CN114064206A - Pod method, system, equipment and storage medium for accessing edge node - Google Patents

Pod method, system, equipment and storage medium for accessing edge node Download PDF

Info

Publication number
CN114064206A
CN114064206A CN202111308398.1A CN202111308398A CN114064206A CN 114064206 A CN114064206 A CN 114064206A CN 202111308398 A CN202111308398 A CN 202111308398A CN 114064206 A CN114064206 A CN 114064206A
Authority
CN
China
Prior art keywords
pod
data packet
port
iptables rule
resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111308398.1A
Other languages
Chinese (zh)
Inventor
彭彬彬
黄吉旺
王玉东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN202111308398.1A priority Critical patent/CN114064206A/en
Publication of CN114064206A publication Critical patent/CN114064206A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a pod method, a system, a device and a storage medium for accessing edge nodes, wherein the method comprises the following steps: monitoring the change of the pod resource at the edge node, responding to the change of the pod resource, and configuring a corresponding iptables rule based on the change type of the pod resource; in response to the edge node receiving an access request, sending the requested data packet to a corresponding pod based on the iptables rule; wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet. By the scheme of the invention, the port mapping can be realized in the kernel mode, the performance loss caused by switching the network data packet from the kernel mode to the user mode is avoided, the data link is shortened, and the data transmission efficiency is improved.

Description

Pod method, system, equipment and storage medium for accessing edge node
Technical Field
The present invention relates to the field of edge computing technologies, and in particular, to a method, a system, a device, and a storage medium for accessing a pod of an edge node.
Background
Most of current edge container cloud platforms are realized based on an open source community edge computing framework, a functional system with application management as a core is provided, and a typical open source edge computing framework is kubendge. The kubbeelde is constructed based on kubberenets, provides infrastructure support for network application programs, and achieves deployment and metadata synchronization between the cloud and the edge. Applications at edge nodes typically need to access each other. Due to edge node resource limitations, the container service running on an edge node is typically accessed by other edge nodes in the cluster after mapping the container service port to the host port. By the method, the corresponding port is monitored in the host starting process when the service is exposed to the outside, the network data packet needs to be transmitted from the kernel mode to the user mode, and the data packet is forwarded after the network data packet reaches the application process. The data packet enters and exits the kernel from the user mode, and therefore, the performance consumption is not small. There is therefore a need for a more efficient way to implement container port to host port mapping.
Disclosure of Invention
In view of this, the present invention provides a method, a system, a device, and a storage medium for accessing a pod of an edge node, which can implement port mapping in a kernel mode, avoid performance loss caused by switching a network packet from the kernel mode to a user mode, shorten a data link, and improve data transmission efficiency.
Based on the above object, an aspect of the embodiments of the present invention provides a method for accessing a pod of an edge node, which specifically includes the following steps:
monitoring the change of the pod resource at the edge node, responding to the change of the pod resource, and configuring a corresponding iptables rule based on the change type of the pod resource;
in response to the edge node receiving an access request, sending the requested data packet to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
By monitoring the change of the pod resource and setting a corresponding iptables rule for the pod, the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel state, the performance loss caused by switching the network data packet from the kernel state to the user state is avoided, the data link is shortened, and the data transmission efficiency is improved.
In some embodiments, the pod resource variation comprises: any one of create pod, update pod, and delete pod.
In some embodiments, configuring a corresponding iptables rule based on the type of change of the pod resource includes:
reading a value of a port of the pod in response to the operation of creating the pod or updating the pod;
and judging whether the value of the port of the pod is 0 or not, and configuring the corresponding iptables rule in response to the fact that the value of the port of the pod is not 0.
In some embodiments, the method further comprises:
deleting the iptables rule in response to the operation of deleting the pod and the pod containing the iptables rule.
In some embodiments, performing a destination address translation action on the requested packet comprises:
and modifying the destination address of the requested data packet into the IP and the port of the corresponding pod.
In some embodiments, sending the requested data packet to a corresponding pod based on the iptables rule comprises:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
In another aspect of the embodiments of the present invention, a system for accessing a pod of an edge node is further provided, including:
the monitoring module is configured to monitor the change of the pod resource at the edge node, respond to the change of the pod resource, and configure a corresponding iptables rule based on the change type of the pod resource;
a processing module configured to send, in response to the edge node receiving an access request, a data packet of the request to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
By monitoring the change of the pod resource and setting a corresponding iptables rule for the pod, the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel state, the performance loss caused by switching the network data packet from the kernel state to the user state is avoided, the data link is shortened, and the data transmission efficiency is improved.
In some embodiments, the processing module is further configured to:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
In another aspect of the embodiments of the present invention, there is also provided a computer device, including: at least one processor; and a memory storing a computer program executable on the processor, the computer program when executed by the processor implementing the steps of the method:
monitoring the change of the pod resource at the edge node, responding to the change of the pod resource, and configuring a corresponding iptables rule based on the change type of the pod resource;
in response to the edge node receiving an access request, sending the requested data packet to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
By monitoring the change of the pod resource and setting a corresponding iptables rule for the pod, the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel state, the performance loss caused by switching the network data packet from the kernel state to the user state is avoided, the data link is shortened, and the data transmission efficiency is improved.
In some embodiments, the pod resource variation comprises: any one of create pod, update pod, and delete pod.
In some embodiments, configuring a corresponding iptables rule based on the type of change of the pod resource includes:
reading a value of a port of the pod in response to the operation of creating the pod or updating the pod;
and judging whether the value of the port of the pod is 0 or not, and configuring the corresponding iptables rule in response to the fact that the value of the port of the pod is not 0.
In some embodiments, the steps of the method further comprise:
deleting the iptables rule in response to the operation of deleting the pod and the pod containing the iptables rule.
In some embodiments, performing a destination address translation action on the requested packet comprises:
and modifying the destination address of the requested data packet into the IP and the port of the corresponding pod.
In some embodiments, sending the requested data packet to a corresponding pod based on the iptables rule comprises:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
In another aspect of the embodiments of the present invention, a computer-readable storage medium is further provided, in which a computer program for implementing the following method steps when executed by a processor is stored:
monitoring the change of the pod resource at the edge node, responding to the change of the pod resource, and configuring a corresponding iptables rule based on the change type of the pod resource;
in response to the edge node receiving an access request, sending the requested data packet to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
By monitoring the change of the pod resource and setting a corresponding iptables rule for the pod, the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel state, the performance loss caused by switching the network data packet from the kernel state to the user state is avoided, the data link is shortened, and the data transmission efficiency is improved.
In some embodiments, the pod resource variation comprises: any one of create pod, update pod, and delete pod.
In some embodiments, configuring a corresponding iptables rule based on the type of change of the pod resource includes:
reading a value of a port of the pod in response to the operation of creating the pod or updating the pod;
and judging whether the value of the port of the pod is 0 or not, and configuring the corresponding iptables rule in response to the fact that the value of the port of the pod is not 0.
In some embodiments, the method steps further comprise:
deleting the iptables rule in response to the operation of deleting the pod and the pod containing the iptables rule.
In some embodiments, performing a destination address translation action on the requested packet comprises:
and modifying the destination address of the requested data packet into the IP and the port of the corresponding pod.
In some embodiments, sending the requested data packet to a corresponding pod based on the iptables rule comprises:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
The invention has at least the following beneficial technical effects: through monitoring pod resource change at an edge node, when the pod resource change is monitored, an iptables rule is set based on an operation type, when other edge nodes in a cluster access pod services of a certain edge node, a data packet is matched with the iptables rule after reaching a kernel of the edge node where the pod is located, the iptables rule is executed after the matching, the data packet is directly sent to corresponding services by the kernel, mapping of a pod container service port and a node host port where the pod is located is achieved in a kernel mode, performance loss caused by switching of a network data packet from the kernel mode to a user mode is avoided, a data link is shortened, data transmission efficiency is improved, and edge computing efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a block diagram of one embodiment of a method of accessing a pod of an edge node provided by the present invention;
FIG. 2 is a schematic diagram of one embodiment of a system for accessing a pod of an edge node provided by the present invention;
FIG. 3 is a schematic structural diagram of an embodiment of a computer device provided in the present invention;
fig. 4 is a schematic structural diagram of an embodiment of a computer-readable storage medium provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
For better understanding of the embodiments of the present invention, related technical terms referred to in the embodiments of the present invention will be described first.
kubernets: the open-source container arrangement framework with the largest container cloud platform usage amount can realize automatic scheduling, expansion, fault recovery and the like of the containers
kubbeedge: the open source system supporting edge computing can extend the containerized application orchestration function to the nodes and devices of the edge and provide infrastructure support for the network, application deployment and metadata synchronization between the cloud and the edge.
pod: the minimum management unit of kubernets scheduling consists of 1 or more containers which share namespaces of processes, networks and the like
iptables: the information packet filtering system in the Linux operating system kernel can realize the operations of receiving, forwarding, deleting and the like of the data packet according to specific matching conditions.
hostport: in the port mapping in the container environment, a container port is mapped to a host port by setting a hostport, where the hostport in the embodiment of the present invention refers to a port that maps a port of a pod to an edge node where the pod is located.
DNAT: the destination address conversion, that is, the destination address in the IP data packet is converted into another IP address, so that the forwarding of the network data packet can be realized.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In view of the above objects, a first aspect of embodiments of the present invention proposes an embodiment of a method of accessing a pod of an edge node. As shown in fig. 1, it includes the following steps:
step S101, monitoring the change of pod resources at an edge node, responding to the change of the pod resources, and configuring corresponding iptables rules based on the change type of the pod resources;
step S103, responding to the edge node receiving an access request, and sending a data packet of the request to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
And monitoring the change of the pod resources at the edge node, and setting an iptables rule based on the operation type when an operation on the pod resources is monitored. When other edge nodes in the cluster access the pod service of a certain edge node, the data packet is matched with the iptables rule after reaching the kernel of the edge node where the pod is located, the action defined in the iptables rule is executed after the data packet is matched, and the data packet is directly sent to the corresponding service in the kernel.
The iptables rule is to take the hostport of the pod as a matching condition, perform an action as sending the packet to the IP and port of the corresponding pod, that is, perform a DNAT action on the requested packet, and change the destination address of the packet to the corresponding IP and port. Thus, when other edge nodes access the service of the pod, the data packet is matched with the set iptables rule after reaching the kernel, and then the action in the iptbytes rule is executed, so that the request is sent to the corresponding service.
According to the implementation, the mapping between the service port of the pod container and the host port of the node where the pod is located is realized in the kernel mode by monitoring the change of the pod resource and then setting the corresponding iptables rule for the pod, so that the performance loss caused by switching the network data packet from the kernel mode to the user mode is avoided, the data link is shortened, the data transmission efficiency is improved, and the edge calculation efficiency is improved.
In some embodiments, the pod resource variation comprises: any one of create pod, update pod, and delete pod.
In some embodiments, configuring a corresponding iptables rule based on the type of change of the pod resource includes:
reading a value of a port of the pod in response to the operation of creating the pod or updating the pod;
and judging whether the value of the port of the pod is 0 or not, and configuring the corresponding iptables rule in response to the fact that the value of the port of the pod is not 0.
Specifically, an edge end of the kubbeedge can acquire the change of the pod resource in real time, monitor the change of the pod resource at an edge node, read the hostPort value of the pod when a pod creation operation or a pod update operation is performed, and set a corresponding iptables rule if the hostPort value is not 0; if the value is 0, it indicates that there is no need to set the iptables rule, and the data packet is sent to the node where the pod is located, and then the node where the pod is located sends the data packet to the pod.
According to the implementation, the change of the pod resource is monitored, and then the corresponding iptables rule is set for the pod, so that the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel state, the performance loss caused by switching the network data packet from the kernel state to the user state is avoided, the data link is shortened, and the data transmission efficiency is improved.
In some embodiments, the method further comprises:
deleting the iptables rule in response to the operation of deleting the pod and the pod containing the iptables rule.
In some embodiments, performing a destination address translation action on the requested packet comprises:
and modifying the destination address of the requested data packet into the IP and the port of the corresponding pod.
In some embodiments, sending the requested data packet to a corresponding pod based on the iptables rule comprises:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
Several embodiments of the present invention are described below with reference to specific examples.
Starting a process at an edge node to monitor the change of pod resources, reading a value of a hostPort of a pod when the pod is created or updated, wherein a specific variable is pod.contacts [ i ] ports.hostport, judging whether the value of the hostPort is 0 or not after reading the value of the hostPort, and if the value of the hostPort is 0, no operation is required; if the value is not 0, iptables rule setting is required.
The specific operation of setting the iptables rule is as follows: reading the IP of the pod, with the specific variable being pod. Read port of pod, specific variable is pod, spec, contacts [ i ] ports, contacts port, e.g., IP of pod read is 8888; setting a corresponding iptables rule, wherein it is assumed that the hostPort value of the pod is 8080, the IP of the node where the pod is located is 1.2.3.4, and the specific iptables variable is as follows: iptables-ACNI-HOSTPORT-DNAT-p tcp-dport 8080-j DNAT-to-destination 10.233.1.2: 8888.
When other edge nodes access the pod service of the edge node through 1.2.3.4 and 8080, the edge node 1.2.3.4 matches the set iptables rule after the requested data packet arrives at the kernel of the edge node, and forwards the data packet to 10.233.1.2:8888, thereby realizing the mutual access of the pod service between the edge nodes.
And starting a process at the edge node to monitor the change of the pod resource, and deleting the iptables rule when monitoring that the pod operation is deleted and the pod contains the iptables rule, otherwise, not operating.
The operation of deleting the iptables rule is to delete the action of forwarding the data packet from the hostPort of the IP and port of the node where the pod is located to the IP and port of the pod, so as to prevent the data packet from being forwarded to the IP and port of the pod after the pod is deleted, and to prevent service errors.
The specific instruction for deleting the iptables rule is as follows: iptables-D CNI-HOSTPORT-DNAT-p tcp-dport 8080-j DNAT-to-destination 10.233.1.2: 8888.
According to the implementation, the corresponding iptables rules are set by monitoring the change of the pod resources, the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel mode, the performance loss caused by switching of a network data packet from the kernel mode to the user mode is avoided, the data link is shortened, and the data transmission efficiency is improved.
Based on the same inventive concept, according to another aspect of the present invention, as shown in fig. 2, an embodiment of the present invention further provides a system for accessing a pod of an edge node, including:
a monitoring module 110, where the monitoring module 110 is configured to monitor a change of a pod resource at an edge node, and in response to the change of the pod resource, configure a corresponding iptables rule based on a change type of the pod resource;
a processing module 120, the processing module 120 configured to, in response to the edge node receiving an access request, send a data packet of the request to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
According to the implementation, the corresponding iptables rules are set by monitoring the change of the pod resources, the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel mode, the performance loss caused by switching of a network data packet from the kernel mode to the user mode is avoided, the data link is shortened, and the data transmission efficiency is improved.
In some embodiments, the processing module is further configured to:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
Based on the same inventive concept, according to another aspect of the present invention, as shown in fig. 3, an embodiment of the present invention further provides a computer device 20, in which the computer device 20 comprises a processor 210 and a memory 220, the memory 220 stores a computer program 221 executable on the processor, and the processor 210 executes the steps of the method for accessing the pod of the edge node when executing the program.
The memory, as a non-volatile computer-readable storage medium, may be used to store a non-volatile software program, a non-volatile computer-executable program, and modules, such as program instructions/modules corresponding to the method for accessing a pod of an edge node in the embodiments of the present application. The processor executes various functional applications and data processing of the apparatus by executing nonvolatile software programs, instructions, and modules stored in the memory, that is, implements the method of accessing the pod of the edge node in the embodiment of the present application.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the device, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and such remote memory may be coupled to the local module via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The method for accessing the pod of the edge node comprises the following specific steps:
monitoring the change of the pod resource at the edge node, responding to the change of the pod resource, and configuring a corresponding iptables rule based on the change type of the pod resource;
in response to the edge node receiving an access request, sending the requested data packet to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
According to the implementation, the corresponding iptables rules are set by monitoring the change of the pod resources, the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel mode, the performance loss caused by switching of a network data packet from the kernel mode to the user mode is avoided, the data link is shortened, and the data transmission efficiency is improved.
In some embodiments, the pod resource variation comprises: any one of create pod, update pod, and delete pod.
In some embodiments, configuring a corresponding iptables rule based on the type of change of the pod resource includes:
reading a value of a port of the pod in response to the operation of creating the pod or updating the pod;
and judging whether the value of the port of the pod is 0 or not, and configuring the corresponding iptables rule in response to the fact that the value of the port of the pod is not 0.
In some embodiments, the method further comprises:
deleting the iptables rule in response to the operation of deleting the pod and the pod containing the iptables rule.
In some embodiments, performing a destination address translation action on the requested packet comprises:
and modifying the destination address of the requested data packet into the IP and the port of the corresponding pod.
In some embodiments, sending the requested data packet to a corresponding pod based on the iptables rule comprises:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
Based on the same inventive concept, according to another aspect of the present invention, as shown in fig. 4, an embodiment of the present invention further provides a computer-readable storage medium 30, the computer-readable storage medium 30 storing a computer program 310 which, when executed by a processor, performs the following method:
monitoring the change of the pod resource at the edge node, responding to the change of the pod resource, and configuring a corresponding iptables rule based on the change type of the pod resource;
in response to the edge node receiving an access request, sending the requested data packet to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
According to the implementation, the corresponding iptables rules are set by monitoring the change of the pod resources, the mapping between the pod container service port and the host port of the node where the pod is located is realized in the kernel mode, the performance loss caused by switching of a network data packet from the kernel mode to the user mode is avoided, the data link is shortened, and the data transmission efficiency is improved.
In some embodiments, the pod resource variation comprises: any one of create pod, update pod, and delete pod.
In some embodiments, configuring a corresponding iptables rule based on the type of change of the pod resource includes:
reading a value of a port of the pod in response to the operation of creating the pod or updating the pod;
and judging whether the value of the port of the pod is 0 or not, and configuring the corresponding iptables rule in response to the fact that the value of the port of the pod is not 0.
In some embodiments, the method further comprises:
deleting the iptables rule in response to the operation of deleting the pod and the pod containing the iptables rule.
In some embodiments, performing a destination address translation action on the requested packet comprises:
and modifying the destination address of the requested data packet into the IP and the port of the corresponding pod.
In some embodiments, sending the requested data packet to a corresponding pod based on the iptables rule comprises:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
Finally, it should be noted that, as will be understood by those skilled in the art, all or part of the processes of the methods of the above embodiments may be implemented by a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. The storage medium of the program may be a magnetic disk, an optical disk, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like. The embodiments of the computer program may achieve the same or similar effects as any of the above-described method embodiments.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.

Claims (10)

1. A method of accessing a pod of an edge node, comprising:
monitoring the change of the pod resource at the edge node, responding to the change of the pod resource, and configuring a corresponding iptables rule based on the change type of the pod resource;
in response to the edge node receiving an access request, sending the requested data packet to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
2. The method of claim 1, wherein the pod resource change comprises: any one of create pod, update pod, and delete pod.
3. The method of claim 2, wherein configuring the corresponding iptables rule based on the type of change of the pod resource comprises:
reading a value of a port of the pod in response to the operation of creating the pod or updating the pod;
and judging whether the value of the port of the pod is 0 or not, and configuring the corresponding iptables rule in response to the fact that the value of the port of the pod is not 0.
4. The method of claim 3, further comprising:
deleting the iptables rule in response to the operation of deleting the pod and the pod containing the iptables rule.
5. The method of claim 1, wherein performing a destination address translation action on the requested packet comprises:
and modifying the destination address of the requested data packet into the IP and the port of the corresponding pod.
6. The method of claim 5, wherein sending the requested data packet to a corresponding pod based on the iptables rule comprises:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
7. A system for accessing a pod of an edge node, comprising:
the monitoring module is configured to monitor the change of the pod resource at the edge node, respond to the change of the pod resource, and configure a corresponding iptables rule based on the change type of the pod resource;
a processing module configured to send, in response to the edge node receiving an access request, a data packet of the request to a corresponding pod based on the iptables rule;
wherein the iptables rule comprises: and taking the hostPort of the corresponding pod as a matching condition, and executing a destination address translation action on the requested data packet.
8. The system of claim 7, wherein the processing module is further configured to:
reading the IP of the corresponding pod, the port of the corresponding pod and the hostPort of the corresponding pod;
and taking the hostPort of the corresponding pod as a matching condition, and sending the requested data packet to the IP and the port of the corresponding pod.
9. A computer device, comprising:
at least one processor; and
memory storing a computer program operable on the processor, characterized in that the processor executes the program to perform the steps of the method according to any of claims 1-6.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the steps of the method according to any one of claims 1-6.
CN202111308398.1A 2021-11-05 2021-11-05 Pod method, system, equipment and storage medium for accessing edge node Pending CN114064206A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111308398.1A CN114064206A (en) 2021-11-05 2021-11-05 Pod method, system, equipment and storage medium for accessing edge node

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111308398.1A CN114064206A (en) 2021-11-05 2021-11-05 Pod method, system, equipment and storage medium for accessing edge node

Publications (1)

Publication Number Publication Date
CN114064206A true CN114064206A (en) 2022-02-18

Family

ID=80274170

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111308398.1A Pending CN114064206A (en) 2021-11-05 2021-11-05 Pod method, system, equipment and storage medium for accessing edge node

Country Status (1)

Country Link
CN (1) CN114064206A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363410A (en) * 2022-03-17 2022-04-15 苏州浪潮智能科技有限公司 Application access method, cloud agent, node agent component, device and medium
CN115361440A (en) * 2022-08-12 2022-11-18 新浪网技术(中国)有限公司 Updating method and updating device for endpoint resources of multiple Kubernetes clusters and electronic equipment
CN115801470A (en) * 2023-02-09 2023-03-14 北京升鑫网络科技有限公司 Adaptive cluster network micro-isolation method, device, equipment and readable medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363410A (en) * 2022-03-17 2022-04-15 苏州浪潮智能科技有限公司 Application access method, cloud agent, node agent component, device and medium
CN115361440A (en) * 2022-08-12 2022-11-18 新浪网技术(中国)有限公司 Updating method and updating device for endpoint resources of multiple Kubernetes clusters and electronic equipment
CN115801470A (en) * 2023-02-09 2023-03-14 北京升鑫网络科技有限公司 Adaptive cluster network micro-isolation method, device, equipment and readable medium

Similar Documents

Publication Publication Date Title
US10812374B2 (en) Segment routing with fast reroute for container networking
CN110012125B (en) Cluster network communication method, device, storage medium and equipment
CN114064206A (en) Pod method, system, equipment and storage medium for accessing edge node
US11907749B2 (en) RDMA with virtual address space
CN112035216B (en) Communication method for Kubernetes cluster network and OpenStack network
US9467374B2 (en) Supporting multiple IEC-101/IEC-104 masters on an IEC-101/IEC-104 translation gateway
CN107615710B (en) Direct reply actions in SDN switches
US11184281B2 (en) Packet processing method and apparatus
CN112822115B (en) Service framework construction method and system based on plug-in engine
CN111193773A (en) Load balancing method, device, equipment and storage medium
US20220329505A1 (en) Distributed packet capture
CN113301174B (en) Data processing and conversion rule deployment method and device
CN114500169A (en) Method for establishing VXLAN tunnel, method and device for forwarding message
US20220358108A1 (en) Historical graph database
CN116055446B (en) Cross-network message forwarding method, electronic equipment and machine-readable storage medium
CN110830598B (en) Method and network equipment for establishing and transmitting interface address and alias in BGP (Border gateway protocol) session
CN116016448A (en) Service network access method, device, equipment and storage medium
CN114422427B (en) Flow balancing method and device, electronic equipment and storage medium
CN113852658B (en) OpenStack IPv6 deployment method and system
US11108680B2 (en) Dynamic routing method in a network of connected objects
CN113824785A (en) Resource downloading method, system and storage medium based on point-to-point network
CN116760795B (en) Network address translation NAT gateway equipment, message processing method and device
CN111355599B (en) Hybrid network topology discovery method and device
US11836382B2 (en) Data read method, data storage method, electronic device, and computer program product
WO2023057798A1 (en) Isolation forest with ultra-low ram footprint for edge

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination