CN110971646A - Cluster control device, system and method - Google Patents
Cluster control device, system and method Download PDFInfo
- Publication number
- CN110971646A CN110971646A CN201811166186.2A CN201811166186A CN110971646A CN 110971646 A CN110971646 A CN 110971646A CN 201811166186 A CN201811166186 A CN 201811166186A CN 110971646 A CN110971646 A CN 110971646A
- Authority
- CN
- China
- Prior art keywords
- cluster
- policy
- controller component
- control
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1031—Controlling of the operation of servers by a load balancer, e.g. adding or removing servers that serve requests
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a cluster control device, a cluster control system and a cluster control method. The cluster control device comprises an authentication authorization and policy controller component and a cluster state controller component; the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy; and the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster. By adopting the cluster control device provided by the application, the problem that in the prior art, a plurality of clusters have a plurality of cluster management inlets and the management is complex is solved.
Description
Technical Field
The present application relates to the field of cloud computing, and in particular, to a cluster control management apparatus, system, and method.
Background
Currently, kubernets are commonly deployed to operate in an available area of a single data center or cloud service provider because of the need for a relatively high performance, reliable, and inexpensive network within a kubernets cluster. High performance networks also mean that kubernets clusters must be deployed in a single data center or in one availability area of the same service provider, so currently each kubernets cluster is a relatively independent unit, usually operating in a single availability area of a separate data center or cloud provider.
A large enterprise will usually have multiple kubernets clusters, such as one cluster for each data center, one cluster for each test development, and one cluster for different cloud service providers. Multiple kubernets cluster have multiple kubernets cluster management entries, which brings complexity in management and lack of uniform scheduling planning of resources. Thus, federation across multiple kubernets clusters across multiple geographic regions is an urgent problem to be solved.
Disclosure of Invention
The application provides a cluster control device, a cluster control system, a cluster control method, an electronic device and a computer readable storage medium, which are used for solving the problem of complex management caused by a plurality of clusters having a plurality of cluster management inlets.
The application provides a cluster control device, which comprises an authentication authorization and policy controller component and a cluster state controller component;
the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy;
and the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
Optionally, the control policy includes a distribution policy for creating resources in the cluster;
the authentication authorization and policy controller component is specifically configured to create resources in a cluster corresponding to the user's permission according to the distribution policy.
Optionally, the distribution policy includes policy information for creating a same resource in each cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to each cluster corresponding to the user's right.
Optionally, the distribution policy includes policy information of a ratio of resources created in each cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send indication information including a proportion of created resources to each cluster corresponding to the user's right.
Optionally, the distribution policy includes creating a resource in a specified cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to a specified cluster corresponding to the user's right.
Optionally, the control policy includes a migration policy for load migration between clusters;
the authentication, authorization and policy controller component is specifically configured to control load migration between clusters according to the migration policy.
Optionally, the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that a load of a cluster reaches or exceeds a load threshold;
the authentication authorization and policy controller component is specifically configured to send an indication of migrating load to a cluster whose load meets or exceeds a load threshold.
Optionally, the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that the time for migrating the load arrives;
the authentication authorization and policy controller component is specifically configured to send an indication of the migration load to the specified cluster when the time of migration load arrives.
Optionally, the cluster state controller component is specifically configured to obtain a trigger for migrating a load, and instruct, according to the trigger, the authentication authorization and policy controller component to control load migration between clusters;
the authentication authorization and policy controller component is specifically configured to send instruction information of the migration load to a cluster specified when the trigger of the migration load is obtained.
Optionally, the cluster state controller component is specifically configured to obtain at least one of health state information of a cluster and load information of the cluster, and trigger the authentication authorization and policy controller component to control the cluster according to the at least one of the health state information of the cluster and the load information of the cluster.
Optionally, the cluster state controller component is further configured to update the authority of the user, and provide the updated authority of the user to the authentication authorization and policy controller component.
Optionally, the method further includes: the DNS controller component is used for obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
Optionally, the cluster is a kubernets cluster.
Optionally, the authentication authorization and policy controller component is implemented by the policy resource object, and the policy resource object is obtained by using a customized resource object of Kubernetes.
Optionally, the cluster state controller component is implemented by the cluster resource object, and the cluster resource object is obtained by using a customized resource object of kubernets.
Optionally, the DNS controller component is implemented by the domain name resolution service resource object, and the domain name resolution service resource object is obtained by using a customized resource object of Kubernetes.
The application provides a cluster control system, which comprises a cluster control device and a controlled cluster;
the cluster control device comprises an authentication authorization and policy controller component and a cluster state controller component; the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy; the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster;
and the controlled cluster is used for receiving the control of the cluster control device.
Optionally, the cluster control device is disposed in a central-level kubernets cluster, and the controlled cluster is a kubernets sub-cluster.
The application provides a cluster control method, which comprises the following steps:
verifying the authority of the user;
determining a cluster corresponding to the user authority;
obtaining a control strategy for controlling the cluster;
and controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy.
Optionally, the control policy includes a distribution policy for creating resources in the cluster;
the controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy comprises the following steps: and creating resources in the cluster corresponding to the user authority according to the distribution strategy.
Optionally, the distribution policy includes policy information for creating a same resource in each cluster corresponding to the user's right;
and respectively sending indication information for creating a resource to each cluster corresponding to the user authority.
Optionally, the distribution policy includes policy information of a ratio of resources created in each cluster corresponding to the user's right;
and respectively sending indication information comprising the proportion of creating the resources to each cluster corresponding to the authority of the user.
Optionally, the distribution policy includes creating a resource in a designated cluster corresponding to the user's right;
and sending indication information for creating the resources to the specified cluster corresponding to the user authority.
Optionally, the control policy includes a migration policy for load migration between clusters;
and controlling load migration among the clusters according to the migration strategy.
Optionally, the controlling load migration between clusters according to the migration policy includes:
when the load of the clusters is determined to reach or exceed the load threshold, triggering to control load migration among the clusters;
and respectively sending out indication information of migrating the workload to the cluster with the load reaching or exceeding the load threshold value and the cluster capable of increasing the load.
Optionally, the controlling load migration between clusters according to the migration policy includes:
triggering the authentication authorization and policy controller component to control load migration between clusters when the time for migrating the workload is determined to arrive;
the authentication authorization and policy controller component is specifically configured to send instruction information for migrating workloads to a specified cluster.
Optionally, the controlling load migration between clusters according to the migration policy includes:
acquiring triggering of migration workload, and controlling load migration among clusters according to the triggering indication;
and sending out the indication information of the migration workload to the specified cluster.
Optionally, the method further includes: the method comprises the steps of obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
Optionally, the cluster is a kubernets cluster.
The application provides an electronic device, the electronic device includes:
a processor;
a memory for storing a program that, when read and executed by the processor, performs the following:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
The present application provides a computer-readable storage medium having a computer program stored thereon, wherein the program, when executed by a processor, implements the steps of:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
Compared with the prior art, the method has the following advantages:
by adopting the cluster control device provided by the application, the authority of a user is verified by utilizing the authentication authorization and policy controller component, a control policy for controlling the cluster is generated, and the cluster corresponding to the authority of the user is controlled according to the triggering of the cluster state controller component and the control policy; acquiring the state information of a cluster by using a cluster state controller component, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster; unified management and control of a plurality of clusters are realized, the multi-cluster management operation and maintenance burden is reduced, and the utilization rate of resources is saved. Therefore, the problem that in the prior art, a plurality of clusters are provided with a plurality of cluster management inlets, so that management is complex is solved.
Drawings
Fig. 1 is a flowchart of a cluster control apparatus according to a first embodiment of the present application;
FIG. 2 is a flowchart of the work between the cluster state controller and the sub-cluster and the apiserver according to the first embodiment of the present application;
fig. 3 is a schematic application diagram of a management system of a cluster according to a first embodiment of the present application;
fig. 4 is a flowchart illustrating a cluster control method according to a third embodiment of the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of implementation in many different ways than those herein set forth and of similar import by those skilled in the art without departing from the spirit of this application and is therefore not limited to the specific implementations disclosed below.
A first embodiment of the present application provides a cluster control apparatus. Please refer to fig. 1, which is a flowchart illustrating a first embodiment of the present application. A cluster control apparatus according to a first embodiment of the present application is described in detail below with reference to fig. 1. The apparatus comprises an authentication authorization and policy controller component 101 and a cluster state controller component 102.
The authentication authorization and policy controller component 101 is configured to verify the authority of the user, generate a control policy for controlling a cluster, and control the cluster corresponding to the authority of the user according to the trigger of the cluster state controller component and the control policy.
In this embodiment, the authentication authorization and policy controller component may be deployed in a central cluster, and configured to verify a right of a user, generate a control policy for controlling the cluster, and control the cluster corresponding to the right of the user according to the trigger of the cluster state controller component and the control policy.
The control policy comprises a distribution policy for creating resources in a cluster;
the authentication authorization and policy controller component is specifically configured to create resources in a cluster corresponding to the user's permission according to the distribution policy.
In this embodiment, the cluster corresponding to the authority of the user refers to a cluster in which the user has the authority.
The distribution strategy comprises strategy information of respectively creating a same resource in each cluster corresponding to the user authority;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to each cluster corresponding to the user's right.
The distribution strategy comprises strategy information of creating the proportion of resources in each cluster corresponding to the user authority;
the authentication authorization and policy controller component is specifically configured to send indication information including a proportion of created resources to each cluster corresponding to the user's right.
The following is an example of respectively sending indication information including a proportion of creating resources to each cluster corresponding to the user's right:
in this example, a scale distribution policy is defined, named DISTRIBUTIONL, which defines a 5: 3: 2 distribution of user requested resource objects by the Hangzhou, Shanghai, Beijing cluster.
The distribution policy includes creating a resource in a designated cluster corresponding to the user's permissions;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to a specified cluster corresponding to the user's right.
The following is one example of specifying a cluster distribution policy:
in the example, a designated cluster distribution policy named distribution2 is defined that specifies two Hangzhou and Shanghai clusters, and the distribution policy controller component creates a copy of the resource object that references the distribution policy in both Hangzhou and Shanghai clusters. And simultaneously monitoring the spec.available field of the cluster resource object by the distribution strategy controller component, and updating all the distribution strategies containing the cluster when the field is false. The distribution policy controller component will constantly monitor the change of the distributionStrategy resource object and then adjust the distribution of the resource object among each kubernets sub-cluster according to the distribution policy.
The control policies include migration policies for load migration between clusters;
the authentication, authorization and policy controller component is specifically configured to control load migration between clusters according to the migration policy.
The cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that a load of a cluster reaches or exceeds a load threshold;
the authentication authorization and policy controller component is specifically configured to send an indication of migrating load to a cluster whose load meets or exceeds a load threshold.
In this embodiment, the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that a load of a cluster reaches or exceeds a load threshold; the authentication authorization and policy controller component is specifically configured to send an indication of migrating load to a cluster whose load meets or exceeds a load threshold.
The cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that time for migrating loads arrives;
the authentication authorization and policy controller component is specifically configured to send an indication of the migration load to the specified cluster when the time of migration load arrives.
In this embodiment, the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters when it is determined that the time for migrating loads arrives;
the authentication authorization and policy controller component is specifically configured to send an indication of the migration load to the specified cluster when the time of migration load arrives.
The cluster state controller component is specifically configured to obtain a trigger for migrating a load, and instruct the authentication authorization and policy controller component to control load migration between clusters according to the trigger;
the authentication authorization and policy controller component is specifically configured to send instruction information of the migration load to a cluster specified when the trigger of the migration load is obtained.
In this embodiment, the cluster state controller component is specifically configured to obtain a trigger for migrating a load, and instruct the authentication authorization and policy controller component to control load migration between clusters according to the trigger;
the authentication authorization and policy controller component is specifically configured to send instruction information of the migration load to a cluster specified when the trigger of the migration load is obtained.
The cluster state controller component 102 is configured to obtain state information of a cluster, and trigger the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
The cluster state controller component is specifically configured to obtain at least one of health state information of a cluster and load information of the cluster, and trigger the authentication authorization and policy controller component to control the cluster according to the at least one of the health state information of the cluster and the load information of the cluster.
In this embodiment, the health status information of the cluster may refer to whether each node in the cluster works normally.
The cluster state controller component is also used for updating the authority of the user and providing the updated authority of the user for the authentication authorization and policy controller component.
In this embodiment, the cluster state controller component is further configured to update the authority of the user, and provide the updated authority of the user to the authentication authorization and policy controller component.
In this embodiment, the apparatus further includes: the DNS controller component is used for obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
In this embodiment, the DNS controller component is configured to manage a correspondence between a service name and a network address in a cluster.
The cluster is a Kubernetes cluster.
Kubernetes is a currently common container editing tool.
The authentication authorization and policy controller component is implemented by the policy resource object, which is obtained by using a customized resource object of Kubernetes.
In this embodiment, the authentication authorization and the policy controller component are obtained by defining a policy resource object (policy.
The cluster state controller component is implemented by the cluster resource object, which is obtained by using a customized resource object of Kubernetes.
Fig. 2 is a flow chart of the work flow between the cluster state controller and the kubernets sub-cluster and the apiserver, and a user firstly needs to create a cluster resource object through kubecect in the cluster joint control plane.
An example of a definition of a cluster.
One kubernets sub-cluster only corresponds to one cluster.
The DNS controller component is implemented by the domain name resolution service resource object, which is obtained by using a customized resource object of Kubernetes.
In this embodiment, a domain name resolution service resource object (dns. union. kubernets. io) is defined, so as to obtain a domain name service controller component.
And the DNS (domain name service) controller component is used for maintaining a cloud resolution record of the LoadBalancer type service resource object in the cloud resolution service of the cloud platform through the domain name resolution service resource object, and realizing transparent access among external services of the Kubernets sub-group by inquiring the cloud resolution record.
The cloud resolution service of the cloud platform comprises at least one of cloud resolution services of Array cloud, clouddns of Google cloud, route53 of AWS and the like.
In this embodiment, the authentication authorization and policy controller component, the cluster state controller component, and the domain name service controller component form a kubernets cluster joint control plane.
The present embodiment may perform deployment of the cluster joint control plane according to the following steps: 1) a Kubernets central cluster is deployed and only comprises three Kubernets components of kube-apiserver, etcd and kubel. 2) Acquiring all admin authentication files kubeconfig to be registered in a kubernets sub-cluster of a cluster union system comprising a kubernets central cluster and a kubernets sub-cluster, and creating a configmap resource object as data, wherein the configmap resource object is used for being mounted in three components of a central-level cluster union control plane so as to enable the three components to access the kubernets sub-cluster. 3) Because kubernets centric clusters do not contain a kube-controller-manager component, the cluster state controller component, the authentication authorization and policy controller component, and the DNS (domain name service) controller component need to be started by specifying the node on which each component runs.
In this embodiment, the kubernets central cluster implements three resource objects, namely, a cluster resource object (cluster. unity. kubernets. io), a policy resource object (policy. unity. kubernets. io) and a domain name resolution service resource object (dns. unity. kubernets. io), through a Custom Resource Definition (CRD) of kubernets;
cluster.union.kubernets.io corresponds to a kubernets sub-cluster;
the policy.union.kubernets.io corresponds to a kubernets cluster user;
one service of LoadBalancer type corresponds to dns.
The CRD characteristic based on Kubernetes provided by the embodiment directly designs the API of the control plane and develops the corresponding controller, so that the development workload is small and more controllable, and the system is more stable and reliable.
Fig. 3 is a diagram of a cluster system using a cluster control apparatus scheme provided in the present application.
A second embodiment of the present application provides a cluster control system, which is characterized by including a cluster control apparatus and a controlled cluster;
the cluster control device comprises an authentication authorization and policy controller component and a cluster state controller component; the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy; the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster;
and the controlled cluster is used for receiving the control of the cluster control device.
As shown in fig. 3, the cluster control device may be disposed in a central-level kubernets cluster, and specifically, may be disposed in a cluster joint control plane of the central-level kubernets cluster, and the controlled cluster is a kubernets sub-cluster, such as the kubernets cluster in hangzhou, the kubernets cluster in shanghai, and the kubernets cluster in beijing shown in fig. 3.
A third embodiment of the present application provides a cluster control method, please refer to fig. 4, which is an implementation flowchart of the cluster control method, where the implementation method includes the following steps:
step S401: the user's rights are verified.
This step is used to verify the user's rights.
Step S402: and determining a cluster corresponding to the user authority.
This step is used to determine the cluster corresponding to the user's right.
Step S403: a control strategy for controlling the cluster is obtained.
This step is used to obtain a control strategy for controlling the cluster.
The control policy comprises a distribution policy for creating resources in a cluster;
the controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy comprises the following steps: and creating resources in the cluster corresponding to the user authority according to the distribution strategy.
The distribution strategy comprises strategy information of respectively creating a same resource in each cluster corresponding to the user authority;
and respectively sending indication information for creating a resource to each cluster corresponding to the user authority.
The distribution strategy comprises strategy information of creating the proportion of resources in each cluster corresponding to the user authority;
and respectively sending indication information comprising the proportion of creating the resources to each cluster corresponding to the authority of the user.
The proportional distribution strategy is only applicable to four types of resource objects, namely, Deployment, ReplicationController, ReplicaSet and StatefUlSet.
The following is an example of a proportional distribution strategy:
in this example, a scale distribution policy is defined, named DISTRIBUTIONL, which defines a 5: 3: 2 distribution of user requested resource objects by the Hangzhou, Shanghai, Beijing cluster.
The distribution strategy comprises the steps of creating resources in a designated cluster corresponding to the user authority;
and sending indication information for creating the resources to the specified cluster corresponding to the user authority.
The following is one example of specifying a cluster distribution policy:
in the example, a designated cluster distribution policy named distribution2 is defined that specifies two Hangzhou and Shanghai clusters, and the distribution policy controller component creates a copy of the resource object that references the distribution policy in both Hangzhou and Shanghai clusters. And simultaneously monitoring the spec.available field of the cluster resource object by the distribution strategy controller component, and updating all the distribution strategies containing the cluster when the field is false. The distribution policy controller component will constantly monitor the change of the distributionStrategy resource object and then adjust the distribution of the resource object among each kubernets sub-cluster according to the distribution policy.
The control policies include migration policies for load migration between clusters;
and controlling load migration among the clusters according to the migration strategy.
The controlling load migration between clusters according to the migration policy includes:
when the load of the clusters is determined to reach or exceed the load threshold, triggering to control load migration among the clusters;
and respectively sending out indication information of migrating the workload to the cluster with the load reaching or exceeding the load threshold value and the cluster capable of increasing the load.
The controlling load migration between clusters according to the migration policy includes:
triggering the authentication authorization and policy controller component to control load migration between clusters when the time for migrating the workload is determined to arrive;
the authentication authorization and policy controller component is specifically configured to send instruction information for migrating workloads to a specified cluster.
The controlling load migration between clusters according to the migration policy includes:
and acquiring the trigger of the migration workload, and controlling the load migration among the clusters according to the trigger instruction.
Step S404: and controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy.
The step is used for controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy.
In this embodiment, the cluster control method further includes: the method comprises the steps of obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
The cluster is a Kubernetes cluster.
A fourth embodiment of the present application provides an electronic apparatus, including:
a processor;
a memory for storing a program that, when read and executed by the processor, performs the following:
verifying the authority of the user, generating a control strategy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy:
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
A fifth embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
Although the present application has been described with reference to the preferred embodiments, it is not intended to limit the present application, and those skilled in the art can make variations and modifications without departing from the spirit and scope of the present application, therefore, the scope of the present application should be determined by the claims that follow.
In a typical configuration, a computing device includes one or more operators (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
1. Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
2. As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Claims (31)
1. A cluster control device is characterized by comprising an authentication authorization and policy controller component and a cluster state controller component;
the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy;
and the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
2. The apparatus of claim 1, wherein the control policy comprises a distribution policy for creating resources in a cluster;
the authentication authorization and policy controller component is specifically configured to create resources in a cluster corresponding to the user's permission according to the distribution policy.
3. The apparatus according to claim 2, wherein the distribution policy includes policy information for creating a same resource in each cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to each cluster corresponding to the user's right.
4. The apparatus of claim 2, wherein the distribution policy comprises policy information for creating a proportion of resources in each cluster corresponding to the user's right;
the authentication authorization and policy controller component is specifically configured to send indication information including a proportion of created resources to each cluster corresponding to the user's right.
5. The apparatus of claim 2, wherein the distribution policy comprises creating a resource in a designated cluster corresponding to the user's privileges;
the authentication authorization and policy controller component is specifically configured to send instruction information for creating a resource to a specified cluster corresponding to the user's right.
6. The apparatus of claim 1, wherein the control policy comprises a migration policy for load migration between clusters;
the authentication, authorization and policy controller component is specifically configured to control load migration between clusters according to the migration policy.
7. The apparatus of claim 6, wherein the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters upon determining that a load of a cluster meets or exceeds a load threshold;
the authentication authorization and policy controller component is specifically configured to send an indication of migrating load to a cluster whose load meets or exceeds a load threshold.
8. The apparatus of claim 6, wherein the cluster state controller component is specifically configured to trigger the authentication authorization and policy controller component to control load migration between clusters upon determining that a time to migrate a load has arrived;
the authentication authorization and policy controller component is specifically configured to send an indication of the migration load to the specified cluster when the time of migration load arrives.
9. The apparatus of claim 6, wherein the cluster state controller component is specifically configured to obtain a trigger to migrate the load, and to instruct the authentication authorization and policy controller component to control load migration between clusters according to the trigger;
the authentication authorization and policy controller component is specifically configured to send instruction information of the migration load to a cluster specified when the trigger of the migration load is obtained.
10. The apparatus according to claim 1, wherein the cluster state controller component is specifically configured to obtain at least one of health status information of a cluster and load information of the cluster, and trigger the authentication authorization and policy controller component to control the cluster according to the at least one of the health status information of the cluster and the load information of the cluster.
11. The apparatus of claim 1, wherein the cluster state controller component is further configured to update the user's rights, and provide the updated user's rights to the authentication authorization and policy controller component.
12. The apparatus of claim 1, further comprising: the DNS controller component is used for obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
13. The apparatus of claim 1, wherein the cluster is a kubernets cluster.
14. The apparatus of claim 13, wherein the authentication authorization and policy controller component is implemented via a policy resource object obtained using a customized resource object of Kubernetes.
15. The apparatus of claim 13 wherein the cluster state controller component is implemented via a cluster resource object obtained using a customized resource object of Kubernetes.
16. The apparatus of claim 10, wherein the DNS controller component is implemented via a domain name resolution service resource object obtained using a customized resource object of Kubernetes.
17. A cluster control system is characterized by comprising a cluster control device and a controlled cluster;
the cluster control device comprises an authentication authorization and policy controller component and a cluster state controller component; the authentication authorization and policy controller component is used for verifying the authority of the user, generating a control policy for controlling the cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control policy; the cluster state controller component is used for acquiring the state information of the cluster and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster;
and the controlled cluster is used for receiving the control of the cluster control device.
18. The cluster control system of claim 17, wherein the cluster control device is disposed in a central-level kubernets cluster, and wherein the controlled cluster is a kubernets sub-cluster.
19. A cluster control method, comprising:
verifying the authority of the user;
determining a cluster corresponding to the user authority;
obtaining a control strategy for controlling the cluster;
and controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy.
20. The cluster control method of claim 19, wherein the control policy comprises a distribution policy for creating resources in a cluster;
the controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy comprises the following steps: and creating resources in the cluster corresponding to the user authority according to the distribution strategy.
21. The cluster control method according to claim 20, wherein the distribution policy includes policy information for creating a same resource in each cluster corresponding to the user's right;
the creating of the resource in the cluster corresponding to the user authority according to the distribution strategy comprises: and respectively sending instruction information for creating a resource to each cluster corresponding to the user authority according to the distribution strategy.
22. The cluster control method of claim 20, wherein the distribution policy includes policy information for creating a proportion of resources in each cluster corresponding to the user's right;
and according to the distribution strategy, creating resources in the cluster corresponding to the user authority: and respectively sending indication information comprising the proportion of creating resources to each cluster corresponding to the authority of the user according to the distribution strategy.
23. The method of claim 20, wherein the distribution policy comprises creating resources in a designated cluster corresponding to the user's rights;
the creating of the resource in the cluster corresponding to the user authority according to the distribution strategy comprises: and sending instruction information for creating resources to the appointed cluster corresponding to the user authority according to the distribution strategy.
24. The cluster control method of claim 19, wherein the control policies include a migration policy for load migration between clusters;
the controlling the cluster corresponding to the user authority according to the state information of the cluster corresponding to the user authority and the control strategy comprises the following steps: and controlling load migration among the clusters according to the migration strategy.
25. The method according to claim 24, wherein the controlling load migration between clusters according to the migration policy comprises:
when the load of the clusters is determined to reach or exceed the load threshold, triggering to control load migration among the clusters;
and respectively sending out indication information of migrating the workload to the cluster with the load reaching or exceeding the load threshold value and the cluster capable of increasing the load.
26. The method according to claim 24, wherein the controlling load migration between clusters according to the migration policy comprises:
triggering the authentication authorization and policy controller component to control load migration between clusters when the time for migrating the workload is determined to arrive;
the authentication authorization and policy controller component is specifically configured to send instruction information for migrating workloads to a specified cluster.
27. The method according to claim 24, wherein the controlling load migration between clusters according to the migration policy comprises:
acquiring triggering of migration workload, and controlling load migration among clusters according to the triggering indication;
and sending out the indication information of the migration workload to the specified cluster.
28. The cluster control method of claim 19, further comprising: the method comprises the steps of obtaining a request for interaction between a first service in a first cluster and a second service in a second cluster, and providing address information of the second service in the second cluster for the first service in the first cluster.
29. The method of claim 28, wherein the cluster is a kubernets cluster.
30. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing a program that, when read and executed by the processor, performs the following:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
31. A computer-readable storage medium having a computer program stored thereon, the program, when executed by a processor, performing the steps of:
verifying the authority of a user, generating a control strategy for controlling a cluster, and controlling the cluster corresponding to the authority of the user according to the triggering of the cluster state controller component and the control strategy;
and acquiring the state information of the cluster, and triggering the authentication authorization and policy controller component to control the cluster according to the state information of the cluster.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811166186.2A CN110971646A (en) | 2018-09-30 | 2018-09-30 | Cluster control device, system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811166186.2A CN110971646A (en) | 2018-09-30 | 2018-09-30 | Cluster control device, system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110971646A true CN110971646A (en) | 2020-04-07 |
Family
ID=70028239
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811166186.2A Pending CN110971646A (en) | 2018-09-30 | 2018-09-30 | Cluster control device, system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110971646A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112099911A (en) * | 2020-08-28 | 2020-12-18 | 中国—东盟信息港股份有限公司 | Method for constructing dynamic resource access controller based on Kubernetes |
CN112217790A (en) * | 2020-09-02 | 2021-01-12 | 浪潮云信息技术股份公司 | Method and system for realizing Kubernetes authentication and authorization functions |
CN112422555A (en) * | 2020-11-17 | 2021-02-26 | 四川长虹电器股份有限公司 | Kubernetes-based resource authority management system and method for distributed system |
CN113923023A (en) * | 2021-10-09 | 2022-01-11 | 京东科技信息技术有限公司 | Authority configuration and data processing method, device, electronic equipment and medium |
CN115398502A (en) * | 2020-04-21 | 2022-11-25 | 哲库科技有限公司 | Data plane scalable architecture for wireless communications |
WO2022247359A1 (en) * | 2021-05-27 | 2022-12-01 | 北京百度网讯科技有限公司 | Cluster access method and apparatus, electronic device, and medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6675217B1 (en) * | 2000-07-06 | 2004-01-06 | Microsoft Corporation | Recovery of cluster consistency following failover |
CN107645713A (en) * | 2016-07-21 | 2018-01-30 | 中国移动通信集团安徽有限公司 | A kind of method of calling, across cluster cornet server and the network equipment |
CN108009016A (en) * | 2016-10-31 | 2018-05-08 | 华为技术有限公司 | A kind of balancing resource load control method and colony dispatching device |
CN108462746A (en) * | 2018-03-14 | 2018-08-28 | 广州西麦科技股份有限公司 | A kind of container dispositions method and framework based on openstack |
-
2018
- 2018-09-30 CN CN201811166186.2A patent/CN110971646A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6675217B1 (en) * | 2000-07-06 | 2004-01-06 | Microsoft Corporation | Recovery of cluster consistency following failover |
CN107645713A (en) * | 2016-07-21 | 2018-01-30 | 中国移动通信集团安徽有限公司 | A kind of method of calling, across cluster cornet server and the network equipment |
CN108009016A (en) * | 2016-10-31 | 2018-05-08 | 华为技术有限公司 | A kind of balancing resource load control method and colony dispatching device |
CN108462746A (en) * | 2018-03-14 | 2018-08-28 | 广州西麦科技股份有限公司 | A kind of container dispositions method and framework based on openstack |
Non-Patent Citations (1)
Title |
---|
周佳威: "Kubernetes跨集群管理的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115398502A (en) * | 2020-04-21 | 2022-11-25 | 哲库科技有限公司 | Data plane scalable architecture for wireless communications |
CN115398502B (en) * | 2020-04-21 | 2023-10-13 | 哲库科技(上海)有限公司 | Data plane scalable architecture for wireless communications |
CN112099911A (en) * | 2020-08-28 | 2020-12-18 | 中国—东盟信息港股份有限公司 | Method for constructing dynamic resource access controller based on Kubernetes |
CN112099911B (en) * | 2020-08-28 | 2024-02-13 | 中国—东盟信息港股份有限公司 | Method for constructing dynamic resource access controller based on Kubernetes |
CN112217790A (en) * | 2020-09-02 | 2021-01-12 | 浪潮云信息技术股份公司 | Method and system for realizing Kubernetes authentication and authorization functions |
CN112422555A (en) * | 2020-11-17 | 2021-02-26 | 四川长虹电器股份有限公司 | Kubernetes-based resource authority management system and method for distributed system |
CN112422555B (en) * | 2020-11-17 | 2022-02-01 | 四川长虹电器股份有限公司 | Kubernetes-based resource authority management system and method for distributed system |
WO2022247359A1 (en) * | 2021-05-27 | 2022-12-01 | 北京百度网讯科技有限公司 | Cluster access method and apparatus, electronic device, and medium |
CN113923023A (en) * | 2021-10-09 | 2022-01-11 | 京东科技信息技术有限公司 | Authority configuration and data processing method, device, electronic equipment and medium |
CN113923023B (en) * | 2021-10-09 | 2024-04-05 | 京东科技信息技术有限公司 | Authority configuration and data processing method, device, electronic equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110971646A (en) | Cluster control device, system and method | |
CN112119374B (en) | Selectively providing mutual transport layer security using alternate server names | |
CN108427886B (en) | Method, system, device and readable medium for setting access authority of application program | |
US10659523B1 (en) | Isolating compute clusters created for a customer | |
KR102508177B1 (en) | Credentialless external stage for database integration | |
CN109656879B (en) | Big data resource management method, device, equipment and storage medium | |
US11948014B2 (en) | Multi-tenant control plane management on computing platform | |
US9886398B2 (en) | Implicit sharing in storage management | |
US10372483B2 (en) | Mapping tenat groups to identity management classes | |
US11245600B2 (en) | System and method for processing network data | |
US20180067951A1 (en) | Computer-implemented object management via tags | |
US20200186438A1 (en) | Simplified cloud-based enterprise mobility management provisioning | |
CN108920111B (en) | Data sharing method and distributed data sharing system | |
US20170019455A1 (en) | Service onboarding | |
CN110245031B (en) | AI service opening middle platform and method | |
US20220329651A1 (en) | Apparatus for container orchestration in geographically distributed multi-cloud environment and method using the same | |
CN109614159B (en) | Method and device for distributing and importing planning tasks | |
CN114239055A (en) | Distributed database multi-tenant isolation method and system | |
US10942787B2 (en) | Instance mapping engine and tools | |
US10397071B2 (en) | Automated deployment of cloud-hosted, distributed network monitoring agents | |
US11644876B2 (en) | Data analytics for mitigation of data center thermal issues | |
US10817597B2 (en) | Operational scoping with access restrictions | |
US20200150979A1 (en) | Instance mapping engine and tools | |
US10116701B2 (en) | Device-type based content management | |
CN114692172A (en) | User request processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200407 |