CN113127134A - Container cluster, multi-tenant deployment method based on container cluster and electronic equipment - Google Patents
Container cluster, multi-tenant deployment method based on container cluster and electronic equipment Download PDFInfo
- Publication number
- CN113127134A CN113127134A CN201911391680.3A CN201911391680A CN113127134A CN 113127134 A CN113127134 A CN 113127134A CN 201911391680 A CN201911391680 A CN 201911391680A CN 113127134 A CN113127134 A CN 113127134A
- Authority
- CN
- China
- Prior art keywords
- tenant
- new tenant
- namespace
- tenants
- container cluster
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000002955 isolation Methods 0.000 claims abstract description 24
- 241000322338 Loeseliastrum Species 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 6
- 230000008569 process Effects 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Abstract
The invention discloses a container cluster, a multi-tenant deployment method based on the container cluster and electronic equipment. The method comprises the following steps: when a registration request of a new tenant is received, allocating a namespace for the new tenant; configuring a network isolation policy for the new tenant to isolate the namespace of the new tenant from the namespaces of other tenants in the container cluster; adding a resource quota limit to the namespace of the new tenant by configuring resources for the new tenant; wherein the new tenant shares the plurality of virtual machines of the container cluster with the other tenants. According to the container cluster-based multi-tenant deployment method provided by the invention, multi-tenants can efficiently share virtual machine resources, and the maintenance difficulty of the application program operating environment can be obviously reduced.
Description
Technical Field
The present invention relates to the field of software architecture, and in particular, to a container cluster, a container cluster-based multi-tenant deployment method, an electronic device, and a computer-readable storage medium.
Background
With the development of cloud computing technology, more and more tenants (developers) choose to publish applications using a cloud computing platform. Shared hardware resources are used at the bottom layer of the cloud computing platform, and the overall utilization rate of computing resources can be greatly improved. When a plurality of tenants use cloud resources, the cloud computing platform needs to implement application isolation and data isolation between the tenants.
At the present stage, a cloud computing platform generally provides virtual machines for tenants directly, and each tenant uses the purchased virtual machines to form mutually independent clusters based on an isolation mechanism of the virtual machines so as to realize isolation between tenants. However, each virtual machine needs to run a whole set of operating system and corresponding runtime library to support the running of the application program, so that the cluster consumes huge resources and has low resource utilization rate. Moreover, in order to support the operation of the application program, each virtual machine needs to be installed with the same operating environment, and when the operating environment is upgraded, each virtual machine needs to be upgraded synchronously, so that the operation and maintenance difficulty of the cluster is high and the cost is extremely high.
It is to be noted that the above information disclosed in the background section is only for enhancement of understanding of the background of the invention, and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of the above, the present invention provides a container cluster, a container cluster-based multi-tenant deployment method, an electronic device, and a computer-readable storage medium.
Additional features and advantages of the invention will be set forth in the detailed description which follows, or may be learned by practice of the invention.
According to an aspect of the present invention, a container cluster-based multi-tenant deployment method is provided, including: when a registration request of a new tenant is received, allocating a namespace for the new tenant; configuring a network isolation policy for the new tenant to isolate the namespace of the new tenant from the namespaces of other tenants in the container cluster; adding a resource quota limit to the namespace of the new tenant by configuring resources for the new tenant; wherein the new tenant shares the plurality of virtual machines of the container cluster with the other tenants.
According to an embodiment of the present invention, the new tenant and the other tenants only allow access to their respective namespaces, and the applications released by the new tenant and the other tenants only allow access to the applications in their respective namespaces.
According to an embodiment of the present invention, configuring a network isolation policy for the new tenant to isolate the namespace of the new tenant from the namespaces of other tenants in the container cluster includes: and adding the network isolation strategy for the namespace of the new tenant based on the Calico plug-in.
According to an embodiment of the invention, the method further comprises: and when the new tenant or the other tenants release the application programs, performing conflict detection on the routing resources when the application programs are released.
According to an embodiment of the invention, the method further comprises: and when detecting that the routing resources have conflict, forbidding the tenant issuing the application program to issue the application program to the name space corresponding to the tenant through a conflict route.
According to an embodiment of the present invention, when it is detected that there is a conflict in the routing resources, the method further includes: and allowing the tenant to select a route without conflict to publish the application program for a user to access and apply.
According to an embodiment of the invention, the container cluster comprises: kubernetes cluster.
According to another aspect of the present invention, there is provided a container cluster comprising: the system comprises a tenant management platform, a database and a database, wherein the tenant management platform is used for allocating a namespace for a new tenant when a registration request of the new tenant is received; configuring a network isolation policy for the new tenant to isolate the namespace of the new tenant from the namespaces of other tenants in the container cluster; adding a resource quota limit to the namespace of the new tenant by configuring resources for the new tenant; and a plurality of virtual machines; wherein the new tenant shares the plurality of virtual machines with the other tenants.
According to still another aspect of the present invention, there is provided an electronic apparatus including: a memory, a processor, and executable instructions stored in the memory and executable in the processor, the processor implementing any of the container cluster based multi-tenant deployment methods described above when executing the executable instructions.
According to yet another aspect of the present invention, there is provided a computer-readable storage medium having stored thereon computer-executable instructions that, when executed by a processor, implement any of the container cluster-based multi-tenant deployment methods described above.
According to the container cluster-based multi-tenant deployment method, isolation among tenants and resource quotas of each tenant are achieved in an automatic configuration namespace mode, so that the multi-tenants can efficiently share virtual machine resources, and maintenance difficulty of an application program operating environment can be remarkably reduced based on the characteristics of a container technology.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a flow chart illustrating a method for container cluster-based multi-tenant deployment in accordance with an exemplary embodiment.
FIG. 2 is a block diagram illustrating a container cluster in accordance with an exemplary embodiment.
Fig. 3 is a schematic diagram illustrating a structure of an electronic device according to an example embodiment.
FIG. 4 is a schematic diagram illustrating a computer-readable storage medium according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The drawings are merely schematic illustrations of the invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, apparatus, steps, and so forth. In other instances, well-known structures, methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the invention.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
The solution provided by the present invention relates to the container technology, and for the sake of understanding, the following first explains the concepts therein:
container (Container) technology is a lightweight, operating system-level virtualization technology that allows applications and their dependencies to run in the process of resource isolation. The container can hold a single image packaged by any application and all its dependent items, and anyone can download the container from the shared network for deploying its own infrastructure. The image runs in a stand-alone environment and does not share the memory, CPU, or disk of the host operating system with other applications. Thus, processes within the container do not affect any processes outside the container, nor do any processes outside the container affect processes within the container. A container cluster is a container cluster that encapsulates one or more containers into a higher-level structure Pod, all containers in each Pod share the same Namespace (also called Namespace) and local network, and communication between the containers is possible.
As described above, in order to solve the problems that configuring an independent virtual machine cluster for each tenant would result in excessive resource consumption and difficult operation and maintenance, the present invention provides a new multi-tenant deployment method. The following specifically describes embodiments of the present invention.
Fig. 1 is a flow chart illustrating a method for container cluster-based multi-tenant deployment in accordance with an exemplary embodiment. The container cluster-based multi-tenant deployment method shown in fig. 1 can be implemented in an automated tenant management platform on a cloud server side (including public cloud, enterprise private cloud, and hybrid cloud), for example.
Referring to fig. 1, a container cluster-based multi-tenant deployment method 10 includes:
in step S102, when a registration request of a new tenant is received, a namespace is allocated for the new tenant.
The namespace of each tenant may be configured with different tag information to enable subsequent deployment of the multi-tenant application: when a new tenant or other tenants publish applications, the applications can be published into their namespaces only in the form of containers (containerized applications).
In step S104, the new tenant is configured with a network isolation policy, so that the namespace of the new tenant is isolated from the namespaces of other tenants in the container cluster.
In some embodiments, each tenant only allows access to the respective namespace, and applications published by each tenant also only allow access to applications in the respective namespace, i.e., a network isolation policy is used to isolate containers (groups) of different namespaces.
In step S106, a resource quota limit is added to the namespace of the new tenant by configuring resources for the new tenant.
The tenant management platform can automatically set resource quotas for the namespaces to allocate and limit the computing resources that can be used by each tenant.
It should be noted that, in the present invention, the new tenant shares a plurality of virtual machines of the container cluster with other tenants. Meanwhile, the container cluster can abstract the running environment of the containerized application so as to isolate the actual influence of hardware resources on the running environment of the application program.
According to the container cluster-based multi-tenant deployment method provided by the embodiment of the invention, isolation among tenants and resource quotas of each tenant are realized in an automatic configuration namespace mode, so that the multi-tenant can efficiently share the resources of the virtual machine, and the maintenance difficulty of the operating environment of the application program can be obviously reduced based on the characteristics of the container technology.
It should be clearly understood that the present disclosure describes how to make and use particular examples, but the principles of the present disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
In some embodiments, a container cluster may comprise: kubernetes (K8 s for short), a kind of open source software that automatically deploys, extends, and manages containerized applications. The Kubernetes cluster runs on the virtual machine cluster, and containerized applications of different tenants are scheduled to run on the same cluster.
In some embodiments, the step S104 may further include: and adding a network isolation strategy for the namespace of the new tenant based on the Calico plug-in.
It should be noted that the present invention is not limited to a specific type of insert. For example, step S104 may also add a network isolation policy to the namespace of the new tenant based on a CNI (container network Interface) plug-in that Flannel, Weave, Canal, etc. provide network isolation capability.
In some embodiments, the method 10 may further include: when a new tenant or other tenants release the application program, conflict detection is carried out on the routing resources when the application program is released.
Further, when detecting that the routing resources have conflicts, the tenant management platform may prohibit the tenant issuing the application from issuing the application to its namespace through the conflicting route, and allow the tenant to select a route where no conflict occurs for issuing. Applications published by each tenant may be accessed and applied, for example, by users outside of the kubernets cluster.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. The computer program, when executed by the CPU, performs the functions defined by the method provided by the present invention. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
The following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention. For details which are not disclosed in the embodiments of the apparatus of the present invention, reference is made to the embodiments of the method of the present invention.
FIG. 2 is a block diagram illustrating a container cluster in accordance with an exemplary embodiment.
Referring to fig. 2, the container cluster 20 includes: a tenant management platform 202 and a plurality of virtual machines 204.
The tenant management platform 202 is configured to: (1) when a registration request of a new tenant is received, allocating a namespace for the new tenant; (2) configuring a network isolation strategy for the new tenant to isolate the namespace of the new tenant from the namespaces of other tenants in the container cluster; (3) and adding a resource quota limit to the namespace of the new tenant by configuring resources for the new tenant.
Wherein the new tenant shares the plurality of virtual machines 204 with other tenants.
According to the container cluster provided by the embodiment of the invention, isolation among tenants and resource quotas of each tenant are realized in a manner of automatically configuring a namespace, so that multiple tenants can efficiently share virtual machine resources, and the maintenance difficulty of an application program operating environment can be obviously reduced based on the characteristics of a container technology.
It is noted that the block diagrams shown in the above figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 800 according to this embodiment of the invention is described below with reference to fig. 3. The electronic device 800 shown in fig. 3 is only an example and should not bring any limitations to the functionality and scope of use of the embodiments of the present invention.
As shown in fig. 3, electronic device 800 is in the form of a general purpose computing device. The components of the electronic device 800 may include, but are not limited to: the at least one processing unit 810, the at least one memory unit 820, and a bus 830 that couples the various system components including the memory unit 820 and the processing unit 810.
Wherein the storage unit 820 stores program code that may be executed by the processing unit 810 to cause the processing unit 810 to perform the steps according to various exemplary embodiments of the present invention described in the above section "exemplary method" of the present specification. For example, the processing unit 810 may execute S102 as shown in fig. 1, and when a registration request of a new tenant is received, allocate a namespace for the new tenant; s104, configuring a network isolation strategy for the new tenant to isolate the namespace of the new tenant from the namespaces of other tenants in the container cluster; and S106, adding resource quota limit to the namespace of the new tenant by configuring resources for the new tenant.
The storage unit 820 may include readable media in the form of volatile memory units such as a random access memory unit (RAM)8201 and/or a cache memory unit 8202, and may further include a read only memory unit (ROM) 8203.
The storage unit 820 may also include a program/utility 8204 having a set (at least one) of program modules 8205, such program modules 8205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 800 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 800, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 800 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 850. Also, the electronic device 800 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 860. As shown in FIG. 3, the network adapter 860 communicates with the other modules of the electronic device 800 via the bus 830. It should be appreciated that although not shown in FIG. 3, other hardware and/or software modules may be used in conjunction with electronic device 800, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, a terminal device, or a network device, etc.) execute the method according to the embodiment of the present invention.
In an exemplary embodiment of the present invention, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above-mentioned "exemplary methods" section of the present description, when the program product is run on the terminal device.
Referring to fig. 4, a program product 900 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the invention. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present invention are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) execute the method according to the embodiment of the present invention.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
Claims (10)
1. A multi-tenant deployment method based on a container cluster is characterized by comprising the following steps:
when a registration request of a new tenant is received, allocating a namespace for the new tenant;
configuring a network isolation policy for the new tenant to isolate the namespace of the new tenant from the namespaces of other tenants in the container cluster;
adding a resource quota limit to the namespace of the new tenant by configuring resources for the new tenant;
wherein the new tenant shares the plurality of virtual machines of the container cluster with the other tenants.
2. The method according to claim 1, wherein the new tenant and the other tenants only allow access to their respective namespaces, and the applications published by the new tenant and the other tenants only allow access to the applications in their respective namespaces.
3. The method of claim 1, wherein the configuring the new tenant with a network isolation policy to isolate the new tenant's namespace from the namespaces of other tenants in the container cluster comprises: and adding the network isolation strategy for the namespace of the new tenant based on the Calico plug-in.
4. The method of claim 1, further comprising: and when the new tenant or the other tenants release the application programs, performing conflict detection on the routing resources when the application programs are released.
5. The method of claim 4, further comprising: and when detecting that the routing resources have conflict, forbidding the tenant issuing the application program to issue the application program to the name space corresponding to the tenant through a conflict route.
6. The method of claim 5, wherein when it is detected that there is a conflict with the routing resource, the method further comprises: and allowing the tenant to select a route without conflict to publish the application program for a user to access and apply.
7. The method of any of claims 1-6, wherein the container cluster comprises: kubernetes cluster.
8. A cluster of containers, comprising:
the system comprises a tenant management platform, a database and a database, wherein the tenant management platform is used for allocating a namespace for a new tenant when a registration request of the new tenant is received; configuring a network isolation policy for the new tenant to isolate the namespace of the new tenant from the namespaces of other tenants in the container cluster; adding a resource quota limit to the namespace of the new tenant by configuring resources for the new tenant; and
a plurality of virtual machines; wherein the new tenant shares the plurality of virtual machines with the other tenants.
9. An electronic device, comprising: memory, processor and executable instructions stored in the memory and executable in the processor, characterized in that the processor implements the method according to any of claims 1-7 when executing the executable instructions.
10. A computer-readable storage medium having stored thereon computer-executable instructions, which when executed by a processor, implement the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911391680.3A CN113127134A (en) | 2019-12-30 | 2019-12-30 | Container cluster, multi-tenant deployment method based on container cluster and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911391680.3A CN113127134A (en) | 2019-12-30 | 2019-12-30 | Container cluster, multi-tenant deployment method based on container cluster and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113127134A true CN113127134A (en) | 2021-07-16 |
Family
ID=76767715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911391680.3A Pending CN113127134A (en) | 2019-12-30 | 2019-12-30 | Container cluster, multi-tenant deployment method based on container cluster and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113127134A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114422456A (en) * | 2022-03-31 | 2022-04-29 | 阿里云计算有限公司 | Task processing method and device |
| CN115248734A (en) * | 2022-09-21 | 2022-10-28 | 之江实验室 | Private cloud multi-tenant resource quota self-adaptive adjustment method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107864131A (en) * | 2017-11-03 | 2018-03-30 | 郑州云海信息技术有限公司 | A kind of method and system for realizing Kubernetes cluster multi-tenant Network Isolations |
| CN108989091A (en) * | 2018-06-22 | 2018-12-11 | 杭州才云科技有限公司 | Based on the tenant network partition method of Kubernetes network, storage medium, electronic equipment |
| US20190272205A1 (en) * | 2016-11-25 | 2019-09-05 | Huawei Technologies Co., Ltd. | Container deployment method, communication method between services, and related apparatus |
| CN110519361A (en) * | 2019-08-22 | 2019-11-29 | 北京宝兰德软件股份有限公司 | Container cloud platform multi-tenant construction method and device based on kubernetes |
-
2019
- 2019-12-30 CN CN201911391680.3A patent/CN113127134A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190272205A1 (en) * | 2016-11-25 | 2019-09-05 | Huawei Technologies Co., Ltd. | Container deployment method, communication method between services, and related apparatus |
| CN107864131A (en) * | 2017-11-03 | 2018-03-30 | 郑州云海信息技术有限公司 | A kind of method and system for realizing Kubernetes cluster multi-tenant Network Isolations |
| CN108989091A (en) * | 2018-06-22 | 2018-12-11 | 杭州才云科技有限公司 | Based on the tenant network partition method of Kubernetes network, storage medium, electronic equipment |
| CN110519361A (en) * | 2019-08-22 | 2019-11-29 | 北京宝兰德软件股份有限公司 | Container cloud platform multi-tenant construction method and device based on kubernetes |
Non-Patent Citations (1)
| Title |
|---|
| 郭秋萍: "《计算机网络实验教程》", vol. 1, 31 March 2005, 北京航空航天大学出版社, pages: 210 - 225 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114422456A (en) * | 2022-03-31 | 2022-04-29 | 阿里云计算有限公司 | Task processing method and device |
| CN114422456B (en) * | 2022-03-31 | 2022-08-16 | 阿里云计算有限公司 | Task processing method and device |
| CN115248734A (en) * | 2022-09-21 | 2022-10-28 | 之江实验室 | Private cloud multi-tenant resource quota self-adaptive adjustment method and device |
| CN115248734B (en) * | 2022-09-21 | 2022-12-13 | 之江实验室 | Private cloud multi-tenant resource quota self-adaptive adjustment method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106489251B (en) | The methods, devices and systems of applied topology relationship discovery | |
| US11853816B2 (en) | Extending the Kubernetes API in-process | |
| US9183019B2 (en) | Certification for flexible resource demand applications | |
| US8578369B2 (en) | Managing memory in multiple virtual machines | |
| US9904527B1 (en) | Optimizing API implementer programs using fine-grained code analysis | |
| US7979869B2 (en) | Method and system for performing I/O operations using a hypervisor | |
| WO2018002991A1 (en) | Control device, vnf deployment destination selection method, and program | |
| US10310900B2 (en) | Operating programs on a computer cluster | |
| WO2011094301A1 (en) | Method and system for abstracting non-functional requirements based deployment of virtual machines | |
| US10275558B2 (en) | Technologies for providing FPGA infrastructure-as-a-service computing capabilities | |
| CN111213127B (en) | Virtualized operation for directly assigned devices | |
| WO2023109346A1 (en) | Network virtualization service system and network virtualization server | |
| GB2467408A (en) | Virtualisation logic for managing transactions between a physical device controller and a virtual machine | |
| CN113127134A (en) | Container cluster, multi-tenant deployment method based on container cluster and electronic equipment | |
| CN113010265A (en) | Pod scheduling method, scheduler, memory plug-in and system | |
| US9606827B2 (en) | Sharing memory between guests by adapting a base address register to translate pointers to share a memory region upon requesting for functions of another guest | |
| US20230106025A1 (en) | Methods and apparatus to expose cloud infrastructure resources to tenants in a multi-tenant software system | |
| US9383986B2 (en) | Safe low cost web services software deployments | |
| US20160283260A1 (en) | Sharing memory between guests | |
| US9524193B1 (en) | Transparent virtualized operating system | |
| CN114237684A (en) | Component management system, method, device, electronic device and storage medium | |
| US11954512B2 (en) | Control device and control method | |
| US10482007B2 (en) | Memory allocation on non-volatile storage | |
| US20120054773A1 (en) | Processor support for secure device driver architecture | |
| EP4345615A1 (en) | Storage resource management method, apparatus, and system for container cluster |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |