node in the cluster is tagged with a node name, a tag of an available area where the node is located, and a tag of a domain where the node is located.
According to one embodiment of the invention, a procedure for creating a listening service in a cluster comprises:
an API service listener is written in the cluster for listening to services in the cluster.
According to one embodiment of the invention, creating the Map of the ebpf program in the cluster comprises the following steps:
and creating a Map of the ebpf program in the cluster, wherein keys of the Map are the IP and the ports of the service, and the value is the information of the back-end container corresponding to the service.
According to an embodiment of the present invention, further comprising:
and responding to the program of the monitoring service to monitor the cluster deleting service, and deleting the information of the service in the corresponding Map.
According to one embodiment of the invention, the clusters are k8s clusters.
In another aspect of the embodiments of the present invention, an apparatus for implementing service topology awareness of a cluster is further provided, where the apparatus includes:
the adding module is configured to add a preset label to each node in the cluster;
the creating module is configured to create a program of the monitoring service in the cluster and create a Map of the ebpf program in the cluster;
the storage module is configured to respond to the monitoring of the cluster service change by a monitoring service program, acquire detailed service information, screen a rear-end container according to the topology perception rule of the service, and store the container in the Map;
and the processing module is configured to mount the ebpf program to a preset position of a node kernel in the cluster, and select a back-end container corresponding to the service by inquiring Map before a data packet accessing the cluster enters a kernel network protocol stack.
In another aspect of an embodiment of the present invention, there is also provided a computer apparatus including:
at least one processor; and
a memory storing computer instructions executable on the processor, the instructions when executed by the processor implementing the steps of any of the methods described above.
In another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium storing a computer program, which when executed by a processor implements the steps of any one of the above-mentioned methods.
The invention has the following beneficial technical effects: the method for realizing service topology awareness of the cluster provided by the embodiment of the invention adds a preset label to each node in the cluster; creating a program of monitoring service in the cluster and creating a Map of ebpf program in the cluster; responding to a program of the monitoring service to monitor that the cluster service changes, acquiring detailed information of the service, screening a rear-end container according to a topology sensing rule of the service, and storing the container in a Map; the ebpf program is mounted to the preset position of the inner node core of the cluster, and the technical scheme that the back-end container corresponding to the service is selected by inquiring the Map before the data packet accessing the cluster enters the inner core network protocol stack can finish the selection of the back-end container corresponding to the service by reading the Map before the data packet enters the inner core protocol stack, so that the network forwarding efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow diagram of a method of implementing service topology awareness for a cluster in accordance with one embodiment of the present invention;
FIG. 2 is a schematic diagram of an apparatus for implementing service topology awareness for a cluster according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a computer device according to one embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer-readable storage medium according to one embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
Based on the above object, a first aspect of the embodiments of the present invention provides an embodiment of a method for implementing service topology awareness of a cluster. Fig. 1 shows a schematic flow diagram of the method.
As shown in fig. 1, the method may include the steps of:
s1, adding a preset label for each node in the cluster. When a k8s cluster is created, a specific label may be designated for a node in the cluster, and then screening may be performed according to the label of the node when a k8s resource is created. When nodes join a k8s cluster, each node is added with three corresponding labels: the range of the three labels is sequentially enlarged, wherein the hostName is the name of the node, the zone is the available area where the node is located, and the region is the domain where the node is located. An example of a label for a node is as follows:
labels:
kubernetes.io/hostname: Node1
topology.kubernetes.io/zone: zone1
topology.kubernetes.io/region: region1。
s2, a program of the monitoring service is created in the cluster, and ebpf (a program written by a user and capable of running in a Linux kernel is essentially a virtual machine running in a kernel state, so that the user can load a technology for running a self-defined program in the kernel, and the user and the kernel can interact data as required to manage the behavior of the kernel at any time) is created in the cluster. And writing a program monitoring API Server in the cluster and creating an ebpf Map, wherein keys of the Map are IP and ports of the service, and the value is back-end container information corresponding to the service.
S3, responding to the fact that the cluster service is monitored to change by a program monitoring the service, obtaining detailed information of the service, screening a rear-end container according to the topology sensing rule of the service, and storing the container in the Map. And when the service creation or update is monitored, analyzing the specific information of the corresponding back-end container and extracting the node information of the container. And comparing the node label information of the container with the current node label information according to the topology perception options of the service, and adding the corresponding container into the Map if the label information is the same. Firstly, whether the names of the current node and the node where the container is located are the same or not is compared, if the names of the current node and the node where the container is located are the same, the container is added into the Map, if the names of the nodes are different, the subsequent comparison between the available area and the domain where the container is located is continued, if all the label information of all the containers is different from that of the current node, screening is not performed, all the containers are added into the Map to ensure the availability of service, and at this moment, the near access principle is invalid. Through the screening, the container information stored in the Map is the container which meets the requirement after being screened according to the topology perception option. For example, the topology options part of a service is as follows:
topologyKeys:
- "kubernetes.io/hostname"
- "topology.kubernetes.io/zone"
- "topology.kubernetes.io/region"
- "*"。
s4, mounting the ebpf program to a preset position of a node kernel in the cluster, and selecting a rear-end container corresponding to the service by inquiring Map before a data packet accessing the cluster enters a kernel network protocol stack. Writing an ebpf program to read the Map, and mounting the ebpf program to a socket layer and an XDP position of a node kernel in the cluster. When nodes or containers in the cluster initiate east-west access through services, flow enters a socket layer firstly, map is read according to the destination address of a data packet, and the obtained rear-end container is a container accessed nearby. When a client outside the cluster initiates north-south access through nodeprot, after reaching the network card, external traffic first reaches the XDP mount point, and similarly to the processing logic at the socket, the Map is read according to the destination address of the data packet, so that the corresponding rear-end container address is obtained. In both cases, the selection of the back-end container is completed before the data packet enters the kernel network protocol stack, and the network forwarding efficiency is high.
Through the technical scheme of the invention, the selection of the back-end container corresponding to the service can be completed by reading the Map before the data packet enters the kernel protocol stack, so that the network forwarding efficiency is greatly improved.
In a preferred embodiment of the present invention, in response to a program monitoring a service monitoring that a cluster service changes, obtaining detailed information of the service and screening a backend container according to a topology awareness rule of the service, and storing the container in a Map includes:
responding to a program of the monitoring service to monitor cluster creation or update service, analyzing specific information of a back-end container corresponding to the service, and acquiring information of a node where the container is located;
and comparing the label information of the node where the container is located with the label information of the current node, and storing the container in the Map based on the comparison result. When the service in the cluster changes, the information of a back-end container corresponding to the service and the information of a node where the container is located are obtained, then the label information of the node where the container is located is compared with the label information of the current node, and when at least one of the label information is the same, the container is stored in the Map.
In a preferred embodiment of the present invention, the label information includes a label of a node name, a label of an available area where the node is located, and a label of a domain where the node is located.
In a preferred embodiment of the present invention, comparing the label information of the node where the container is located with the label information of the current node, and storing the container in the Map based on the comparison result includes:
comparing the label of the node name of the node where the container is located with the label of the node name of the current node;
and responding to the condition that the label of the node name of the node where the container is located is the same as the label of the node name of the current node, and storing the container in the Map. And during comparison, firstly comparing the node names, if the labels of the node names are the same, storing the container in the Map, and if the labels of the node names are different, continuously comparing other labels.
In a preferred embodiment of the present invention, further comprising:
in response to that the label of the node name of the node where the container is located is different from the label of the node name of the current node, comparing the label of the available area where the node where the container is located with the label of the available area where the node of the current node is located;
and responding to the label of the available area where the node of the node where the container is located is the same as the label of the available area where the node of the current node is located, and storing the container in the Map. If the labels of the node names are different, the labels of the available areas where the nodes are located are compared, if the labels of the available areas where the nodes are located are the same, the containers are stored in the Map, and if the labels of the available areas where the nodes are located are different, other labels are continuously compared.
In a preferred embodiment of the present invention, the method further comprises:
in response to that the label of the available area where the node of the node where the container is located is different from the label of the available area where the node of the current node is located, comparing the label of the domain where the node of the node where the container is located with the label of the domain where the node of the current node is located;
and responding to the label of the domain in which the node of the node where the container is positioned is the same as the label of the domain in which the node of the current node is positioned, and storing the container in the Map. If the labels of the available areas where the nodes are located are not the same, the labels of the domains where the nodes are located are continuously compared, if the labels of the domains where the nodes are located are the same, the containers are stored in the Map,
in a preferred embodiment of the present invention, further comprising:
and in response to the label of the domain in which the node of the node where the container is positioned is different from the label of the domain in which the node of the current node is positioned, storing all the containers in the Map to ensure the availability of the service. If the labels of the domains in which the nodes are located are still different, that is, all the labels are different, all the Pod are added into the Map to ensure the availability of the service, that is, the near access principle is invalid at this time. Through the screening, the Pod information stored in the Map is the Pod which meets the requirement after being screened according to the topology perception option.
In a preferred embodiment of the present invention, storing the container in the Map based on the comparison comprises:
the container is stored into the value in the key-value pair of the Map. I.e. the container is stored in a value in the key-value.
In a preferred embodiment of the present invention, the mounting the ebpf program to a preset position of a node kernel in the cluster includes:
and mounting the ebpf program to a socket layer of a node kernel in the cluster.
In a preferred embodiment of the present invention, before a packet accessing a cluster enters a kernel network protocol stack, selecting a backend container corresponding to a service by querying a Map includes:
and responding to the fact that the nodes or containers in the cluster initiate access through the service, and reading the Map according to the destination address of the data packet to obtain a back-end container corresponding to the service. When a node or Pod in the cluster initiates east-west access through the service, the flow first enters a socket layer, the Map is read according to the destination address of the data packet, and the obtained rear-end Pod is the Pod which is accessed nearby.
In a preferred embodiment of the present invention, the mounting the ebpf program to a preset position of a node kernel in the cluster includes:
and mounting the ebpf program to the XDP position of the node kernel in the cluster.
In a preferred embodiment of the present invention, before a packet accessing a cluster enters a kernel network protocol stack, selecting a backend container corresponding to a service by querying a Map includes:
and responding to the initiation of access by a client outside the cluster through the nodeprot, and reading the Map according to the destination address of the data packet to acquire the back-end container corresponding to the service. When a client outside the cluster initiates north-south access through nodeprot, external traffic reaches an XDP mount point after reaching a network card, and reads Map according to a destination address of a data packet, so as to obtain a corresponding rear-end Pod address.
In a preferred embodiment of the present invention, adding a preset tag to each node in the cluster includes:
each node in the cluster is tagged with a node name, a tag of an available area where the node is located, and a tag of a domain where the node is located.
In a preferred embodiment of the present invention, the procedure of creating a listening service in a cluster comprises:
an API service listener is written in the cluster for listening to services in the cluster.
In a preferred embodiment of the present invention, creating a Map of ebpf programs in a cluster comprises:
and creating a Map of the ebpf program in the cluster, wherein keys of the Map are the IP and the ports of the service, and the value is the information of the back-end container corresponding to the service.
In a preferred embodiment of the present invention, further comprising:
and responding to the program of the monitoring service to monitor the cluster deleting service, and deleting the information of the service in the corresponding Map.
In a preferred embodiment of the invention, the clusters are k8s clusters.
By the technical scheme of the invention, the selection of the back-end container corresponding to the service can be completed by reading the Map before the data packet enters the kernel protocol stack, so that the network forwarding efficiency is improved.
It should be noted that, as will be understood by those skilled in the art, all or part of the processes in the methods of the above embodiments may be implemented by instructing relevant hardware through a computer program, and the above programs may be stored in a computer-readable storage medium, and when executed, the programs may include the processes of the embodiments of the methods as described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like. The embodiments of the computer program may achieve the same or similar effects as any of the above-described method embodiments.
Furthermore, the method disclosed according to an embodiment of the present invention may also be implemented as a computer program executed by a CPU, and the computer program may be stored in a computer-readable storage medium. The computer program, when executed by the CPU, performs the above-described functions defined in the method disclosed in the embodiments of the present invention.
In view of the above object, in a second aspect of the embodiments of the present invention, an apparatus for implementing service topology awareness of a cluster is provided, as shown in fig. 2, an apparatus 200 includes:
the adding module is configured to add a preset label to each node in the cluster;
the creating module is configured to create a monitoring service program in the cluster and create a Map of an ebpf program in the cluster;
the storage module is configured to respond to the monitoring of the cluster service change by a monitoring service program, acquire detailed service information, screen a rear-end container according to the topology perception rule of the service, and store the container in the Map;
and the processing module is configured to mount the ebpf program to a preset position of a node kernel in the cluster, and select a back-end container corresponding to the service by inquiring Map before a data packet accessing the cluster enters a kernel network protocol stack.
In a preferred embodiment of the present invention, the storage module is further configured to:
responding to a program of the monitoring service to monitor cluster creation or update service, analyzing specific information of a back-end container corresponding to the service, and acquiring information of a node where the container is located;
and comparing the label information of the node where the container is located with the label information of the current node, and storing the container in the Map based on the comparison result.
In a preferred embodiment of the present invention, the label information includes a label of a node name, a label of an available area where the node is located, and a label of a domain where the node is located.
In a preferred embodiment of the present invention, the storage module is further configured to:
comparing the label of the node name of the node where the container is located with the label of the node name of the current node;
and responding to the condition that the label of the node name of the node where the container is located is the same as the label of the node name of the current node, and storing the container in the Map.
In a preferred embodiment of the present invention, the storage module is further configured to:
in response to that the label of the node name of the node where the container is located is different from the label of the node name of the current node, comparing the label of the available area where the node where the container is located with the label of the available area where the node of the current node is located;
and responding to the label of the available area where the node of the node where the container is located is the same as the label of the available area where the node of the current node is located, and storing the container in the Map.
In a preferred embodiment of the present invention, the storage module is further configured to:
in response to that the label of the available area where the node of the node where the container is located is different from the label of the available area where the node of the current node is located, comparing the label of the domain where the node of the node where the container is located with the label of the domain where the node of the current node is located;
and responding to the label of the domain in which the node of the node in which the container is positioned is the same as the label of the domain in which the node of the current node is positioned, and storing the container in the Map.
In a preferred embodiment of the present invention, the storage module is further configured to:
and in response to the label of the domain in which the node of the node where the container is positioned is different from the label of the domain in which the node of the current node is positioned, storing all the containers in the Map to ensure the availability of the service.
In a preferred embodiment of the present invention, the storage module is further configured to:
the container is stored into the value in the key-value pair of the Map.
In a preferred embodiment of the present invention, the processing module is further configured to:
and mounting the ebpf program to a socket layer of a node kernel in the cluster.
In a preferred embodiment of the present invention, the processing module is further configured to:
and responding to the fact that the nodes or containers in the cluster initiate access through the service, and reading the Map according to the destination address of the data packet to obtain the back-end container corresponding to the service.
In a preferred embodiment of the present invention, the processing module is further configured to:
and mounting the ebpf program to the XDP position of the node kernel in the cluster.
In a preferred embodiment of the present invention, the processing module is further configured to:
and responding to the initiation of access by a client outside the cluster through the nodeprot, and reading the Map according to the destination address of the data packet to acquire the back-end container corresponding to the service.
In a preferred embodiment of the invention, the adding module is further configured to:
each node in the cluster is tagged with a node name, a tag of an available area in which the node is located, and a tag of a domain in which the node is located.
In a preferred embodiment of the present invention, the creation module is further configured to:
an API service listener is written in the cluster for listening to services in the cluster.
In a preferred embodiment of the present invention, the creation module is further configured to:
and creating a Map of the ebpf program in the cluster, wherein keys of the Map are the IP and the ports of the service, and the value is the information of the back-end container corresponding to the service.
In a preferred embodiment of the present invention, the system further includes a deletion module, and the deletion module is configured to:
and responding to the program of the monitoring service to monitor the cluster deleting service, and deleting the information of the service in the corresponding Map.
In a preferred embodiment of the invention, the clusters are k8s clusters.
In view of the above object, a third aspect of the embodiments of the present invention provides a computer device. Fig. 3 is a schematic diagram of an embodiment of a computer device provided by the present invention. As shown in fig. 3, the embodiment of the present invention includes the following means: at least one processor 21; and a memory 22, the memory 22 storing computer instructions 23 executable on the processor, the instructions when executed by the processor implementing the steps in any of the method embodiments described above.
In view of the above object, a fourth aspect of the embodiments of the present invention proposes a computer-readable storage medium. FIG. 4 is a schematic diagram illustrating an embodiment of a computer-readable storage medium provided by the present invention. As shown in fig. 4, the computer readable storage medium 31 stores a computer program 32 which, when executed by a processor, performs the steps in any of the method embodiments described above.
Furthermore, the methods disclosed according to embodiments of the present invention may also be implemented as a computer program executed by a processor, which may be stored in a computer-readable storage medium. Which when executed by a processor performs the above-described functions defined in the methods disclosed in embodiments of the invention.
Further, the above method steps and system elements may also be implemented using a controller and a computer readable storage medium for storing a computer program for causing the controller to implement the functions of the above steps or elements.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
In one or more exemplary designs, the functions may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, digital Versatile Disc (DVD), floppy disk, blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The foregoing are exemplary embodiments of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (19)
1. A method for realizing service topology awareness of a cluster is characterized by comprising the following steps:
adding a preset label to each node in the cluster;
creating a program of monitoring service in the cluster and creating a Map of ebpf program in the cluster;
responding to a program of the monitoring service to monitor that cluster service changes, acquiring detailed information of the service, screening a back-end container according to topology perception rules of the service, and storing the container in a Map, wherein the responding to the program of the monitoring service to monitor that cluster service changes, acquiring the detailed information of the service, screening the back-end container according to the topology perception rules of the service, and storing the container in the Map comprises: responding to a program of the monitoring service to monitor cluster creation or update service, analyzing specific information of a back-end container corresponding to the service, acquiring information of a node where the container is located, comparing label information of the node where the container is located with label information of a current node, and storing the container in a Map based on a comparison result;
and mounting the ebpf program to a preset position of a node kernel in the cluster, and selecting a rear-end container corresponding to the service by inquiring Map before a data packet accessing the cluster enters a kernel network protocol stack.
2. The method of claim 1, wherein the label information comprises a label of a name of the node, a label of an available area where the node is located, and a label of a domain where the node is located.
3. The method of claim 2, wherein comparing the label information of the node where the container is located with the label information of the current node, and storing the container in the Map based on the comparison result comprises:
comparing the label of the node name of the node where the container is located with the label of the node name of the current node;
and responding to the condition that the label of the node name of the node where the container is located is the same as the label of the node name of the current node, and storing the container in the Map.
4. The method of claim 3, further comprising:
in response to that the label of the node name of the node where the container is located is different from the label of the node name of the current node, comparing the label of the available area where the node where the container is located with the label of the available area where the node of the current node is located;
and responding to the label of the available area where the node of the node where the container is located is the same as the label of the available area where the node of the current node is located, and storing the container in the Map.
5. The method of claim 4, further comprising:
in response to that the label of the available area where the node of the node where the container is located is different from the label of the available area where the node of the current node is located, comparing the label of the domain where the node of the node where the container is located with the label of the domain where the node of the current node is located;
and responding to the label of the domain in which the node of the node where the container is positioned is the same as the label of the domain in which the node of the current node is positioned, and storing the container in the Map.
6. The method of claim 5, further comprising:
and in response to the label of the domain in which the node of the node where the container is positioned is different from the label of the domain in which the node of the current node is positioned, storing all the containers in the Map to ensure the availability of the service.
7. The method of claim 1, wherein storing the container in the Map based on the comparison comprises:
the container is stored into the value in the key-value pair of the Map.
8. The method of claim 1, wherein mounting the ebpf program to a preset location of a node kernel within the cluster comprises:
and mounting the ebpf program to a socket layer of a node kernel in the cluster.
9. The method of claim 8, wherein selecting the backend container corresponding to the service by querying the Map before the packet accessing the cluster enters the kernel network protocol stack comprises:
and responding to the fact that the nodes or containers in the cluster initiate access through the service, and reading the Map according to the destination address of the data packet to obtain the back-end container corresponding to the service.
10. The method of claim 1, wherein mounting the ebpf program to a preset location of a node kernel within the cluster comprises:
and mounting the ebpf program to the XDP position of the node kernel in the cluster.
11. The method of claim 10, wherein selecting a corresponding backend container for service by querying a Map before a packet accessing the cluster enters the core network protocol stack comprises:
and responding to the initiation of access by a client outside the cluster through the nodeprot, and reading the Map according to the destination address of the data packet to acquire the back-end container corresponding to the service.
12. The method of claim 1, wherein adding a preset label to each node in the cluster comprises:
each node in the cluster is tagged with a node name, a tag of an available area in which the node is located, and a tag of a domain in which the node is located.
13. The method of claim 1, wherein the process of creating a listening service in a cluster comprises:
an API service listener is written in the cluster for listening to services in the cluster.
14. The method of claim 1, wherein creating the Map of ebpf programs in the cluster comprises:
and creating a Map of the ebpf program in the cluster, wherein keys of the Map are the IP and the ports of the service, and the value is the information of the back-end container corresponding to the service.
15. The method of claim 1, further comprising:
and responding to the program of the monitoring service to monitor the cluster deleting service, and deleting the information of the service in the corresponding Map.
16. The method of claim 1, wherein the cluster is a k8s cluster.
17. An apparatus that enables service topology awareness for a cluster, the apparatus comprising:
an adding module configured to add a preset tag to each node in the cluster;
the system comprises a creation module, a monitoring module and a management module, wherein the creation module is configured to create a program of the monitoring service in a cluster and create a Map of an ebpf program in the cluster;
the storage module is configured to respond to a program of the monitoring service to monitor that cluster service changes, acquire detailed information of the service, screen a back-end container according to topology perception rules of the service, and store the container in the Map, and is further configured to respond to the program of the monitoring service to monitor cluster creation or update service, analyze specific information of the back-end container corresponding to the service, acquire information of a node where the container is located, compare label information of the node where the container is located with label information of a current node, and store the container in the Map based on a comparison result;
and the processing module is configured to mount the ebpf program to a preset position of a node kernel in the cluster, and select a back-end container corresponding to the service by inquiring Map before a data packet accessing the cluster enters a kernel network protocol stack.
18. A computer device, comprising:
at least one processor; and
a memory storing computer instructions executable on the processor, the instructions when executed by the processor implementing the steps of the method of any one of claims 1 to 16.
19. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 16.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310023589.6A CN115712545B (en) | 2023-01-09 | 2023-01-09 | Method, device, equipment and medium for realizing service topology awareness of cluster |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310023589.6A CN115712545B (en) | 2023-01-09 | 2023-01-09 | Method, device, equipment and medium for realizing service topology awareness of cluster |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115712545A CN115712545A (en) | 2023-02-24 |
| CN115712545B true CN115712545B (en) | 2023-04-18 |
Family
ID=85236181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310023589.6A Active CN115712545B (en) | 2023-01-09 | 2023-01-09 | Method, device, equipment and medium for realizing service topology awareness of cluster |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115712545B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10594798B2 (en) * | 2016-06-16 | 2020-03-17 | Veniam, Inc. | Systems and methods for managing containers in a network of moving things |
| US10394784B2 (en) * | 2016-12-22 | 2019-08-27 | Intel Corporation | Technologies for management of lookup tables |
| CN113949537B (en) * | 2021-09-26 | 2023-11-21 | 杭州谐云科技有限公司 | Firewall management method and system based on eBPF |
| CN113986459A (en) * | 2021-10-21 | 2022-01-28 | 浪潮电子信息产业股份有限公司 | Control method and system for container access, electronic equipment and storage medium |
| CN114039789B (en) * | 2021-11-17 | 2023-11-14 | 北京天融信网络安全技术有限公司 | Traffic protection method, electronic device and storage medium |
-
2023
- 2023-01-09 CN CN202310023589.6A patent/CN115712545B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115712545A (en) | 2023-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3726811A1 (en) | Proxy routing based on path headers | |
| US20160057024A1 (en) | Method and device for terminal device management based on right control | |
| CN113301116A (en) | Cross-network communication method, device, system and equipment for microservice application | |
| CN111064804B (en) | Network access method and device | |
| CN110572439A (en) | cloud monitoring method based on metadata service and virtual forwarding network bridge | |
| US20230216895A1 (en) | Network-based media processing (nbmp) workflow management through 5g framework for live uplink streaming (flus) control | |
| CN113301079B (en) | Data acquisition method, system, computing device and storage medium | |
| US20240048479A1 (en) | Packet Forwarding Method and Apparatus, Network Device, and Storage Medium | |
| CN114064206A (en) | Pod method, system, equipment and storage medium for accessing edge node | |
| US10298672B2 (en) | Global contact-point registry for peer network devices | |
| US20230300215A1 (en) | Proxy-Mediated Service Request Handling between Network Functions | |
| CN116760834A (en) | Load balancing method, system, equipment and storage medium | |
| CN115712545B (en) | Method, device, equipment and medium for realizing service topology awareness of cluster | |
| CN114157639B (en) | Method, device and equipment for collecting information of intelligent network card of server and readable medium | |
| US20230275974A1 (en) | Network functionality (nf) aware service provision based on service communication proxy (scp) | |
| US11924294B2 (en) | Service request handling | |
| US20230188625A1 (en) | Service request handling | |
| CN115987990A (en) | Multi-cluster load balancing method and device, electronic equipment and storage medium | |
| CN113364681B (en) | Network path determination method, network path determination device, electronic apparatus, network path determination medium, and program product | |
| CN101908982A (en) | Detection method, device and system of VLAN (Virtual Local Area Network) | |
| WO2021233646A1 (en) | Service request handling | |
| CN113839876A (en) | Transmission path optimization method and equipment for internal network | |
| CN113626144A (en) | Method, device and equipment for creating and storing double live volumes by cluster and readable medium | |
| CN111526044A (en) | Method, device and medium for discovering link between switch and server | |
| US20230179653A1 (en) | Service request handling |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |