TW202238374A - Provision and management system and method for container infrastructure service and computer readable medium - Google Patents

Provision and management system and method for container infrastructure service and computer readable medium Download PDF

Info

Publication number
TW202238374A
TW202238374A TW110109786A TW110109786A TW202238374A TW 202238374 A TW202238374 A TW 202238374A TW 110109786 A TW110109786 A TW 110109786A TW 110109786 A TW110109786 A TW 110109786A TW 202238374 A TW202238374 A TW 202238374A
Authority
TW
Taiwan
Prior art keywords
network
service
master
resources
resource
Prior art date
Application number
TW110109786A
Other languages
Chinese (zh)
Other versions
TWI773200B (en
Inventor
王志哲
黃耀德
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW110109786A priority Critical patent/TWI773200B/en
Application granted granted Critical
Publication of TWI773200B publication Critical patent/TWI773200B/en
Publication of TW202238374A publication Critical patent/TW202238374A/en

Links

Images

Landscapes

  • Stored Programmes (AREA)
  • Hardware Redundancy (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention is a provision and management system and method for container infrastructure service and thereof, which performs the following steps: providing storage space and deploying the network according to parameters of service nodes to construct a shared environment required by a container service platform; and constructing master-slave computing nodes and firewalls and configuring the parameters of the cluster stored in the shared environment in the master-slave computing node, filtering out the only master computing node from the master-slave computing node by using a locking mechanism and a first-in-first-out algorithm and enabling the network between the storage space and the master-slave computing nodes. The goal of accelerating the installation service in the present invention can be achieved by judging the dependencies between various resources. The present invention further provides a computer-readable medium for performing a provision and management method for container infrastructure service.

Description

容器服務基礎設施供裝管理系統、方法及電腦可讀媒介 Container Service Infrastructure Provisioning Management System, Method, and Computer-Readable Medium

本發明係關於容器服務基礎設施之技術,尤指一種容器服務基礎設施供裝管理系統、方法及電腦可讀媒介。 The present invention relates to container service infrastructure technology, in particular to a container service infrastructure supply and management system, method and computer-readable medium.

隨著雲原生(Cloud Native)概念的興起,容器、軟體開發概念(DevOps,即是Development和Operations的結合)、微服務等技術崛起,讓整合與部署新版本的服務應用變的更加容易,並且在建置、測試、運行應用等階段,無須再耗費龐大的額外負擔,雲端化的成本降低,再加上容器的可攜性,更靈活地擴展延伸應用服務,吸引更多企業服務應用投入容器技術的環境中,讓企業開始將傳統應用搬到雲端上來規劃執行,達成服務應用雲端化的目的。 With the rise of the cloud native (Cloud Native) concept, technologies such as containers, software development concepts (DevOps, which is the combination of Development and Operations), and microservices have risen, making it easier to integrate and deploy new versions of service applications, and In the stages of building, testing, and running applications, there is no need to spend huge additional burdens, and the cost of cloudification is reduced. Coupled with the portability of containers, it is more flexible to expand and extend application services, attracting more enterprise service applications to invest in containers. In the technological environment, enterprises began to move traditional applications to the cloud for planning and execution, so as to achieve the goal of cloud-based service applications.

惟,即便整合與部署新版本的服務應用技術已有相當程度開發,但如何減化程序、提升供裝效率、降低資源和維應運的成本仍是相當重要。另外,服務平台的網路安全性也是服務使用者所重視的,此都將是企業服務提供者致力於研發改進之目標。 However, even though the service application technology for integrating and deploying new versions has been developed to a considerable extent, how to simplify the procedures, improve the efficiency of supply and installation, and reduce the cost of resources and maintenance and operation is still very important. In addition, the network security of the service platform is also the focus of service users, and this will be the goal of enterprise service providers to devote themselves to research and development.

有鑑於此,如何提供一種容器服務基礎設施之技術,能在整合與部署新版本的服務應用技術中,有更簡單快速之建置且能滿足低成本、高效率以及具安全性等需求,此將成為目前本技術領域人員努力追求之目標。 In view of this, how to provide a container service infrastructure technology that can be simpler and faster to build and meet the requirements of low cost, high efficiency and security in the integration and deployment of new versions of service application technology It will become the goal that those skilled in the art are striving to pursue.

為解決上述現有技術之問題,本發明針對供裝容器服務基礎設施提出一種新式容器服務基礎設施供裝管理機制之技術及方法,提供企業和個人一種簡單快速建置容器服務平台基礎設施的解決方案,藉由上述目的達到提升資源利用和供裝效率、降低資源和維營運的成本,並且能強化整個服務平台的網路安全性。 In order to solve the above-mentioned problems in the prior art, the present invention proposes a new container service infrastructure supply and installation management mechanism technology and method for container service infrastructure, and provides enterprises and individuals with a simple and fast solution for building container service platform infrastructure , through the above-mentioned purpose, the efficiency of resource utilization and supply and installation can be improved, the cost of resources and maintenance and operation can be reduced, and the network security of the entire service platform can be strengthened.

本發明提出一種容器服務基礎設施供裝管理系統,係包括:服務範本協同管理模組,係用以組織串聯運算資源、儲存資源、網路資源、網路位址轉換資源、防火牆資源、路由資源,以協同其狀態調整為能用於完成供裝基礎設施;運算資源管理模組,係連結該服務範本協同管理模組,用以設定該儲存資源之路徑、網路組態配置、虛擬機模板,以及平行處理與部署多個運算節點,以決定唯一主運算節點;以及網路資源管理模組,係連結該服務範本協同管理模組,用以決定部署主虛擬位址和邏輯隔離網路閘道位址之網路位址轉換(NAT),部署該多個運算節點、配置伺服器和儲存叢集的內對外和外對內之防火牆規則建立,以及部署該邏輯隔離網路外部網路路由表以連通該配置伺服器,其中,基於服務節點參數供裝儲存空間與部署網路,藉以建構出容器服務平台所需之共享環境,並於該多個運算節點中配置該共享環境中儲存叢集的參數,以完成容器服務平台之基礎設施的供裝與管理。 The present invention proposes a container service infrastructure supply and installation management system, which includes: a service template collaborative management module, which is used to organize serial computing resources, storage resources, network resources, network address translation resources, firewall resources, and routing resources , to adjust its state to be able to be used to complete the provisioning infrastructure; the computing resource management module is connected to the service template collaborative management module to set the path of the storage resource, network configuration configuration, and virtual machine template , and parallel processing and deployment of multiple computing nodes to determine the only main computing node; and the network resource management module is connected to the service template collaborative management module to determine the deployment of the main virtual address and logical isolation network gate Network address translation (NAT) of the channel address, deploy the multiple computing nodes, configure the internal and external and external and internal firewall rules of the server and storage cluster, and deploy the external network routing table of the logically isolated network To connect to the configuration server, wherein the storage space and deployment network are provided based on the service node parameters, so as to construct the shared environment required by the container service platform, and configure the storage clusters in the shared environment in the multiple computing nodes parameters to complete the provisioning and management of the infrastructure of the container service platform.

於一實施例中,該容器服務基礎設施供裝管理系統復包括連結該服務範本協同管理模組之儲存資源管理模組,係用以管理並配置該儲存空間。 In one embodiment, the container service infrastructure provisioning management system further includes a storage resource management module linked to the service template collaborative management module, which is used to manage and configure the storage space.

