CN111552496B - System and method for realizing seamless upgrade of sidecar based on temporary container addition - Google Patents

System and method for realizing seamless upgrade of sidecar based on temporary container addition Download PDF

Info

Publication number
CN111552496B
CN111552496B CN202010378645.4A CN202010378645A CN111552496B CN 111552496 B CN111552496 B CN 111552496B CN 202010378645 A CN202010378645 A CN 202010378645A CN 111552496 B CN111552496 B CN 111552496B
Authority
CN
China
Prior art keywords
sidecar
container
new
side car
old
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010378645.4A
Other languages
Chinese (zh)
Other versions
CN111552496A (en
Inventor
刘齐均
颜开
周尧
徐俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Daoke Network Technology Co ltd
Original Assignee
Shanghai Daoke Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Daoke Network Technology Co ltd filed Critical Shanghai Daoke Network Technology Co ltd
Priority to CN202010378645.4A priority Critical patent/CN111552496B/en
Publication of CN111552496A publication Critical patent/CN111552496A/en
Application granted granted Critical
Publication of CN111552496B publication Critical patent/CN111552496B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45575Starting, stopping, suspending or resuming virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a system and a method for realizing seamless upgrade of a sidecar based on addition of a temporary container, wherein the system comprises a shared storage volume which is stored in a shared memory and is mounted on a container group; the mirror image storage controller packs the new side car control program and the new side car agent program into a side car container mirror image which is transmitted to the thermal upgrading controller; the hot upgrading controller transmits the sidecar container mirror image to the temporary container controller according to the hot upgrading signal; the temporary container controller injects the temporary container into the container group through the container mirror image of the sidecar; the new side car control program in the temporary container is connected with the old side car control program through a shared storage volume, and the new side car control program gives a new ID to the new side car agent program; the new sidecar agent program acquires data information in the old sidecar agent program to perform hot updating, the take-over of the flow is completed, the new sidecar agent program sends an instruction to the old sidecar agent program through a Unix domain socket after being started, and the old sidecar agent program quits after receiving the instruction.

Description

System and method for realizing seamless upgrade of sidecar based on temporary container addition
Technical Field
The invention relates to the fields of technologies such as sidecars, service grids, micro-service treatment, cloud-native and the like, and thermal update of software, and particularly relates to a system and a method for realizing seamless sidecar upgrade based on temporary container addition.
Background
In the technical architecture of the service grid, in order to enable the flow of each application to be controlled, the service grid forwards the service flow to a side car container through a certain technology, and controls the flow through the side car so as to realize high-level characteristics such as service discovery, fusing, current limiting, observability and the like, and the service grid is not aware of the service;
side car: so called Sidecar, also called Sidecar, just as a Sidecar is connected to a motorcycle, similarly in software architecture, a Sidecar application is connected to a parent application and extends or enhances the functionality for it, dividing the functionality of the application into separate processes can be seen as a Sidecar mode;
the sidecar design model allows the operator to add many functions to the application without the configuration and code of additional third party components; for some functions irrelevant to actual services, the functions can be realized by moving to a sidecar, the services only need to realize own service codes, the sidecar application is loosely coupled with a main application program, and the sidecar does not need to care about information such as service realization logic, language framework and the like;
the sidecar mode is an important architecture mode in a service grid, and functions of monitoring, logging, current limiting, fusing, service registration and the like in the service grid are generally irrelevant to specific services, so the service grid can realize the functions in the sidecar and realize grid management capabilities of monitoring, current control and the like under the condition that service codes are not sensed;
hot upgrading: the hot upgrading technology describes a program upgrading and updating technology, which means that self-updating is realized on the premise that the program does not interrupt the external service supply;
in a service grid scene, a sidecar usually presents as a single container to provide service, the sidecar is completely isolated from a service container, the sidecar container and the service container coexist in a container group, and the sidecar container takes over a network IO of the service container, so that the grid management capability of the sidecar is increased under the condition that the service container is not sensed, and finally the service is provided to the outside together; the side car has upgrading requirements, the existing side car upgrading technology generally needs to reset the whole container group or reset the side car container, and the technologies can influence the normal service request of the service container, so that the mirror image of the actual service can not be influenced to realize corresponding functions; at present, a scheme of replacing the whole container is not available, namely, the prior art can only realize hot upgrade of an agent program, cannot meet the requirements under relatively complex conditions, and cannot meet the requirements of an actual control program;
kubernets is a complete distributed system support platform for automatically deploying, expanding and managing open source systems of "containerized" applications. The basic scheduling unit of Kubernetes is called a container group (Pod). Higher levels of abstraction content can be added to the containerization component through such abstraction classes. A container group typically contains one or more containers, which ensures that they are always on the host and that resources can be shared.
A temporary container: the technology belongs to emerging technology, is used for adding a container to the container group of Kubernetes cluster under the running state, can share resources such as network name space, IPC (Instruction Per Clock, how many instructions the CPU executes in each Clock cycle) or storage volume with the container in the original container group, mainly used for debugging while running of the container, after the container group is deleted, the temporary container will be deleted when recreating next time, Kubernetes is a container arrangement engine, support automatic deployment, large-scale scalable, employ containerization management;
a Unix Domain Socket (Unix Domain Socket) is a terminal, which enables two or more processes on the same operating system or in a container group to perform data communication, uses the address of a system file as the own identity, and can be referred by the system process, so that two processes can open one Unix Domain Socket at the same time for communication;
PID is a process ID, a process identification number is referred in an operating system, namely the process identifier, and a process ID is created when a program is opened in the operating system;
IPtables is an IP packet filtering system integrated with the latest version 3.5 Linux (globally known as GNU/Linux, a free-to-use and free-propagation set of UNIX-like operating systems) kernel, which facilitates better control of IP packet filtering and firewall configuration on Linux systems if the Linux system is connected to the Internet or to a LAN, server, or proxy server connecting the LAN and Internet;
at present, due to self evolution and maintenance, upgrading of a side car is inevitable, but no matter the current upgrading of the side car is realized by elastic expansion or preposed load balancing switching, the service cannot be completely unaware, and due to the fact that the side car takes over the flow of the service, the upgrading schemes have great influence on the service, on a cloud platform, all client applications run in a container mode, the side car is also in a containerization mode, and in the cloud platform, the running container cannot be operated at will;
the invention relates to a method for upgrading a service without interruption, a node to be upgraded and a readable storage medium, which are disclosed in the Chinese patent application No. 201710588136.2, wherein the method mainly aims at the scene of hot upgrading of specific services, the method for upgrading the service without interruption is realized by adding a container and modifying some services, and the main object is the service; for the field of thermal upgrading, the patent application itself has some drawbacks: firstly, a service needs to be modified in advance or a specific protocol needs to be followed, so that other programs can read the configuration information of the service; secondly, the system also needs to rely on a distributed database ETCD, so that the expansibility of the system is limited; due to the defects, the method is limited to a specific scene, and can be carried out only by special customization during execution and realization of adaptation of a service scene, so that the method has certain limitations.
Chinese patent application No. 201911194147.8 discloses a method, an apparatus, and a computer storage medium for upgrading application data based on a container, which mainly aims at upgrading a container with storage, and achieves the purpose of replacing data by upgrading the container after a service is taken off-line and then on-line; the main description is a data migration scheme in the application update process, which is not related to a sidecar, and only aims at upgrading application data, and needs a specific data upgrade container, which also needs to be specially customized for a specific scene, and has certain limitations.
Therefore, there is a need in the art to develop a system and a method that have strong versatility and do not need to be customized specifically for a specific scene to achieve seamless upgrade of the sidecar, thereby achieving application-unaware upgrade and all-around upgrade.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a system for realizing seamless side car upgrading based on temporary container addition, which has strong universality and does not need to be specially customized for specific scenes, the system and the method for realizing seamless side car upgrading by adding the temporary container can completely realize application of unaware upgrading and carry out all-around upgrading, and an old side car agent program is not operated after upgrading, comprises an old side car control program, has better compatibility and integrity, effectively reduces error probability, and is used for solving the defects caused by the prior art.
The invention further provides a method for realizing seamless side car upgrading based on the addition of the temporary container.
In order to solve the technical problems, the invention provides the following technical scheme:
a system for realizing seamless upgrade of a sidecar based on temporary container addition comprises a container group, a shared memory, a mirror image storage controller, a hot upgrade controller, a temporary container controller and a control terminal;
a shared storage volume is stored in the shared storage and used for mounting the shared storage volume on the container group;
the mirror image storage controller is used for packaging a new side car control program and a new side car agent program into a side car container mirror image and transmitting the side car container mirror image to the hot upgrading controller;
the hot upgrading controller is used for receiving the sidecar container mirror image and a hot upgrading signal transmitted by the control terminal, and is also used for transmitting the sidecar container mirror image to the temporary container controller for hot upgrading according to the hot upgrading signal;
the temporary container controller is used for injecting a temporary container into the container group through the sidecar container mirror image, and the new sidecar control program and the new sidecar agent program are stored in the temporary container;
the new sidecar control program carried in the temporary container is used for being connected with an old sidecar control program in the container group through the shared storage volume, and the new sidecar control program is started to endow a new ID to the new sidecar agent program;
the new side car agent program is used for obtaining data information in the old side car agent program in the container group to perform hot updating, flow taking over is completed, the new side car agent program sends an instruction to the old side car agent program through a Unix domain socket after being started, the old side car agent program quits after receiving the instruction, and upgrading of the side car container is completed.
The system for realizing seamless upgrade of the sidecar based on the temporary container addition is characterized in that the container group comprises a service container, a base container and a sidecar container;
the service container is used for operating the actual service logic of the user;
the base content container is used for realizing network name space sharing in the container group;
the side car container is used for managing the inlet and outlet flow of the business and realizing the side car function, the side car container is internally provided with the old side car control program and the old side car agent program, and the old side car control program is used for generating a configuration file of the side car and managing the life cycle of the old side car agent program;
the shared memory is also used for mounting the shared storage volume on the upgraded sidecar container;
the sidecar control program in the sidecar container does not take over the flow, the new sidecar control program and the old sidecar control program can be in the same running state through a mode of sharing a basic configuration file to realize smooth switching, then the new sidecar control program starts the new sidecar agent program based on the shared basic configuration file and allocates a new ID to the new sidecar agent program, the new sidecar agent program takes over the original data flow, then the old sidecar agent program enters a dormant state and does not provide service any more, so that the thermal upgrade of the sidecar container is completed, and the old sidecar control program and the old sidecar agent program are automatically cleaned finally when the subsequent whole of the container group is restarted;
the container group is internally provided with an IPtables system, the IPtables system connects the service container with the sidecar container for flow transmission, the sidecar container can be connected with all flows of the service container before being started, the service flow received by the container group can be directly forwarded to a corresponding process of the service container, in this case, the sidecar container has no means for controlling the flow, the IPtables system can forward the flow originally forwarded to the service container to the process of the sidecar container, and also forward the flow sent by the service container to the sidecar container for interception and management.
In a second aspect, a method for seamless upgrade of a sidecar based on the addition of a temporary container includes the following steps:
step 1: mounting a shared storage volume on a container group;
step 2: packaging the upgraded new side car control program and the new side car agent program into a side car container mirror image;
and step 3: mirroring the sidecar container into a container group needing thermal upgrading, and injecting a temporary container with a shared storage volume, wherein a new sidecar control program and a new sidecar agent program are stored in the temporary container;
and 4, step 4: a new side car control program in the temporary container is connected with an old side car control program of a side car container in the container group through a shared storage volume, the new side car control program is started and gives a new ID to the new side car agent program, and the new side car agent program acquires data information in the old side car agent program to perform hot update so as to complete taking over flow;
and 5: the method comprises the steps that after a new sidecar agent program is started, an instruction is sent to an old sidecar agent program through a Unix domain socket, the old sidecar agent program quits after receiving the instruction, upgrading of a sidecar container is completed, the old sidecar agent program exists but does not accept requests (the old sidecar agent program runs, the old sidecar agent program does not run any more, the old sidecar agent program also enters a dormant state, does not execute corresponding functions any more and occupies a small amount of resources), monitoring information is transmitted to the new sidecar agent program, the new sidecar agent program enters a monitoring state after receiving the new sidecar agent program, requests begin to be processed, seamless flow migration is achieved, and after the new sidecar agent program runs for a period of time, the new sidecar agent program process sends the instruction to the old sidecar agent program to enable the new sidecar agent program to quit completely and not occupy resources any more.
In the method for seamlessly upgrading the sidecar based on the addition of the temporary container, in step 1, the shared storage volume is mounted when the container group is created, and the shared storage volume has stored statistical data, a log and a hot update program state, and is used for transmitting the statistical data and the log between the new sidecar agent program and the old sidecar agent program and synchronizing the hot update program state.
In the method for seamlessly upgrading the sidecar based on the temporary container, the old ID of the old sidecar agent program needs to be read before the new ID is given to the new sidecar agent program by the new sidecar control program in the step 4.
The method for seamlessly upgrading the sidecar based on the temporary container addition further comprises the step of mounting a shared storage volume on the sidecar container upgraded in the step 5.
Since the new sidecar and the old sidecar are distributed in different containers, have different PID spaces and the like, but the same network name space exists, in order to realize the hot update of the side car, the new side car control program and the new side car agent program need to be upgraded firstly, in order for the new sidecar agent to be able to communicate with the old sidecar agent, a new ID needs to be assigned to the new sidecar agent, the new sidecar agent can calculate the old ID of the old sidecar agent through the new ID when starting, so that the old sidecar agent can be positioned in a searching mode in the network and can communicate with the old sidecar agent, and then the hot update of the sidecar agent is carried out, for example, the ID can be distributed in a self-increment mode, therefore, the old ID can be calculated according to the new ID, but the technical scheme is not limited to a self-increment distribution mode;
after performing a hot update, there are at least 4 containers (generally at least 3) in a container group, and a new sidecar container is included, the old sidecar container will enter a dormant state (cannot be exited and deleted, and can cause the exiting and deletion or restart of the container group), and the traffic incoming from the container group will not pass through the old sidecar container (marked by a dotted line), but will be directly forwarded to the new sidecar container (marked by a solid line), and in order to ensure that the working conditions of the whole application are normal, the old sidecar container will not exit, and will remain in a dormant state and no longer provide service;
the upgrading scheme can be operated circularly, upgrading can be realized after upgrading, and a plurality of temporary sidecar containers can exist in one container group at the same time, so that the service operation stability can be ensured to the maximum extent;
therefore, the technical scheme can finish the hot upgrade of the sidecar without influencing the normal operation of the service, and reduce the worries of customers about the upgrade of the sidecar.
In a third aspect, an apparatus for seamlessly upgrading a sidecar based on adding a temporary container includes at least one processor and a memory coupled to the at least one processor, the memory storing executable instructions;
the executable instructions, when executed by the at least one processor, cause the steps of the method of any one of the second aspects to be carried out.
In a fourth aspect, a chip includes a processor, configured to call and run a computer program from a memory, so that a device in which the chip is installed performs: the steps of the method of any one of the second aspect.
In a fifth aspect, a computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the method of any one of the second aspects.
In a sixth aspect, a computer program product comprises computer program instructions for causing a computer to perform the steps of the method of any of the second aspects.
According to the technical scheme provided by the system and the method for realizing seamless upgrade of the sidecar based on the temporary container addition, the following technical effects are achieved:
the system and the method for realizing seamless upgrade of the side car by adding the temporary container can completely realize application-unaware upgrade and carry out all-around upgrade, and an old side car agent program is not in operation after upgrade, comprises an old side car control program, has better compatibility and integrity, and effectively reduces the error probability;
compared with the Chinese patent with patent application number 201710588136.2, the invention is a service uninterrupted upgrade method, a node to be upgraded and a readable storage medium, the scenario mainly aims at is a hot upgrade method for specific services, uninterrupted upgrade is realized by a container adding method and some service reconstruction, the main object is a service, the object described in the technical scheme is hot upgrade of a sidecar container, the service does not need to be reconstructed, the two scenarios are not consistent, the processing objects are not consistent, the patent application is limited to a specific scenario, special customization is needed during execution, adaptation of service scenarios is realized, and certain limitations are realized;
compared with the Chinese patent with patent application number 201911194147.8, the invention relates to a method, a device and a computer storage medium for upgrading application data based on a container, which mainly aims at upgrading the container with storage, and achieves the purpose of replacing data by upgrading the container through data after a service is off-line and then on-line; the method mainly describes a data migration scheme in the application updating process, and is not related to a side car; it is only directed to upgrading the data of the application, it requires a specific data upgrade container, which also needs to be specifically customized for the specific scenario; the technical scheme is inconsistent with the scenes and objects described in the patent application, the invention mainly describes that the hot upgrade of the sidecar is realized through a temporary container, and the hot upgrade is not related to specific services, and compared with the 201911194147.8 patent application, the service in the upgrade process of the invention is completely unaware, and does not need to be specially customized for specific scenes, and the universality is strong.
Drawings
FIG. 1 is a schematic structural diagram of a system for seamless upgrade of sidecars based on the addition of temporary containers according to the present invention;
FIG. 2 is a schematic structural diagram of a data flow for seamless upgrade of a sidecar based on the addition of a temporary container according to the present invention;
fig. 3 is a schematic structural diagram of a framework after seamless upgrade of a sidecar is realized based on addition of a temporary container.
Wherein the reference numbers are as follows:
the system comprises a container group 101, a shared memory 102, a mirror image storage controller 103, a hot upgrade controller 104, a temporary container controller 105, a control terminal 106, a shared storage volume 107, a new sidecar control program 108, a new sidecar agent program 109, an old sidecar control program 110, an old sidecar agent program 111 and a business container 112.
Detailed Description
In order to make the technical means, the characteristics, the purposes and the functions of the invention easy to understand, the invention is further described with reference to the specific drawings.
The first embodiment of the invention provides a system for realizing seamless upgrade of a sidecar based on temporary container addition, and aims to realize seamless upgrade of the sidecar by adopting the system and the method for realizing seamless upgrade of the sidecar by adding the temporary container, so that the application of the system and the method can be completely upgraded without sensing, all-around upgrade is carried out, an old sidecar agent program is not operated after upgrade, the old sidecar agent program comprises an old sidecar control program, the system and the method have better compatibility and integrity, and the error probability is effectively reduced.
First aspect, first embodiment, as shown in FIGS. 1-3:
a system for realizing seamless upgrade of a sidecar based on temporary container addition comprises a container group 101, a shared memory 102, a mirror image memory controller 103, a hot upgrade controller 104, a temporary container controller 105 and a control terminal 106;
a shared storage volume 107 is stored in the shared memory 102, and is used for mounting the shared storage volume 107 on the container group 101;
the mirror image storage controller 103 is used for packaging the new sidecar control program 108 and the new sidecar agent program 109 into a sidecar container mirror image and transmitting the sidecar container mirror image to the hot upgrade controller 104;
the hot upgrade controller 104 is configured to receive a hot upgrade signal transmitted by the sidecar container mirror image and the control terminal 106, and further configured to transmit the sidecar container mirror image to the temporary container controller 105 according to the hot upgrade signal to perform hot upgrade;
the temporary container controller 105 is configured to inject a temporary container into the container group 101 by mirroring the sidecar container, and a new sidecar control program 108 and a new sidecar agent program 109 are stored in the temporary container;
the new sidecar control program 108 carried in the temporary container is used for connecting with the old sidecar control program 110 in the container group 101 through the shared storage volume 107, and the new sidecar control program 108 is started for giving a new ID to the new sidecar agent program 109;
the new sidecar agent program 109 is used for acquiring data information in the old sidecar agent program 111 in the container group 101 for hot updating, taking over of flow is completed, the new sidecar agent program 109 sends an instruction to the old sidecar agent program 111 through a Unix domain socket after being started, the old sidecar agent program 111 quits after receiving the instruction, and upgrading of the sidecar container is completed.
The container group 101 comprises a service container 112, a base container and a sidecar container 101;
the service container 112 is used for running the actual service logic of the user;
the base container is used for realizing the sharing of the network name space in the container group 101;
the side car container is used for managing the entrance and exit flow of the business and realizing the side car function, an old side car control program 110 and an old side car agent program 111 are arranged in the side car container, and the old side car control program 110 is used for generating a configuration file of the side car and managing the life cycle of the old side car agent program 111;
the shared memory 102 is also used for mounting a shared storage volume 107 on the upgraded sidecar container;
as shown in fig. 2-3, the sidecar control program itself in the sidecar container does not take over the flow, and the new sidecar control program 108 and the old sidecar control program 110 can be in the same running state by sharing the basic configuration file to implement smooth switching, and then the new sidecar control program 108 starts the new sidecar agent program 109 based on the shared basic configuration file and assigns a new ID to the new sidecar agent program 109, and the new sidecar agent program 109 takes over the original data flow, and then the old sidecar agent program 111 enters the dormant state, and no service is provided any more, so as to complete the thermal upgrade of the sidecar container, and finally the old sidecar control program 110 and the old sidecar agent program 111 are automatically cleaned up when the subsequent whole of the container group 101 is restarted;
an IPtables system is arranged in the container group 101, the IPtables system connects the service container 112 with the sidecar container for traffic transmission, the sidecar container can manage all traffic of the service container 112 before being started, the service traffic received by the container group 101 can be directly forwarded to a corresponding process of the service container 112, in this case, the sidecar container has no means for controlling the traffic, the IPtables system can forward the traffic originally forwarded to the service container 112 to the process of the sidecar container, and can also forward the traffic sent by the service container 112 to the sidecar container for interception and management.
Second aspect, second embodiment:
a method for realizing seamless upgrade of a sidecar based on temporary container addition comprises the following steps:
step 1: mount the shared storage volume 107 on the container group 101;
step 2: packaging the upgraded new sidecar control program 108 and the new sidecar agent program 109 into a sidecar container mirror image;
and step 3: mirroring the sidecar container into a container group 101 which needs to be upgraded in a hot mode, and injecting a temporary container with a shared storage volume 107, wherein a new sidecar control program 108 and a new sidecar agent program 109 are stored in the temporary container;
and 4, step 4: a new side car control program 108 in the temporary container is connected with an old side car control program 110 of the side car container in the container group 101 through a shared storage volume 107, the new side car control program 108 is started and gives a new ID to a new side car agent program 109, and the new side car agent program 109 acquires data information in the old side car agent program 111 to perform hot update so as to complete taking over of flow;
and 5: after the new sidecar agent program 109 is started, an instruction is sent to the old sidecar agent program 111 through the Unix domain socket, the old sidecar agent program 111 exits after receiving the instruction, the upgrade of a sidecar container is completed, the old sidecar agent program 111 exists but does not receive a request (the old sidecar agent program 110 runs, the old sidecar agent program 111 does not run, the old sidecar agent program 110 also enters a dormant state, does not execute corresponding functions any more and occupies a small amount of resources), then monitoring information is transmitted to the new sidecar agent program 109, the new sidecar agent program 109 enters a monitoring state after receiving the monitoring information, the request is processed, seamless flow migration is achieved, after the new sidecar agent program 109 runs for a period of time, the process of the new sidecar agent program 109 sends the instruction to the old sidecar agent program 111 to enable the new sidecar agent program 111 to exit completely, and does not occupy resources any more.
In step 1, the shared storage volume 107 is mounted when the container group 101 is created, and the shared storage volume 107 stores statistical data, a log, and a hot update program state, and is used for transmitting the statistical data and the log and synchronizing the hot update program state between the new sidecar agent program 109 and the old sidecar agent program.
In step 4, the new sidecar control program 108 needs to read the old ID of the old sidecar agent 111 before the new ID is assigned to the new sidecar agent 109.
The method further comprises the step of mounting a shared storage volume 107 on the upgraded sidecar container in the step 5.
Since the new sidecar and the old sidecar are distributed in different containers, have different PID spaces and the like, but the same network name space is available, in order to realize the hot update of the sidecar, a new sidecar control program 108 and a new sidecar agent program 109 are required to be upgraded first, in order for the new sidecar agent 109 to communicate with the old sidecar agent 111, a new ID is assigned to the new sidecar agent 109, and the new sidecar agent 109 can calculate the old ID of the old sidecar agent 111 from the new ID at startup, so that it can locate the old sidecar agent 111 by searching in the network and communicate with the old sidecar agent 111, and then the hot update of the sidecar agent is carried out, for example, the ID can be distributed in a self-increment mode, therefore, the old ID can be calculated according to the new ID, but the technical scheme is not limited to a self-increment distribution mode;
as shown in fig. 2-3, after performing a hot update, a container group 101 will have at least 4 containers (typically at least 3 containers) and will contain a new sidecar container, the old sidecar container will enter a dormant state (cannot be exited and deleted, which will result in the exiting and deleting or restarting of the container group 101), the incoming traffic from the container group 101 will no longer pass through the old sidecar container (dashed line marker) but will be forwarded directly to the new sidecar container (solid line marker), and in order to ensure that the operating conditions of the entire application are normal, the old sidecar container will not exit, which will remain in a dormant state and will no longer provide service;
the upgrading scheme can be operated circularly, upgrading can be realized after upgrading, and not only can one container group 101 have a plurality of temporary sidecar containers at the same time, but also the service operation stability can be ensured to the maximum extent;
therefore, the technical scheme can finish the hot upgrade of the sidecar without influencing the normal operation of the service, and reduce the worries of customers about the upgrade of the sidecar.
In a third aspect, an apparatus for seamlessly upgrading a sidecar based on adding a temporary container includes at least one processor and a memory coupled to the at least one processor, the memory storing executable instructions;
the executable instructions, when executed by the at least one processor, cause the steps of the method of any of the second aspects to be carried out.
In a fourth aspect, a chip includes a processor, which is configured to call and run a computer program from a memory, so that a device in which the chip is installed performs: the steps of the method of any one of the second aspect.
In a fifth aspect, a computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the method of any one of the second aspects.
In a sixth aspect, a computer program product comprises computer program instructions for causing a computer to perform the steps of the method of any of the second aspects.
For example, the memory may include random access memory, flash memory, read only memory, programmable read only memory, non-volatile memory or registers, or the like;
the processor may be a Central Processing Unit (CPU) or the like, or a Graphics Processing Unit (GPU) memory may store executable instructions;
the processor may execute execution instructions stored in the memory to implement the various processes described herein.
It will be appreciated that the memory in this embodiment can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory;
the non-volatile memory may be a ROM (Read-only memory), a PROM (programmable Read-only memory), an EPROM (erasable programmable Read-only memory), an EEPROM (electrically erasable programmable Read-only memory), or a flash memory.
The volatile memory may be a RAM (random access memory) which functions as an external cache;
by way of illustration and not limitation, many forms of RAM are available, such as SRAM (staticaram, static random access memory), DRAM (dynamic RAM, dynamic random access memory), SDRAM (synchronous DRAM ), DDRSDRAM (double data rate SDRAM, double data rate synchronous DRAM), ESDRAM (Enhanced SDRAM, Enhanced synchronous DRAM), SLDRAM (synchlink DRAM, synchronous link DRAM), and DRRAM (directrrambus RAM, direct memory random access memory). The memory 205 described herein is intended to comprise, without being limited to, these and any other suitable types of memory 205.
In some embodiments, the memory stores elements, upgrade packages, executable units, or data structures, or a subset thereof, or an extended set thereof: operating systems and applications;
the operating system includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks;
the application programs comprise various application programs and are used for realizing various application services. The program for implementing the method of the embodiment of the present invention may be included in the application program.
Those of skill in the art would understand that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of software and electronic hardware;
whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution;
skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments of the present application, the disclosed system, apparatus and method may be implemented in other ways;
for example, the division of the unit is only one logic function division, and there may be another division manner in actual implementation;
for example, a plurality of units or components may be combined or may be integrated into another system;
in addition, functional units in the embodiments of the present application may be integrated into one processing unit, or may exist separately and physically.
It should be understood that, in the various embodiments of the present application, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a machine-readable storage medium;
therefore, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a machine-readable storage medium and may include several instructions to cause an electronic device to execute all or part of the processes of the technical solution described in the embodiments of the present application;
the storage medium may include various media that can store program codes, such as ROM, RAM, a removable disk, a hard disk, a magnetic disk, or an optical disk.
In conclusion, the system and the method for realizing seamless side car upgrading based on the temporary container can completely realize application of unaware upgrading and carry out all-dimensional upgrading, and after upgrading, an old side car agent program is not in operation and comprises an old side car control program, so that the system and the method have better compatibility and integrity and effectively reduce the error probability.
Specific embodiments of the invention have been described above. It is to be understood that the invention is not limited to the particular embodiments described above, in that devices and structures not described in detail are understood to be implemented in a manner common in the art; various changes or modifications may be made by one skilled in the art within the scope of the claims without departing from the spirit of the invention, and without affecting the spirit of the invention.

Claims (7)

1. A system for realizing seamless upgrade of a sidecar based on temporary container addition is characterized by comprising a container group, a shared memory, a mirror image storage controller, a hot upgrade controller, a temporary container controller and a control terminal;
a shared storage volume is stored in the shared storage and used for mounting the shared storage volume on the container group;
the mirror image storage controller is used for packaging a new side car control program and a new side car agent program into a side car container mirror image and transmitting the side car container mirror image to the hot upgrading controller;
the hot upgrading controller is used for receiving the sidecar container mirror image and a hot upgrading signal transmitted by the control terminal, and is also used for transmitting the sidecar container mirror image to the temporary container controller for hot upgrading according to the hot upgrading signal;
the temporary container controller is used for injecting a temporary container into the container group through the sidecar container mirror image, and the new sidecar control program and the new sidecar agent program are stored in the temporary container;
the new sidecar control program carried in the temporary container is used for being connected with an old sidecar control program in the container group through the shared storage volume, and the new sidecar control program is started to endow a new ID to the new sidecar agent program;
the new sidecar agent program is used for acquiring data information in an old sidecar agent program in the container group to perform hot updating, so that taking over of flow is completed, the new sidecar agent program sends an instruction to the old sidecar agent program through a Unix domain socket after being started, and the old sidecar agent program quits after receiving the instruction, so that upgrading of a sidecar container is completed;
the container group comprises a service container, a base container and a sidecar container;
the service container is used for operating the actual service logic of the user;
the base content container is used for realizing network name space sharing in the container group;
the side car container is used for managing the inlet and outlet flow of the business and realizing the side car function, the side car container is internally provided with the old side car control program and the old side car agent program, and the old side car control program is used for generating a configuration file of the side car and managing the life cycle of the old side car agent program;
the method comprises the steps that a sidecar control program in a sidecar container does not take over flow, the new sidecar control program and an old sidecar control program are in the same running state in a mode of sharing a basic configuration file, smooth switching is achieved, then the new sidecar control program starts the new sidecar agent program based on the shared basic configuration file, a new ID is distributed to the new sidecar agent program, the new sidecar agent program takes over original data flow, then the old sidecar agent program enters a dormant state and does not provide services any more, thermal upgrading of the sidecar container is completed accordingly, and the old sidecar control program and the old sidecar agent program are automatically cleaned finally when the subsequent whole of the container group is restarted.
2. The system of claim 1, wherein an IPtables system is built into the container group, and wherein the IPtables system connects the service container with the sidecar container for traffic transmission.
3. A method for realizing seamless upgrade of a sidecar based on temporary container addition is characterized by comprising the following steps:
step 1: mounting a shared storage volume on a container group, specifically: the shared storage volume is mounted when the container group is created, and the shared storage volume has stored statistical data, logs and hot update program states and is used for transmitting the statistical data and the logs and synchronizing the hot update program states between the new side car agent program and the old side car agent program;
step 2: packaging the upgraded new side car control program and the new side car agent program into a side car container mirror image;
and step 3: mirroring the sidecar container into a container group needing thermal upgrading, and injecting a temporary container with a shared storage volume, wherein a new sidecar control program and a new sidecar agent program are stored in the temporary container;
and 4, step 4: a new side car control program in the temporary container is connected with an old side car control program of a side car container in the container group through a shared storage volume, the new side car control program starts and gives a new ID to the new side car agent program after reading the old ID of the old side car agent program, and the new side car agent program acquires data information in the old side car agent program to perform hot updating so as to complete the take-over of flow;
and 5: after the new side car agent program is started, sending an instruction to the old side car agent program through a Unix domain socket, and after receiving the instruction, the old side car agent program quits to complete the upgrading of the side car container; mounting a shared storage volume on the upgraded sidecar container; the old side car agent program exists but no longer receives the request, the old side car control program operates, the old side car agent program does not operate any more, the old side car control program also enters a dormant state, corresponding functions are not executed any more, and a small amount of resources are occupied; and then transmitting the monitoring information to a new sidecar agent program, entering a monitoring state after the new sidecar agent program receives the monitoring information, starting to process the request, realizing seamless traffic migration, and sending an instruction to the old sidecar agent program by the new sidecar agent program process after running for a period of time so that the old sidecar agent program completely exits without occupying resources.
4. An apparatus for seamless upgrade of sidecars based on adding temporary containers, comprising at least one processor and a memory coupled to the at least one processor, the memory storing executable instructions;
the executable instructions, when executed by the at least one processor, cause the steps of the method of claim 3 to be carried out.
5. A chip comprising a processor for calling and running a computer program from a memory, so that a device in which the chip is installed performs: the method steps of claim 3.
6. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method as set forth in claim 3.
7. A computer program product comprising computer program instructions for causing a computer to perform the steps of the method as claimed in claim 3.
CN202010378645.4A 2020-05-07 2020-05-07 System and method for realizing seamless upgrade of sidecar based on temporary container addition Active CN111552496B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010378645.4A CN111552496B (en) 2020-05-07 2020-05-07 System and method for realizing seamless upgrade of sidecar based on temporary container addition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010378645.4A CN111552496B (en) 2020-05-07 2020-05-07 System and method for realizing seamless upgrade of sidecar based on temporary container addition

Publications (2)

Publication Number Publication Date
CN111552496A CN111552496A (en) 2020-08-18
CN111552496B true CN111552496B (en) 2021-07-20

Family

ID=72004350

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010378645.4A Active CN111552496B (en) 2020-05-07 2020-05-07 System and method for realizing seamless upgrade of sidecar based on temporary container addition

Country Status (1)

Country Link
CN (1) CN111552496B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4339718A1 (en) * 2022-09-16 2024-03-20 Siemens Aktiengesellschaft Zero-downtime upgrades of containerized plc automation functions

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333471A (en) * 2020-11-05 2021-02-05 上海网达软件股份有限公司 Hot upgrading method, device, equipment and storage medium of audio and video online transcoder
CN112486536A (en) * 2020-11-30 2021-03-12 山东浪潮通软信息科技有限公司 Container-based application program upgrading method, device and medium
CN112527357B (en) * 2020-12-14 2024-08-23 中国平安人寿保险股份有限公司 Service hot loading updating method, device, computer equipment and storage medium
CN113296805A (en) * 2021-02-25 2021-08-24 阿里巴巴集团控股有限公司 Method and device for realizing hot upgrade of auxiliary container
US12050690B2 (en) 2021-03-22 2024-07-30 International Business Machines Corporation Run-time communications protocol parameter adjustment in containerized applications
CN113194029B (en) * 2021-05-08 2022-04-19 上海道客网络科技有限公司 Method, system, medium, and apparatus for automatically identifying and isolating service grid sidecar faults
CN113296807B (en) * 2021-05-12 2023-10-31 阿里巴巴新加坡控股有限公司 Data updating method
CN113296892B (en) * 2021-05-28 2024-02-06 联仁健康医疗大数据科技股份有限公司 Dormancy method and device of development environment, electronic equipment and storage medium
CN113422700B (en) * 2021-06-22 2022-04-26 汇付天下有限公司 Non-inductive upgrading method and non-inductive upgrading device
CN115705198A (en) * 2021-08-09 2023-02-17 华为云计算技术有限公司 Node for operating a group of containers, system and method for managing a group of containers
CN113885916A (en) * 2021-10-13 2022-01-04 网宿科技股份有限公司 Method and system for updating nginx in container and nginx equipment
CN114942797B (en) * 2022-05-28 2023-07-14 平安银行股份有限公司 System configuration method, device, equipment and storage medium based on side car mode
CN115022408A (en) * 2022-06-07 2022-09-06 中国工商银行股份有限公司 Data transmission method and device based on service grid and electronic equipment
CN114785687B (en) * 2022-06-15 2022-10-21 成都卓杭网络科技股份有限公司 Server hot updating method based on golang language, server and readable medium

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1842078B (en) * 2005-03-28 2010-08-11 北京航空航天大学 Gridding service container
CN106648741A (en) * 2016-10-18 2017-05-10 广州视睿电子科技有限公司 Application system deployment method and device
CN106775702B (en) * 2016-12-09 2020-04-17 中电科华云信息技术有限公司 Container-based service internal interface discovery method
CN107515776B (en) * 2017-07-18 2021-04-09 深信服科技股份有限公司 Method for upgrading service continuously, node to be upgraded and readable storage medium
CN110196728B (en) * 2018-03-27 2023-07-25 腾讯科技(深圳)有限公司 Method and device for processing container of image upgrade
CN108667925B (en) * 2018-05-04 2020-10-16 北京天元创新科技有限公司 Method and system for seamless access of WEB application to distributed system
US20200125533A1 (en) * 2018-10-22 2020-04-23 Outcold Solutions LLC System and method for locating a file created by a process running in a linux container
CN109491776B (en) * 2018-11-06 2022-05-31 北京百度网讯科技有限公司 Task arranging method and system
CN109981789B (en) * 2019-04-03 2021-09-07 浪潮云信息技术股份公司 Micro service engine based on agent mode
CN110704156A (en) * 2019-08-16 2020-01-17 北京奇艺世纪科技有限公司 Docker mirror image construction method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4339718A1 (en) * 2022-09-16 2024-03-20 Siemens Aktiengesellschaft Zero-downtime upgrades of containerized plc automation functions

Also Published As

Publication number Publication date
CN111552496A (en) 2020-08-18

Similar Documents

Publication Publication Date Title
CN111552496B (en) System and method for realizing seamless upgrade of sidecar based on temporary container addition
CN111966305B (en) Persistent volume allocation method and device, computer equipment and storage medium
CN106991035B (en) Host monitoring system based on micro-service architecture
CN106951233B (en) Mixed-mode smart phone application development framework system
CN108632375B (en) Online upgrading method for distributed deployment service software program
CN111131146B (en) Multi-supercomputing center software system deployment and incremental updating method in wide area environment
CN108234175B (en) Container-based cloud platform storage switching method and cloud platform
CN112035216B (en) Communication method for Kubernetes cluster network and OpenStack network
CN112799786A (en) Exit method, device, equipment and storage medium of micro-service instance
CN112783570B (en) Application migration method, system and medium based on service grid
CN111930396B (en) Upgrading method of communication module in 4G router based on notify mechanism
CN114077423A (en) Airport APP development container architecture based on mobile cross-platform
CN114168179B (en) Micro-service management method, micro-service management device, computer equipment and storage medium
CN113190282A (en) Android operating environment construction method and device
CN114615268B (en) Service network, monitoring node, container node and equipment based on Kubernetes cluster
CN113590169A (en) Application deployment method, application deployment system, and computer-readable storage medium
CN116028163A (en) Method, device and storage medium for scheduling dynamic link library of container group
WO2024174904A1 (en) Management migration method and apparatus for container instance, and electronic device and storage medium
CN112015438B (en) Lightweight containerized distributed system based on infrastructure and deployment method
CN112667711B (en) MySQL read-only instance management method, system and computer readable medium
CN113938527A (en) Extension processing method of API gateway, computing equipment and storage medium
CN117729251A (en) Edge computing device, embedded device, control system and construction method thereof
CN112130953A (en) Application deployment method for Windows Hyper-V virtualization
CN112565416A (en) Cloud-native-based large-scale edge android equipment nanotube system and nanotube method thereof
CN111683005A (en) Internet of things intelligent gateway equipment and construction method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder

Address after: 200433 floor 7, building 6, No. 99, jiangwancheng Road, Yangpu District, Shanghai

Patentee after: Shanghai Daoke Network Technology Co.,Ltd.

Address before: Room 1305-12, No.6 Weide Road, Yangpu District, Shanghai 200433

Patentee before: Shanghai Daoke Network Technology Co.,Ltd.

CP02 Change in the address of a patent holder