TW202238374A - Provision and management system and method for container infrastructure service and computer readable medium - Google Patents
Provision and management system and method for container infrastructure service and computer readable medium Download PDFInfo
- Publication number
- TW202238374A TW202238374A TW110109786A TW110109786A TW202238374A TW 202238374 A TW202238374 A TW 202238374A TW 110109786 A TW110109786 A TW 110109786A TW 110109786 A TW110109786 A TW 110109786A TW 202238374 A TW202238374 A TW 202238374A
- Authority
- TW
- Taiwan
- Prior art keywords
- network
- service
- master
- resources
- resource
- Prior art date
Links
Images
Landscapes
- Stored Programmes (AREA)
- Hardware Redundancy (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
本發明係關於容器服務基礎設施之技術,尤指一種容器服務基礎設施供裝管理系統、方法及電腦可讀媒介。 The present invention relates to container service infrastructure technology, in particular to a container service infrastructure supply and management system, method and computer-readable medium.
隨著雲原生(Cloud Native)概念的興起,容器、軟體開發概念(DevOps,即是Development和Operations的結合)、微服務等技術崛起,讓整合與部署新版本的服務應用變的更加容易,並且在建置、測試、運行應用等階段,無須再耗費龐大的額外負擔,雲端化的成本降低,再加上容器的可攜性,更靈活地擴展延伸應用服務,吸引更多企業服務應用投入容器技術的環境中,讓企業開始將傳統應用搬到雲端上來規劃執行,達成服務應用雲端化的目的。 With the rise of the cloud native (Cloud Native) concept, technologies such as containers, software development concepts (DevOps, which is the combination of Development and Operations), and microservices have risen, making it easier to integrate and deploy new versions of service applications, and In the stages of building, testing, and running applications, there is no need to spend huge additional burdens, and the cost of cloudification is reduced. Coupled with the portability of containers, it is more flexible to expand and extend application services, attracting more enterprise service applications to invest in containers. In the technological environment, enterprises began to move traditional applications to the cloud for planning and execution, so as to achieve the goal of cloud-based service applications.
惟,即便整合與部署新版本的服務應用技術已有相當程度開發,但如何減化程序、提升供裝效率、降低資源和維應運的成本仍是相當重要。另外,服務平台的網路安全性也是服務使用者所重視的,此都將是企業服務提供者致力於研發改進之目標。 However, even though the service application technology for integrating and deploying new versions has been developed to a considerable extent, how to simplify the procedures, improve the efficiency of supply and installation, and reduce the cost of resources and maintenance and operation is still very important. In addition, the network security of the service platform is also the focus of service users, and this will be the goal of enterprise service providers to devote themselves to research and development.
有鑑於此,如何提供一種容器服務基礎設施之技術,能在整合與部署新版本的服務應用技術中,有更簡單快速之建置且能滿足低成本、高效率以及具安全性等需求,此將成為目前本技術領域人員努力追求之目標。 In view of this, how to provide a container service infrastructure technology that can be simpler and faster to build and meet the requirements of low cost, high efficiency and security in the integration and deployment of new versions of service application technology It will become the goal that those skilled in the art are striving to pursue.
為解決上述現有技術之問題,本發明針對供裝容器服務基礎設施提出一種新式容器服務基礎設施供裝管理機制之技術及方法,提供企業和個人一種簡單快速建置容器服務平台基礎設施的解決方案,藉由上述目的達到提升資源利用和供裝效率、降低資源和維營運的成本,並且能強化整個服務平台的網路安全性。 In order to solve the above-mentioned problems in the prior art, the present invention proposes a new container service infrastructure supply and installation management mechanism technology and method for container service infrastructure, and provides enterprises and individuals with a simple and fast solution for building container service platform infrastructure , through the above-mentioned purpose, the efficiency of resource utilization and supply and installation can be improved, the cost of resources and maintenance and operation can be reduced, and the network security of the entire service platform can be strengthened.
本發明提出一種容器服務基礎設施供裝管理系統,係包括:服務範本協同管理模組,係用以組織串聯運算資源、儲存資源、網路資源、網路位址轉換資源、防火牆資源、路由資源,以協同其狀態調整為能用於完成供裝基礎設施;運算資源管理模組,係連結該服務範本協同管理模組,用以設定該儲存資源之路徑、網路組態配置、虛擬機模板,以及平行處理與部署多個運算節點,以決定唯一主運算節點;以及網路資源管理模組,係連結該服務範本協同管理模組,用以決定部署主虛擬位址和邏輯隔離網路閘道位址之網路位址轉換(NAT),部署該多個運算節點、配置伺服器和儲存叢集的內對外和外對內之防火牆規則建立,以及部署該邏輯隔離網路外部網路路由表以連通該配置伺服器,其中,基於服務節點參數供裝儲存空間與部署網路,藉以建構出容器服務平台所需之共享環境,並於該多個運算節點中配置該共享環境中儲存叢集的參數,以完成容器服務平台之基礎設施的供裝與管理。 The present invention proposes a container service infrastructure supply and installation management system, which includes: a service template collaborative management module, which is used to organize serial computing resources, storage resources, network resources, network address translation resources, firewall resources, and routing resources , to adjust its state to be able to be used to complete the provisioning infrastructure; the computing resource management module is connected to the service template collaborative management module to set the path of the storage resource, network configuration configuration, and virtual machine template , and parallel processing and deployment of multiple computing nodes to determine the only main computing node; and the network resource management module is connected to the service template collaborative management module to determine the deployment of the main virtual address and logical isolation network gate Network address translation (NAT) of the channel address, deploy the multiple computing nodes, configure the internal and external and external and internal firewall rules of the server and storage cluster, and deploy the external network routing table of the logically isolated network To connect to the configuration server, wherein the storage space and deployment network are provided based on the service node parameters, so as to construct the shared environment required by the container service platform, and configure the storage clusters in the shared environment in the multiple computing nodes parameters to complete the provisioning and management of the infrastructure of the container service platform.
於一實施例中,該容器服務基礎設施供裝管理系統復包括連結該服務範本協同管理模組之儲存資源管理模組,係用以管理並配置該儲存空間。 In one embodiment, the container service infrastructure provisioning management system further includes a storage resource management module linked to the service template collaborative management module, which is used to manage and configure the storage space.
於一實施例中,該容器服務基礎設施供裝管理系統復包括連結該服務範本協同管理模組之資源派發管理模組,係用以配發該網路資源、該儲存資源及該運算資源。 In one embodiment, the container service infrastructure provisioning management system further includes a resource distribution management module linked to the service template collaborative management module, which is used to allocate the network resource, the storage resource and the computing resource.
於一實施例中,該網路資源管理模組復包括將該網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段的該邏輯隔離網路上。 In one embodiment, the network resource management module further includes dividing the network into a management network segment and a service network segment, so that the container service platform is established on the logically isolated network of the service network segment.
本發明復提出一種容器服務基礎設施供裝管理方法,係包括:依據服務節點參數供裝儲存空間與部署網路,以建構容器服務平台所需之共享環境;以及建構主從運算節點與防火牆,並於該主從運算節點中配置該共享環境中儲存叢集的參數,再透過平行供裝該主從運算節點,對該主從運算節點採用鎖定機制以及先進先出演算法,以篩選出唯一主運算節點以及平行開通該儲存空間和該主從運算節點之間的網路。 The present invention further proposes a container service infrastructure provisioning management method, which includes: provisioning storage space and deploying network according to service node parameters to construct a shared environment required by the container service platform; and constructing master-slave computing nodes and firewalls, And configure the parameters of the storage cluster in the shared environment in the master-slave computing node, and then install the master-slave computing node in parallel, and use the locking mechanism and the first-in-first-out algorithm to filter out the only master computing node Nodes and a network between the storage space and the master-slave computing nodes are opened in parallel.
於上述方法中,該建構容器服務平台所需之共享環境之步驟係包括將該網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段之邏輯隔離網路上。 In the above method, the step of constructing the shared environment required by the container service platform includes dividing the network into a management network segment and a service network segment, so that the container service platform is established on a logically isolated network of the service network segment .
於上述方法中,該建構主從運算節點之步驟係包括自資料庫內取得預先建立之虛擬機模板,結合使用者輸入之該服務節點參數以及該虛擬機模板,以生成作為該主從運算節點之多組服務節點。 In the above method, the step of constructing the master-slave computing node includes obtaining a pre-built virtual machine template from the database, combining the service node parameters and the virtual machine template input by the user to generate the master-slave computing node Multiple groups of service nodes.
於上述方法中,該建構防火牆之步驟復包括於資料庫取得配置伺服器管理配置來源之網路位址和網路資源派發之唯一主虛擬網路位址,以及取 得網路位址轉換伺服器於資源部署時產生與該配置伺服器服務對應之埠號,以建立防火牆規則穿透網路。 In the above-mentioned method, the step of constructing a firewall further includes obtaining the network address of the configuration server management configuration source and the unique primary virtual network address of network resource distribution from the database, and obtaining The network address translation server generates a port number corresponding to the configuration server service during resource deployment, so as to establish firewall rules to penetrate the network.
於前述方法中,依據運算節點之相依性,由該主從運算節點組合出不同的防火牆規則,以建立該唯一主運算節點連通該配置伺服器之第一防火牆規則以及該主從運算節點連線該儲存空間之第二防火牆規則。 In the aforementioned method, according to the dependency of computing nodes, different firewall rules are combined by the master computing node to establish the first firewall rule for the only master computing node to connect to the configuration server and the master-slave computing node connection The second firewall rule of the storage space.
本發明復提供一種電腦可讀媒介,應用於計算裝置或電腦中,係儲存有指令,以執行上述之容器服務基礎設施供裝管理方法。 The present invention further provides a computer-readable medium, which is applied to a computing device or a computer and stores instructions to execute the above-mentioned container service infrastructure supply and installation management method.
綜上可知,本發明提出容器服務基礎設施之供裝管理機制,係簡單快速的建置容器服務平台基礎設施,依照使用者輸入的資源需求參數,採用一鍵式供裝,結合容器服務平台基礎設施服務供裝範本,根據區域配置供裝資源,採用建構容器服務基礎設施供裝管理機制之樹狀圖的樹狀結構動態生成服務供裝節點,其中,根節點(root)主要作為是抽離容器服務平台所需要的共享環境,統一部署容器服務基礎設施供裝管理機制之網路架構和儲存空間,減少供裝所需的消耗,依照資源需求動態產生多個樹狀子節點(child),平行供裝主從運算節點和防火牆,達到加速供裝服務的目標。 In summary, the present invention proposes a container service infrastructure supply and installation management mechanism, which is a simple and fast way to build container service platform infrastructure. According to the resource demand parameters input by users, one-click provisioning and installation is adopted, combined with the container service platform foundation The facility service supply and installation template uses the tree structure of the container service infrastructure supply and installation management mechanism to dynamically generate service supply and installation nodes according to the regional configuration of supply and installation resources. Among them, the root node (root) is mainly used as an extraction The shared environment required by the container service platform, the unified deployment of the network architecture and storage space of the container service infrastructure supply and installation management mechanism, reduces the consumption required for supply and installation, and dynamically generates multiple tree child nodes (child) in parallel according to resource requirements. Supply and install master-slave computing nodes and firewalls to achieve the goal of accelerating supply and installation services.
1:容器服務基礎設施供裝管理系統 1: Container service infrastructure supply and installation management system
11:服務範本協同管理模組 11: Service template collaborative management module
12:運算資源管理模組 12:Computing resource management module
13:網路資源管理模組 13: Network resource management module
14:儲存資源管理模組 14: Storage resource management module
15:資源派發管理模組 15: Resource distribution management module
2:供裝流程管理資料庫 2: Supply and installation process management database
501-505:流程 501-505: Process
601-611:流程 601-611: Process
S41-S42:步驟 S41-S42: Steps
圖1為本發明之容器服務基礎設施供裝管理系統的示意架構圖。 FIG. 1 is a schematic architecture diagram of a container service infrastructure supply and installation management system of the present invention.
圖2為本發明之建構容器服務基礎設施供裝管理機制的樹狀圖。 FIG. 2 is a tree diagram of the container service infrastructure supply and management mechanism of the present invention.
圖3為本發明之容器服務基礎設施供裝管理機制的網路架構圖。 FIG. 3 is a network architecture diagram of the container service infrastructure provisioning management mechanism of the present invention.
圖4為本發明之容器服務基礎設施供裝管理方法的步驟圖。 FIG. 4 is a step diagram of the container service infrastructure provisioning management method of the present invention.
圖5為本發明之建構容器服務基礎設施供裝管理機制中各模組必要的流程圖。 FIG. 5 is a flow chart of each module necessary for constructing the container service infrastructure provisioning management mechanism of the present invention.
圖6為本發明之建構容器服務基礎設施供裝管理機制一具體實施例的流程圖。 FIG. 6 is a flow chart of a specific embodiment of a container service infrastructure provisioning management mechanism of the present invention.
以下藉由特定的具體實施形態說明本發明之技術內容,熟悉此技藝之人士可由本說明書所揭示之內容輕易地瞭解本發明之優點與功效。然本發明亦可藉由其他不同的具體實施形態加以施行或應用。 The following describes the technical content of the present invention through specific embodiments, and those skilled in the art can easily understand the advantages and effects of the present invention from the content disclosed in this specification. However, the present invention can also be implemented or applied in other different specific implementation forms.
圖1為本發明之容器服務基礎設施供裝管理系統的示意架構圖。如圖所示,本發明提出一種容器服務基礎設施供裝管理系統1,能執行容器服務基礎設施之供裝管理機制,當用戶於用戶端介面送出建構容器服務基礎設施平台資源需求後,服務範本協同管理模組11接收用戶需求並展開供裝,而在進行供裝整個服務平台的過程中,為了降低網路資源、儲存資源以及運算資源間資源整合之複雜度,並為了有效降低營維運成本,本發明藉由供裝流程來判斷各種資源間的相依性,進而確保供裝之容器服務基礎設施正確性,其中,容器服務基礎設施供裝管理系統1連結儲存相關資料之供裝流程管理資料庫2,該容器服務基礎設施供裝管理系統1包括服務範本協同管理模組11、運算資源管理模組12以及網路資源管理模組13。
FIG. 1 is a schematic architecture diagram of a container service infrastructure supply and installation management system of the present invention. As shown in the figure, the present invention proposes a container service infrastructure supply and
服務範本協同管理模組11用以組織串聯運算資源、儲存資源、網路資源、網路位址轉換資源、防火牆資源、路由資源,以協同其狀態調整為能用於完成供裝基礎設施。
The service template
運算資源管理模組12係連結該服務範本協同管理模組11,用以設定該儲存資源之路徑、網路組態配置、虛擬機模板,以及平行處理與部署多個運算節點,以決策出並決定唯一主運算節點。簡言之,運算資源管理模組12提供從虛擬機(VM)範本部署運算節點並決策出唯一的主運算節點,設定叢集、儲存資源路徑、網路組態配置、配置所有運算節點唯一的主運算節點網路位址(IP)、設置不同的角色層級(例如:主(Master)、工作(Worker))。
The computing
網路資源管理模組13係連結該服務範本協同管理模組11,用以決策並決定部署主虛擬位址和邏輯隔離網路閘道位址之網路位址轉換(NAT),部署該多個運算節點、配置伺服器和儲存叢集的內對外和外對內之防火牆規則建立,以及部署該邏輯隔離網路外部網路路由表以連通該配置伺服器。
The network
該網路資源管理模組13復包括將網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段的該邏輯隔離網路上。具體來說,為了資訊安全考量,網路架構切割成管理網段和服務網段,而容器服務平台建立在服務網段的邏輯隔離網路上,因而布建平台時,需要建構網路穿透。
The network
本發明透過服務節點參數供裝儲存空間與部署網路,以建構出容器服務平台所需之共享環境,並於主從運算節點中配置該共享環境中儲存叢集的參數,以完成容器服務平台之基礎設施的供裝與管理。 The present invention provides the storage space and deploys the network through the service node parameters to construct the shared environment required by the container service platform, and configures the parameters of the storage cluster in the shared environment in the master-slave computing nodes to complete the container service platform. Infrastructure supply and management.
於一實施例中,該容器服務基礎設施供裝管理系統1復包括連結該服務範本協同管理模組11之儲存資源管理模組14,係用以管理並配置該儲存空間。具體而言,儲存資源管理模組14能用以管理並配置儲存空間,並記錄空間資訊。
In one embodiment, the container service infrastructure
於另一實施例中,該容器服務基礎設施供裝管理系統1復包括連結該服務範本協同管理模組11之資源派發管理模組15,係用以配發該網路資源、該儲存資源及該運算資源。具體而言,資源派發管理模組15能用以配發網路資源、儲存資源與運算資源,並處理相關資源設定問題。
In another embodiment, the container service infrastructure
另外,本發明新式容器服務基礎設施供裝管理機制中,涉及了網路資源、儲存資源以及運算資源等三類資源。在一實施例中,該網路資源可例如為介面網路位址(Interface IP)、閘道網路位址(Gateway IP)、虛擬區域網(VLAN)、網路功能虛擬化(NFV)網路介面、防火牆或路由表等資源;該儲存資源可例如儲存叢集(Storage Cluster)等資源;該運算資源可例如虛擬設備等資源。 In addition, the new container service infrastructure supply and installation management mechanism of the present invention involves three types of resources: network resources, storage resources, and computing resources. In one embodiment, the network resource can be, for example, an interface network address (Interface IP), a gateway network address (Gateway IP), a virtual area network (VLAN), a network function virtualization (NFV) network Resources such as road interfaces, firewalls, or routing tables; the storage resources may be resources such as storage clusters; the computing resources may be resources such as virtual devices.
綜上可知,本發明針對雲端服務設計出新式容器服務基礎設施供裝管理機制的配置系統與方法,為網路營運商提供低複雜度、高安全性的容器服務平台網路服務,且滿足於雲端環境的彈性配置,解決維運、異質雲端平台遷移,以達到降低服務應用上雲的困擾。 To sum up, the present invention designs a configuration system and method for a new container service infrastructure supply and installation management mechanism for cloud services, and provides network operators with low-complexity, high-security container service platform network services, and satisfies the requirements of The flexible configuration of the cloud environment solves the problem of maintenance and operation and the migration of heterogeneous cloud platforms, so as to reduce the trouble of cloud-based service applications.
圖2為本發明之建構容器服務基礎設施供裝管理機制的樹狀圖,圖3為本發明之容器服務基礎設施供裝管理機制的網路架構圖。如圖2所示,本發明之圖1之服務範本協同管理模組11之容器服務基礎設施供裝管理機制所產生的架構圖為樹狀圖,以進行兩階段基礎設施組合供裝,其中,第一階段的根結點(root),主要用以供裝儲存空間和部署網路,以建構容器服務平台所需的共享環境,而第二階段的子結點(child),能建構主從運算節點和防火牆並配置第一階段產生之共享環境,透過平行供裝運算節點,對該主從運算節點採用鎖定(lock)機制,使用先進先出演算法篩選出唯一主節點、平行開通儲存空間和運算節點之間
的網路,亦即第二階段為主(Master)運算節點與其防火牆之部屬以及工作(worker)運算節點與其防火牆之部屬。
FIG. 2 is a tree diagram of the container service infrastructure supply and installation management mechanism of the present invention, and FIG. 3 is a network architecture diagram of the container service infrastructure supply and installation management mechanism of the present invention. As shown in FIG. 2, the structure diagram generated by the container service infrastructure supply and installation management mechanism of the service template
為了資訊安全考量,本發明之容器服務基礎設施供裝管理機制在網路架構上,針對安全性提出邏輯隔離的機制,如圖3所示,網路切割成管理網段和服務網段,而容器服務平台則建立在服務網段之邏輯隔離網路上。簡言之,供裝伺服器和配置伺服器設置於管理網段中,與客戶端的服務網段是有所區隔,而服務網段中多個運算節點位於一邏輯隔離網路中,而儲存叢集則在另一邏輯隔離網路中,因為多個運算節點架構在邏輯隔離網路上,故在客戶端有資訊安全問題時,能避免影響到供裝配置端的伺服器。另外,布建平台時,需要網路穿透,透過部署管理路由規則、防火牆規則、網路位址轉換(Network Address Translation,NAT)以及使用通訊埠轉發(Port Forwarding)與配置伺服器建置管理配置所必需之安全連線。 For information security considerations, the container service infrastructure supply and installation management mechanism of the present invention proposes a logical isolation mechanism for security on the network architecture. As shown in Figure 3, the network is divided into management network segments and service network segments, and The container service platform is built on the logically isolated network of the service network segment. In short, the provisioning server and configuration server are set in the management network segment, which is separated from the service network segment of the client, and multiple computing nodes in the service network segment are located in a logically isolated network, while the storage The cluster is in another logically isolated network. Because multiple computing nodes are built on the logically isolated network, when the client has information security issues, it can avoid affecting the server on the supply and configuration side. In addition, when deploying the platform, network penetration is required, through the deployment and management of routing rules, firewall rules, Network Address Translation (Network Address Translation, NAT), and the use of port forwarding (Port Forwarding) and configuration server construction management Configure the necessary secure connections.
圖4為本發明之容器服務基礎設施供裝管理方法的步驟圖。於步驟S41,依據服務節點參數供裝儲存空間與部署網路,以建構容器服務平台所需之共享環境。本步驟主要關於儲存空間與部署網路之供裝,藉以建立起容器服務平台所需之共享環境。 FIG. 4 is a step diagram of the container service infrastructure provisioning management method of the present invention. In step S41, the storage space is provisioned and the network is deployed according to the service node parameters, so as to construct the shared environment required by the container service platform. This step is mainly concerned with the supply and installation of storage space and deployment network, so as to establish the shared environment required by the container service platform.
上述建構容器服務平台所需之共享環境時,係將網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段之邏輯隔離網路上,亦即將運算節點架構在邏輯隔離網路上,避免客戶端有資訊安全問題時,影響到供裝配置端的伺服器。 When constructing the shared environment required by the above-mentioned container service platform, the network is divided into a management network segment and a service network segment, so that the container service platform is established on the logically isolated network of the service network segment, that is, the computing nodes are constructed on On the logically isolated network, it is avoided that when the client has information security problems, it will affect the server at the installation and configuration end.
於步驟S42,建構主從運算節點與防火牆,並於該主從運算節點中配置該共享環境中儲存叢集的參數,透過平行供裝該主從運算節點,對該主從運 算節點採用鎖定機制以及先進先出演算法,以篩選出唯一主運算節點以及平行開通該儲存空間和該主從運算節點之間的網路。本步驟係建構主從運算節點及防火牆,並從共享環境切一塊儲存空間出來,讓運算節點掛載,亦即在運算節點中配置該共享環境中儲存叢集的參數,讓運算節點可藉此成功連到共享環境的儲存叢集切出來的儲存空間,並進一步依據節點之間的相依性,產生對應網路連線關係。 In step S42, construct a master-slave computing node and a firewall, and configure the parameters of the storage cluster in the shared environment in the master-slave computing node, and install the master-slave computing node in parallel, the master-slave computing node The computing nodes adopt a locking mechanism and an advanced first-in-first-out algorithm to screen out the only master computing node and open the network between the storage space and the master-slave computing node in parallel. This step is to build master-slave computing nodes and firewalls, and cut out a piece of storage space from the shared environment for the computing nodes to mount, that is, configure the parameters of the storage cluster in the shared environment on the computing nodes, so that the computing nodes can use this to succeed The storage space cut out from the storage cluster connected to the shared environment, and further according to the dependencies between nodes, a corresponding network connection relationship is generated.
上述建構防火牆時,係於資料庫取得配置伺服器管理配置來源之網路位址和網路資源派發之唯一主虛擬網路位址,以及取得網路位址轉換伺服器於資源部署時產生與該配置伺服器服務對應之埠號,以建立防火牆規則穿透網路。另外,根據運算節點之相依性,可由該主從運算節點組合出不同的防火牆規則,以建立該唯一主運算節點連通該配置伺服器之防火牆規則以及該主從運算節點連線該儲存空間之防火牆規則。 When constructing the firewall above, the network address of the configuration server management configuration source and the unique primary virtual network address of the network resource distribution are obtained from the database, and the network address translation server is generated during resource deployment. This configures the corresponding port number of the server service to establish firewall rules to penetrate the network. In addition, according to the dependencies of computing nodes, different firewall rules can be combined from the master computing node to establish a firewall rule for the only master computing node to connect to the configuration server and a firewall for the master and slave computing nodes to connect to the storage space rule.
圖5為本發明之建構容器服務基礎設施供裝管理機制中各模組必要的流程圖,請一併參考圖1說明之。圖5係說明圖1之容器服務基礎設施供裝管理系統中須具備之必要資源管控流程,其包括五大步驟:建構服務範本協同管理模組必要之流程501、建構資源派發管理模組必要之流程502、建構儲存資源管理模組必要之流程503、建構網路資源管理模組必要之流程504以及建構運算資源管理模組必要之流程505。
FIG. 5 is a flow chart of each module necessary for constructing the container service infrastructure supply and installation management mechanism of the present invention, please refer to FIG. 1 for description. Figure 5 illustrates the necessary resource management and control process in the container service infrastructure supply and installation management system in Figure 1, which includes five major steps: the
建構服務範本協同管理模組必要之流程501為容器服務基礎設施供裝管理系統1之服務範本協同管理模組11可成功運行的前置作業。此外,須於資料庫設定服務節點參數、服務範本規格、服務範本,服務節點樹狀資料結構階
層、供裝應用需求介面、服務節點之流程狀態(例如申租、異動、退租)、供裝流程等驅動整體系統協同管理供裝所必須之配置。
The
建構資源派發管理模組必要之流程502為容器服務基礎設施供裝管理系統1之資源派發管理模組15可成功運行的前置作業。此外,須於資料庫設定所需監控三類資源進行查看動作,例如網路資源、儲存資源、運算資源等資源。再者,當資源監控項目設定完畢後,系統依照供裝資源狀態,於資料庫設定容器服務基礎設施供裝管理系統1所需的供裝資源狀態,包括申裝、異動及拆除。另外,容器服務基礎設施供裝管理系統1需建置多個資源選定規則,進行資源項目選定動作。
The
建構儲存資源管理模組必要之流程503為容器服務基礎設施供裝管理系統1之儲存資源管理模組14可成功運行的前置作業。此外,須於資料庫設定多組所需監控儲存資源資訊,例如儲存叢集(Storage cluster)資訊,資訊內容就是在實際的儲存資源進行操作所必要的資訊包含IP、帳號、密碼等。
The
建構網路資源管理模組必要之流程504為容器服務基礎設施供裝管理系統1之網路資源管理模組13可成功運行的前置作業。此外,須於資料庫設定所需監控網路資源資訊,例如網絡安全設備資訊,資訊內容包括網路資源進行操作所必要的資訊包含IP、帳號、密碼等。
The
建構運算資源管理模組必要之流程505為容器服務基礎設施供裝管理系統1之運算資源管理模組12可成功運行的前置作業。此外,須預先建置必要之虛擬機模板,並在資料庫中管理相關資訊。
The
需說明者,上述流程並無絕對順序,亦即流程501-505可不按排序來執行。 It should be noted that the above-mentioned processes are not in an absolute order, that is, the processes 501-505 may not be executed in order.
圖6為本發明之建構容器服務基礎設施供裝管理機制一具體實施例的流程圖。如圖所示,可包括二個階段的決策資源供裝管理,第一階段包括流程601-606,第二階段包括流程607-611,請一併參考圖1說明之。 FIG. 6 is a flow chart of a specific embodiment of a container service infrastructure provisioning management mechanism of the present invention. As shown in the figure, the decision-making resource supply management may include two stages. The first stage includes processes 601-606, and the second stage includes processes 607-611. Please refer to FIG. 1 for description.
於流程601,服務範本協同配置儲存、網路、網路位址轉換(NAT)、防火牆、路由資源。簡言之,服務範本協同管理模組11接收使用者服務指令,將儲存、網路、NAT、防火牆、路由等資源之指令參數與服務範本中的參數進行整合,形成服務節點參數,並根據服務節點參數組裝成介面所需參數,呼叫供裝應用程式介面,以進行流程602-606。
In the
於流程602,決策派發管理資源項目。簡言之,資源派發管理模組15接收服務節點參數,依照參數需求,查看資料庫下設定監控所需網路資源、儲存資源,進行派發所需供裝資源並更新資源狀態。
In the
於流程603,決定部署儲存資源項目。簡言之,儲存資源管理模組14接收服務節點參數,對儲存叢集(Storage Cluster)發出儲存空間請求,並返回儲存空間資訊,例如掛載路徑、儲存空間配置檔、登入帳密等資訊。
In the
於流程604,決定部署NAT資源項目。簡言之,網路資源管理模組13接收服務節點參數,於資料庫中取得主虛擬位址和邏輯隔離網路資源的閘道位址,並從實體資源層隨機取得尚未占用和配置伺服器服務對應的多組埠號,完成內部的主虛擬位址和埠號轉換對應閘道位址和埠號之網路位址轉換設定。
In the
於流程605,決定部署配置伺服器防火牆資源項目。該網路資源管理模組13於資料庫取得配置伺服器管理配置來源網路位址(IP)和網路資源派發的唯一主虛擬IP,並取得NAT資源部署時產生與配置伺服器服務對應的埠號,建立
多組防火牆規則穿透網路,設置外部介面對應內部介面,透過連接埠轉發(port forward)連通內部資源。
In the
於流程606,決定部署路由資源項目。該網路資源管理模組13於資料庫取得配置伺服器對外IP和儲存叢集對外IP,並從邏輯隔離網路資源取得閘道位址和閘道介面,以建立外部網路路由表。
In the
上述即完成第一階段之實體資源層配置供裝,接著將回到流程601,並依指示進入第二階段。
The above completes the configuration and installation of the physical resource layer in the first stage, and then returns to the
於流程607,服務範本協同配置運算、防火牆資源。也就是服務範本協同管理模組11產生多組服務節點平行處理供裝資源。
In the
於流程608,決策派發運算資源項目。資源派發管理模組15於資料庫設定監控所需網路資源以及運算資源,依照預建網路資源選定規則取得供裝資源並更新狀態設定。
In the
於流程609,決定部署運算資源項目。運算資源管理模組12於資料庫取得預先建立好的VM範本資訊,從虛擬機模板部署運算節點,並決策出並決定唯一的主運算節點,設定叢集、儲存資源路徑、網路組態配置、配置所有運算節點唯一的主運算節點IP、設置不同的主從角色層級。
In the
於流程610,決定部署運算節點防火牆項目。網路資源管理模組13相依於運算節點,對應主從運算節點組合不同的防火牆規則,建立唯一主節點連通配置伺服器的防火牆規則,且/或建立主從節點連線儲存空間的防火牆規則。
In the
於流程611,配置伺服器配置管理設定。本流程即透過流程604、605、606、610所建置之網路架構,配置伺服器主機連通部署的儲存資源和運算資源,完成配置設定容器服務基礎設施,並回報給客戶端介面。
In the
上述即完成第二階段之實體資源層配置供裝,假若流程602-611有失敗的情形,則會進入人工處理,即由維運端人工處理錯誤資訊。 The above is to complete the configuration and installation of the physical resource layer in the second stage. If there is a failure in the process 602-611, it will enter manual processing, that is, the error information will be manually processed by the maintenance and operation terminal.
下面以一具體實施例說明本案技術,請一併參考圖6說明之。當用戶在用戶申請的虛擬網路中完成申租容器服務平台的參數設定並送出訂單後,系統後端會進入供裝程序。 The technology of this case is described below with a specific embodiment, please refer to FIG. 6 for description. When the user completes the parameter setting of the rental container service platform in the virtual network applied by the user and sends the order, the system backend will enter the supply and installation process.
於流程601中,接收到申租容器服務的需求,根據共同資源儲存叢集空間、資源決策派發和統一的NAT、防火牆和路由資源建立第一階段的服務範本,在第一階段服務範本配置儲存空間大小和虛擬網路參數。於流程602中,系統會根據第一服務範本配置的資源參數,決定配發資源區域、資源服務區、虛擬防火牆規格、主服務虛擬IP、虛擬網路對外介面等配置。於流程603中,在獨立虛擬網路裡已建好的共同儲存叢集空間資源池中,切出需要的資源空間,並在資料庫中記錄後續運算節點掛載需要使用到的儲存空間資訊。於流程604中,在用戶虛擬網路中建立一個網路轉址,連通配置伺服器和主服務IP。於流程605中,在用戶虛擬網路中開通防火牆的數個埠號,連通配置伺服器和主服務IP。於流程606中,在用戶虛擬網路中建立到儲存叢集空間和配置伺服器的路由,到這邊完成第一服務範本所有服務建置。
In
於流程607中,在獨立資源的運算節點和防火牆開通服務,建立第二階段服務範本,把訂單帶下來的參數,儲存空間大小、運算節點數量和虛擬網路參數在第二階段服務範本配置,第二階段供裝以運算節點為主要,系統根據主從運算節點數量,產生數個服務範本(主要分成兩個種類範本,即控制運算節點範本和工作運算節點範本),服務範本間平行供裝。於流程608中,產生的每個服務範本分別決策派發資源區域、資源服務區、虛擬防火牆規格、虛擬網路對
外介面等資源配置。於流程609中,因為需要先決定出控制運算節點中的主運算節點中,工作節點也需要等待主運算節點出現,兩種範本供裝主要透過鎖定(lock),先決出主運算節點,唯一的主運算節點出現後,所有的控制運算節點和工作運算節點就會繼續完成供裝,並掛載第一階段切出來的儲存叢集空間。於流程610中,每一個服務範本建立自己運算節點的防火牆開通,在用戶的虛擬網路中,完成配置伺服器和運算節點間的網路連通。於流程611中,配置伺服器完成整個容器服務的建置。
In the
本發明之容器服務基礎設施供裝管理系統之各模組可於包括微處理器及記憶體之電腦設備或伺服器中運行,演算法、資料、程式等係儲存記憶體或晶片內,微處理器可從記憶體或晶片載入資料或演算法或程式進行資料分析或計算等處理,在此不予贅述。 Each module of the container service infrastructure supply and installation management system of the present invention can run in a computer device or server including a microprocessor and a memory. Algorithms, data, programs, etc. are stored in the memory or chip, and the microprocessor The device can load data from the memory or chip, or perform algorithms or programs to perform data analysis or calculation, etc., which will not be described in detail here.
另外,本發明還揭示一種電腦可讀媒介,係應用於具有處理器(例如CPU、GPU等)及/或記憶體的計算裝置或電腦中,且儲存有指令,並可利用此計算裝置或電腦透過處理器及/或記憶體執行此電腦可讀媒介,以於執行此電腦可讀媒介時執行上述之方法及各步驟。 In addition, the present invention also discloses a computer-readable medium, which is applied to a computing device or computer having a processor (such as CPU, GPU, etc.) and/or memory, and stores instructions, and the computing device or computer can be used to Executing the computer-readable medium through a processor and/or memory, so as to execute the above-mentioned method and each step when executing the computer-readable medium.
綜上所述,本發明之容器服務基礎設施供裝管理系統、方法及電腦可讀媒介,係關於容器服務基礎設施供裝管理機制,採用建構容器服務基礎設施供裝管理機制之樹狀圖的樹狀結構,提供兩階段基礎設施組合並完成供裝容器服務平台,第一階段根節點(root)可供裝儲存空間和部署網路來建構容器服務平台所需的共享環境,對於資訊安全考量,本發明將網路架構切割成管理網段和服務網段,容器服務平台建立在服務網段的邏輯隔離網路上,透過部署網路資源穿透網路,第二階段根據資源需求產生多個樹狀子節點(child)建構主從運算節點 和防火牆並配置第一階段產生的共享環境,透過平行供裝運算節點,對主從節點採用鎖定機制,使用先進先出演算法篩選出唯一的主節點、平行開通儲存空間和運算節點之間的網路,建置容器服務供裝平台,提升供裝速度與品質,可調整平台運算和容量規格,提供擴展性,實現降低建置和管理的成本與複雜性,增加可用性。 In summary, the container service infrastructure supply and installation management system, method, and computer-readable medium of the present invention are related to the container service infrastructure supply and installation management mechanism, and adopt the method of constructing a tree diagram of the container service infrastructure supply and installation management mechanism The tree structure provides a two-stage infrastructure combination and completes the container service platform. In the first stage, the root node (root) can install storage space and deploy the network to build the shared environment required by the container service platform. For information security considerations , the present invention divides the network architecture into a management network segment and a service network segment. The container service platform is built on the logically isolated network of the service network segment, and penetrates the network by deploying network resources. In the second stage, multiple Tree-like child nodes (child) construct master-slave computing nodes Configure the shared environment generated in the first stage with the firewall and install the computing nodes in parallel, adopt a locking mechanism for the master-slave nodes, use the advanced first-in-first-out algorithm to screen out the only master node, and open the network between the storage space and the computing nodes in parallel. Road, build a container service supply and installation platform, improve the speed and quality of supply and installation, adjust platform computing and capacity specifications, provide scalability, reduce the cost and complexity of construction and management, and increase availability.
上述實施例僅為例示性說明,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施例進行修飾與改變。因此,本發明之權利保護範圍係由本發明所附之申請專利範圍所定義,只要不影響本發明之效果及實施目的,應涵蓋於此公開技術內容中。 The above-mentioned embodiments are for illustrative purposes only, and are not intended to limit the present invention. Anyone skilled in the art can make modifications and changes to the above-mentioned embodiments without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention is defined by the scope of patent application attached to the present invention, as long as it does not affect the effect and implementation purpose of the present invention, it should be included in this disclosed technical content.
1:容器服務基礎設施供裝管理系統 1: Container service infrastructure supply and installation management system
11:服務範本協同管理模組 11: Service template collaborative management module
12:運算資源管理模組 12:Computing resource management module
13:網路資源管理模組 13: Network resource management module
14:儲存資源管理模組 14: Storage resource management module
15:資源派發管理模組 15: Resource distribution management module
2:供裝流程管理資料庫 2: Supply and installation process management database
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110109786A TWI773200B (en) | 2021-03-18 | 2021-03-18 | Provision and management system and method for container infrastructure service and computer readable medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110109786A TWI773200B (en) | 2021-03-18 | 2021-03-18 | Provision and management system and method for container infrastructure service and computer readable medium |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI773200B TWI773200B (en) | 2022-08-01 |
TW202238374A true TW202238374A (en) | 2022-10-01 |
Family
ID=83806880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110109786A TWI773200B (en) | 2021-03-18 | 2021-03-18 | Provision and management system and method for container infrastructure service and computer readable medium |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI773200B (en) |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103067344B (en) * | 2011-10-24 | 2016-03-30 | 国际商业机器公司 | The noninvasive method of automatic distributing safety regulation and equipment in cloud environment |
CN111522653B (en) * | 2020-02-07 | 2023-08-18 | 华中科技大学 | Container-based network function virtualization platform |
CN111782232A (en) * | 2020-07-31 | 2020-10-16 | 平安银行股份有限公司 | Cluster deployment method and device, terminal equipment and storage medium |
CN112351034B (en) * | 2020-11-06 | 2023-07-25 | 科大讯飞股份有限公司 | Firewall setting method, device, equipment and storage medium |
-
2021
- 2021-03-18 TW TW110109786A patent/TWI773200B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI773200B (en) | 2022-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11394714B2 (en) | Controlling user access to command execution | |
CN110383765B (en) | Configuration, telemetry and analysis of computer infrastructure using graphical models | |
Sung et al. | Robotron: Top-down network management at facebook scale | |
US11121906B2 (en) | Data plane API in a distributed computing network | |
EP2930884B1 (en) | Object-oriented network virtualization | |
RU2595540C2 (en) | Basic controllers for conversion of universal streams | |
JP5102543B2 (en) | Method for dynamically provisioning information technology infrastructure | |
US10230567B2 (en) | Management of a plurality of system control networks | |
US20150207703A1 (en) | Abstraction models for monitoring of cloud resources | |
US11570055B2 (en) | Connectivity templates | |
CN104468791A (en) | Private cloud IaaS platform construction method | |
CN109587026A (en) | A method of large and medium-sized enterprise's Network Programe Design based on Java | |
US9565130B2 (en) | Cloud-based resource availability calculation of a network environment | |
US9774600B1 (en) | Methods, systems, and computer readable mediums for managing infrastructure elements in a network system | |
US9098334B2 (en) | Special values in oracle clusterware resource profiles | |
US20140129685A1 (en) | System and method for propagating virtualization awareness in a network environment | |
TWI773200B (en) | Provision and management system and method for container infrastructure service and computer readable medium | |
Romanov et al. | Principles of building modular control plane in software-defined network | |
US20140047083A1 (en) | Administration information generation method, administration information generation program, and administration information generation device | |
US20180081846A1 (en) | Firm channel paths | |
Wang et al. | SPN OS: Managing network services with virtual network objects | |
US20230337062A1 (en) | Cellular system observability centralized for all domains and vendors | |
US20230337063A1 (en) | Cellular system observability architecture | |
US20230336433A1 (en) | Data collection for cellular system | |
US20230337060A1 (en) | Cellular system observability architecture including short term and long term storage configuration |