於一實施例中,該容器服務基礎設施供裝管理系統復包括連結該服務範本協同管理模組之資源派發管理模組,係用以配發該網路資源、該儲存資源及該運算資源。 In one embodiment, the container service infrastructure provisioning management system further includes a resource distribution management module linked to the service template collaborative management module, which is used to allocate the network resource, the storage resource and the computing resource.

於一實施例中,該網路資源管理模組復包括將該網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段的該邏輯隔離網路上。 In one embodiment, the network resource management module further includes dividing the network into a management network segment and a service network segment, so that the container service platform is established on the logically isolated network of the service network segment.

本發明復提出一種容器服務基礎設施供裝管理方法,係包括:依據服務節點參數供裝儲存空間與部署網路,以建構容器服務平台所需之共享環境;以及建構主從運算節點與防火牆,並於該主從運算節點中配置該共享環境中儲存叢集的參數,再透過平行供裝該主從運算節點,對該主從運算節點採用鎖定機制以及先進先出演算法,以篩選出唯一主運算節點以及平行開通該儲存空間和該主從運算節點之間的網路。 The present invention further proposes a container service infrastructure provisioning management method, which includes: provisioning storage space and deploying network according to service node parameters to construct a shared environment required by the container service platform; and constructing master-slave computing nodes and firewalls, And configure the parameters of the storage cluster in the shared environment in the master-slave computing node, and then install the master-slave computing node in parallel, and use the locking mechanism and the first-in-first-out algorithm to filter out the only master computing node Nodes and a network between the storage space and the master-slave computing nodes are opened in parallel.

於上述方法中,該建構容器服務平台所需之共享環境之步驟係包括將該網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段之邏輯隔離網路上。 In the above method, the step of constructing the shared environment required by the container service platform includes dividing the network into a management network segment and a service network segment, so that the container service platform is established on a logically isolated network of the service network segment .

於上述方法中,該建構主從運算節點之步驟係包括自資料庫內取得預先建立之虛擬機模板,結合使用者輸入之該服務節點參數以及該虛擬機模板,以生成作為該主從運算節點之多組服務節點。 In the above method, the step of constructing the master-slave computing node includes obtaining a pre-built virtual machine template from the database, combining the service node parameters and the virtual machine template input by the user to generate the master-slave computing node Multiple groups of service nodes.

於上述方法中,該建構防火牆之步驟復包括於資料庫取得配置伺服器管理配置來源之網路位址和網路資源派發之唯一主虛擬網路位址,以及取 得網路位址轉換伺服器於資源部署時產生與該配置伺服器服務對應之埠號,以建立防火牆規則穿透網路。 In the above-mentioned method, the step of constructing a firewall further includes obtaining the network address of the configuration server management configuration source and the unique primary virtual network address of network resource distribution from the database, and obtaining The network address translation server generates a port number corresponding to the configuration server service during resource deployment, so as to establish firewall rules to penetrate the network.

於前述方法中,依據運算節點之相依性,由該主從運算節點組合出不同的防火牆規則,以建立該唯一主運算節點連通該配置伺服器之第一防火牆規則以及該主從運算節點連線該儲存空間之第二防火牆規則。 In the aforementioned method, according to the dependency of computing nodes, different firewall rules are combined by the master computing node to establish the first firewall rule for the only master computing node to connect to the configuration server and the master-slave computing node connection The second firewall rule of the storage space.

本發明復提供一種電腦可讀媒介,應用於計算裝置或電腦中,係儲存有指令,以執行上述之容器服務基礎設施供裝管理方法。 The present invention further provides a computer-readable medium, which is applied to a computing device or a computer and stores instructions to execute the above-mentioned container service infrastructure supply and installation management method.

綜上可知,本發明提出容器服務基礎設施之供裝管理機制,係簡單快速的建置容器服務平台基礎設施,依照使用者輸入的資源需求參數,採用一鍵式供裝,結合容器服務平台基礎設施服務供裝範本,根據區域配置供裝資源,採用建構容器服務基礎設施供裝管理機制之樹狀圖的樹狀結構動態生成服務供裝節點,其中,根節點(root)主要作為是抽離容器服務平台所需要的共享環境,統一部署容器服務基礎設施供裝管理機制之網路架構和儲存空間,減少供裝所需的消耗,依照資源需求動態產生多個樹狀子節點(child),平行供裝主從運算節點和防火牆,達到加速供裝服務的目標。 In summary, the present invention proposes a container service infrastructure supply and installation management mechanism, which is a simple and fast way to build container service platform infrastructure. According to the resource demand parameters input by users, one-click provisioning and installation is adopted, combined with the container service platform foundation The facility service supply and installation template uses the tree structure of the container service infrastructure supply and installation management mechanism to dynamically generate service supply and installation nodes according to the regional configuration of supply and installation resources. Among them, the root node (root) is mainly used as an extraction The shared environment required by the container service platform, the unified deployment of the network architecture and storage space of the container service infrastructure supply and installation management mechanism, reduces the consumption required for supply and installation, and dynamically generates multiple tree child nodes (child) in parallel according to resource requirements. Supply and install master-slave computing nodes and firewalls to achieve the goal of accelerating supply and installation services.

1:容器服務基礎設施供裝管理系統 1: Container service infrastructure supply and installation management system

11:服務範本協同管理模組 11: Service template collaborative management module

12:運算資源管理模組 12:Computing resource management module

13:網路資源管理模組 13: Network resource management module

14:儲存資源管理模組 14: Storage resource management module

15:資源派發管理模組 15: Resource distribution management module

2:供裝流程管理資料庫 2: Supply and installation process management database

501-505:流程 501-505: Process

601-611:流程 601-611: Process

S41-S42:步驟 S41-S42: Steps

圖1為本發明之容器服務基礎設施供裝管理系統的示意架構圖。 FIG. 1 is a schematic architecture diagram of a container service infrastructure supply and installation management system of the present invention.

圖2為本發明之建構容器服務基礎設施供裝管理機制的樹狀圖。 FIG. 2 is a tree diagram of the container service infrastructure supply and management mechanism of the present invention.

圖3為本發明之容器服務基礎設施供裝管理機制的網路架構圖。 FIG. 3 is a network architecture diagram of the container service infrastructure provisioning management mechanism of the present invention.

圖4為本發明之容器服務基礎設施供裝管理方法的步驟圖。 FIG. 4 is a step diagram of the container service infrastructure provisioning management method of the present invention.

圖5為本發明之建構容器服務基礎設施供裝管理機制中各模組必要的流程圖。 FIG. 5 is a flow chart of each module necessary for constructing the container service infrastructure provisioning management mechanism of the present invention.

圖6為本發明之建構容器服務基礎設施供裝管理機制一具體實施例的流程圖。 FIG. 6 is a flow chart of a specific embodiment of a container service infrastructure provisioning management mechanism of the present invention.

以下藉由特定的具體實施形態說明本發明之技術內容,熟悉此技藝之人士可由本說明書所揭示之內容輕易地瞭解本發明之優點與功效。然本發明亦可藉由其他不同的具體實施形態加以施行或應用。 The following describes the technical content of the present invention through specific embodiments, and those skilled in the art can easily understand the advantages and effects of the present invention from the content disclosed in this specification. However, the present invention can also be implemented or applied in other different specific implementation forms.

圖1為本發明之容器服務基礎設施供裝管理系統的示意架構圖。如圖所示,本發明提出一種容器服務基礎設施供裝管理系統1,能執行容器服務基礎設施之供裝管理機制,當用戶於用戶端介面送出建構容器服務基礎設施平台資源需求後,服務範本協同管理模組11接收用戶需求並展開供裝,而在進行供裝整個服務平台的過程中,為了降低網路資源、儲存資源以及運算資源間資源整合之複雜度,並為了有效降低營維運成本,本發明藉由供裝流程來判斷各種資源間的相依性,進而確保供裝之容器服務基礎設施正確性,其中,容器服務基礎設施供裝管理系統1連結儲存相關資料之供裝流程管理資料庫2,該容器服務基礎設施供裝管理系統1包括服務範本協同管理模組11、運算資源管理模組12以及網路資源管理模組13。 FIG. 1 is a schematic architecture diagram of a container service infrastructure supply and installation management system of the present invention. As shown in the figure, the present invention proposes a container service infrastructure supply and installation management system 1, which can execute the container service infrastructure supply and installation management mechanism. The collaborative management module 11 receives user requirements and launches provisioning and installation. In the process of supplying and installing the entire service platform, in order to reduce the complexity of resource integration among network resources, storage resources, and computing resources, and to effectively reduce operation and maintenance Cost, the present invention judges the dependencies between various resources through the supply and installation process, and then ensures the correctness of the container service infrastructure for the supply and installation. Among them, the container service infrastructure supply and installation management system 1 is linked to the supply and installation process management for storing relevant data Database 2 , the container service infrastructure supply and installation management system 1 includes a service template collaborative management module 11 , a computing resource management module 12 and a network resource management module 13 .

服務範本協同管理模組11用以組織串聯運算資源、儲存資源、網路資源、網路位址轉換資源、防火牆資源、路由資源,以協同其狀態調整為能用於完成供裝基礎設施。 The service template collaborative management module 11 is used to organize serial computing resources, storage resources, network resources, network address translation resources, firewall resources, and routing resources, so as to adjust their states to be used to complete the supply and installation infrastructure.

運算資源管理模組12係連結該服務範本協同管理模組11,用以設定該儲存資源之路徑、網路組態配置、虛擬機模板,以及平行處理與部署多個運算節點,以決策出並決定唯一主運算節點。簡言之,運算資源管理模組12提供從虛擬機(VM)範本部署運算節點並決策出唯一的主運算節點,設定叢集、儲存資源路徑、網路組態配置、配置所有運算節點唯一的主運算節點網路位址(IP)、設置不同的角色層級(例如:主(Master)、工作(Worker))。 The computing resource management module 12 is connected to the service template collaborative management module 11, and is used to set the storage resource path, network configuration configuration, virtual machine template, and parallel processing and deployment of multiple computing nodes to make decisions and Determine the only main computing node. In short, the computing resource management module 12 provides the deployment of computing nodes from a virtual machine (VM) template and determines the unique primary computing node, setting clusters, storage resource paths, network configuration configuration, and configuring the unique primary computing node for all computing nodes. Calculate the network address (IP) of the node, and set different role levels (for example: Master (Master), Worker (Worker)).

網路資源管理模組13係連結該服務範本協同管理模組11,用以決策並決定部署主虛擬位址和邏輯隔離網路閘道位址之網路位址轉換(NAT),部署該多個運算節點、配置伺服器和儲存叢集的內對外和外對內之防火牆規則建立,以及部署該邏輯隔離網路外部網路路由表以連通該配置伺服器。 The network resource management module 13 is connected to the service template collaborative management module 11, and is used to make decisions and decide to deploy the network address translation (NAT) of the main virtual address and the logically isolated network gateway address, and deploy the multiple The inner-outer and outer-inner firewall rules of a computing node, configuration server and storage cluster are established, and the external network routing table of the logically isolated network is deployed to connect the configuration server.

該網路資源管理模組13復包括將網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段的該邏輯隔離網路上。具體來說,為了資訊安全考量,網路架構切割成管理網段和服務網段,而容器服務平台建立在服務網段的邏輯隔離網路上,因而布建平台時,需要建構網路穿透。 The network resource management module 13 further includes dividing the network into a management network segment and a service network segment, so that the container service platform is established on the logically isolated network of the service network segment. Specifically, for information security considerations, the network architecture is divided into a management network segment and a service network segment, and the container service platform is built on a logically isolated network of the service network segment. Therefore, network penetration is required when deploying the platform.

本發明透過服務節點參數供裝儲存空間與部署網路,以建構出容器服務平台所需之共享環境,並於主從運算節點中配置該共享環境中儲存叢集的參數,以完成容器服務平台之基礎設施的供裝與管理。 The present invention provides the storage space and deploys the network through the service node parameters to construct the shared environment required by the container service platform, and configures the parameters of the storage cluster in the shared environment in the master-slave computing nodes to complete the container service platform. Infrastructure supply and management.

於一實施例中,該容器服務基礎設施供裝管理系統1復包括連結該服務範本協同管理模組11之儲存資源管理模組14,係用以管理並配置該儲存空間。具體而言,儲存資源管理模組14能用以管理並配置儲存空間,並記錄空間資訊。 In one embodiment, the container service infrastructure provisioning management system 1 further includes a storage resource management module 14 connected to the service template collaborative management module 11 for managing and configuring the storage space. Specifically, the storage resource management module 14 can be used to manage and configure storage space, and record space information.

於另一實施例中,該容器服務基礎設施供裝管理系統1復包括連結該服務範本協同管理模組11之資源派發管理模組15,係用以配發該網路資源、該儲存資源及該運算資源。具體而言,資源派發管理模組15能用以配發網路資源、儲存資源與運算資源,並處理相關資源設定問題。 In another embodiment, the container service infrastructure provisioning management system 1 further includes a resource distribution management module 15 linked to the service template collaborative management module 11, which is used to distribute the network resources, the storage resources and the computing resource. Specifically, the resource allocation management module 15 can be used to allocate network resources, storage resources and computing resources, and handle related resource setting issues.

另外,本發明新式容器服務基礎設施供裝管理機制中,涉及了網路資源、儲存資源以及運算資源等三類資源。在一實施例中,該網路資源可例如為介面網路位址(Interface IP)、閘道網路位址(Gateway IP)、虛擬區域網(VLAN)、網路功能虛擬化(NFV)網路介面、防火牆或路由表等資源;該儲存資源可例如儲存叢集(Storage Cluster)等資源;該運算資源可例如虛擬設備等資源。 In addition, the new container service infrastructure supply and installation management mechanism of the present invention involves three types of resources: network resources, storage resources, and computing resources. In one embodiment, the network resource can be, for example, an interface network address (Interface IP), a gateway network address (Gateway IP), a virtual area network (VLAN), a network function virtualization (NFV) network Resources such as road interfaces, firewalls, or routing tables; the storage resources may be resources such as storage clusters; the computing resources may be resources such as virtual devices.

綜上可知,本發明針對雲端服務設計出新式容器服務基礎設施供裝管理機制的配置系統與方法,為網路營運商提供低複雜度、高安全性的容器服務平台網路服務,且滿足於雲端環境的彈性配置,解決維運、異質雲端平台遷移,以達到降低服務應用上雲的困擾。 To sum up, the present invention designs a configuration system and method for a new container service infrastructure supply and installation management mechanism for cloud services, and provides network operators with low-complexity, high-security container service platform network services, and satisfies the requirements of The flexible configuration of the cloud environment solves the problem of maintenance and operation and the migration of heterogeneous cloud platforms, so as to reduce the trouble of cloud-based service applications.

圖2為本發明之建構容器服務基礎設施供裝管理機制的樹狀圖,圖3為本發明之容器服務基礎設施供裝管理機制的網路架構圖。如圖2所示,本發明之圖1之服務範本協同管理模組11之容器服務基礎設施供裝管理機制所產生的架構圖為樹狀圖,以進行兩階段基礎設施組合供裝,其中,第一階段的根結點(root),主要用以供裝儲存空間和部署網路,以建構容器服務平台所需的共享環境,而第二階段的子結點(child),能建構主從運算節點和防火牆並配置第一階段產生之共享環境,透過平行供裝運算節點,對該主從運算節點採用鎖定(lock)機制,使用先進先出演算法篩選出唯一主節點、平行開通儲存空間和運算節點之間 的網路,亦即第二階段為主(Master)運算節點與其防火牆之部屬以及工作(worker)運算節點與其防火牆之部屬。 FIG. 2 is a tree diagram of the container service infrastructure supply and installation management mechanism of the present invention, and FIG. 3 is a network architecture diagram of the container service infrastructure supply and installation management mechanism of the present invention. As shown in FIG. 2, the structure diagram generated by the container service infrastructure supply and installation management mechanism of the service template collaborative management module 11 in FIG. 1 of the present invention is a tree diagram for two-stage infrastructure combination and installation, wherein, The root node (root) in the first stage is mainly used to install storage space and deploy the network to build the shared environment required by the container service platform, while the child node (child) in the second stage can build master-slave Computing nodes and firewalls and configure the shared environment generated in the first stage. Through parallel provisioning of computing nodes, the lock mechanism is adopted for the master-slave computing nodes, and the unique master node is selected using the advanced first-in-first-out algorithm, and the storage space and storage space are opened in parallel. Between computing nodes The network, that is, the second stage is the deployment of the main (Master) computing node and its firewall, and the deployment of the worker (worker) computing node and its firewall.

為了資訊安全考量,本發明之容器服務基礎設施供裝管理機制在網路架構上,針對安全性提出邏輯隔離的機制,如圖3所示,網路切割成管理網段和服務網段,而容器服務平台則建立在服務網段之邏輯隔離網路上。簡言之,供裝伺服器和配置伺服器設置於管理網段中,與客戶端的服務網段是有所區隔,而服務網段中多個運算節點位於一邏輯隔離網路中,而儲存叢集則在另一邏輯隔離網路中,因為多個運算節點架構在邏輯隔離網路上,故在客戶端有資訊安全問題時,能避免影響到供裝配置端的伺服器。另外,布建平台時,需要網路穿透,透過部署管理路由規則、防火牆規則、網路位址轉換(Network Address Translation,NAT)以及使用通訊埠轉發(Port Forwarding)與配置伺服器建置管理配置所必需之安全連線。 For information security considerations, the container service infrastructure supply and installation management mechanism of the present invention proposes a logical isolation mechanism for security on the network architecture. As shown in Figure 3, the network is divided into management network segments and service network segments, and The container service platform is built on the logically isolated network of the service network segment. In short, the provisioning server and configuration server are set in the management network segment, which is separated from the service network segment of the client, and multiple computing nodes in the service network segment are located in a logically isolated network, while the storage The cluster is in another logically isolated network. Because multiple computing nodes are built on the logically isolated network, when the client has information security issues, it can avoid affecting the server on the supply and configuration side. In addition, when deploying the platform, network penetration is required, through the deployment and management of routing rules, firewall rules, Network Address Translation (Network Address Translation, NAT), and the use of port forwarding (Port Forwarding) and configuration server construction management Configure the necessary secure connections.

圖4為本發明之容器服務基礎設施供裝管理方法的步驟圖。於步驟S41,依據服務節點參數供裝儲存空間與部署網路,以建構容器服務平台所需之共享環境。本步驟主要關於儲存空間與部署網路之供裝,藉以建立起容器服務平台所需之共享環境。 FIG. 4 is a step diagram of the container service infrastructure provisioning management method of the present invention. In step S41, the storage space is provisioned and the network is deployed according to the service node parameters, so as to construct the shared environment required by the container service platform. This step is mainly concerned with the supply and installation of storage space and deployment network, so as to establish the shared environment required by the container service platform.

上述建構容器服務平台所需之共享環境時,係將網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段之邏輯隔離網路上,亦即將運算節點架構在邏輯隔離網路上,避免客戶端有資訊安全問題時,影響到供裝配置端的伺服器。 When constructing the shared environment required by the above-mentioned container service platform, the network is divided into a management network segment and a service network segment, so that the container service platform is established on the logically isolated network of the service network segment, that is, the computing nodes are constructed on On the logically isolated network, it is avoided that when the client has information security problems, it will affect the server at the installation and configuration end.

於步驟S42,建構主從運算節點與防火牆,並於該主從運算節點中配置該共享環境中儲存叢集的參數,透過平行供裝該主從運算節點,對該主從運 算節點採用鎖定機制以及先進先出演算法,以篩選出唯一主運算節點以及平行開通該儲存空間和該主從運算節點之間的網路。本步驟係建構主從運算節點及防火牆,並從共享環境切一塊儲存空間出來,讓運算節點掛載,亦即在運算節點中配置該共享環境中儲存叢集的參數,讓運算節點可藉此成功連到共享環境的儲存叢集切出來的儲存空間,並進一步依據節點之間的相依性,產生對應網路連線關係。 In step S42, construct a master-slave computing node and a firewall, and configure the parameters of the storage cluster in the shared environment in the master-slave computing node, and install the master-slave computing node in parallel, the master-slave computing node The computing nodes adopt a locking mechanism and an advanced first-in-first-out algorithm to screen out the only master computing node and open the network between the storage space and the master-slave computing node in parallel. This step is to build master-slave computing nodes and firewalls, and cut out a piece of storage space from the shared environment for the computing nodes to mount, that is, configure the parameters of the storage cluster in the shared environment on the computing nodes, so that the computing nodes can use this to succeed The storage space cut out from the storage cluster connected to the shared environment, and further according to the dependencies between nodes, a corresponding network connection relationship is generated.

上述建構防火牆時,係於資料庫取得配置伺服器管理配置來源之網路位址和網路資源派發之唯一主虛擬網路位址,以及取得網路位址轉換伺服器於資源部署時產生與該配置伺服器服務對應之埠號,以建立防火牆規則穿透網路。另外,根據運算節點之相依性,可由該主從運算節點組合出不同的防火牆規則,以建立該唯一主運算節點連通該配置伺服器之防火牆規則以及該主從運算節點連線該儲存空間之防火牆規則。 When constructing the firewall above, the network address of the configuration server management configuration source and the unique primary virtual network address of the network resource distribution are obtained from the database, and the network address translation server is generated during resource deployment. This configures the corresponding port number of the server service to establish firewall rules to penetrate the network. In addition, according to the dependencies of computing nodes, different firewall rules can be combined from the master computing node to establish a firewall rule for the only master computing node to connect to the configuration server and a firewall for the master and slave computing nodes to connect to the storage space rule.

圖5為本發明之建構容器服務基礎設施供裝管理機制中各模組必要的流程圖,請一併參考圖1說明之。圖5係說明圖1之容器服務基礎設施供裝管理系統中須具備之必要資源管控流程,其包括五大步驟:建構服務範本協同管理模組必要之流程501、建構資源派發管理模組必要之流程502、建構儲存資源管理模組必要之流程503、建構網路資源管理模組必要之流程504以及建構運算資源管理模組必要之流程505。 FIG. 5 is a flow chart of each module necessary for constructing the container service infrastructure supply and installation management mechanism of the present invention, please refer to FIG. 1 for description. Figure 5 illustrates the necessary resource management and control process in the container service infrastructure supply and installation management system in Figure 1, which includes five major steps: the necessary process 501 for building a service template collaborative management module, and the necessary process 502 for building a resource distribution management module . The necessary flow 503 for building a storage resource management module, the necessary flow 504 for building a network resource management module, and the necessary flow 505 for building a computing resource management module.

建構服務範本協同管理模組必要之流程501為容器服務基礎設施供裝管理系統1之服務範本協同管理模組11可成功運行的前置作業。此外,須於資料庫設定服務節點參數、服務範本規格、服務範本,服務節點樹狀資料結構階 層、供裝應用需求介面、服務節點之流程狀態(例如申租、異動、退租)、供裝流程等驅動整體系統協同管理供裝所必須之配置。 The necessary process 501 for constructing the service template collaborative management module is a pre-work that the service template collaborative management module 11 of the container service infrastructure provisioning management system 1 can run successfully. In addition, service node parameters, service template specifications, service templates, and service node tree data structure levels must be set in the database. Layer, supply and installation application requirements interface, process status of service nodes (such as rent application, transaction, and lease cancellation), supply and installation process, etc., drive the necessary configuration for the overall system to coordinate management of supply and installation.

建構資源派發管理模組必要之流程502為容器服務基礎設施供裝管理系統1之資源派發管理模組15可成功運行的前置作業。此外,須於資料庫設定所需監控三類資源進行查看動作,例如網路資源、儲存資源、運算資源等資源。再者,當資源監控項目設定完畢後,系統依照供裝資源狀態,於資料庫設定容器服務基礎設施供裝管理系統1所需的供裝資源狀態,包括申裝、異動及拆除。另外,容器服務基礎設施供裝管理系統1需建置多個資源選定規則,進行資源項目選定動作。 The necessary process 502 for constructing the resource dispatch management module is a pre-work that the resource dispatch management module 15 of the container service infrastructure provisioning management system 1 can run successfully. In addition, three types of resources need to be monitored and checked in the database settings, such as network resources, storage resources, computing resources and other resources. Furthermore, when the resource monitoring items are set, the system sets the status of the supplying resources required by the container service infrastructure supplying management system 1 in the database according to the status of the supplying resources, including application, change and removal. In addition, the container service infrastructure supply and installation management system 1 needs to establish multiple resource selection rules to perform resource item selection actions.

建構儲存資源管理模組必要之流程503為容器服務基礎設施供裝管理系統1之儲存資源管理模組14可成功運行的前置作業。此外,須於資料庫設定多組所需監控儲存資源資訊,例如儲存叢集(Storage cluster)資訊,資訊內容就是在實際的儲存資源進行操作所必要的資訊包含IP、帳號、密碼等。 The necessary process 503 for constructing the storage resource management module is a pre-work for the successful operation of the storage resource management module 14 of the container service infrastructure supply management system 1 . In addition, multiple groups of required monitoring storage resource information must be set in the database, such as storage cluster information. The information content is the information necessary for operations on the actual storage resources, including IP, account number, password, etc.

建構網路資源管理模組必要之流程504為容器服務基礎設施供裝管理系統1之網路資源管理模組13可成功運行的前置作業。此外,須於資料庫設定所需監控網路資源資訊,例如網絡安全設備資訊,資訊內容包括網路資源進行操作所必要的資訊包含IP、帳號、密碼等。 The necessary process 504 for constructing the network resource management module is a pre-work for the successful operation of the network resource management module 13 of the container service infrastructure provisioning management system 1 . In addition, the required monitoring network resource information must be set in the database, such as network security device information. The information content includes information necessary for network resources to operate, including IP, account number, password, etc.

建構運算資源管理模組必要之流程505為容器服務基礎設施供裝管理系統1之運算資源管理模組12可成功運行的前置作業。此外,須預先建置必要之虛擬機模板,並在資料庫中管理相關資訊。 The necessary process 505 for constructing the computing resource management module is a pre-work that the computing resource management module 12 of the container service infrastructure provisioning management system 1 can run successfully. In addition, the necessary virtual machine templates must be pre-built and related information managed in the database.

需說明者,上述流程並無絕對順序,亦即流程501-505可不按排序來執行。 It should be noted that the above-mentioned processes are not in an absolute order, that is, the processes 501-505 may not be executed in order.

圖6為本發明之建構容器服務基礎設施供裝管理機制一具體實施例的流程圖。如圖所示,可包括二個階段的決策資源供裝管理,第一階段包括流程601-606,第二階段包括流程607-611,請一併參考圖1說明之。 FIG. 6 is a flow chart of a specific embodiment of a container service infrastructure provisioning management mechanism of the present invention. As shown in the figure, the decision-making resource supply management may include two stages. The first stage includes processes 601-606, and the second stage includes processes 607-611. Please refer to FIG. 1 for description.

於流程601,服務範本協同配置儲存、網路、網路位址轉換(NAT)、防火牆、路由資源。簡言之,服務範本協同管理模組11接收使用者服務指令,將儲存、網路、NAT、防火牆、路由等資源之指令參數與服務範本中的參數進行整合,形成服務節點參數,並根據服務節點參數組裝成介面所需參數,呼叫供裝應用程式介面,以進行流程602-606。 In the process 601, the service profile coordinates to configure storage, network, network address translation (NAT), firewall, and routing resources. In short, the service template collaborative management module 11 receives user service instructions, integrates the instruction parameters of storage, network, NAT, firewall, routing and other resources with the parameters in the service template to form service node parameters, and according to the service The node parameters are assembled into the required parameters of the interface, and the provisioning API is called to perform processes 602-606.

於流程602,決策派發管理資源項目。簡言之,資源派發管理模組15接收服務節點參數,依照參數需求,查看資料庫下設定監控所需網路資源、儲存資源,進行派發所需供裝資源並更新資源狀態。 In the process 602, a decision is made to dispatch management resource items. In short, the resource distribution management module 15 receives the service node parameters, checks the network resources and storage resources required for monitoring under the database according to the parameter requirements, distributes the required provisioning resources and updates the resource status.

於流程603,決定部署儲存資源項目。簡言之,儲存資源管理模組14接收服務節點參數,對儲存叢集(Storage Cluster)發出儲存空間請求,並返回儲存空間資訊,例如掛載路徑、儲存空間配置檔、登入帳密等資訊。 In the process 603, it is determined to deploy storage resource items. In short, the storage resource management module 14 receives service node parameters, sends a storage space request to the Storage Cluster, and returns storage space information, such as mounting path, storage space configuration file, login account and other information.

於流程604,決定部署NAT資源項目。簡言之,網路資源管理模組13接收服務節點參數,於資料庫中取得主虛擬位址和邏輯隔離網路資源的閘道位址,並從實體資源層隨機取得尚未占用和配置伺服器服務對應的多組埠號,完成內部的主虛擬位址和埠號轉換對應閘道位址和埠號之網路位址轉換設定。 In the process 604, it is decided to deploy the NAT resource item. In short, the network resource management module 13 receives the service node parameters, obtains the main virtual address and the gateway address of logically isolated network resources in the database, and randomly obtains unoccupied and configured servers from the physical resource layer Multiple sets of port numbers corresponding to the service, and complete the internal main virtual address and port number conversion corresponding to the network address conversion setting of the gateway address and port number.

於流程605,決定部署配置伺服器防火牆資源項目。該網路資源管理模組13於資料庫取得配置伺服器管理配置來源網路位址(IP)和網路資源派發的唯一主虛擬IP,並取得NAT資源部署時產生與配置伺服器服務對應的埠號,建立 多組防火牆規則穿透網路,設置外部介面對應內部介面,透過連接埠轉發(port forward)連通內部資源。 In the process 605, it is determined to deploy and configure the server firewall resource item. The network resource management module 13 obtains the configuration server management configuration source network address (IP) and the unique primary virtual IP of network resource distribution from the database, and generates a corresponding configuration server service when obtaining NAT resource deployment port number, build Multiple sets of firewall rules penetrate the network, set the external interface to correspond to the internal interface, and connect internal resources through port forwarding.

於流程606,決定部署路由資源項目。該網路資源管理模組13於資料庫取得配置伺服器對外IP和儲存叢集對外IP,並從邏輯隔離網路資源取得閘道位址和閘道介面,以建立外部網路路由表。 In the process 606, it is determined to deploy the routing resource item. The network resource management module 13 obtains the external IP of the configuration server and the external IP of the storage cluster from the database, and obtains the gateway address and the gateway interface from the logically isolated network resources to establish an external network routing table.

上述即完成第一階段之實體資源層配置供裝,接著將回到流程601,並依指示進入第二階段。 The above completes the configuration and installation of the physical resource layer in the first stage, and then returns to the process 601, and enters the second stage according to the instruction.

於流程607,服務範本協同配置運算、防火牆資源。也就是服務範本協同管理模組11產生多組服務節點平行處理供裝資源。 In the process 607, the service template cooperates to configure computing and firewall resources. That is to say, the service template collaborative management module 11 generates multiple sets of service nodes to process supply and installation resources in parallel.

於流程608,決策派發運算資源項目。資源派發管理模組15於資料庫設定監控所需網路資源以及運算資源,依照預建網路資源選定規則取得供裝資源並更新狀態設定。 In the process 608, a decision is made to distribute computing resource items. The resource distribution management module 15 sets and monitors the required network resources and computing resources in the database, obtains the supply and installation resources according to the pre-built network resource selection rules, and updates the status settings.

於流程609,決定部署運算資源項目。運算資源管理模組12於資料庫取得預先建立好的VM範本資訊,從虛擬機模板部署運算節點,並決策出並決定唯一的主運算節點,設定叢集、儲存資源路徑、網路組態配置、配置所有運算節點唯一的主運算節點IP、設置不同的主從角色層級。 In the process 609, it is determined to deploy computing resource items. The computing resource management module 12 obtains pre-established VM template information from the database, deploys computing nodes from the virtual machine template, and decides and determines the only main computing node, setting clusters, storage resource paths, network configuration configuration, Configure the unique master computing node IP for all computing nodes, and set different master-slave role levels.

於流程610,決定部署運算節點防火牆項目。網路資源管理模組13相依於運算節點,對應主從運算節點組合不同的防火牆規則,建立唯一主節點連通配置伺服器的防火牆規則,且/或建立主從節點連線儲存空間的防火牆規則。 In the process 610, it is decided to deploy the computing node firewall project. The network resource management module 13 depends on the computing nodes, and combines different firewall rules corresponding to the master and slave computing nodes, and establishes a unique firewall rule for the master node to connect to the configuration server, and/or establishes a firewall rule for the master and slave nodes to connect to the storage space.

於流程611,配置伺服器配置管理設定。本流程即透過流程604、605、606、610所建置之網路架構,配置伺服器主機連通部署的儲存資源和運算資源,完成配置設定容器服務基礎設施,並回報給客戶端介面。 In the process 611, server configuration management settings are configured. This process is to configure the server host to connect to the deployed storage resources and computing resources through the network architecture built in the processes 604, 605, 606, and 610, complete the configuration and set the container service infrastructure, and report to the client interface.

上述即完成第二階段之實體資源層配置供裝,假若流程602-611有失敗的情形,則會進入人工處理,即由維運端人工處理錯誤資訊。 The above is to complete the configuration and installation of the physical resource layer in the second stage. If there is a failure in the process 602-611, it will enter manual processing, that is, the error information will be manually processed by the maintenance and operation terminal.

下面以一具體實施例說明本案技術,請一併參考圖6說明之。當用戶在用戶申請的虛擬網路中完成申租容器服務平台的參數設定並送出訂單後,系統後端會進入供裝程序。 The technology of this case is described below with a specific embodiment, please refer to FIG. 6 for description. When the user completes the parameter setting of the rental container service platform in the virtual network applied by the user and sends the order, the system backend will enter the supply and installation process.

於流程601中,接收到申租容器服務的需求,根據共同資源儲存叢集空間、資源決策派發和統一的NAT、防火牆和路由資源建立第一階段的服務範本,在第一階段服務範本配置儲存空間大小和虛擬網路參數。於流程602中,系統會根據第一服務範本配置的資源參數,決定配發資源區域、資源服務區、虛擬防火牆規格、主服務虛擬IP、虛擬網路對外介面等配置。於流程603中,在獨立虛擬網路裡已建好的共同儲存叢集空間資源池中,切出需要的資源空間,並在資料庫中記錄後續運算節點掛載需要使用到的儲存空間資訊。於流程604中,在用戶虛擬網路中建立一個網路轉址,連通配置伺服器和主服務IP。於流程605中,在用戶虛擬網路中開通防火牆的數個埠號,連通配置伺服器和主服務IP。於流程606中,在用戶虛擬網路中建立到儲存叢集空間和配置伺服器的路由,到這邊完成第一服務範本所有服務建置。 In process 601, the demand for renting container services is received, and the first-stage service template is established according to the common resource storage cluster space, resource decision distribution, and unified NAT, firewall, and routing resources, and the storage space is configured in the first-stage service template size and virtual network parameters. In process 602, the system determines configurations such as resource area, resource service area, virtual firewall specification, main service virtual IP, and virtual network external interface according to the resource parameters configured in the first service template. In the process 603, the required resource space is cut out from the established common storage cluster space resource pool in the independent virtual network, and the storage space information required for subsequent computing node mounting is recorded in the database. In the process 604, a network forwarding address is established in the user virtual network to connect the configuration server and the main service IP. In the process 605, several port numbers of the firewall are opened in the user virtual network, and the configuration server and the main service IP are connected. In the process 606, a route to the storage cluster space and configuration server is established in the user virtual network, and all services of the first service template are completed here.

於流程607中,在獨立資源的運算節點和防火牆開通服務,建立第二階段服務範本,把訂單帶下來的參數,儲存空間大小、運算節點數量和虛擬網路參數在第二階段服務範本配置,第二階段供裝以運算節點為主要,系統根據主從運算節點數量,產生數個服務範本(主要分成兩個種類範本,即控制運算節點範本和工作運算節點範本),服務範本間平行供裝。於流程608中,產生的每個服務範本分別決策派發資源區域、資源服務區、虛擬防火牆規格、虛擬網路對 外介面等資源配置。於流程609中,因為需要先決定出控制運算節點中的主運算節點中,工作節點也需要等待主運算節點出現,兩種範本供裝主要透過鎖定(lock),先決出主運算節點,唯一的主運算節點出現後,所有的控制運算節點和工作運算節點就會繼續完成供裝,並掛載第一階段切出來的儲存叢集空間。於流程610中,每一個服務範本建立自己運算節點的防火牆開通,在用戶的虛擬網路中,完成配置伺服器和運算節點間的網路連通。於流程611中,配置伺服器完成整個容器服務的建置。 In the process 607, the service is activated on the computing nodes and the firewall of the independent resources, and the second-stage service template is established, and the parameters brought down by the order, the storage space size, the number of computing nodes, and the virtual network parameters are configured in the second-stage service template, In the second stage, computing nodes are the main supply and installation. The system generates several service templates according to the number of master and slave computing nodes (mainly divided into two types of templates, namely, the control computing node template and the working computing node template), and the service templates are installed in parallel. . In the process 608, each generated service template decides to distribute the resource area, resource service area, virtual firewall specification, virtual network pair External interface and other resource configuration. In process 609, since the main computing node in the control computing node needs to be determined first, the working node also needs to wait for the main computing node to appear. The two templates are installed mainly through locking (lock), and the main computing node is determined first. After the main computing node appears, all control computing nodes and working computing nodes will continue to complete provisioning and mount the storage cluster space cut out in the first stage. In the process 610, each service template establishes the firewall of its own computing node and activates it, and configures the network connection between the server and the computing node in the user's virtual network. In the process 611, the configuration server completes the construction of the entire container service.

本發明之容器服務基礎設施供裝管理系統之各模組可於包括微處理器及記憶體之電腦設備或伺服器中運行,演算法、資料、程式等係儲存記憶體或晶片內,微處理器可從記憶體或晶片載入資料或演算法或程式進行資料分析或計算等處理,在此不予贅述。 Each module of the container service infrastructure supply and installation management system of the present invention can run in a computer device or server including a microprocessor and a memory. Algorithms, data, programs, etc. are stored in the memory or chip, and the microprocessor The device can load data from the memory or chip, or perform algorithms or programs to perform data analysis or calculation, etc., which will not be described in detail here.

另外,本發明還揭示一種電腦可讀媒介,係應用於具有處理器(例如CPU、GPU等)及/或記憶體的計算裝置或電腦中,且儲存有指令,並可利用此計算裝置或電腦透過處理器及/或記憶體執行此電腦可讀媒介,以於執行此電腦可讀媒介時執行上述之方法及各步驟。 In addition, the present invention also discloses a computer-readable medium, which is applied to a computing device or computer having a processor (such as CPU, GPU, etc.) and/or memory, and stores instructions, and the computing device or computer can be used to Executing the computer-readable medium through a processor and/or memory, so as to execute the above-mentioned method and each step when executing the computer-readable medium.

綜上所述,本發明之容器服務基礎設施供裝管理系統、方法及電腦可讀媒介,係關於容器服務基礎設施供裝管理機制,採用建構容器服務基礎設施供裝管理機制之樹狀圖的樹狀結構,提供兩階段基礎設施組合並完成供裝容器服務平台,第一階段根節點(root)可供裝儲存空間和部署網路來建構容器服務平台所需的共享環境,對於資訊安全考量,本發明將網路架構切割成管理網段和服務網段,容器服務平台建立在服務網段的邏輯隔離網路上,透過部署網路資源穿透網路,第二階段根據資源需求產生多個樹狀子節點(child)建構主從運算節點 和防火牆並配置第一階段產生的共享環境,透過平行供裝運算節點,對主從節點採用鎖定機制,使用先進先出演算法篩選出唯一的主節點、平行開通儲存空間和運算節點之間的網路,建置容器服務供裝平台,提升供裝速度與品質,可調整平台運算和容量規格,提供擴展性,實現降低建置和管理的成本與複雜性,增加可用性。 In summary, the container service infrastructure supply and installation management system, method, and computer-readable medium of the present invention are related to the container service infrastructure supply and installation management mechanism, and adopt the method of constructing a tree diagram of the container service infrastructure supply and installation management mechanism The tree structure provides a two-stage infrastructure combination and completes the container service platform. In the first stage, the root node (root) can install storage space and deploy the network to build the shared environment required by the container service platform. For information security considerations , the present invention divides the network architecture into a management network segment and a service network segment. The container service platform is built on the logically isolated network of the service network segment, and penetrates the network by deploying network resources. In the second stage, multiple Tree-like child nodes (child) construct master-slave computing nodes Configure the shared environment generated in the first stage with the firewall and install the computing nodes in parallel, adopt a locking mechanism for the master-slave nodes, use the advanced first-in-first-out algorithm to screen out the only master node, and open the network between the storage space and the computing nodes in parallel. Road, build a container service supply and installation platform, improve the speed and quality of supply and installation, adjust platform computing and capacity specifications, provide scalability, reduce the cost and complexity of construction and management, and increase availability.

上述實施例僅為例示性說明,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施例進行修飾與改變。因此,本發明之權利保護範圍係由本發明所附之申請專利範圍所定義,只要不影響本發明之效果及實施目的,應涵蓋於此公開技術內容中。 The above-mentioned embodiments are for illustrative purposes only, and are not intended to limit the present invention. Anyone skilled in the art can make modifications and changes to the above-mentioned embodiments without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention is defined by the scope of patent application attached to the present invention, as long as it does not affect the effect and implementation purpose of the present invention, it should be included in this disclosed technical content.

1:容器服務基礎設施供裝管理系統 1: Container service infrastructure supply and installation management system

11:服務範本協同管理模組 11: Service template collaborative management module

12:運算資源管理模組 12:Computing resource management module

13:網路資源管理模組 13: Network resource management module

14:儲存資源管理模組 14: Storage resource management module

15:資源派發管理模組 15: Resource distribution management module

2:供裝流程管理資料庫 2: Supply and installation process management database

Claims (10)

一種容器服務基礎設施供裝管理系統,係包括: A container service infrastructure supply and installation management system, including: 服務範本協同管理模組,係用以組織串聯運算資源、儲存資源、網路資源、網路位址轉換資源、防火牆資源、路由資源,以協同其狀態調整為能用於完成供裝基礎設施; The service template collaborative management module is used to organize serial computing resources, storage resources, network resources, network address translation resources, firewall resources, and routing resources, so as to adjust their status to be used to complete the supply and installation infrastructure; 運算資源管理模組,係連結該服務範本協同管理模組,用以設定該儲存資源之路徑、網路組態配置、虛擬機模板,以及平行處理與部署多個運算節點,以決定唯一主運算節點;以及 The computing resource management module is connected to the service template collaborative management module to set the storage resource path, network configuration configuration, virtual machine template, and parallel processing and deployment of multiple computing nodes to determine the only main computing node; and 網路資源管理模組,係連結該服務範本協同管理模組,用以決定部署主虛擬位址和邏輯隔離網路閘道位址之網路位址轉換,部署該多個運算節點、配置伺服器和儲存叢集的內對外和外對內之防火牆規則建立,以及部署該邏輯隔離網路外部網路路由表以連通該配置伺服器, The network resource management module is linked to the service template collaborative management module, and is used to determine the network address translation between the main virtual address and the logically isolated network gateway address, deploy the multiple computing nodes, and configure the server Establish internal and external and external and internal firewall rules for servers and storage clusters, and deploy external network routing tables for the logically isolated network to connect to the configuration server, 其中,基於服務節點參數供裝儲存空間與部署網路,藉以建構出容器服務平台所需之共享環境,並於該多個運算節點中配置該共享環境中儲存叢集的參數,以完成容器服務平台之基礎設施的供裝與管理。 Among them, based on the service node parameters, the storage space is provided and the network is deployed, so as to construct the shared environment required by the container service platform, and the parameters of the storage cluster in the shared environment are configured in the multiple computing nodes to complete the container service platform The supply and management of infrastructure. 如請求項1之容器服務基礎設施供裝管理系統,復包括連結該服務範本協同管理模組之儲存資源管理模組,係用以管理並配置該儲存空間。 The container service infrastructure provisioning management system of Claim 1 further includes a storage resource management module linked to the service template collaborative management module, which is used to manage and configure the storage space. 如請求項1之容器服務基礎設施供裝管理系統,復包括連結該服務範本協同管理模組之資源派發管理模組,係用以配發該網路資源、該儲存資源及該運算資源。 The container service infrastructure provisioning management system of claim 1 further includes a resource distribution management module linked to the service template collaborative management module, which is used to distribute the network resources, the storage resources and the computing resources. 如請求項1之容器服務基礎設施供裝管理系統,其中,該網路資源管理模組復包括將該網路切割成管理網段和服務網段,以令該容器服務平 台建立在該服務網段的該邏輯隔離網路上。 For example, the container service infrastructure supply and management system of claim 1, wherein the network resource management module further includes dividing the network into a management network segment and a service network segment, so that the container service platform The station is established on the logically isolated network of the service network segment. 一種容器服務基礎設施供裝管理方法,係包括: A container service infrastructure supply and installation management method, comprising: 依據服務節點參數供裝儲存空間與部署網路,以建構容器服務平台所需之共享環境;以及 Provide storage space and deploy network according to the service node parameters to build the shared environment required by the container service platform; and 建構主從運算節點與防火牆,並於該主從運算節點中配置該共享環境中儲存叢集的參數,再透過平行供裝該主從運算節點,對該主從運算節點採用鎖定機制以及先進先出演算法,以篩選出唯一主運算節點以及平行開通該儲存空間和該主從運算節點之間的網路。 Construct the master-slave computing node and firewall, and configure the parameters of the storage cluster in the shared environment on the master-slave computing node, and then install the master-slave computing node in parallel, adopt a locking mechanism and first-in-first-out for the master-slave computing node Algorithm to screen out the only master computing node and open the network between the storage space and the master-slave computing node in parallel. 如請求項5之容器服務基礎設施供裝管理方法,其中,該建構容器服務平台所需之共享環境之步驟係包括將該網路切割成管理網段和服務網段,以令該容器服務平台建立在該服務網段之邏輯隔離網路上。 According to claim 5, the container service infrastructure supply and installation management method, wherein the step of constructing the shared environment required by the container service platform includes dividing the network into a management network segment and a service network segment, so that the container service platform Established on the logically isolated network of the service network segment. 如請求項5之容器服務基礎設施供裝管理方法,該建構主從運算節點之步驟係包括自資料庫內取得預先建立之虛擬機模板,結合該服務節點參數以及該虛擬機模板,以生成作為該主從運算節點之多組服務節點。 As for the container service infrastructure supply and management method of claim item 5, the step of constructing the master-slave computing node includes obtaining a pre-established virtual machine template from the database, combining the service node parameters and the virtual machine template to generate as Multiple groups of service nodes of the master-slave computing node. 如請求項5之容器服務基礎設施供裝管理方法,其中,該建構防火牆之步驟復包括於資料庫取得配置伺服器管理配置來源之網路位址和網路資源派發之唯一主虛擬網路位址,以及取得網路位址轉換伺服器於資源部署時產生與該配置伺服器服務對應之埠號,以建立防火牆規則穿透網路。 The container service infrastructure supply and management method of claim item 5, wherein the step of constructing a firewall further includes obtaining the network address of the configuration server management configuration source and the unique primary virtual network address for network resource distribution from the database address, and obtain the port number corresponding to the configuration server service generated by the network address translation server during resource deployment, so as to establish firewall rules to penetrate the network. 如請求項8之容器服務基礎設施供裝管理方法,其中,依據運算節點之相依性,由該主從運算節點組合出不同的防火牆規則,以建立該唯一主運算節點連通該配置伺服器之第一防火牆規則以及該主從運算節點連線該儲存空間之第二防火牆規則。 According to claim 8, the container service infrastructure supply and management method, wherein, according to the dependencies of the computing nodes, the master and slave computing nodes combine different firewall rules to establish the first link between the unique master computing node and the configuration server A firewall rule and a second firewall rule for connecting the master-slave computing node to the storage space. 一種電腦可讀媒介,應用於計算裝置或電腦中,係儲存有指令,以執行如請求項5至9之任一項所述之容器服務基礎設施供裝管理方法。 A computer-readable medium, used in a computing device or a computer, stores instructions to execute the container service infrastructure provisioning management method described in any one of claims 5-9.
TW110109786A 2021-03-18 2021-03-18 Provision and management system and method for container infrastructure service and computer readable medium TWI773200B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110109786A TWI773200B (en) 2021-03-18 2021-03-18 Provision and management system and method for container infrastructure service and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110109786A TWI773200B (en) 2021-03-18 2021-03-18 Provision and management system and method for container infrastructure service and computer readable medium

Publications (2)

Publication Number Publication Date
TWI773200B TWI773200B (en) 2022-08-01
TW202238374A true TW202238374A (en) 2022-10-01

Family

ID=83806880

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110109786A TWI773200B (en) 2021-03-18 2021-03-18 Provision and management system and method for container infrastructure service and computer readable medium

Country Status (1)

Country Link
TW (1) TWI773200B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067344B (en) * 2011-10-24 2016-03-30 国际商业机器公司 The noninvasive method of automatic distributing safety regulation and equipment in cloud environment
CN111522653B (en) * 2020-02-07 2023-08-18 华中科技大学 Container-based network function virtualization platform
CN111782232A (en) * 2020-07-31 2020-10-16 平安银行股份有限公司 Cluster deployment method and device, terminal equipment and storage medium
CN112351034B (en) * 2020-11-06 2023-07-25 科大讯飞股份有限公司 Firewall setting method, device, equipment and storage medium

Also Published As

Publication number Publication date
TWI773200B (en) 2022-08-01

Similar Documents

Publication Publication Date Title
US11394714B2 (en) Controlling user access to command execution
CN110383765B (en) Configuration, telemetry and analysis of computer infrastructure using graphical models
Sung et al. Robotron: Top-down network management at facebook scale
US11121906B2 (en) Data plane API in a distributed computing network
EP2930884B1 (en) Object-oriented network virtualization
RU2595540C2 (en) Basic controllers for conversion of universal streams
JP5102543B2 (en) Method for dynamically provisioning information technology infrastructure
US10230567B2 (en) Management of a plurality of system control networks
US20150207703A1 (en) Abstraction models for monitoring of cloud resources
US11570055B2 (en) Connectivity templates
CN104468791A (en) Private cloud IaaS platform construction method
CN109587026A (en) A method of large and medium-sized enterprise's Network Programe Design based on Java
US9565130B2 (en) Cloud-based resource availability calculation of a network environment
US9774600B1 (en) Methods, systems, and computer readable mediums for managing infrastructure elements in a network system
US9098334B2 (en) Special values in oracle clusterware resource profiles
US20140129685A1 (en) System and method for propagating virtualization awareness in a network environment
TWI773200B (en) Provision and management system and method for container infrastructure service and computer readable medium
Romanov et al. Principles of building modular control plane in software-defined network
US20140047083A1 (en) Administration information generation method, administration information generation program, and administration information generation device
US20180081846A1 (en) Firm channel paths
Wang et al. SPN OS: Managing network services with virtual network objects
US20230337062A1 (en) Cellular system observability centralized for all domains and vendors
US20230337063A1 (en) Cellular system observability architecture
US20230336433A1 (en) Data collection for cellular system
US20230337060A1 (en) Cellular system observability architecture including short term and long term storage configuration