CN110971646A - Cluster control device, system and method - Google Patents

Cluster control device, system and method Download PDF

Info

Publication number
CN110971646A
CN110971646A CN201811166186.2A CN201811166186A CN110971646A CN 110971646 A CN110971646 A CN 110971646A CN 201811166186 A CN201811166186 A CN 201811166186A CN 110971646 A CN110971646 A CN 110971646A
Authority
CN
China
Prior art keywords
cluster
policy
controller component
control
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811166186.2A
Other languages
Chinese (zh)
Inventor
蔡亮
李伟东
才振功
谢于宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN201811166186.2A priority Critical patent/CN110971646A/en
Publication of CN110971646A publication Critical patent/CN110971646A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1031Controlling of the operation of servers by a load balancer, e.g. adding or removing servers that serve requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a cluster control device, a cluster control system and a cluster control method. The cluster control device comprises an authentication authorization and policy controller component and a cluster state controller component; the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy; and the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster. By adopting the cluster control device provided by the application, the problem that in the prior art, a plurality of clusters have a plurality of cluster management inlets and the management is complex is solved.

Description

Cluster control device, system and method
Technical Field
The present application relates to the field of cloud computing, and in particular, to a cluster control management apparatus, system, and method.
Background
Currently, kubernets are commonly deployed to operate in an available area of a single data center or cloud service provider because of the need for a relatively high performance, reliable, and inexpensive network within a kubernets cluster. High performance networks also mean that kubernets clusters must be deployed in a single data center or in one availability area of the same service provider, so currently each kubernets cluster is a relatively independent unit, usually operating in a single availability area of a separate data center or cloud provider.
A large enterprise will usually have multiple kubernets clusters, such as one cluster for each data center, one cluster for each test development, and one cluster for different cloud service providers. Multiple kubernets cluster have multiple kubernets cluster management entries, which brings complexity in management and lack of uniform scheduling planning of resources. Thus, federation across multiple kubernets clusters across multiple geographic regions is an urgent problem to be solved.
Disclosure of Invention
The application provides a cluster control device, a cluster control system, a cluster control method, an electronic device and a computer readable storage medium, which are used for solving the problem of complex management caused by a plurality of clusters having a plurality of cluster management inlets.
The application provides a cluster control device, which comprises an authentication authorization and policy controller component and a cluster state controller component;
the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy;
and the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
Optionally, the control policy includes a distribution policy for creating resources in the cluster;
the authentication authorization and policy controller component is specifically configured to create resources in a cluster corresponding to the user's permission according to the distribution policy.
Optionally, the distribution policy includes policy information for creating a same resource in each cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to each cluster corresponding to the user's right.
Optionally, the distribution policy includes policy information of a ratio of resources created in each cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send indication information including a proportion of created resources to each cluster corresponding to the user's right.
Optionally, the distribution policy includes creating a resource in a specified cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to a specified cluster corresponding to the user's right.
Optionally, the control policy includes a migration policy for load migration between clusters;
the authentication, authorization and policy controller component is specifically configured to control load migration between clusters according to the migration policy.
Optionally, the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that a load of a cluster reaches or exceeds a load threshold;
the authentication authorization and policy controller component is specifically configured to send an indication of migrating load to a cluster whose load meets or exceeds a load threshold.
Optionally, the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that the time for migrating the load arrives;
the authentication authorization and policy controller component is specifically configured to send an indication of the migration load to the specified cluster when the time of migration load arrives.
Optionally, the cluster state controller component is specifically configured to obtain a trigger for migrating a load, and instruct, according to the trigger, the authentication authorization and policy controller component to control load migration between clusters;
the authentication authorization and policy controller component is specifically configured to send instruction information of the migration load to a cluster specified when the trigger of the migration load is obtained.
Optionally, the cluster state controller component is specifically configured to obtain at least one of health state information of a cluster and load information of the cluster, and trigger the authentication authorization and policy controller component to control the cluster according to the at least one of the health state information of the cluster and the load information of the cluster.
Optionally, the cluster state controller component is further configured to update the authority of the user, and provide the updated authority of the user to the authentication authorization and policy controller component.
Optionally, the method further includes: the DNS controller component is used for obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
Optionally, the cluster is a kubernets cluster.
Optionally, the authentication authorization and policy controller component is implemented by the policy resource object, and the policy resource object is obtained by using a customized resource object of Kubernetes.
Optionally, the cluster state controller component is implemented by the cluster resource object, and the cluster resource object is obtained by using a customized resource object of kubernets.
Optionally, the DNS controller component is implemented by the domain name resolution service resource object, and the domain name resolution service resource object is obtained by using a customized resource object of Kubernetes.
The application provides a cluster control system, which comprises a cluster control device and a controlled cluster;
the cluster control device comprises an authentication authorization and policy controller component and a cluster state controller component; the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy; the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster;
and the controlled cluster is used for receiving the control of the cluster control device.
Optionally, the cluster control device is disposed in a central-level kubernets cluster, and the controlled cluster is a kubernets sub-cluster.
The application provides a cluster control method, which comprises the following steps:
verifying the authority of the user;
determining a cluster corresponding to the user authority;
obtaining a control strategy for controlling the cluster;
and controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy.
Optionally, the control policy includes a distribution policy for creating resources in the cluster;
the controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy comprises the following steps: and creating resources in the cluster corresponding to the user authority according to the distribution strategy.
Optionally, the distribution policy includes policy information for creating a same resource in each cluster corresponding to the user's right;
and respectively sending indication information for creating a resource to each cluster corresponding to the user authority.
Optionally, the distribution policy includes policy information of a ratio of resources created in each cluster corresponding to the user's right;
and respectively sending indication information comprising the proportion of creating the resources to each cluster corresponding to the authority of the user.
Optionally, the distribution policy includes creating a resource in a designated cluster corresponding to the user's right;
and sending indication information for creating the resources to the specified cluster corresponding to the user authority.
Optionally, the control policy includes a migration policy for load migration between clusters;
and controlling load migration among the clusters according to the migration strategy.
Optionally, the controlling load migration between clusters according to the migration policy includes:
when the load of the clusters is determined to reach or exceed the load threshold, triggering to control load migration among the clusters;
and respectively sending out indication information of migrating the workload to the cluster with the load reaching or exceeding the load threshold value and the cluster capable of increasing the load.
Optionally, the controlling load migration between clusters according to the migration policy includes:
triggering the authentication authorization and policy controller component to control load migration between clusters when the time for migrating the workload is determined to arrive;
the authentication authorization and policy controller component is specifically configured to send instruction information for migrating workloads to a specified cluster.
Optionally, the controlling load migration between clusters according to the migration policy includes:
acquiring triggering of migration workload, and controlling load migration among clusters according to the triggering indication;
and sending out the indication information of the migration workload to the specified cluster.
Optionally, the method further includes: the method comprises the steps of obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
Optionally, the cluster is a kubernets cluster.
The application provides an electronic device, the electronic device includes:
a processor;
a memory for storing a program that, when read and executed by the processor, performs the following:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
The present application provides a computer-readable storage medium having a computer program stored thereon, wherein the program, when executed by a processor, implements the steps of:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
Compared with the prior art, the method has the following advantages:
by adopting the cluster control device provided by the application, the authority of a user is verified by utilizing the authentication authorization and policy controller component, a control policy for controlling the cluster is generated, and the cluster corresponding to the authority of the user is controlled according to the triggering of the cluster state controller component and the control policy; acquiring the state information of a cluster by using a cluster state controller component, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster; unified management and control of a plurality of clusters are realized, the multi-cluster management operation and maintenance burden is reduced, and the utilization rate of resources is saved. Therefore, the problem that in the prior art, a plurality of clusters are provided with a plurality of cluster management inlets, so that management is complex is solved.
Drawings
Fig. 1 is a flowchart of a cluster control apparatus according to a first embodiment of the present application;
FIG. 2 is a flowchart of the work between the cluster state controller and the sub-cluster and the apiserver according to the first embodiment of the present application;
fig. 3 is a schematic application diagram of a management system of a cluster according to a first embodiment of the present application;
fig. 4 is a flowchart illustrating a cluster control method according to a third embodiment of the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of implementation in many different ways than those herein set forth and of similar import by those skilled in the art without departing from the spirit of this application and is therefore not limited to the specific implementations disclosed below.
A first embodiment of the present application provides a cluster control apparatus. Please refer to fig. 1, which is a flowchart illustrating a first embodiment of the present application. A cluster control apparatus according to a first embodiment of the present application is described in detail below with reference to fig. 1. The apparatus comprises an authentication authorization and policy controller component 101 and a cluster state controller component 102.
The authentication authorization and policy controller component 101 is configured to verify the authority of the user, generate a control policy for controlling a cluster, and control the cluster corresponding to the authority of the user according to the trigger of the cluster state controller component and the control policy.
In this embodiment, the authentication authorization and policy controller component may be deployed in a central cluster, and configured to verify a right of a user, generate a control policy for controlling the cluster, and control the cluster corresponding to the right of the user according to the trigger of the cluster state controller component and the control policy.
The control policy comprises a distribution policy for creating resources in a cluster;
the authentication authorization and policy controller component is specifically configured to create resources in a cluster corresponding to the user's permission according to the distribution policy.
In this embodiment, the cluster corresponding to the authority of the user refers to a cluster in which the user has the authority.
The distribution strategy comprises strategy information of respectively creating a same resource in each cluster corresponding to the user authority;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to each cluster corresponding to the user's right.
The distribution strategy comprises strategy information of creating the proportion of resources in each cluster corresponding to the user authority;
the authentication authorization and policy controller component is specifically configured to send indication information including a proportion of created resources to each cluster corresponding to the user's right.
The following is an example of respectively sending indication information including a proportion of creating resources to each cluster corresponding to the user's right:
Figure BDA0001820232990000071
in this example, a scale distribution policy is defined, named DISTRIBUTIONL, which defines a 5: 3: 2 distribution of user requested resource objects by the Hangzhou, Shanghai, Beijing cluster.
The distribution policy includes creating a resource in a designated cluster corresponding to the user's permissions;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to a specified cluster corresponding to the user's right.
The following is one example of specifying a cluster distribution policy:
Figure BDA0001820232990000072
in the example, a designated cluster distribution policy named distribution2 is defined that specifies two Hangzhou and Shanghai clusters, and the distribution policy controller component creates a copy of the resource object that references the distribution policy in both Hangzhou and Shanghai clusters. And simultaneously monitoring the spec.available field of the cluster resource object by the distribution strategy controller component, and updating all the distribution strategies containing the cluster when the field is false. The distribution policy controller component will constantly monitor the change of the distributionStrategy resource object and then adjust the distribution of the resource object among each kubernets sub-cluster according to the distribution policy.
The control policies include migration policies for load migration between clusters;
the authentication, authorization and policy controller component is specifically configured to control load migration between clusters according to the migration policy.
The cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that a load of a cluster reaches or exceeds a load threshold;
the authentication authorization and policy controller component is specifically configured to send an indication of migrating load to a cluster whose load meets or exceeds a load threshold.
In this embodiment, the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that a load of a cluster reaches or exceeds a load threshold; the authentication authorization and policy controller component is specifically configured to send an indication of migrating load to a cluster whose load meets or exceeds a load threshold.
The cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that time for migrating loads arrives;
the authentication authorization and policy controller component is specifically configured to send an indication of the migration load to the specified cluster when the time of migration load arrives.
In this embodiment, the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that the time for migrating loads arrives;
the authentication authorization and policy controller component is specifically configured to send an indication of the migration load to the specified cluster when the time of migration load arrives.
The cluster state controller component is specifically configured to obtain a trigger for migrating a load, and instruct the authentication authorization and policy controller component to control load migration between clusters according to the trigger;
the authentication authorization and policy controller component is specifically configured to send instruction information of the migration load to a cluster specified when the trigger of the migration load is obtained.
In this embodiment, the cluster state controller component is specifically configured to obtain a trigger for migrating a load, and instruct the authentication authorization and policy controller component to control load migration between clusters according to the trigger;
the authentication authorization and policy controller component is specifically configured to send instruction information of the migration load to a cluster specified when the trigger of the migration load is obtained.
The cluster state controller component 102 is configured to obtain state information of a cluster, and trigger the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
The cluster state controller component is specifically configured to obtain at least one of health state information of a cluster and load information of the cluster, and trigger the authentication authorization and policy controller component to control the cluster according to the at least one of the health state information of the cluster and the load information of the cluster.
In this embodiment, the health status information of the cluster may refer to whether each node in the cluster works normally.
The cluster state controller component is also used for updating the authority of the user and providing the updated authority of the user for the authentication authorization and policy controller component.
In this embodiment, the cluster state controller component is further configured to update the authority of the user, and provide the updated authority of the user to the authentication authorization and policy controller component.
In this embodiment, the apparatus further includes: the DNS controller component is used for obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
In this embodiment, the DNS controller component is configured to manage a correspondence between a service name and a network address in a cluster.
The cluster is a Kubernetes cluster.
Kubernetes is a currently common container editing tool.
The authentication authorization and policy controller component is implemented by the policy resource object, which is obtained by using a customized resource object of Kubernetes.
In this embodiment, the authentication authorization and the policy controller component are obtained by defining a policy resource object (policy.
The cluster state controller component is implemented by the cluster resource object, which is obtained by using a customized resource object of Kubernetes.
Fig. 2 is a flow chart of the work flow between the cluster state controller and the kubernets sub-cluster and the apiserver, and a user firstly needs to create a cluster resource object through kubecect in the cluster joint control plane.
An example of a definition of a cluster.
Figure BDA0001820232990000091
Figure BDA0001820232990000101
One kubernets sub-cluster only corresponds to one cluster.
The DNS controller component is implemented by the domain name resolution service resource object, which is obtained by using a customized resource object of Kubernetes.
In this embodiment, a domain name resolution service resource object (dns. union. kubernets. io) is defined, so as to obtain a domain name service controller component.
And the DNS (domain name service) controller component is used for maintaining a cloud resolution record of the LoadBalancer type service resource object in the cloud resolution service of the cloud platform through the domain name resolution service resource object, and realizing transparent access among external services of the Kubernets sub-group by inquiring the cloud resolution record.
The cloud resolution service of the cloud platform comprises at least one of cloud resolution services of Array cloud, clouddns of Google cloud, route53 of AWS and the like.
In this embodiment, the authentication authorization and policy controller component, the cluster state controller component, and the domain name service controller component form a kubernets cluster joint control plane.
The present embodiment may perform deployment of the cluster joint control plane according to the following steps: 1) a Kubernets central cluster is deployed and only comprises three Kubernets components of kube-apiserver, etcd and kubel. 2) Acquiring all admin authentication files kubeconfig to be registered in a kubernets sub-cluster of a cluster union system comprising a kubernets central cluster and a kubernets sub-cluster, and creating a configmap resource object as data, wherein the configmap resource object is used for being mounted in three components of a central-level cluster union control plane so as to enable the three components to access the kubernets sub-cluster. 3) Because kubernets centric clusters do not contain a kube-controller-manager component, the cluster state controller component, the authentication authorization and policy controller component, and the DNS (domain name service) controller component need to be started by specifying the node on which each component runs.
In this embodiment, the kubernets central cluster implements three resource objects, namely, a cluster resource object (cluster. unity. kubernets. io), a policy resource object (policy. unity. kubernets. io) and a domain name resolution service resource object (dns. unity. kubernets. io), through a Custom Resource Definition (CRD) of kubernets;
cluster.union.kubernets.io corresponds to a kubernets sub-cluster;
the policy.union.kubernets.io corresponds to a kubernets cluster user;
one service of LoadBalancer type corresponds to dns.
The CRD characteristic based on Kubernetes provided by the embodiment directly designs the API of the control plane and develops the corresponding controller, so that the development workload is small and more controllable, and the system is more stable and reliable.
Fig. 3 is a diagram of a cluster system using a cluster control apparatus scheme provided in the present application.
A second embodiment of the present application provides a cluster control system, which is characterized by including a cluster control apparatus and a controlled cluster;
the cluster control device comprises an authentication authorization and policy controller component and a cluster state controller component; the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy; the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster;
and the controlled cluster is used for receiving the control of the cluster control device.
As shown in fig. 3, the cluster control device may be disposed in a central-level kubernets cluster, and specifically, may be disposed in a cluster joint control plane of the central-level kubernets cluster, and the controlled cluster is a kubernets sub-cluster, such as the kubernets cluster in hangzhou, the kubernets cluster in shanghai, and the kubernets cluster in beijing shown in fig. 3.
A third embodiment of the present application provides a cluster control method, please refer to fig. 4, which is an implementation flowchart of the cluster control method, where the implementation method includes the following steps:
step S401: the user's rights are verified.
This step is used to verify the user's rights.
Step S402: and determining a cluster corresponding to the user authority.
This step is used to determine the cluster corresponding to the user's right.
Step S403: a control strategy for controlling the cluster is obtained.
This step is used to obtain a control strategy for controlling the cluster.
The control policy comprises a distribution policy for creating resources in a cluster;
the controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy comprises the following steps: and creating resources in the cluster corresponding to the user authority according to the distribution strategy.
The distribution strategy comprises strategy information of respectively creating a same resource in each cluster corresponding to the user authority;
and respectively sending indication information for creating a resource to each cluster corresponding to the user authority.
The distribution strategy comprises strategy information of creating the proportion of resources in each cluster corresponding to the user authority;
and respectively sending indication information comprising the proportion of creating the resources to each cluster corresponding to the authority of the user.
The proportional distribution strategy is only applicable to four types of resource objects, namely, Deployment, ReplicationController, ReplicaSet and StatefUlSet.
The following is an example of a proportional distribution strategy:
Figure BDA0001820232990000121
in this example, a scale distribution policy is defined, named DISTRIBUTIONL, which defines a 5: 3: 2 distribution of user requested resource objects by the Hangzhou, Shanghai, Beijing cluster.
The distribution strategy comprises the steps of creating resources in a designated cluster corresponding to the user authority;
and sending indication information for creating the resources to the specified cluster corresponding to the user authority.
The following is one example of specifying a cluster distribution policy:
Figure BDA0001820232990000131
in the example, a designated cluster distribution policy named distribution2 is defined that specifies two Hangzhou and Shanghai clusters, and the distribution policy controller component creates a copy of the resource object that references the distribution policy in both Hangzhou and Shanghai clusters. And simultaneously monitoring the spec.available field of the cluster resource object by the distribution strategy controller component, and updating all the distribution strategies containing the cluster when the field is false. The distribution policy controller component will constantly monitor the change of the distributionStrategy resource object and then adjust the distribution of the resource object among each kubernets sub-cluster according to the distribution policy.
The control policies include migration policies for load migration between clusters;
and controlling load migration among the clusters according to the migration strategy.
The controlling load migration between clusters according to the migration policy includes:
when the load of the clusters is determined to reach or exceed the load threshold, triggering to control load migration among the clusters;
and respectively sending out indication information of migrating the workload to the cluster with the load reaching or exceeding the load threshold value and the cluster capable of increasing the load.
The controlling load migration between clusters according to the migration policy includes:
triggering the authentication authorization and policy controller component to control load migration between clusters when the time for migrating the workload is determined to arrive;
the authentication authorization and policy controller component is specifically configured to send instruction information for migrating workloads to a specified cluster.
The controlling load migration between clusters according to the migration policy includes:
and acquiring the trigger of the migration workload, and controlling the load migration among the clusters according to the trigger instruction.
Step S404: and controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy.
The step is used for controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy.
In this embodiment, the cluster control method further includes: the method comprises the steps of obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
The cluster is a Kubernetes cluster.
A fourth embodiment of the present application provides an electronic apparatus, including:
a processor;
a memory for storing a program that, when read and executed by the processor, performs the following:
verifying the authority of the user, generating a control strategy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy:
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
A fifth embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
Although the present application has been described with reference to the preferred embodiments, it is not intended to limit the present application, and those skilled in the art can make variations and modifications without departing from the spirit and scope of the present application, therefore, the scope of the present application should be determined by the claims that follow.
In a typical configuration, a computing device includes one or more operators (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
1. Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
2. As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Claims (31)

1. A cluster control device is characterized by comprising an authentication authorization and policy controller component and a cluster state controller component;
the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy;
and the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
2. The apparatus of claim 1, wherein the control policy comprises a distribution policy for creating resources in a cluster;
the authentication authorization and policy controller component is specifically configured to create resources in a cluster corresponding to the user's permission according to the distribution policy.
3. The apparatus according to claim 2, wherein the distribution policy includes policy information for creating a same resource in each cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to each cluster corresponding to the user's right.
4. The apparatus of claim 2, wherein the distribution policy comprises policy information for creating a proportion of resources in each cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send indication information including a proportion of created resources to each cluster corresponding to the user's right.
5. The apparatus of claim 2, wherein the distribution policy comprises creating a resource in a designated cluster corresponding to the user's privileges;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to a specified cluster corresponding to the user's right.
6. The apparatus of claim 1, wherein the control policy comprises a migration policy for load migration between clusters;
the authentication, authorization and policy controller component is specifically configured to control load migration between clusters according to the migration policy.
7. The apparatus of claim 6, wherein the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters upon determining that a load of a cluster meets or exceeds a load threshold;
the authentication authorization and policy controller component is specifically configured to send an indication of migrating load to a cluster whose load meets or exceeds a load threshold.
8. The apparatus of claim 6, wherein the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters upon determining that a time to migrate a load has arrived;
the authentication authorization and policy controller component is specifically configured to send an indication of the migration load to the specified cluster when the time of migration load arrives.
9. The apparatus of claim 6, wherein the cluster state controller component is specifically configured to obtain a trigger to migrate the load, and to instruct the authentication authorization and policy controller component to control load migration between clusters according to the trigger;
the authentication authorization and policy controller component is specifically configured to send instruction information of the migration load to a cluster specified when the trigger of the migration load is obtained.
10. The apparatus according to claim 1, wherein the cluster state controller component is specifically configured to obtain at least one of health status information of a cluster and load information of the cluster, and trigger the authentication authorization and policy controller component to control the cluster according to the at least one of the health status information of the cluster and the load information of the cluster.
11. The apparatus of claim 1, wherein the cluster state controller component is further configured to update the user's rights, and provide the updated user's rights to the authentication authorization and policy controller component.
12. The apparatus of claim 1, further comprising: the DNS controller component is used for obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
13. The apparatus of claim 1, wherein the cluster is a kubernets cluster.
14. The apparatus of claim 13, wherein the authentication authorization and policy controller component is implemented via a policy resource object obtained using a customized resource object of Kubernetes.
15. The apparatus of claim 13 wherein the cluster state controller component is implemented via a cluster resource object obtained using a customized resource object of Kubernetes.
16. The apparatus of claim 10, wherein the DNS controller component is implemented via a domain name resolution service resource object obtained using a customized resource object of Kubernetes.
17. A cluster control system is characterized by comprising a cluster control device and a controlled cluster;
the cluster control device comprises an authentication authorization and policy controller component and a cluster state controller component; the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy; the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster;
and the controlled cluster is used for receiving the control of the cluster control device.
18. The cluster control system of claim 17, wherein the cluster control device is disposed in a central-level kubernets cluster, and wherein the controlled cluster is a kubernets sub-cluster.
19. A cluster control method, comprising:
verifying the authority of the user;
determining a cluster corresponding to the user authority;
obtaining a control strategy for controlling the cluster;
and controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy.
20. The cluster control method of claim 19, wherein the control policy comprises a distribution policy for creating resources in a cluster;
the controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy comprises the following steps: and creating resources in the cluster corresponding to the user authority according to the distribution strategy.
21. The cluster control method according to claim 20, wherein the distribution policy includes policy information for creating a same resource in each cluster corresponding to the user's right;
the creating of the resource in the cluster corresponding to the user authority according to the distribution strategy comprises: and respectively sending instruction information for creating a resource to each cluster corresponding to the user authority according to the distribution strategy.
22. The cluster control method of claim 20, wherein the distribution policy includes policy information for creating a proportion of resources in each cluster corresponding to the user's right;
and according to the distribution strategy, creating resources in the cluster corresponding to the user authority: and respectively sending indication information comprising the proportion of creating resources to each cluster corresponding to the authority of the user according to the distribution strategy.
23. The method of claim 20, wherein the distribution policy comprises creating resources in a designated cluster corresponding to the user's rights;
the creating of the resource in the cluster corresponding to the user authority according to the distribution strategy comprises: and sending instruction information for creating resources to the appointed cluster corresponding to the user authority according to the distribution strategy.
24. The cluster control method of claim 19, wherein the control policies include a migration policy for load migration between clusters;
the controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy comprises the following steps: and controlling load migration among the clusters according to the migration strategy.
25. The method according to claim 24, wherein the controlling load migration between clusters according to the migration policy comprises:
when the load of the clusters is determined to reach or exceed the load threshold, triggering to control load migration among the clusters;
and respectively sending out indication information of migrating the workload to the cluster with the load reaching or exceeding the load threshold value and the cluster capable of increasing the load.
26. The method according to claim 24, wherein the controlling load migration between clusters according to the migration policy comprises:
triggering the authentication authorization and policy controller component to control load migration between clusters when the time for migrating the workload is determined to arrive;
the authentication authorization and policy controller component is specifically configured to send instruction information for migrating workloads to a specified cluster.
27. The method according to claim 24, wherein the controlling load migration between clusters according to the migration policy comprises:
acquiring triggering of migration workload, and controlling load migration among clusters according to the triggering indication;
and sending out the indication information of the migration workload to the specified cluster.
28. The cluster control method of claim 19, further comprising: the method comprises the steps of obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
29. The method of claim 28, wherein the cluster is a kubernets cluster.
30. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing a program that, when read and executed by the processor, performs the following:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
31. A computer-readable storage medium having a computer program stored thereon, the program, when executed by a processor, performing the steps of:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
CN201811166186.2A 2018-09-30 2018-09-30 Cluster control device, system and method Pending CN110971646A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811166186.2A CN110971646A (en) 2018-09-30 2018-09-30 Cluster control device, system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811166186.2A CN110971646A (en) 2018-09-30 2018-09-30 Cluster control device, system and method

Publications (1)

Publication Number Publication Date
CN110971646A true CN110971646A (en) 2020-04-07

Family

ID=70028239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811166186.2A Pending CN110971646A (en) 2018-09-30 2018-09-30 Cluster control device, system and method

Country Status (1)

Country Link
CN (1) CN110971646A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112099911A (en) * 2020-08-28 2020-12-18 中国—东盟信息港股份有限公司 Method for constructing dynamic resource access controller based on Kubernetes
CN112217790A (en) * 2020-09-02 2021-01-12 浪潮云信息技术股份公司 Method and system for realizing Kubernetes authentication and authorization functions
CN112422555A (en) * 2020-11-17 2021-02-26 四川长虹电器股份有限公司 Kubernetes-based resource authority management system and method for distributed system
CN113923023A (en) * 2021-10-09 2022-01-11 京东科技信息技术有限公司 Authority configuration and data processing method, device, electronic equipment and medium
CN115398502A (en) * 2020-04-21 2022-11-25 哲库科技有限公司 Data plane scalable architecture for wireless communications
WO2022247359A1 (en) * 2021-05-27 2022-12-01 北京百度网讯科技有限公司 Cluster access method and apparatus, electronic device, and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6675217B1 (en) * 2000-07-06 2004-01-06 Microsoft Corporation Recovery of cluster consistency following failover
CN107645713A (en) * 2016-07-21 2018-01-30 中国移动通信集团安徽有限公司 A kind of method of calling, across cluster cornet server and the network equipment
CN108009016A (en) * 2016-10-31 2018-05-08 华为技术有限公司 A kind of balancing resource load control method and colony dispatching device
CN108462746A (en) * 2018-03-14 2018-08-28 广州西麦科技股份有限公司 A kind of container dispositions method and framework based on openstack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6675217B1 (en) * 2000-07-06 2004-01-06 Microsoft Corporation Recovery of cluster consistency following failover
CN107645713A (en) * 2016-07-21 2018-01-30 中国移动通信集团安徽有限公司 A kind of method of calling, across cluster cornet server and the network equipment
CN108009016A (en) * 2016-10-31 2018-05-08 华为技术有限公司 A kind of balancing resource load control method and colony dispatching device
CN108462746A (en) * 2018-03-14 2018-08-28 广州西麦科技股份有限公司 A kind of container dispositions method and framework based on openstack

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周佳威: "Kubernetes跨集群管理的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115398502A (en) * 2020-04-21 2022-11-25 哲库科技有限公司 Data plane scalable architecture for wireless communications
CN115398502B (en) * 2020-04-21 2023-10-13 哲库科技(上海)有限公司 Data plane scalable architecture for wireless communications
CN112099911A (en) * 2020-08-28 2020-12-18 中国—东盟信息港股份有限公司 Method for constructing dynamic resource access controller based on Kubernetes
CN112099911B (en) * 2020-08-28 2024-02-13 中国—东盟信息港股份有限公司 Method for constructing dynamic resource access controller based on Kubernetes
CN112217790A (en) * 2020-09-02 2021-01-12 浪潮云信息技术股份公司 Method and system for realizing Kubernetes authentication and authorization functions
CN112422555A (en) * 2020-11-17 2021-02-26 四川长虹电器股份有限公司 Kubernetes-based resource authority management system and method for distributed system
CN112422555B (en) * 2020-11-17 2022-02-01 四川长虹电器股份有限公司 Kubernetes-based resource authority management system and method for distributed system
WO2022247359A1 (en) * 2021-05-27 2022-12-01 北京百度网讯科技有限公司 Cluster access method and apparatus, electronic device, and medium
CN113923023A (en) * 2021-10-09 2022-01-11 京东科技信息技术有限公司 Authority configuration and data processing method, device, electronic equipment and medium
CN113923023B (en) * 2021-10-09 2024-04-05 京东科技信息技术有限公司 Authority configuration and data processing method, device, electronic equipment and medium

Similar Documents

Publication Publication Date Title
CN110971646A (en) Cluster control device, system and method
CN112119374B (en) Selectively providing mutual transport layer security using alternate server names
CN108427886B (en) Method, system, device and readable medium for setting access authority of application program
US10659523B1 (en) Isolating compute clusters created for a customer
KR102508177B1 (en) Credentialless external stage for database integration
CN109656879B (en) Big data resource management method, device, equipment and storage medium
US11948014B2 (en) Multi-tenant control plane management on computing platform
US9886398B2 (en) Implicit sharing in storage management
US10372483B2 (en) Mapping tenat groups to identity management classes
US11245600B2 (en) System and method for processing network data
US20180067951A1 (en) Computer-implemented object management via tags
US20200186438A1 (en) Simplified cloud-based enterprise mobility management provisioning
CN108920111B (en) Data sharing method and distributed data sharing system
US20170019455A1 (en) Service onboarding
CN110245031B (en) AI service opening middle platform and method
US20220329651A1 (en) Apparatus for container orchestration in geographically distributed multi-cloud environment and method using the same
CN109614159B (en) Method and device for distributing and importing planning tasks
CN114239055A (en) Distributed database multi-tenant isolation method and system
US10942787B2 (en) Instance mapping engine and tools
US10397071B2 (en) Automated deployment of cloud-hosted, distributed network monitoring agents
US11644876B2 (en) Data analytics for mitigation of data center thermal issues
US10817597B2 (en) Operational scoping with access restrictions
US20200150979A1 (en) Instance mapping engine and tools
US10116701B2 (en) Device-type based content management
CN114692172A (en) User request processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200407