CN112448856A - Method and system for providing public network access for external through intranet kubernets - Google Patents

Method and system for providing public network access for external through intranet kubernets Download PDF

Info

Publication number
CN112448856A
CN112448856A CN202110121213.XA CN202110121213A CN112448856A CN 112448856 A CN112448856 A CN 112448856A CN 202110121213 A CN202110121213 A CN 202110121213A CN 112448856 A CN112448856 A CN 112448856A
Authority
CN
China
Prior art keywords
service
intranet
container
container management
providing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110121213.XA
Other languages
Chinese (zh)
Other versions
CN112448856B (en
Inventor
王玉虎
王一钧
古强
蔡锡生
李逸锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Softtek Intelligent Computing Technology Guangdong Group Co ltd
Original Assignee
Hangzhou Langche Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Langche Technology Co ltd filed Critical Hangzhou Langche Technology Co ltd
Priority to CN202110121213.XA priority Critical patent/CN112448856B/en
Publication of CN112448856A publication Critical patent/CN112448856A/en
Application granted granted Critical
Publication of CN112448856B publication Critical patent/CN112448856B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to a method and a system for providing public network access to the outside through intranet kubernets, wherein the method comprises the following steps: the method comprises the steps that an IP providing Service detects Service created by user Service application in real time, when the condition that the Service needs to be provided to the outside is detected, a request instruction is sent to a container management platform, the container management Service receives the request instruction, load balance is applied to a public cloud application server, an intranet penetrating Service end is created, the container management Service sends a public network IP and a port to the IP providing Service, the IP providing Service receives the public network IP and the port, an intranet penetrating client is created and connected to the intranet penetrating Service end, and the Service is issued to a public network.

Description

Method and system for providing public network access for external through intranet kubernets
Technical Field
The application relates to the field of cloud computing, in particular to a method and a system for providing public network access to the outside through an intranet kubernets.
Background
More and more companies begin to use kubernets to deploy own services, many companies have own machine rooms, and a kubernets environment is built through machines of the machine rooms to complete a series of work such as development and verification, but because of no public network IP, the outside cannot access the inside of a kubernets cluster; under the general condition, services deployed in a self-built machine room are provided to a public network, the use of a machine of a public cloud is avoided, expenditure expense can be greatly saved, in the related technology, public network access provided by an internal network is intranet penetration by commercial software, or an intranet penetration tool is built on the public cloud, and the problem that the efficiency is low because manual configuration is required for providing public network access for the services deployed in an internal network kubernets cluster exists.
At present, no effective solution is provided for the problem that manual configuration is necessary to provide public network access for services deployed in an intranet kubernets cluster in the related art, which causes low efficiency.
Disclosure of Invention
The embodiment of the application provides a method and a system for providing public network access for the outside through an intranet kubernets, so that the problem of low efficiency caused by manual configuration which is necessary for providing public network access for services deployed in an intranet kubernets cluster in the related technology is at least solved.
In a first aspect, an embodiment of the present application provides a method for providing public network access to the outside through an intranet kubernets, where the method includes:
the method comprises the steps that an intranet penetration mechanism detects Service created by user Service application in real time through IP providing Service, and the IP providing Service sends a request instruction to a container management platform under the condition that the IP providing Service detects that the Service needs to provide Service to the outside;
the intranet penetration mechanism receives the request instruction through a container management service deployed on the container management platform, the container management service applies load balance to a public cloud server, the container management service creates a container of an intranet penetration service end, and the container management service sends a public network IP and a port to the IP providing service;
the intranet penetration mechanism receives the public network IP and the port through the IP providing service, and the IP providing service creates a container of an intranet penetration client;
the intranet penetration mechanism is connected to the intranet penetration server through the intranet penetration client, and the service is issued to a public network.
In some embodiments, the detecting that the service needs to be provided to the outside by the IP providing service includes: the IP providing Service detects that the Service describes the condition that a public network IP and a port which is open to the outside are needed.
In some embodiments, the container management service applies for server load balancing to a public cloud, creates a container of an intranet pass-through service, and sends a public network IP and a port to the IP providing service, and the method includes: container management service applies for server load balancing to public cloud, container management service establishes the container that the intranet pierces through the service end, server load balancing is with rear end service group configuration the intranet pierces through the cloud host computer at service end's container place, public network IP and the port after the container management platform will dispose are sent to the IP provides service.
In some of these embodiments, the IP provisioning service creating a container for intranet-penetrating clients comprises: and the IP providing Service configures the address of the intranet penetration Service terminal and the domain name of the Service for the intranet penetration client.
In a second aspect, an embodiment of the present application provides a method for providing public network access to the outside through an intranet kubernets, where the method includes:
the method comprises the steps that a user Service application cancels and releases a Service which is published on a public network and is created by an intranet user kubernets cluster, an intranet penetration mechanism detects Service created by the user Service application in real time through IP providing Service, and the IP providing Service deletes a container of an intranet penetration client and sends an IP release request to a container management platform under the condition that the Service is detected to be deleted;
and the intranet penetration mechanism receives the IP release request through the container management platform, the container management platform sends the IP release request to the public cloud, and deletes the container of the intranet penetration server.
In a third aspect, an embodiment of the present application provides a system for providing public network access to the outside through an intranet kubernets, where the system includes: the system comprises a user business application, an IP providing service, a container management platform, an intranet penetration client and an intranet penetration service end, wherein the user business application and the IP providing service are deployed in an intranet user kubernets cluster, the container management service is deployed in the container management platform, and the container management platform is deployed in a public cloud;
the IP providing Service detects the Service created by the user Service application in real time, and sends a request instruction to the container management platform when the IP providing Service detects that the Service needs to provide the Service to the outside;
the container management service receives the request instruction, applies for load balancing to a public cloud server, creates a container of the intranet penetration service end, and sends a public network IP and a port to the IP providing service;
the IP providing service receives the public network IP and the port, and the IP providing service creates a container of the intranet penetrating client;
and the intranet penetration client is connected to the intranet penetration server to release the service to the public network.
In some embodiments, the detecting that the service needs to be provided to the outside by the IP providing service includes: the IP providing Service detects that the Service describes the condition that a public network IP and a port which is open to the outside are needed.
In some embodiments, the container management service applies for server load balancing to a public cloud, creates a container of the intranet pass-through service, and sends a public network IP and a port to the IP providing service, and the system includes: container management service applies for server load balancing to public cloud, container management service establishes the container that the intranet pierces through the service end, server load balancing is with rear end service group configuration the intranet pierces through the cloud host computer at service end's container place, public network IP and the port after the container management platform will dispose are sent to the IP provides service.
In some of these embodiments, the IP provisioning service creating the container for the intranet pass-through client comprises: and the IP providing Service configures the address of the intranet penetration Service terminal and the domain name of the Service for the intranet penetration client.
In some of these embodiments, the system comprises:
the method comprises the following steps that a user Service application cancels the release of a Service which is published on a public network and is created by an intranet user kubernets cluster, the IP providing Service detects the Service created by the user Service application in real time, and deletes a container of an intranet penetrating client side and sends an IP release request to the container management Service under the condition that the Service is detected to be deleted;
the container management service receives the IP release request, the container management service sends the IP release request to a public cloud, and the container management platform deletes the container of the intranet penetration service end.
Compared with the related technology, the method and the system for providing public network access for the external through the intranet kubernets provided by the embodiment of the application detect the Service created by the user Service application in real time through the IP providing Service, when the IP providing Service detects that the Service needs to provide the Service for the external, the IP providing Service sends a request instruction to the container management platform, the container management Service receives the request instruction, the container management Service applies for load balance to the public cloud application server, the container management Service creates a container of an intranet penetration Service end, the container management Service sends the public network IP and a port to the IP providing Service, the IP providing Service receives the public network IP and the port, the IP providing Service creates a container of an intranet penetration client, the intranet penetration client is connected to the intranet penetration Service end to issue the Service to the public network, and the problem that the efficiency is low due to the fact that manual configuration is needed for providing public network access for the Service deployed in the intranet kubernets cluster is solved, the method and the device realize the automatic configuration of the service provided by the intranet in the kubernets cluster to access the public network, and improve the working efficiency.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram showing a structure of a system for providing a public network access capability according to an intranet kubernets cluster in the related art;
fig. 2 is a block diagram of a system for providing public network access capability through an intranet kubernets according to an embodiment of the present disclosure;
fig. 3 is a flowchart of a method for providing public network access capability by intranet kubernets according to an embodiment of the present application;
fig. 4 is a flowchart of a method for canceling public network access capability of an internal network kubernets according to the present embodiment;
fig. 5 is a flowchart of a public network access capability method of the intranet kubernets according to the embodiment.
Description of the drawings: 21. a user service application; 22. IP provides service; 23. a container management service; 24. a container management platform; 25. the intranet penetrates through the server; 26. the intranet penetrates the client.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
In the related art, fig. 1 is a block diagram of a system for providing public network access capability according to an intranet kubernets cluster in the related art, as shown in fig. 1, a user in the related art realizes intranet penetration through business software, firstly, a client of the business software needs to be installed in an intranet server, when the user has a service to be published, the service to be published needs to be manually configured on the business client, and then the service is published on a public network through a business server, so that security of data transmission is not guaranteed, cost is increased due to the use of the business software, and in addition, when a large amount of services need to be published, frequent manual configuration causes reduction of work efficiency.
An embodiment of the present application provides a system for providing public network access to the outside through an intranet kubernets, where fig. 2 is a structural block diagram of the system for providing public network access capability through the intranet kubernets according to the embodiment of the present application, and as shown in fig. 2, the system includes: the system comprises a user business application 21, an IP providing service 22, a container management service 23, a container management platform 24, an intranet penetration service terminal 25 and an intranet penetration client 26, wherein the user business application 21 and the IP providing service 22 are deployed in an intranet user kubernets cluster, the container management service 23 is deployed in the container management platform 24, and the container management platform 24 is deployed in a public cloud.
The IP providing Service 22 detects Service created by the user Service application 21 in real time, when the IP providing Service 22 detects that Service needs to be provided to the outside, the IP providing Service 22 sends a request instruction to the container management platform 24, the container management Service 23 receives the request instruction, the container management Service 23 applies for Server Load balancing (Server Load Balancer) to public cloud, the container management Service 23 creates a container of an intranet penetration Service end 25, the container management Service 23 sends public network IP and ports to the IP providing Service 22, the IP providing Service 22 receives public network IP and ports, the IP providing Service 22 creates a container of an intranet penetration client 26, the intranet penetration client 26 is connected to the intranet penetration Service end 25, and Service is issued to the public network.
Through the embodiment of the application, as the IP providing Service 22 detects the Service created by the user Service application 21 in real time, and when it is detected that the Service needs to be provided to the outside, the IP providing Service 22 sends a request instruction to the container management Service 23, the container management Service 23 applies for resources to the public cloud and creates a container of the intranet penetration Service end 25, and returns a message to the IP providing Service 22, the IP providing Service 22 creates a container of the intranet penetration client 26, the intranet penetration client 26 is connected to the intranet penetration Service end 25, and issues the Service to the public network, the user does not need to manually apply for the public cloud resources, and manually configures the intranet penetration Service end 25 and the intranet penetration client 26, the problem that the Service provided by the intranet in the intranet kubernets cluster needs to be manually configured, so that the efficiency is low is solved, the automatic configuration of the Service provided by the intranet kubernets cluster is realized, the working efficiency is improved.
In some embodiments, the IP providing Service 22 detects, in real time, a Service created by the user Service application 21, where the Service created by the user Service application 21 is of a ClusterIP type, and the Service of the type can only be accessed inside a kubernets cluster, and it should be noted that the Service is a high-level abstraction in the kubernets. Service logically groups of containers (Pod) and sets a policy for access. Grouping is generally achieved by means of Label and Selector, App is used as Key, Database (Database) and front end module (Frontend) are used as Value to distinguish container group (Pod), and by means of Selector (App = Frontend and App = Database), these container group (Pod) can be divided into two logic groups, namely two services, services in kubernets cluster are of three types, services of ClusterIP type obtain their VirtualIP through ClusterIP, VirtualIP is used for communicating with other services and can only be accessed inside clusters; a Service of the NodePort type can create a Cluster IP and map one port on all worker nodes to the Service; the LoadBalancer type Service can automatically create NodePort and ClusterIP, the external load balancer can automatically go up, the Service can be exposed on a static port, and the Service can be exposed to the public network through the load balancer provided by the underlying cluster provider.
In some specific embodiments, the user installs the IP providing service 22 on its own kubernets cluster, the IP providing service 22 actively registers the user kubernets cluster with the cloud platform where the container management platform 24 is located, and the case where the IP providing service 22 detects that the service needs to provide the service to the outside includes: the IP providing Service 22 detects that Service describes a situation that a public network IP and a port open to the outside are required, wherein a user declares a yaml file of the external providing Service in the user Service application 21, and the contents are roughly as follows:
kind: Service
apiVersion: v1
metadata:
annotations:
service.beta.Kubernetes.io/lstack.ip.provider: '10M'
# indicates an IP offering a bandwidth of 10M.
name: app-dist-slb
namespace: default
ports:
- name: cs-service-0
port: 80
protocol: TCP
targetPort: 80
selector:
app: app-dist
type: clusterIp
The IP providing Service 22 detects that the user writes the above yaml file through the user Service application 21, actively requests the public network IP with 10M bandwidth to the container management Service 23, the container management Service 23 creates a container of the intranet penetration Service 25, applies for the public network IP or Server Load balancing (Server Load Balancer) to the public cloud, and binds to the operation host of the corresponding container of the intranet penetration Service 25, the container management Service 23 sends the monitoring port and token of the authentication authority of the public network IP and intranet penetration Service 25 to the IP providing Service 22, the IP providing Service 22 receives the returned information, generates a configuration file according to the returned monitoring port and token of the intranet penetration Service 25 and token of the authentication authority of the public network IP and intranet penetration Service 25, and the monitoring port 80 defined in the Service describing the port requiring the public network IP and the port open to the outside, creates a container of the intranet penetration client 26, the general contents of the configuration file are as follows:
[common]
server _ addr = x.x.x.x// server address
server _ port = 7000// service port
token = 123456
[http]
type = tcp
local _ ip = app-dist-slb// domain name pointing to service
local _ port = 80// app-dist-slb port of this service
remote _ port = 80// open 80 ports at the server
The configuration file includes, but is not limited to, an address of the intranet penetration server, a port opened to the outside, a domain name pointing to a service, a port for providing a service to the outside, a token for authentication authority, and a port opened at the intranet penetration server 25, and after the intranet penetration server 25 and the intranet penetration client 26 are automatically configured, the intranet penetration client 26 is connected to the intranet penetration server 25 to issue the service to the public network.
Through the embodiment, the IP providing Service 22 detects the Service created by the user Service application 21 in real time, and when detecting that the Service needs to provide Service to the outside, the IP providing Service 22 sends a request instruction to the container management Service 23, the container management Service 23 applies for a public network IP with a bandwidth of 10M and a container creating an intranet penetration Service end 25 to the public cloud, and returns a message to the IP providing Service 22, the IP providing Service 22 creates a container of an intranet penetration client 26, and configures the intranet penetration client 26 through a configuration file, the intranet penetration client 26 is connected to the intranet penetration Service end 25, and issues the Service to the public network, so that the user does not need to manually apply for public cloud resources, and manually configures the intranet penetration Service end 25 and the intranet penetration client 26, and the problem that the Service providing public network access deployed in an intranet kubernet cluster needs to be manually configured, which causes low efficiency is solved, the method and the device realize the automatic configuration of the service provided by the intranet in the kubernets cluster to access the public network, and improve the working efficiency.
In some embodiments, the IP providing Service 22 detects services created by the user Service application 21 in real time, and when it is detected that services corresponding to a plurality of services need to be provided to the outside;
the IP providing service 22 sends a request instruction to the container management platform 24, and the container management service 23 receives the request instruction;
the container management Service 23 applies for a plurality of server load balances from the public cloud, and the plurality of server load balances correspond to the plurality of services one by one;
the container management service 23 creates a plurality of containers of the intranet penetration service terminals 25, and the plurality of server load balancing configuration backend servers point to the containers of the intranet penetration service terminals 25 one by one;
the container management service 23 sends a plurality of public network IPs and a plurality of ports to the IP providing service 22, and the IP providing service 22 receives the public network IPs and the ports;
the IP providing Service 22 creates a container of a plurality of intranet-penetrating clients, and the intranet-penetrating clients 26 are connected to the intranet-penetrating server 25 in a one-to-one correspondence, and distribute services corresponding to a plurality of services to the public network. According to the embodiment, the IP providing Service 22 automatically creates a plurality of containers of intranet penetration clients, the container management Service 23 automatically creates containers of a plurality of intranet penetration servers 25, the intranet penetration clients 26 are connected to the intranet penetration servers 25 in a one-to-one correspondence manner, and issues services corresponding to a plurality of services to the public network, so that the problem that the efficiency is low due to the fact that manual configuration is required to be carried out when services deployed in an intranet kubernets cluster provide public network access in batches is solved, automatic configuration of the services deployed in the intranet kubernets cluster provide public network access in batches is achieved, and working efficiency is improved.
In some embodiments, the process of canceling, by the user Service application 21, the Service published to the public network by the intranet user kubernets cluster is as follows, where the IP providing Service 22 detects, in real time, the Service created by the user Service application 21, and in a case that the Service is detected to be deleted, the IP providing Service 22 deletes the container of the intranet transparent client 26, and sends an IP release request to the container management Service 23;
the container management service 23 receives the IP release request, the container management service 23 sends the IP release request to the public cloud, and the container management platform 24 deletes the container of the intranet penetration service 25.
Through the embodiment, the IP providing Service 22 detects the Service created by the user Service application 21 in real time, and when detecting that the Service has been deleted, the IP providing Service 22 deletes the container of the intranet-penetrating client 26 and sends an IP release request to the container management Service 23, and the container management Service 23 receives the IP release request, sends the IP release request to the public cloud, and deletes the container of the intranet-penetrating server 25, so that the user does not need to manually release the public network IP of the public cloud, and manually deletes the intranet-penetrating server 25 and the intranet-penetrating client 26, thereby solving the problem that the efficiency is low because the Service deployed in the intranet kubernets cluster is manually configured to cancel the public network access, realizing the automatic configuration of the Service deployed in the intranet kubernets cluster to cancel the public network access, and improving the working efficiency.
The embodiment of the present application provides a method for providing public network access to the outside through an intranet kubernets, fig. 3 is a flowchart of a method for providing public network access capability through the intranet kubernets according to the embodiment of the present application, and as shown in fig. 3, the method includes the following steps:
s302, the intranet penetration mechanism detects the Service created by the user Service application 21 in real time through the IP providing Service 22;
s304, when the IP providing service 22 detects that the service needs to be provided to the outside, the IP providing service 22 sends a request instruction to the container management platform 24;
s306, the intranet penetration mechanism receives a request instruction through the container management service 23 deployed on the container management platform 24, the container management service 23 applies load balance to the public cloud server, the container management service 23 creates a container of the intranet penetration service end 25, and the container management service 23 sends the public network IP and a port to the IP providing service 22;
s308, the intranet penetration mechanism receives the public network IP and the port through the IP providing service 22, and the IP providing service 22 creates a container of the intranet penetration client 26;
s310, the intranet penetration mechanism is connected to the intranet penetration server 25 through the intranet penetration client 26, and issues the service to the public network.
Through steps S302 to S310 in the embodiment of the present application, the IP providing Service 22 detects, in real time, a Service created by the user Service application 21, and when it is detected that a Service needs to be provided to the outside, the IP providing Service 22 sends a request instruction to the container management Service 23, the container management Service 23 applies for resources to the public cloud and creates a container of the intranet penetration Service end 25, and returns a message to the IP providing Service 22, the IP providing Service 22 creates a container of the intranet penetration client 26, the intranet penetration client 26 is connected to the intranet penetration Service end 25, and issues the Service to the public network, so that a user does not need to manually apply for the public cloud resources and manually configure the intranet penetration Service end 25 and the intranet penetration client 26, thereby solving the problem that the manual configuration of the Service providing public network access deployed in the intranet kubernets cluster is necessary to perform the manual configuration, and realizing the automatic configuration of the Service providing public network access deployed in the intranet kuberes cluster, the working efficiency is improved.
In some embodiments, the case where the IP providing service 22 detects that the service needs to be provided to the outside includes: the IP providing Service 22 detects that the Service describes a case where a public network IP and a port open to the outside are required.
In some embodiments, the container management service 23 applies for server load balancing to a public cloud, the container management service 23 creates a container of the intranet penetration service 25, and the container management service 23 sends a public network IP and a port to the IP providing service 22, and the method includes: the container management service 23 applies for server load balancing to the public cloud, the container management service 23 creates a container of the intranet penetration service end 25, the server load balancing configures the backend service group as a cloud host where the container of the intranet penetration service end 25 is located, and the container management platform 24 sends the configured public network IP and port to the IP providing service 22.
In some of these embodiments, the IP provisioning service 22 creating a container for intranet pass-through clients 26 includes: the IP providing Service 22 configures the intranet pass-through client 26 with the address of the intranet pass-through server 25 and the domain name of Service.
In some embodiments, fig. 4 is a flowchart of a method for canceling public network access capability according to the intranet kubernets of this embodiment, and as shown in fig. 4, the method includes the following steps:
s402, the intranet penetration mechanism detects the Service created by the user Service application 21 in real time through the IP providing Service 22;
s404, when the IP providing Service 22 detects that Service is deleted, the IP providing Service 22 deletes the container of the intranet penetration client 26 and sends an IP release request to the container management platform 24;
s406, the intranet penetration mechanism receives the IP release request through the container management platform 24, the container management platform 24 sends the IP release request to the public cloud, and the container of the intranet penetration server 25 is deleted;
through steps S402 to S406 in this embodiment, the IP providing Service 22 detects, in real time, a Service created by the user Service application 21, and when detecting that the Service has been deleted, the IP providing Service 22 deletes a container of the intranet penetration client 26 and sends an IP release request to the container management Service 23, and the container management Service 23 receives the IP release request, sends the IP release request to the public cloud and deletes a container of the intranet penetration server 25, so that the user does not need to manually release the public network IP of the public cloud, and manually delete a container of the intranet penetration server 25 and a container of the intranet penetration client 26, thereby solving the problem that the efficiency is low because manual configuration is necessary for canceling the public network access by a Service deployed in an intranet kubernets cluster, and realizing automatic configuration of canceling the public network access by a Service deployed in the intranet kubernets cluster, thereby improving the working efficiency.
In some specific embodiments, fig. 5 is a flowchart of a public network access capability method of an intranet kubernets according to the specific embodiment, and as shown in fig. 5, the method includes the following steps:
s502, the intranet penetration mechanism detects the Service created by the user Service application 21 in real time through the IP providing Service 22;
s504, when the IP providing Service 22 detects that the Service describes a port which needs the public network IP and is open to the outside, the IP providing Service 22 sends a request instruction to the container management platform 24;
s506, the intranet penetration mechanism receives the request instruction through the container management service 23 deployed on the container management platform 24, the container management service 23 applies for server load balancing to the public cloud, the container management service 23 creates a container of the intranet penetration service end 25, the server load balancing configures the backend service set as a cloud host where the container of the intranet penetration service end 25 is located, and the container management platform 24 sends the configured public network IP and port to the IP providing service 22;
s508, the internal network penetration mechanism receives the public network IP and the port through the IP providing Service 22, the IP providing Service 22 creates a container of the internal network penetration client 26, and the IP providing Service 22 configures the address of the internal network penetration Service 25 and the domain name of the Service for the internal network penetration client 26;
s510, the intranet penetration mechanism is connected to the intranet penetration server 25 through the intranet penetration client 26, and issues the service to the public network;
s512, when the IP providing Service 22 detects that Service is deleted, the IP providing Service 22 deletes the container of the intranet penetration client 26 and sends an IP release request to the container management platform 24;
s514, the intranet penetration mechanism receives the IP release request through the container management platform 24, and the container management platform 24 sends the IP release request to the public cloud and deletes the container of the intranet penetration server 25.
Through steps S502 to S514 of this embodiment, the IP providing Service 22 detects, in real time, a Service created by the user Service application 21, and when detecting that a Service needs to be provided to the outside, the IP providing Service 22 sends a request instruction to the container management Service 23, the container management Service 23 applies for a public network IP and creates a container of the intranet penetration Service 25 to the public cloud, and returns a message to the IP providing Service 22, the IP providing Service 22 creates a container of the intranet penetration client 26, and configures the intranet penetration client 26 through a configuration file, the intranet penetration client 26 is connected to the intranet penetration Service 25, and issues the Service to the public network; under the condition that Service is detected to be deleted, the IP providing Service 22 deletes the container of the intranet penetration client 26 and sends an IP release request to the container management Service 23, the container management Service 23 receives the IP release request and sends the IP release request to the public cloud and deletes the container of the intranet penetration client 25, so that a user does not need to manually apply or release the public network IP of the public cloud, manually create or delete the container of the intranet penetration client 25 and the container of the intranet penetration client 26, the problem of low efficiency caused by manual configuration when services deployed in the intranet kubernets cluster provide public network access and cancel public network access functions is solved, automatic configuration of providing public network access and canceling public network access for the services deployed in the intranet kubernets cluster is achieved, and working efficiency is improved.
It should be understood by those skilled in the art that various features of the above-described embodiments can be combined in any combination, and for the sake of brevity, all possible combinations of features in the above-described embodiments are not described in detail, but rather, all combinations of features which are not inconsistent with each other should be construed as being within the scope of the present disclosure.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for providing public network access to the outside through intranet kubernets is characterized by comprising the following steps:
the method comprises the steps that an intranet penetration mechanism detects Service created by user Service application in real time through IP providing Service, and the IP providing Service sends a request instruction to a container management platform under the condition that the IP providing Service detects that the Service needs to provide Service to the outside;
the intranet penetration mechanism receives the request instruction through a container management service deployed on the container management platform, the container management service applies load balance to a public cloud server, the container management service creates a container of an intranet penetration service end, and the container management service sends a public network IP and a port to the IP providing service;
the intranet penetration mechanism receives the public network IP and the port through the IP providing service, and the IP providing service creates a container of an intranet penetration client;
the intranet penetration mechanism is connected to the intranet penetration server through the intranet penetration client, and the service is issued to a public network.
2. The method of claim 1, wherein the detecting that the service needs to be provided to the outside by the IP providing service comprises: the IP providing Service detects that the Service describes the condition that a public network IP and a port which is open to the outside are needed.
3. The method of claim 1, wherein the container management service applies for server load balancing to a public cloud, wherein the container management service creates an intranet pass-through server container, wherein the container management service sends a public network IP and port to the IP provisioning service, and wherein the method comprises: container management service applies for server load balancing to public cloud, container management service establishes the container that the intranet pierces through the service end, server load balancing is with rear end service group configuration the intranet pierces through the cloud host computer at service end's container place, public network IP and the port after the container management platform will dispose are sent to the IP provides service.
4. The method of claim 1, wherein the IP provisioning service creating a container for intranet-penetrating clients comprises: and the IP providing Service configures the address of the intranet penetration Service terminal and the domain name of the Service for the intranet penetration client.
5. A method for providing public network access to the outside through intranet kubernets is characterized by comprising the following steps:
the method comprises the steps that a user Service application cancels and releases a Service which is published on a public network and is created by an intranet user kubernets cluster, an intranet penetration mechanism detects Service created by the user Service application in real time through IP providing Service, and the IP providing Service deletes a container of an intranet penetration client and sends an IP release request to a container management platform under the condition that the Service is detected to be deleted;
and the intranet penetration mechanism receives the IP release request through the container management platform, the container management platform sends the IP release request to the public cloud, and deletes the container of the intranet penetration server.
6. A system for providing public network access to the outside through kubernets in an internal network, the system comprising: the system comprises a user business application, an IP providing service, a container management platform, an intranet penetration client and an intranet penetration service end, wherein the user business application and the IP providing service are deployed in an intranet user kubernets cluster, the container management service is deployed in the container management platform, and the container management platform is deployed in a public cloud;
the IP providing Service detects the Service created by the user Service application in real time, and sends a request instruction to the container management platform when the IP providing Service detects that the Service needs to provide the Service to the outside;
the container management service receives the request instruction, applies for load balancing to a public cloud server, creates a container of the intranet penetration service end, and sends a public network IP and a port to the IP providing service;
the IP providing service receives the public network IP and the port, and the IP providing service creates a container of the intranet penetrating client;
and the intranet penetration client is connected to the intranet penetration server to release the service to the public network.
7. The system of claim 6, wherein the case that the IP providing service detects that the service needs to be provided to the outside comprises: the IP providing Service detects that the Service describes the condition that a public network IP and a port which is open to the outside are needed.
8. The system of claim 6, wherein the container management service applies for server load balancing to a public cloud, the container management service creates a container of the intranet pass-through service, the container management service sends a public network IP and port to the IP provisioning service, the system comprising: container management service applies for server load balancing to public cloud, container management service establishes the container that the intranet pierces through the service end, server load balancing is with rear end service group configuration the intranet pierces through the cloud host computer at service end's container place, public network IP and the port after the container management platform will dispose are sent to the IP provides service.
9. The system according to claim 6, wherein the IP provisioning service creating the container for the intranet pass-through client comprises: and the IP providing Service configures the address of the intranet penetration Service terminal and the domain name of the Service for the intranet penetration client.
10. The system of claim 6, wherein the system comprises:
the method comprises the following steps that a user Service application cancels the release of a Service which is published on a public network and is created by an intranet user kubernets cluster, the IP providing Service detects the Service created by the user Service application in real time, and deletes a container of an intranet penetrating client side and sends an IP release request to the container management Service under the condition that the Service is detected to be deleted;
the container management service receives the IP release request, the container management service sends the IP release request to a public cloud, and the container management platform deletes the container of the intranet penetration service end.
CN202110121213.XA 2021-01-28 2021-01-28 Method and system for providing public network access for external through intranet kubernets Active CN112448856B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110121213.XA CN112448856B (en) 2021-01-28 2021-01-28 Method and system for providing public network access for external through intranet kubernets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110121213.XA CN112448856B (en) 2021-01-28 2021-01-28 Method and system for providing public network access for external through intranet kubernets

Publications (2)

Publication Number Publication Date
CN112448856A true CN112448856A (en) 2021-03-05
CN112448856B CN112448856B (en) 2021-05-07

Family

ID=74740149

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110121213.XA Active CN112448856B (en) 2021-01-28 2021-01-28 Method and system for providing public network access for external through intranet kubernets

Country Status (1)

Country Link
CN (1) CN112448856B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822061A (en) * 2021-04-16 2021-05-18 杭州朗澈科技有限公司 Method and system for exposing service to outside by edge node
CN113566822A (en) * 2021-06-30 2021-10-29 杭州易现先进科技有限公司 Method and system for providing visual positioning navigation service
CN113835911A (en) * 2021-11-23 2021-12-24 深圳市明源云科技有限公司 Intranet penetration agent method, system, host and computer readable storage medium
CN114039949A (en) * 2021-12-24 2022-02-11 上海观安信息技术股份有限公司 Cloud service floating IP binding method and system
CN114553414A (en) * 2022-03-03 2022-05-27 合肥浩瀚深度信息技术有限公司 Intranet penetration method and system based on HTTPS service
CN114785761A (en) * 2022-03-22 2022-07-22 杭州指令集智能科技有限公司 Advanced k8s cluster intercommunication method in Internet of things operating system
CN114915545A (en) * 2022-05-20 2022-08-16 深圳市证通电子股份有限公司 Application scheduling deployment management method based on DHCP network high-availability cluster
CN116455868A (en) * 2023-03-29 2023-07-18 成都康胜思科技有限公司 Integrated service system based on universal domain name resolution and private protocol intranet penetration

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302604A (en) * 2017-06-30 2017-10-27 挖财网络技术有限公司 PaaS platform method for configuring domain name and device and electronic equipment based on Kubernetes
CN108924268A (en) * 2018-09-11 2018-11-30 网宿科技股份有限公司 A kind of container cloud service system and pod creation method, device
CN111193783A (en) * 2019-12-19 2020-05-22 新浪网技术(中国)有限公司 Service access processing method and device
US10778798B2 (en) * 2018-10-24 2020-09-15 Hewlett Packard Enterprise Development Lp Remote service access in a container management system
CN112202940A (en) * 2020-10-27 2021-01-08 杭州朗澈科技有限公司 Pod service mode for external exposure of kubernets

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302604A (en) * 2017-06-30 2017-10-27 挖财网络技术有限公司 PaaS platform method for configuring domain name and device and electronic equipment based on Kubernetes
CN108924268A (en) * 2018-09-11 2018-11-30 网宿科技股份有限公司 A kind of container cloud service system and pod creation method, device
US10778798B2 (en) * 2018-10-24 2020-09-15 Hewlett Packard Enterprise Development Lp Remote service access in a container management system
CN111193783A (en) * 2019-12-19 2020-05-22 新浪网技术(中国)有限公司 Service access processing method and device
CN112202940A (en) * 2020-10-27 2021-01-08 杭州朗澈科技有限公司 Pod service mode for external exposure of kubernets

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ISEA533: ""基于 k8s 的 frp 内网穿透配置"", 《HTTPS://WWW.IT610.COM/ARTICLE/1289780429049634816.HTM,基于 K8S 的 FRP 内网穿透配置》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822061B (en) * 2021-04-16 2021-07-20 杭州朗澈科技有限公司 Method and system for exposing service to outside by edge node
CN112822061A (en) * 2021-04-16 2021-05-18 杭州朗澈科技有限公司 Method and system for exposing service to outside by edge node
CN113566822A (en) * 2021-06-30 2021-10-29 杭州易现先进科技有限公司 Method and system for providing visual positioning navigation service
CN113835911A (en) * 2021-11-23 2021-12-24 深圳市明源云科技有限公司 Intranet penetration agent method, system, host and computer readable storage medium
CN113835911B (en) * 2021-11-23 2022-03-01 深圳市明源云科技有限公司 Intranet penetration agent method, system, host and computer readable storage medium
CN114039949B (en) * 2021-12-24 2024-03-26 上海观安信息技术股份有限公司 Cloud service floating IP binding method and system
CN114039949A (en) * 2021-12-24 2022-02-11 上海观安信息技术股份有限公司 Cloud service floating IP binding method and system
CN114553414A (en) * 2022-03-03 2022-05-27 合肥浩瀚深度信息技术有限公司 Intranet penetration method and system based on HTTPS service
CN114553414B (en) * 2022-03-03 2024-04-05 合肥浩瀚深度信息技术有限公司 Intranet penetration method and system based on HTTPS service
CN114785761A (en) * 2022-03-22 2022-07-22 杭州指令集智能科技有限公司 Advanced k8s cluster intercommunication method in Internet of things operating system
CN114915545A (en) * 2022-05-20 2022-08-16 深圳市证通电子股份有限公司 Application scheduling deployment management method based on DHCP network high-availability cluster
CN114915545B (en) * 2022-05-20 2024-01-26 深圳市证通电子股份有限公司 Application scheduling deployment management method based on DHCP network cluster
CN116455868A (en) * 2023-03-29 2023-07-18 成都康胜思科技有限公司 Integrated service system based on universal domain name resolution and private protocol intranet penetration
CN116455868B (en) * 2023-03-29 2023-11-07 成都康胜思科技有限公司 Integrated service system based on universal domain name resolution and private protocol intranet penetration

Also Published As

Publication number Publication date
CN112448856B (en) 2021-05-07

Similar Documents

Publication Publication Date Title
CN112448856B (en) Method and system for providing public network access for external through intranet kubernets
CN110535831B (en) Kubernetes and network domain-based cluster security management method and device and storage medium
WO2021036265A1 (en) Method and device for edge cloud fusion management
CA2943250C (en) Method and system for ensuring an application conforms with security and regulatory controls prior to deployment
US20190356693A1 (en) Selectively providing mutual transport layer security using alternative server names
CA3101982C (en) Domain pass-through authentication in a hybrid cloud environment
EP3138263B1 (en) Method and system for providing reference architecture pattern-based permissions management
CN111290865A (en) Service calling method and device, electronic equipment and storage medium
CN103685608B (en) A kind of method and device for automatically configuring secure virtual machine IP address
CN103119907A (en) Systems and methods for providing a smart group
US20070117560A1 (en) Remote testing of mobile terminals
CN112202615B (en) Multi-CNI cooperative work system and method
CN112468476B (en) Equipment management system and method for different types of terminals to access application
WO2020040556A1 (en) Web browser-based scraping system and method
CN112099913A (en) Method for realizing safety isolation of virtual machine based on OpenStack
CN112434302B (en) Multitask collaboration vulnerability platform and construction method and service method thereof
CN114285850A (en) Cross-cluster multi-tenant resource management system based on container platform
CN114942826A (en) Cross-network multi-cluster system, access method thereof and cloud computing equipment
CN112202744B (en) Multi-system data communication method and device
CN115022408A (en) Data transmission method and device based on service grid and electronic equipment
CN103391294A (en) Remote method invocation based on service description
CN107623699A (en) A kind of encryption system based on cloud environment
CN104618313B (en) Safety management system and method
CN109104482A (en) A kind of distributed system of earth mat platform
CN112637111B (en) Virtualized cloud platform system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220726

Address after: 100094 Room 502, floor 5, building 16, East District, yard 10, northwest Wangdong Road, Haidian District, Beijing

Patentee after: Softcom power information technology (Group) Co.,Ltd.

Address before: 311100 Room 802, building 12, 1818-2, Wenyi West Road, Yuhang street, Yuhang District, Hangzhou City, Zhejiang Province

Patentee before: HANGZHOU LANGCHE TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220825

Address after: 518000 floor 2-24, building a, Zhongshe Plaza, No.1028, Buji Road, Dongxiao street, Luohu District, Shenzhen City, Guangdong Province

Patentee after: Shenzhen Softcom Power Information Technology Co.,Ltd.

Address before: 100094 Room 502, floor 5, building 16, East District, yard 10, northwest Wangdong Road, Haidian District, Beijing

Patentee before: Softcom power information technology (Group) Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240802

Address after: Unit 1625, North Building 1, No. 195 Linlin Middle Road, Huangpu District, Guangzhou City, Guangdong Province 510000

Patentee after: Softtek Intelligent Computing Technology (Guangdong) Group Co.,Ltd.

Country or region after: China

Address before: 518000 floor 2-24, building a, Zhongshe Plaza, No.1028, Buji Road, Dongxiao street, Luohu District, Shenzhen City, Guangdong Province

Patentee before: Shenzhen Softcom Power Information Technology Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right