CN112702441B - Container-based access data processing method, device, system and storage medium - Google Patents

Container-based access data processing method, device, system and storage medium Download PDF

Info

Publication number
CN112702441B
CN112702441B CN202110007739.5A CN202110007739A CN112702441B CN 112702441 B CN112702441 B CN 112702441B CN 202110007739 A CN202110007739 A CN 202110007739A CN 112702441 B CN112702441 B CN 112702441B
Authority
CN
China
Prior art keywords
container
container group
access data
group
direct
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110007739.5A
Other languages
Chinese (zh)
Other versions
CN112702441A (en
Inventor
练子豪
索舜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Leading Technology Co Ltd
Original Assignee
Nanjing Leading Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Leading Technology Co Ltd filed Critical Nanjing Leading Technology Co Ltd
Priority to CN202110007739.5A priority Critical patent/CN112702441B/en
Publication of CN112702441A publication Critical patent/CN112702441A/en
Application granted granted Critical
Publication of CN112702441B publication Critical patent/CN112702441B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a container-based access data processing method, a device, a system and a storage medium, comprising the following steps: generating a service configuration file corresponding to each node in the container arrangement engine; wherein each of the nodes includes at least one container group; dynamically monitoring each service configuration file through a traffic import gateway; reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result of the flow lead-in gateway; wherein the container direct access data includes a container group IP address. The technical scheme of the embodiment of the invention can avoid the problems of port conflict and service interruption existing in the direct access of the container group, and reduce the configuration cost and maintenance cost of the direct access of the container group, thereby improving the direct access performance of the container group.

Description

Container-based access data processing method, device, system and storage medium
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a container-based access data processing method, device and system and a storage medium.
Background
The direct access of the container group (pod) refers to the IP address of the cluster container group through a Kubernetes (container orchestration engine, abbreviated as K8 s), and the service container in the container group is directly accessed according to the obtained IP address.
Currently, two implementations of container group direct access methods exist. The first container group direct access method is to map to a service based on the node IP address (ndoe_ip) where the container group is located and the node port (node port), and then register the service in the nginx gateway. That is, when the first container group direct connection access method directly accesses the container group, the mapping relationship between the node IP address and the node port needs to be obtained according to the service, so as to determine the address of the container group according to the mapping relationship between the node IP address and the node port and the mapping relationship between the node port and the service port of the container group. The second method of direct access to the container group is a hostnetwork method using Kubernetes, which uses the Kubernetes node IP address plus the service port of the container group to access the container group directly.
The inventors have found that the following drawbacks exist in the prior art in the process of implementing the present invention: the first container group direct connection access method needs to perform a large amount of configuration work on Kubernetes, a single node port of Kubernetes needs to be used for generating one service at a time, a large amount of service needs to occupy a large amount of node ports, and a mapping relation between the node ports and service ports of the container group needs to be manually maintained, and meanwhile, an external gateway cannot be effectively supported. In the second container group direct access method, a single node can only bear one container group with the same service, and a plurality of container groups with the same service can cause the problem of port conflict. Meanwhile, because the identity of the container group uses the node IP address, when the container group is restarted and resource scheduling to other nodes occurs, the identity of the container group can be changed, the mapping relation between the container group and the node IP address is required to be manually maintained, and otherwise, the problem of service link interruption can be caused. Meanwhile, the two container group direct connection access methods all require developers to master deep knowledge reserves for the Kubernetes, and more configuration work is required for the Kubernetes.
Disclosure of Invention
The embodiment of the invention provides a container-based access data processing method, device, system and storage medium, which are used for avoiding port conflict and service interruption problems in direct access of a container group, reducing configuration cost and maintenance cost of the direct access of the container group and improving direct access performance of the container group.
In a first aspect, an embodiment of the present invention provides a method for processing access data based on a container, which is applied to a container orchestration engine, and includes:
generating a service configuration file corresponding to each node in the container arrangement engine; wherein each of the nodes includes at least one container group;
dynamically monitoring each service configuration file through a traffic import gateway;
reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result of the flow lead-in gateway;
wherein the container direct access data includes a container group IP address.
In a second aspect, an embodiment of the present invention further provides a method for processing access data based on a container, which is applied to a client, and includes:
determining target container direct access data of a target container group according to the local container direct access data;
generating a container group direct access request according to the target container direct access data;
Sending the container group direct access request to a container orchestration engine to directly access the target container group through the container group direct access request;
wherein the local container direct access data includes a target container group IP address.
In a third aspect, an embodiment of the present invention further provides a container-based access data processing apparatus configured in a container orchestration engine, including:
the configuration file generation module is used for generating service configuration files corresponding to all nodes in the container arrangement engine; wherein each of the nodes includes at least one container group;
the traffic import gateway is used for dynamically monitoring each service configuration file; reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result;
wherein the container direct access data includes a container group IP address.
In a fourth aspect, an embodiment of the present invention further provides a container-based access data processing apparatus configured on a client, including:
the target container direct access data determining module is used for determining target container direct access data of the target container group according to the local container direct access data;
the container group direct access request generation module is used for generating a container group direct access request according to the target container direct access data;
The container group direct access request sending module is used for sending the container group direct access request to a container arrangement engine so as to directly access the target container group through the container group direct access request;
wherein the local container direct access data includes a target container group IP address.
In a fifth aspect, embodiments of the present invention further provide a container-based access data processing system, comprising a container orchestration engine and a client, the container orchestration engine and the client being communicatively connected; wherein:
the container arrangement engine is used for generating service configuration files corresponding to all nodes in the container arrangement engine; wherein each of the nodes includes at least one container group; dynamically monitoring each service configuration file through a traffic import gateway; reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result of the flow lead-in gateway;
the client is used for determining target container direct-connection access data of the target container group according to the local container direct-connection access data; generating a container group direct access request according to the target container direct access data; sending the container group direct access request to a container orchestration engine to directly access the target container group through the container group direct access request;
Wherein the container direct access data comprises a container group IP address; the local container direct access data includes a target container group IP address.
In a sixth aspect, an embodiment of the present invention further provides a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the container-based access data processing method provided by any embodiment of the present invention.
After the service configuration files corresponding to all nodes in the container arrangement engine are generated through the container arrangement engine, the service configuration files are dynamically monitored through the flow import gateway in the container arrangement engine, and container direct connection access data of container groups in all nodes are reported to a client according to the dynamic monitoring result of the flow import gateway. The client can determine target container direct-connection access data of the target container group according to the local container direct-connection access data, generate a container group direct-connection access request according to the target container direct-connection access data, send the container group direct-connection access request to the container arrangement engine, and realize direct-connection access to the target container group through the container group direct-connection access request.
Drawings
FIG. 1 is a flow chart of a method for processing access data based on a container according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a system for direct connection of a container set according to a first embodiment of the present invention;
FIG. 3 is a schematic diagram of an update structure of an ingress-nginx configuration file according to a first embodiment of the present invention;
fig. 4 is a schematic flow chart of updating an IP address of a container set by an ingress module according to a first embodiment of the present invention;
FIG. 5 is a flow chart of a method for processing access data based on a container according to a second embodiment of the present invention;
fig. 6 is a schematic flow chart of a client accessing a container set according to a second embodiment of the present invention;
FIG. 7 is a timing diagram of a data flow of a direct access container set according to a second embodiment of the present invention;
FIG. 8 is a schematic diagram of a container-based access data processing system provided in accordance with a third embodiment of the present invention;
FIG. 9 is a schematic diagram of a container-based access data processing apparatus according to a fourth embodiment of the present invention;
fig. 10 is a schematic diagram of a container-based access data processing apparatus according to a fifth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof.
It should be further noted that, for convenience of description, only some, but not all of the matters related to the present invention are shown in the accompanying drawings. Before discussing exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart depicts operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently, or at the same time. Furthermore, the order of the operations may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figures. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example 1
Fig. 1 is a flowchart of a container-based access data processing method according to a first embodiment of the present invention, and fig. 2 is a schematic architecture diagram of a container group direct connection system according to a first embodiment of the present invention, where the present embodiment is applicable to a case where a container orchestration engine reports container direct connection access data including an IP address of a container group to a client, where the method may be performed by a container-based access data processing device, which may be implemented in a software and/or hardware manner, and may be generally integrated in the container orchestration engine, and used with a client for directly accessing the container group. Accordingly, as shown in fig. 1 and 2, the method includes the following operations:
S110, generating service configuration files corresponding to all nodes in the container arrangement engine; wherein each of the nodes includes at least one container group.
Wherein the container orchestration engine may be used to manage containers and groups of containers, one group of containers may include multiple containers. The service profile may be a profile generated by the container orchestration engine for configuring container direct access data, which may be multiple in number.
In an embodiment of the invention, the container orchestration engine may comprise a plurality of nodes, each of which may comprise at least one container group. In a specific example, as shown in fig. 2, the container orchestration engine may be Kubernetes, and the corresponding nodes may be node devices included in the container orchestration engine, and the service profile may be a service file generated by Kubernetes.
In an optional embodiment of the present invention, the generating a service configuration file corresponding to each node in the container orchestration engine may include: under the condition that service ports of all container groups in the node are detected, obtaining the IP addresses of the container groups of all the container groups; and generating each service configuration file according to the IP address of the container group.
Wherein the IP address (pod_ip) of the container group, i.e. the IP address of the container group, can uniquely identify the identity of the container group.
In an embodiment of the present invention, the service ports of each container within a container group are exposed by the container group in which it resides. Correspondingly, if the container orchestration engine detects the exposed service port of each container group in the node, the container group IP address of each container group can be obtained, and a corresponding service configuration file is generated according to the container group IP address.
In a specific example, as shown in fig. 2, after the container groups expose the service ports of the containers, kubernetes may generate a service file, and obtain the container group IP address of each container group through the service file. It will be appreciated that since a set of containers exposing a service port may generate a service file, a node may have at least one set of containers exposing a service port, and thus a node may correspondingly generate one or more service files. When a node includes multiple container groups, the service file corresponding to the node may configure the service port exposed by each container group.
In an optional embodiment of the invention, after generating each service profile according to the container group address, the method may further include: configuring a container group label for each container group IP address through the service configuration file; establishing a mapping relation between the container group IP address and the container group label; and storing the mapping relation between the IP address of the container group and the label of the container group in the service configuration file.
The container group label may be a custom label, which is used to identify the IP address of the container group. Alternatively, the type of container group label may be a Labels label.
Specifically, after the service configuration file is generated, the container arrangement engine may assign corresponding container group labels to each container group IP address by using the service configuration file, where one container group IP address is assigned with only one container group label. Meanwhile, the service configuration file needs to establish and store the mapping relation between the IP addresses of all container groups and the labels of the container groups. Since the container group tag can uniquely identify the container group IP address. Thus, even when the container group IP address changes, the service profile can be matched to the new container group IP address of the container group by Labels tags, and the mapping relationship between the new container group IP address and the container group tags is updated and stored.
In one specific example, as shown in fig. 2, kubernetes may bind the container group IP addresses via Labels tags according to a service file. In this case, when the container group is restarted, the container group IP address changes, and the service file may still find the corresponding container group through the Labels tag, and acquire the new container group IP address of the container group.
S120, dynamically monitoring each service configuration file through the traffic import gateway.
The traffic import gateway may be a gateway configured inside the container orchestration engine, and is configured to monitor the service configuration file and report the monitored data to the client. The traffic import gateway can be compatible with the external gateway of the container orchestration engine, supports TCP (Transmission Control Protocol ) and UDP (User Datagram Protocol, user datagram protocol) traffic, and has stronger compatibility.
In the embodiment of the invention, the flow lead-in gateway can be configured for the container arrangement engine, and the flow lead-in gateway can be used for dynamically monitoring each service configuration file in real time so as to acquire the IP address information of the container group of each container group in real time.
And S130, reporting the container direct access data of the container groups in each node to the client according to the dynamic monitoring result of the flow lead-in gateway.
Wherein the container direct access data includes a container group IP address. The dynamic monitoring result may be the container group IP address information of each container group obtained by dynamically monitoring each service configuration file. The container direct access data may be data for direct access to a group of containers.
Correspondingly, after the traffic import gateway dynamically monitors each service configuration file to obtain the container group IP address of each container group, the container direct connection access data can be constructed according to the container group IP address, and the container direct connection access data of the container group in each node can be reported to the client.
In an alternative embodiment of the present invention, the traffic import gateway includes a synchronization configuration module; the dynamically monitoring each service configuration file through the traffic import gateway may include: and dynamically monitoring each service configuration file through the synchronous configuration module to obtain the dynamic monitoring result.
The synchronous configuration module can be used for dynamically monitoring the service configuration file. In a specific example, as shown in fig. 2, the synchronization configuration module may alternatively be an ingress module.
In an optional embodiment of the present invention, reporting, to a client, container direct access data of an container group in each node according to a dynamic monitoring result of the traffic import gateway may include: when the synchronous configuration module determines that the dynamic monitoring result comprises update container direct access data, the update container direct access data is sent to the client; the updating container direct-connection access data comprises newly-added container direct-connection access data and/or changed container direct-connection access data.
The updated container direct-connection access data may be changed container direct-connection access data, the newly added container direct-connection access data may be newly-appeared container direct-connection access data, and the changed container direct-connection access data may be new container direct-connection access data formed after the existing container direct-connection access data is changed.
It should be noted that, the update of the container group information in the container arrangement engine, such as the operation of adding a container group or restarting a container group, may result in the update of the container group information. Correspondingly, when the container group is newly added, the service configuration file can be newly added with configuration information aiming at the newly added container group, and then the flow import gateway can acquire the IP address of the container group of the newly added container group as the directly connected access data of the newly added container. When a restart operation occurs for an existing container group, the container group updates the container group IP address. At this time, the service configuration file also updates the IP address of the container group synchronously, so the traffic import gateway may obtain the IP address of the container group as the direct access data of the change container. That is, once the traffic import gateway monitors the updated container direct access data, the updated container direct access data can be reported to the client in real time, so that the client can master the latest and most accurate container direct access data in real time.
In an alternative embodiment of the present invention, the traffic import gateway includes a traffic parsing module; the method may further comprise: acquiring a container group direct access request sent by the client; analyzing the container group direct connection access request through the flow analysis module to obtain target container direct connection access data; and directly accessing the target container group according to the target container direct access data.
The flow analysis module can be used for analyzing the container group direct access request sent by the client. In a specific example, as shown in fig. 2, the flow resolution module may alternatively be an nginx module. The container group direct access request may be a request for direct access to the container group. The target container direct access data may be access data for directly accessing the target container group. The target container group is the container group which the client needs to directly access. Alternatively, the number of the synchronous configuration module and the flow analysis module may be at least one, and the number of the synchronous configuration module and the flow analysis module may be kept consistent, so as to be applied in pairs.
Correspondingly, the container arrangement engine can report the container direct connection access data of each container group to the client in real time, so that the client can directly access the target container group through the locally stored container direct connection access data according to service requirements. Specifically, the client may send a container group direct access request to the container orchestration engine. After the container arrangement engine receives the container group direct connection access request, the container arrangement engine can analyze the container group direct connection access request through a flow analysis module in the flow import gateway so as to obtain target container direct connection access data corresponding to the target container group. Optionally, the target container direct access data may be the IP address of the target container group, or may also be a combination of the IP address of the target container group and the service port of the target container group. Correspondingly, the container arrangement engine can directly access the target container group according to the target container direct access data through the flow analysis module, so that the effect of directly accessing the target container group by the client is realized.
According to the technical scheme, the IP address of the container group is used as the container direct connection access data, so that a single node can be compatible with a plurality of container groups with the same service, the problem of port conflict can be effectively avoided, the resource utilization rate is improved, and the mapping relation between the service ports and the node ports is not required to be maintained, so that the maintenance cost is reduced. In addition, the configuration work of the container programming engine can be reduced by using the container group IP address as the container direct connection access data, so that the configuration cost and the learning cost of the container programming engine are reduced. Meanwhile, the container arrangement engine can dynamically monitor the service configuration file through the flow lead-in gateway to acquire a dynamic monitoring result in real time and report the result to the client, so that the automatic synchronization of the IP addresses of the container groups is realized, and the problem of service interruption is effectively avoided. In addition, the traffic import gateway can be compatible with an external gateway of the container programming engine, and the compatibility is stronger. Therefore, the container-based access data processing method provided by the embodiment of the invention can effectively improve the direct access performance of the container group.
In a specific example, as shown in fig. 2, the ingress-nginx gateway may be used as a Kubernetes traffic import gateway, where the ingress-ginx gateway is a Kubernetes gateway that uses an nginx module as a reverse proxy to import external traffic into the Kubernetes. The Kubernetes can dynamically monitor each service file in real time through an ingress module in the ingress-nginx gateway so as to acquire the IP address information of the container group of each container group through the service file, and construct container direct connection access data according to the acquired IP address information of the container group so as to report the data to a client. The ingress module can monitor the updating condition of each container group IP address continuously, and when the newly added container group IP address or the existing container group IP address changes, the ingress module reports the updated container group IP address to the client again.
It should be noted that, if the client has service port information of each container group, the container direct access data reported to the client by Kubernetes may only include the container group IP address. Or, kubernetes may also report the combination of the IP address of the container group and the service port corresponding to the container group as container direct access data to the client.
Fig. 3 is a schematic diagram of an update structure of an ingress-nginx configuration file according to a first embodiment of the present invention, and fig. 4 is a schematic flow chart of an update container set IP address of an ingress module according to a first embodiment of the present invention. In terms of configuration, as shown in fig. 3, an ingress module in an ingress-nginx gateway in Kubernetes simultaneously has the authority of modifying an nginx module configuration file, when the ingress module is newly added, the ingress module adds a routing entry of a reverse proxy to the nginx file, and after a container group direct connection access request is sent by a client, the cinx module can acquire the container group direct connection access request and directly access a target container group through a target container group IP address carried in the container group direct connection access request. As shown in fig. 4, the Ingress module may monitor relevant resources of Kubernetes by calling Kubernetes api (Application Program Interface ), and when the resources change, the Ingress module performs relevant operations in the same step, such as: modifying configuration file nginx. Conf of the nginx module, sending the latest bound container group IP address (endpoint_ip) to a client (client), and delivering the latest bound container group IP address to the client to maintain the container group IP address. The client can update the mapping relation between the Tag (table) label and the latest container group IP address, and can be used as target container direct access data to join in the container group direct access request when the container group is directly connected.
After the service configuration files corresponding to all nodes in the container arrangement engine are generated through the container arrangement engine, the service configuration files are dynamically monitored through the flow import gateway in the container arrangement engine, and container direct connection access data of container groups in all nodes are reported to a client according to the dynamic monitoring result of the flow import gateway. The client can determine target container direct-connection access data of the target container group according to the local container direct-connection access data, generate a container group direct-connection access request according to the target container direct-connection access data, send the container group direct-connection access request to the container arrangement engine, and realize direct-connection access to the target container group through the container group direct-connection access request.
Example two
Fig. 5 is a flowchart of a container-based access data processing method according to a second embodiment of the present invention, where the present embodiment is applicable to a case where a client accesses a target container group directly according to local container direct access data including an IP address of the target container group, and the method may be performed by a container-based access data processing apparatus, which may be implemented by software and/or hardware, and may be generally integrated in a client device, which may be a computer device, or any type of terminal device, etc., and used with a container orchestration engine for managing the container group. Accordingly, as shown in fig. 5, the method includes the following operations:
s210, determining target container direct access data of the target container group according to the local container direct access data.
The local container direct access data may be container direct access data stored locally by the client and may include an IP address of the target container group. Or the local container direct connection access data can also simultaneously comprise the IP address of the target container group and the service port corresponding to the target container group. The target container direct access data may be container direct access data for directly accessing the target container group.
In the embodiment of the invention, after the client receives the container direct access data reported by the container arrangement engine, the client can store the container direct access data locally and serve as local container direct access data. When the client side has direct connection access requirements, the direct connection access data of the target container group can be determined according to the direct connection access data of the local container, so that the target container group can be accessed according to the direct connection access data of the target container.
S220, generating a container group direct connection access request according to the target container direct connection access data.
The container group direct connection access request can be an access request generated by a client, and can carry target container direct connection access data to perform direct connection access on the target container group.
Correspondingly, the client can generate a container group direct access request according to the target container direct access data. Illustratively, the client may generate a URL (Uniform Resource Locator ) according to the target container direct access data, and add a direct access identifier to the URL, to obtain a final container group direct access request.
S230, sending the container group direct access request to a container orchestration engine to directly access the target container group through the container group direct access request.
Correspondingly, after the client generates the container group direct connection access request, the container group direct connection access request can be sent to the container arrangement engine, and the container arrangement engine can determine the target container group which the client needs to directly access through the container group direct connection access request and directly access the target container group because the container group direct connection access request comprises the target container group IP address or simultaneously comprises the target container group IP address and a service port corresponding to the target container group.
According to the technical scheme, the IP address of the container group is used as the container direct connection access data, so that a single node can be compatible with a plurality of container groups with the same service, the problem of port conflict can be effectively avoided, the resource utilization rate is improved, and the mapping relation between the service ports and the node ports is not required to be maintained, so that the maintenance cost is reduced. In addition, the configuration work of the container programming engine can be reduced by using the container group IP address as the container direct connection access data, so that the configuration cost and the learning cost of the container programming engine are reduced. Meanwhile, the container arrangement engine can dynamically monitor the service configuration file through the flow lead-in gateway to acquire a dynamic monitoring result in real time and report the result to the client, so that the automatic synchronization of the IP addresses of the container groups is realized, and the problem of service interruption is effectively avoided. In addition, the traffic import gateway in the container programming engine can be compatible with the external gateway of the container programming engine, so that the compatibility is stronger. Therefore, the container-based access data processing method provided by the embodiment of the invention can effectively improve the direct access performance of the container group.
Fig. 6 is a schematic flow chart of a client accessing a container set according to a second embodiment of the present invention. In a specific example, as shown in fig. 6, using Kubernetes as a container orchestration engine and using an ingress-nginx gateway as a traffic import gateway of Kubernetes, a user (i.e., a client) may determine, according to local container direct access data, a target container group IP address of a target container group and a service port of the target container group, so as to generate, according to the target container group IP address and the service port of the target container group, a container group direct access request in the form of URL of the target container group, where the request may carry information such as the target container group IP address, the service port of the target container group, and a direct access identifier. Accordingly, the user sends a container group direct access request to Kubernetes. The nginx module in Kubernetes can acquire the direct access identifier in the direct access request of the container group, and judge whether the direct access request of the container group is the direct access container group according to the direct access identifier. If the direct access request of the container group is determined to be the direct access container group according to the direct access identifier, the direct access request of the container group can be combined according to the direct access request of the container group through the nginx module to request parameters, the IP address of the target container group and the service port of the target container group are obtained, and the target container group is accessed directly according to the IP address of the target container group and the service port of the target container group. If it is determined that the container group direct access request is not a direct access container group according to the direct access identifier, a corresponding load balancer can be found by using a native mode of the ingress-nginx gateway, and the load balancer polls and sends the load balancer to each related container group. If the container group direct connection access request can reach the target container group, normally accessing the target container group and executing related services; otherwise, return error information, such as "404 pages" information, to the user.
Fig. 7 is a data flow timing chart of a direct access container set according to a second embodiment of the present invention. In a specific example, as shown in fig. 7, kubernetes is used as a container orchestration engine, and an ingress-nginx gateway is used as a traffic import gateway of Kubernetes, after a container group exposes a service port of a container, the Kubernetes may generate a service file, and obtain a container group IP address of each container group through the service file. Alternatively, kubernetes may bind the container group IP addresses via Labels tags according to a service file. In this case, when the container group is restarted, the container group IP address changes, and the service file may still find the corresponding container group through the Labels tag, and acquire the new container group IP address of the container group. Specifically, kubernetes can dynamically monitor each service file in real time through an ingress module in an ingress-nginx gateway to acquire the IP address information of the container group of each container group through the service file, and construct container direct connection access data according to the acquired IP address information of the container group to report to a client. The ingress module can monitor the updating condition of each container group IP address continuously, and when the newly added container group IP address or the existing container group IP address changes, the ingress module reports the updated container group IP address to the client again. The client can self-maintain the IP address and service port information of the container group as the local container direct connection access data.
Correspondingly, the client can determine the IP address of the target container group and the service port of the target container group according to the local container direct access data, so as to generate a container direct access request in the form of URL of the target container group according to the IP address of the target container group and the service port of the target container group, and the request can carry information such as the IP address of the target container group, the service port of the target container group, the direct access identifier and the like. The client may send a container group direct access request to Kubernetes. The nginx module in Kubernetes can acquire the direct access identifier in the direct access request of the container group, and judge whether the direct access request of the container group is the direct access container group according to the direct access identifier. If the direct access request of the container group is determined to be the direct access container group according to the direct access identifier, the client can acquire the IP address (host) of the target container group and the service port (port) of the target container group according to the direct access request combination request parameters of the container group by an nginx module, and reversely proxy to http:// host: port according to the IP address of the target container group and the service port of the target container group, thereby achieving the effect of directly accessing the target container group. If it is determined that the container group direct access request is not a direct access container group according to the direct access identifier, a corresponding load balancer can be found by using a native mode of the ingress-nginx gateway, and the load balancer polls and sends the load balancer to each related container group. If the container group direct connection access request can reach the target container group, normally accessing the target container group and executing related services; otherwise, return error information to the user.
The traffic analysis module may use other gateway modules such as openness (high-performance Web platform based on nginix and Lua) or kong (an API gateway for forwarding API communication).
According to the embodiment of the invention, the client determines the target container direct-connection access data of the target container group according to the local container direct-connection access data comprising the IP address of the target container group, so as to generate the container group direct-connection access request according to the target container direct-connection access data, and then the container group direct-connection access request is sent to the container arrangement engine, so that the target container group is directly accessed through the container group direct-connection access request, the problems of port conflict, service interruption, high configuration cost, high maintenance cost and the like in the conventional container group direct-connection access method are solved, the configuration cost and the maintenance cost of the container group direct-connection access are reduced, and the direct-connection access performance of the container group is improved.
It should be noted that any permutation and combination of the technical features in the above embodiments also belong to the protection scope of the present invention.
Example III
FIG. 8 is a schematic diagram of a container-based access data processing system according to a third embodiment of the present invention, and as shown in FIG. 8, the structure of the container-based access data processing system includes: a container orchestration engine 310 and a client 320, the container orchestration engine and the client being communicatively connected; wherein:
The container programming engine 310 is configured to generate a service configuration file corresponding to each node in the container programming engine 310; wherein each node comprises at least one container group; dynamically monitoring each service configuration file through a traffic import gateway; and reporting the container direct access data of the container groups in each node to the client 320 according to the dynamic monitoring result of the flow lead-in gateway. The client 320 is configured to determine target container direct access data of the target container group according to the local container direct access data; generating a container group direct access request according to the target container direct access data; the container group direct access request is sent to container orchestration engine 310 to directly access the target container group with the container group direct access request.
Wherein the container direct access data comprises a container group IP address; the local container direct access data includes a target container group IP address.
Optionally, the container orchestration engine 310 is further configured to, when detecting a service port of each container group in the node, generate each service profile according to the service port; and acquiring the IP addresses of the container groups of each container group according to the service configuration file.
Optionally, the container orchestration engine 310 is further configured to configure a container group tag for each of the container group IP addresses through the service profile; establishing a mapping relation between the container group IP address and the container group label; and storing the mapping relation between the IP address of the container group and the label of the container group in the service configuration file.
Optionally, the traffic import gateway includes a synchronization configuration module; the container orchestration engine 310 is further configured to dynamically monitor each service configuration file through the synchronization configuration module, so as to obtain the dynamic monitoring result; when the synchronous configuration module determines that the dynamic monitoring result comprises update container direct access data, the update container direct access data is sent to the client; the updating container direct-connection access data comprises newly-added container direct-connection access data and/or changed container direct-connection access data.
Optionally, the traffic import gateway includes a traffic analysis module; the container orchestration engine 310 is further configured to obtain a container group direct access request sent by the client; analyzing the container group direct connection access request through the flow analysis module to obtain target container direct connection access data; and directly accessing the target container group according to the target container direct access data.
After the service configuration files corresponding to all nodes in the container arrangement engine are generated through the container arrangement engine, the service configuration files are dynamically monitored through the flow import gateway in the container arrangement engine, and container direct connection access data of container groups in all nodes are reported to a client according to the dynamic monitoring result of the flow import gateway. The client can determine target container direct-connection access data of the target container group according to the local container direct-connection access data, generate a container group direct-connection access request according to the target container direct-connection access data, send the container group direct-connection access request to the container arrangement engine, and realize direct-connection access to the target container group through the container group direct-connection access request.
Example IV
Fig. 9 is a schematic diagram of a container-based access data processing apparatus according to a fourth embodiment of the present invention, where the container-based access data processing apparatus may be configured in a container orchestration engine, and as shown in fig. 9, the container-based access data processing apparatus includes: a profile generation module 410 and a traffic import gateway 420, wherein:
a configuration file generating module 410, configured to generate service configuration files corresponding to nodes in the container arrangement engine; wherein each of the nodes includes at least one container group;
a traffic import gateway 420, configured to dynamically monitor each service configuration file; reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result; wherein the container direct access data includes a container group IP address.
After the service configuration files corresponding to all nodes in the container arrangement engine are generated through the container arrangement engine, the service configuration files are dynamically monitored through the flow import gateway in the container arrangement engine, and container direct connection access data of container groups in all nodes are reported to a client according to the dynamic monitoring result of the flow import gateway. The client can determine target container direct-connection access data of the target container group according to the local container direct-connection access data, generate a container group direct-connection access request according to the target container direct-connection access data, send the container group direct-connection access request to the container arrangement engine, and realize direct-connection access to the target container group through the container group direct-connection access request.
Optionally, the configuration file generation module 410 is specifically configured to: under the condition that service ports of all container groups in the node are detected, generating all service configuration files according to the service ports; and acquiring the IP addresses of the container groups of each container group according to the service configuration file.
Optionally, the configuration file generation module 410 is further configured to: configuring a container group label for each container group IP address through the service configuration file; establishing a mapping relation between the container group IP address and the container group label; and storing the mapping relation between the IP address of the container group and the label of the container group in the service configuration file.
Optionally, the traffic import gateway 420 includes a synchronization configuration module; the synchronous configuration module is used for dynamically monitoring each service configuration file to obtain the dynamic monitoring result; if the dynamic monitoring result comprises the update container direct access data, the update container direct access data is sent to the client; the updating container direct-connection access data comprises newly-added container direct-connection access data and/or changed container direct-connection access data.
Optionally, the traffic import gateway 420 includes a traffic parsing module; the flow analysis module is used for acquiring a container group direct access request sent by the client; analyzing the container group direct connection access request to obtain target container direct connection access data; and directly accessing the target container group according to the target container direct access data.
The container-based access data processing device can execute the container-based access data processing method provided by the embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method. Technical details not described in detail in this embodiment may be referred to a container-based access data processing method provided in the first embodiment of the present invention.
Example five
Fig. 10 is a schematic diagram of a container-based access data processing apparatus according to a fifth embodiment of the present invention, where the container-based access data processing apparatus may be configured in a client, and as shown in fig. 10, the container-based access data processing apparatus includes: the target container direct access data determining module 510, the container group direct access request generating module 520, and the container group direct access request transmitting module 530, wherein:
the target container direct access data determining module 510 is configured to determine target container direct access data of the target container group according to the local container direct access data;
a container group direct access request generation module 520, configured to generate a container group direct access request according to the target container direct access data;
a container group direct access request sending module 530, configured to send the container group direct access request to a container orchestration engine, so as to directly access the target container group through the container group direct access request; wherein the local container direct access data includes a target container group IP address.
According to the embodiment of the invention, the client determines the target container direct-connection access data of the target container group according to the local container direct-connection access data comprising the IP address of the target container group, so as to generate the container group direct-connection access request according to the target container direct-connection access data, and then the container group direct-connection access request is sent to the container arrangement engine, so that the target container group is directly accessed through the container group direct-connection access request, the problems of port conflict, service interruption, high configuration cost, high maintenance cost and the like in the conventional container group direct-connection access method are solved, the configuration cost and the maintenance cost of the container group direct-connection access are reduced, and the direct-connection access performance of the container group is improved.
The container-based access data processing device can execute the container-based access data processing method provided by the second embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method. Technical details not described in detail in this embodiment may be referred to the container-based access data processing method provided in the second embodiment of the present invention.
Example six
A sixth embodiment of the present invention also provides a computer storage medium storing a computer program for executing the container-based access data processing method according to any one of the above embodiments of the present invention when executed by a computer processor. For example, the computer program, when executed by a computer processor, is for performing: generating a service configuration file corresponding to each node in the container arrangement engine; wherein each of the nodes includes at least one container group; dynamically monitoring each service configuration file through a traffic import gateway; reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result of the flow lead-in gateway; wherein the container direct access data includes a container group IP address. For another example, the computer program when executed by a computer processor is for performing: determining target container direct access data of a target container group according to the local container direct access data; generating a container group direct access request according to the target container direct access data; sending the container group direct access request to a container orchestration engine to directly access the target container group through the container group direct access request; wherein the local container direct access data includes a target container group IP address.
The computer storage media of embodiments of the invention may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory ((Erasable Programmable Read Only Memory, EPROM) or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, radio Frequency (RF), etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims (10)

1. A container-based access data processing method, applied to a container orchestration engine, comprising:
generating a service configuration file corresponding to each node in the container arrangement engine, and acquiring the IP address of each container group through the service configuration file; wherein each of the nodes includes at least one container group;
dynamically monitoring each service configuration file through a traffic import gateway;
reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result of the flow lead-in gateway;
Wherein the container direct access data includes a container group IP address.
2. The method of claim 1, wherein generating the service profile for each node in the container orchestration engine comprises:
under the condition that service ports of all container groups in the node are detected, generating all service configuration files according to the service ports;
after generating the service configuration file corresponding to each node in the container arrangement engine, the method further comprises:
and acquiring the IP addresses of the container groups of each container group according to the service configuration file.
3. The method of claim 2, further comprising, after said generating each of said service profiles from said container group address:
configuring a container group label for each container group IP address through the service configuration file;
establishing a mapping relation between the container group IP address and the container group label;
and storing the mapping relation between the IP address of the container group and the label of the container group in the service configuration file.
4. The method of claim 1, wherein the traffic-directing gateway comprises a synchronization configuration module;
The dynamically monitoring each service configuration file through the traffic import gateway comprises the following steps:
dynamically monitoring each service configuration file through the synchronous configuration module to obtain the dynamic monitoring result;
reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result of the flow lead-in gateway, wherein the method comprises the following steps:
when the synchronous configuration module determines that the dynamic monitoring result comprises update container direct access data, the update container direct access data is sent to the client;
the updating container direct-connection access data comprises newly-added container direct-connection access data and/or changed container direct-connection access data.
5. The method of claim 1, wherein the traffic importing gateway comprises a traffic parsing module; the method further comprises the steps of:
acquiring a container group direct access request sent by the client;
analyzing the container group direct connection access request through the flow analysis module to obtain target container direct connection access data;
and directly accessing the target container group according to the target container direct access data.
6. A container-based access data processing method, applied to a client, comprising: determining target container direct access data of a target container group according to the local container direct access data;
Generating a container group direct access request according to the target container direct access data;
sending the container group direct access request to a container orchestration engine to directly access the target container group through the container group direct access request;
the local container direct connection access data comprises a target container group IP address;
the container orchestration engine generates a service profile through which each container group IP address is obtained.
7. A container-based access data processing apparatus, configured in a container orchestration engine, comprising:
the configuration file generation module is used for generating service configuration files corresponding to all nodes in the container arrangement engine, and acquiring IP addresses of all container groups through the service configuration files; wherein each of the nodes includes at least one container group;
the traffic import gateway is used for dynamically monitoring each service configuration file; reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result;
wherein the container direct access data includes a container group IP address.
8. A container-based access data processing apparatus, configured at a client, comprising: the target container direct access data determining module is used for determining target container direct access data of the target container group according to the local container direct access data;
The container group direct access request generation module is used for generating a container group direct access request according to the target container direct access data;
the container group direct access request sending module is used for sending the container group direct access request to a container arrangement engine so as to directly access the target container group through the container group direct access request;
the local container direct connection access data comprises a target container group IP address;
the container orchestration engine generates a service profile through which each container group IP address is obtained.
9. A container-based access data processing system comprising a container orchestration engine and a client, the container orchestration engine and the client being communicatively connected; wherein:
the container arrangement engine is used for generating service configuration files corresponding to all nodes in the container arrangement engine, and acquiring IP addresses of all container groups through the service configuration files; wherein each of the nodes includes at least one container group; dynamically monitoring each service configuration file through a traffic import gateway; reporting the container direct access data of the container group in each node to the client according to the dynamic monitoring result of the flow lead-in gateway;
The client is used for determining target container direct-connection access data of the target container group according to the local container direct-connection access data; generating a container group direct access request according to the target container direct access data; sending the container group direct access request to a container orchestration engine to directly access the target container group through the container group direct access request;
wherein the container direct access data comprises a container group IP address; the local container direct access data includes a target container group IP address.
10. A computer storage medium having stored thereon a computer program, characterized in that the program, when executed by a processor, implements the container-based access data processing method according to any of claims 1-5 or implements the container-based access data processing method according to claim 6.
CN202110007739.5A 2021-01-05 2021-01-05 Container-based access data processing method, device, system and storage medium Active CN112702441B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110007739.5A CN112702441B (en) 2021-01-05 2021-01-05 Container-based access data processing method, device, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110007739.5A CN112702441B (en) 2021-01-05 2021-01-05 Container-based access data processing method, device, system and storage medium

Publications (2)

Publication Number Publication Date
CN112702441A CN112702441A (en) 2021-04-23
CN112702441B true CN112702441B (en) 2023-06-30

Family

ID=75514730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110007739.5A Active CN112702441B (en) 2021-01-05 2021-01-05 Container-based access data processing method, device, system and storage medium

Country Status (1)

Country Link
CN (1) CN112702441B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113347043B (en) * 2021-06-25 2022-11-22 武汉悦学帮网络技术有限公司 Gateway management method, device, gateway management platform and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110427249A (en) * 2019-07-26 2019-11-08 重庆紫光华山智安科技有限公司 Method for allocating tasks, pod initial method and relevant apparatus
CN110457134A (en) * 2019-08-08 2019-11-15 杭州阿启视科技有限公司 The method for establishing the video big data cloud platform based on container cloud and micro services framework
CN110912972B (en) * 2019-11-07 2022-08-19 北京浪潮数据技术有限公司 Service processing method, system, electronic equipment and readable storage medium
CN111431740B (en) * 2020-03-16 2023-07-14 深信服科技股份有限公司 Data transmission method, device, equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN112702441A (en) 2021-04-23

Similar Documents

Publication Publication Date Title
CN110351283B (en) Data transmission method, device, equipment and storage medium
US20200195511A1 (en) Network management method and related device
CN107528862B (en) Domain name resolution method and device
CN111182089B (en) Container cluster system, method and device for accessing big data assembly and server
CN107210924B (en) Method and apparatus for configuring a communication system
US9323587B2 (en) Method and system for automatic detecting and resolving APIs
CN103856569A (en) Method and device for synchronizing domain name system resource information
CN110659109A (en) Openstack cluster virtual machine monitoring system and method
CN114205342B (en) Service debugging routing method, electronic equipment and medium
CN109104368B (en) Connection request method, device, server and computer readable storage medium
CN111586201A (en) Domain name resolution system, method, device and storage medium
CN110958180B (en) Gateway routing method, intelligent gateway, electronic device and computer storage medium
CN109561165A (en) Domain name system configuration method and relevant apparatus
CN112702441B (en) Container-based access data processing method, device, system and storage medium
CN112637037B (en) Cross-region container communication system, method, storage medium and computer equipment
CN113268254A (en) Cluster system installation method and device, electronic equipment and storage medium
CN116566945A (en) Access method and device for decentralised application, electronic equipment and storage medium
CN116389599A (en) Gateway service request processing method and device and cloud native gateway system management method and device
CN114553771B (en) Method for virtual router loading and related equipment
CN114338461A (en) Network connection monitoring method and related equipment
US7912922B2 (en) Globally unique instance identification
CN114297083A (en) Agent test method, device, electronic equipment and readable medium
CN114338279A (en) Terminal access method and device and server
CN112804313A (en) Data synchronization method, device, equipment and medium based on cross-domain edge node
CN113285997B (en) Data processing method, device, medium and product based on heterogeneous system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant