CN114363172B - Decoupling management method, device, equipment and medium for container group - Google Patents

Decoupling management method, device, equipment and medium for container group Download PDF

Info

Publication number
CN114363172B
CN114363172B CN202210274795.XA CN202210274795A CN114363172B CN 114363172 B CN114363172 B CN 114363172B CN 202210274795 A CN202210274795 A CN 202210274795A CN 114363172 B CN114363172 B CN 114363172B
Authority
CN
China
Prior art keywords
container
sidecar
group
container group
custom controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210274795.XA
Other languages
Chinese (zh)
Other versions
CN114363172A (en
Inventor
袁晓阳
孙政清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210274795.XA priority Critical patent/CN114363172B/en
Publication of CN114363172A publication Critical patent/CN114363172A/en
Application granted granted Critical
Publication of CN114363172B publication Critical patent/CN114363172B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a decoupling management method for a container group, which can be applied to the technical field of finance. The decoupling management method for the container group comprises the following steps: configuring a sidecar container custom controller, wherein operation attributes and container attributes are defined in the sidecar container custom controller, the operation attributes comprise deletion operations, and the container attributes comprise a sidecar container mirror image list forbidden to run; accepting a definition adjustment request for at least one container group; matching at least one container group with a sidecar container custom controller; according to the matched sidecar container custom controller, deleting the configuration of the sidecar container mirror image in the list of the sidecar container mirror images prohibited to operate from the definition of at least one container group; and creating at least one container group according to the adjusted definition of the at least one container group so as to realize the decoupling of the service container and the sidecar container in the at least one container group. The invention also provides a decoupling management device, equipment, a storage medium and a program product for the container group.

Description

Decoupling management method, device, equipment and medium for container group
Technical Field
The invention relates to the field of financial science and technology, in particular to a decoupling management method, device, equipment and medium for a container group.
Background
Kubernets is an open source system for automatically deploying, extending and managing containerized applications. It combines the containers that make up the application into a logical unit to facilitate management and service discovery. Kubernets takes a Pod as a basic scheduling unit, and 1 Pod or more can be contained in 1 Pod. The Pod generally includes a service container and one or more sidecar containers, and the sidecar containers are used for completing functions such as log collection, traffic load and the like. Currently, if a sidecar container needs to be upgraded, such as log collection or traffic load program upgrade, each service system needs to complete the sidecar container upgrade separately. In practical application, technical architectures of companies are relatively uniform, and sidecar containers configured by a plurality of service systems in the companies are basically the same. Therefore, the upgrade of the sidecar container can be independent from the upgrade of the service container, so that the service system has no sense of the upgrade of the sidecar container and the decoupling management of the sidecar container and the service container is realized.
In order to realize the decoupling management of the service container and the sidecar container, some solutions are provided in the industry. The Aliyun opens the source of an OpenKruise component library, wherein a SideCarSet component can realize automatic injection of a sidecar container; the open source software Istio also enables automatic injection of the Envoy sidecar container into the business container. However, the above methods only achieve the filling of the sidecar container, but do not achieve the function of how to prohibit the operation of the sidecar container in the case of the existing sidecar container in the Pod.
Disclosure of Invention
In view of the above problems, the present invention provides a decoupling management method, apparatus, device and medium for a container group, which can implement a method for prohibiting operation of a sidecar container under the condition of an existing sidecar container in a Pod, and when the number of pods with the same disabling requirement is large, improve disabling efficiency and stability, and further improve decoupling management of the sidecar container.
A first aspect of the present invention provides a decoupling management method for a container group, the container group including a business container and a sidecar container, the method including: configuring a sidecar container custom controller, wherein operation attributes and container attributes are defined in the sidecar container custom controller, the operation attributes comprise deletion operations, and the container attributes comprise a sidecar container mirror image list forbidden to run; accepting a definition adjustment request for at least one container group; matching the at least one container group with the sidecar container custom controller; adjusting the definition of the at least one container group according to the matched sidecar container custom controller, wherein the adjusting the definition of the at least one container group comprises: deleting the configuration of the sidecar container mirror in the list of forbidden sidecar container mirrors from the definition of the at least one container group; and creating the at least one container group according to the adjusted definition of the at least one container group so as to realize the decoupling of the service container and the sidecar container in the at least one container group.
According to an embodiment of the present invention, said configuring sidecar container custom controller comprises: defining operation attributes, container attributes, namespace attributes and tag attributes of the sidecar container custom controller, wherein the namespace attributes include a namespace of at least one container group matched with the sidecar container custom controller, and the tag attributes include tags of at least one container group matched with the sidecar container custom controller.
According to an embodiment of the present invention, said matching said at least one container group with said sidecar container custom controller comprises: matching the name space attribute of the sidecar container custom controller with the name space of the at least one container group to obtain a successfully matched sidecar container custom controller; and matching the acquired label attribute of the sidecar container custom controller with the label of the at least one container group to acquire the successfully matched sidecar container custom controller.
According to an embodiment of the present invention, said matching said at least one container group with said sidecar container custom controller comprises: and if the matching is not successful, not adjusting the definition of the at least one container group, and creating the at least one container group.
According to an embodiment of the present invention, the adjusting the definition of the at least one container group according to the matched sidecar container custom controller includes: when the number of the matched sidecar container custom controllers is one, adjusting the definition of at least one container group according to the sidecar container custom controllers; and when the number of the matched side car container custom controllers is more than one, sequentially adjusting the definition of the at least one container group according to the custom sequence of the side car container custom controllers.
According to an embodiment of the present invention, the operation attribute further includes an insert operation, the container attribute includes a list of sidecar container images to be inserted, and the adjusting the definition of the at least one container group according to the matched sidecar container custom controller includes: and inserting the sidecar container mirror image in the sidecar container mirror image list to be inserted into the definition of the at least one container group.
A second aspect of the present invention provides a decoupling management apparatus for a container group, the container group including a service container and a sidecar container, comprising: the system comprises a custom controller configuration module, a side car container custom controller and a side car container mirror image processing module, wherein the side car container custom controller is defined with operation attributes and container attributes, the operation attributes comprise deletion operations, and the container attributes comprise a side car container mirror image list forbidden to run; an adjustment request accepting module for accepting a defined adjustment request for at least one container group; the custom controller matching module is used for matching the at least one container group with the sidecar container custom controller; a container group definition adjusting module, configured to adjust the definition of the at least one container group according to the matched sidecar container custom controller, where the adjusting the definition of the at least one container group includes: deleting the configuration of the sidecar container mirror in the list of forbidden sidecar container mirrors from the definition of the at least one container group; and the container group creating module is used for creating the at least one container group according to the adjusted definition of the at least one container group so as to realize the decoupling of the service container and the sidecar container in the at least one container group.
A third aspect of the present invention provides an electronic device comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the decoupling management method for a group of containers described above.
The fourth aspect of the invention also provides a computer-readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the above-described decoupling management method for a group of containers.
According to the decoupling management method for the container group, which is provided by the embodiment of the invention, based on an Admission Webhook mechanism and a CRD mechanism of Kubernetes, the configuration management of the container group sidecar containers in batches can be realized through a lightweight sidecar container custom controller, the configuration of the container group sidecar containers can be modified in batches under the condition that the sidecar containers exist in the container group, the disabling efficiency and stability are improved, the decoupling management of the sidecar containers and the service containers is further perfected, and the decoupling operation efficiency is improved.
Drawings
The foregoing and other objects, features and advantages of the invention will be apparent from the following description of embodiments of the invention, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a method, apparatus, device and medium for decoupled management of a group of containers according to an embodiment of the present invention;
FIG. 2 schematically illustrates a flow chart of a method for decoupled management of a group of containers according to an embodiment of the invention;
fig. 3 schematically shows a flowchart of operation S210 according to an embodiment of the present invention;
fig. 4 schematically shows a flowchart of operation S230 according to an embodiment of the present invention;
FIG. 5 schematically shows a flowchart of operation S240 according to an embodiment of the present invention;
FIG. 6 schematically shows a flow chart of a method for decoupled management of a group of containers according to another embodiment of the invention;
FIG. 7 schematically illustrates a schematic diagram of a method of decoupled management for a group of containers according to an embodiment of the invention;
fig. 8 schematically shows a block diagram of the architecture of a decoupling management device for a group of containers according to an embodiment of the invention; and
fig. 9 schematically shows a block diagram of an electronic device adapted to implement the decoupled management method for a group of containers according to an embodiment of the invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. It is to be understood that such description is merely illustrative and not intended to limit the scope of the present invention. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the invention. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Kubernets, which may be abbreviated as K8s, is an application that can be used to manage containerization on multiple hosts in a cloud platform. Kubernets provides a mechanism for application deployment, planning, updating, and maintenance. The application deployment in Kubernetes is realized by a container deployment mode. The essence of a container is a process, running in a namespace that is self-contained. The processes between the containers cannot influence each other, and computing resources can be distinguished.
In the kubernets cluster environment, deployed services often run on top of Node nodes in Pod (i.e., container group). Generally, at least one service container in a service Pod may be configured with a Sidecar container, which is also called a Sidecar container, in addition to the service container, so as to implement some auxiliary functions of the service container, such as processing a log of the service container and performing service monitoring.
With the increasing use of kubernets, the need for user-defined resources will increase. The function of aggregating the various sub-resources provided by Kubernetes has not been able to meet the increasing widespread demand. The user wishes to provide a user-defined resource that aggregates all of the individual sub-resources. In kubernets, an API programming paradigm is Custom Resources Definition (CRD), and a user can add a customized kubernets object resource according to the requirement of the user. The Kubernets object resource added by the user is the same object resource as the self-contained and native Pod and Deploymet in the Kubernets.
The embodiment of the invention provides a decoupling management method for a container group, which is characterized in that a sidecar container custom controller (defined object resources according to CRD) is configured, the sidecar container custom controller is matched with the container group in the process of creating the container group (hereinafter referred to as Pod), and the definition of the container group is adjusted according to the operation attribute and the container attribute of the sidecar container custom controller, so that the sidecar container is forbidden to run under the condition that the sidecar container exists in the container group, and the decoupling management of the sidecar container is further improved.
It should be noted that the decoupling management method and apparatus for a container group of the present invention may be used for container deployment in system development in the financial field, and may also be used in any field other than the financial field.
Fig. 1 schematically shows an application scenario diagram of a decoupling management method and apparatus for a container group according to an embodiment of the present invention.
As shown in fig. 1, the application scenario 100 according to this embodiment may include system development in a financial field application scenario such as banking, and the system is constructed based on a kubernets orchestration management production environment, and includes Pod as a basic scheduling orchestration unit, where 1 Pod includes a service container and 1 or more sidecar containers. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The backend management server may analyze and process the received data such as the user request, and feed back a processing result (for example, a web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the decoupling management method for the container group provided by the embodiment of the present invention may be generally executed by the server 105. Accordingly, the decoupling management apparatus for a container group provided in the embodiment of the present invention may be generally disposed in the server 105. The decoupling management method for a container group provided in the embodiment of the present invention may also be executed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Correspondingly, the decoupling management apparatus for a container group provided in the embodiment of the present invention may also be disposed in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The decoupling management method for the container group according to the disclosed embodiment will be described in detail below with reference to fig. 2 to 3 based on the application scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a method for decoupled management of a group of containers according to an embodiment of the invention.
As shown in FIG. 2, the decoupling management method for the container group of the embodiment includes operations S210-S250, and the decoupling management method can be executed in sequence.
In operation S210, a sidecar container custom controller is configured, where operation attributes and container attributes are defined in the sidecar container custom controller, the operation attributes include a delete operation, and the container attributes include a list of images of the sidecar container that are prohibited from running.
In this embodiment, according to the kubernets CRD specification, a sidecar container custom controller is defined, the operation attribute indicates a type of operation performed on a sidecar container in the Pod, and may include a deletion operation, an insertion operation, and the like, a corresponding sidecar container mirror image is configured in the container attribute, and the container is an entity during mirror image operation.
In operation S220, a definition adjustment request for at least one container group is accepted.
In this embodiment, when creating or redefining a Pod, a kubernets API Server may send a container group definition adjustment request after receiving a request to create a Pod, so as to obtain a corresponding sidecar container custom controller to adjust a sidecar container in the Pod. The decoupling management device for the container group can be configured as an Admission Webhook processing module, so that Kubernets can sense the existence of the module conveniently, and the decoupling management method for the container group of the embodiment is executed. Since the sidecar containers in each container group have similar functions and compositions, the definition adjustment requests from a plurality of container groups can be received, and the definitions of the plurality of container groups are adjusted in batch.
In operation S230, at least one container group is matched with the sidecar container custom controller.
In this embodiment, the user can configure a sidecar container custom controller for each Pod according to the self-demand, or configure different custom controllers according to the classification of the Pod, or can also define different sidecar container custom controllers and the like for different types of sidecar containers in the same container group.
In operation S240, adjusting the definition of the at least one container group according to the matched sidecar container custom controller, where adjusting the definition of the at least one container group includes: the configuration of the sidecar container mirror in the list of forbidden sidecar container mirrors is deleted from the definition of at least one container group.
In this embodiment, when a deletion operation is performed on a sidecar container in a Pod, a sidecar container mirror list is obtained according to a container attribute of a sidecar container custom controller, and a corresponding sidecar container in the Pod is deleted according to the sidecar container mirror list.
At operation S250, at least one container group is created according to the adjusted definition of the at least one container group to implement decoupling of the service container from the sidecar container in the at least one container group.
In this embodiment, after the decoupling management device for the container group completes the configuration processing of the sidecar container of the container group, the configuration result is returned to the kubernets API Server, so that the kubernets API Server completes Pod creation.
According to the method, the configuration management of the side car containers in batches can be realized in the Pod definition process by configuring the lightweight side car container custom controller, the configuration of the side car containers of the container group can be deleted in batches under the condition that the side car containers exist in the container group, the forbidden efficiency and stability are improved, the decoupling management of the side car containers and the service containers is further perfected, and the decoupling operation efficiency is improved.
The above-described operation steps will be further described below.
Fig. 3 schematically shows a flowchart of operation S210 according to an embodiment of the present invention.
As shown in fig. 3, configuring at least one sidecar container custom controller in operation S210 may include operation S211.
In operation S211, an operation attribute, a container attribute, a namespace attribute, and a tag attribute of the sidecar container custom controller are defined, the namespace attribute including a namespace of at least one container group matched with the sidecar container custom controller, and the tag attribute including a tag of the at least one container group matched with the sidecar container custom controller.
Namespace (Namespace) is used to restrict the scope of Pod resource names, which are shared by containers contained in a Pod. The label can be used for identifying the operating node, functional characteristic and the like of the Pod, and is commonly used for matching degree check of the label selector, so that resource screening is completed.
In this embodiment, the namespace attributes of the sidecar container custom controller support configuring multiple namespaces. When the namespace attribute support is configured as "all," then the sidecar container custom controller is validated for all namespace Pod. Each service Pod has a tag attribute, and the tag attribute in the sidecar container custom controller configured by the user is the same as the tag attribute of the designated service Pod. The sidecar container custom controller supports configuration of multiple sets, namely, a user can configure the same sidecar container custom controller for the sidecar containers of multiple sets of Pod, and can configure multiple sets of sidecar container custom controllers for the same Pod. Furthermore, unique side car container labels are set for side car containers in the Pod, or different labels are set for different function type side car containers in the same Pod, and different side car container custom controllers are configured for the side car containers with different labels, so that different side car containers in the Pod can be customized and adjusted differently.
The operation attribute can comprise an insert attribute and a delete attribute, the insert attribute indicates that the sidecar container in the container attribute is inserted into the Pod in a mirror mode, the delete attribute indicates that the sidecar container in the container attribute which is the same as the mirror image in the container attribute is deleted, and the update of all or part of the sidecar containers in the container group can be realized through the combined operation of deletion and insertion.
In this embodiment, the sidecar container custom controller may further include a resource name and the like. The resource name is used for indicating the management attribute, content and the like of the sidecar container custom controller, so that a user can conveniently and quickly know the function of the custom management resource.
Fig. 4 schematically shows a flowchart of operation S230 according to an embodiment of the present invention.
As shown in fig. 4, according to operation S230, matching at least one container group with the sidecar container custom controller includes operations S231 to S232.
In operation S231, the name space attribute of the sidecar container custom controller is matched with the name space of the at least one container group, and a successfully matched sidecar container custom controller is obtained.
In operation S232, the obtained tag attribute of the sidecar container custom controller is matched with the tag of at least one container group, and a successfully matched sidecar container custom controller is obtained.
In this embodiment, finding a sidecar container custom controller that matches a container group is divided into at least namespace matching detection and tag matching detection. Firstly, finding out the sidecar container custom controller configuration which is the same as the current Pod name space or the sidecar container custom controller configuration with the name space attribute configuration of 'all' from all the sidecar container custom controller configurations, and when the name space attribute supports the configuration of 'all', the sidecar container custom controller takes effect on all the Pod name spaces. And if the sidecar container custom controller is matched, performing label matching on the sidecar container custom controller with successfully matched name space, and finding out the sidecar container custom controller with the same label as the Pod.
According to operation S230, if the matching is not successful, the definition of the at least one container group is not adjusted, and operation S240 is directly performed to create the at least one container group.
Fig. 5 schematically shows a flowchart of operation S240 according to an embodiment of the present invention.
As shown in fig. 5, according to operation S240, adjusting the definition of at least one container group according to the matched sidecar container custom controller may include operations S241 to S242.
In operation S241, when the number of the matched sidecar container custom controllers is one, the definition of at least one container group is adjusted according to the sidecar container custom controller.
In operation S242, when the number of the matched sidecar container custom controllers is greater than one, the definitions of at least one container group are sequentially adjusted according to the custom sequence of the sidecar container custom controllers.
Optionally, when configuring the sidecar container custom controller, a custom sequence may be given to each sidecar container custom controller, so that after the management resource is obtained, the configuration adjustment of the sidecar container is automatically executed according to the custom sequence.
Optionally, after the sidecar container custom controller is obtained, the sidecar container may be adjusted according to the custom sequence and the respective sidecar container custom controllers in sequence according to the custom sequence by the user.
In one embodiment of the invention, when the number of the matched sidecar container custom controllers is more than one, the sidecar containers in the Pod can be adjusted for many times, and different sidecar containers can be adjusted respectively according to different types of tags.
According to operation S250, at least one container group is created according to the adjusted definition of the at least one container group to implement decoupling of the service container from the sidecar container in the at least one container group.
In this embodiment, after the decoupling management device for the container group completes the configuration processing of the sidecar container of the container group, the configuration result is returned to the kubernets API Server, so that the kubernets API Server completes Pod creation next.
Fig. 6 schematically shows a flow chart of a method for decoupled management of a group of containers according to another embodiment of the invention.
As shown in FIG. 6, the decoupling management method for the container group of the embodiment includes operations S610 to S650, and the decoupling management method may be performed sequentially.
In operation S610, a sidecar container custom controller is configured, where operation attributes and container attributes are defined in the sidecar container custom controller, the operation attributes include a delete operation, and the container attributes include a list of the sidecar container images prohibited from running.
In operation S620, a definition adjustment request for at least one container group is accepted.
In operation S630, at least one container group is matched with the sidecar container custom controller.
In operation S640, adjusting the definition of the at least one container group according to the matched sidecar container custom controller, where adjusting the definition of the at least one container group includes: inserting the sidecar container mirror in the sidecar container mirror list to be inserted into the definition of at least one container group.
In operation S650, at least one container group is created according to the adjusted definition of the at least one container group to achieve decoupling of the service container from the sidecar container in the at least one container group.
In this embodiment, referring to the operations S210 to S230 and S250, after the sidecar container custom controller is matched, the specific execution modes of the operations S610 to S630 and S650 generate a corresponding sidecar container object in the definition of Pod according to the sidecar container mirror image list of the sidecar container custom controller, so that the corresponding sidecar container is inserted into the definition of Pod.
According to the decoupling management method for the container group, which is provided by the embodiment of the invention, based on an Admission Webhook mechanism and a CRD mechanism of Kubernets, the configuration management of the container group sidecar containers in batches can be realized through a lightweight sidecar container custom controller, the configuration of the container group sidecar containers can be modified in batches under the condition that the sidecar containers exist in the container group, the forbidden efficiency and stability are improved, the decoupling management of the sidecar containers and the service containers is further improved, and the decoupling operation efficiency is improved.
Fig. 7 schematically shows a schematic diagram of a decoupling management method for a group of containers according to an embodiment of the invention.
The sidecar container decoupling management device matches the sidecar container custom controller for the container group according to the definition adjustment request of the container group Pod sent by the Kubernets API Server, according to the name space and the tag (indicated by the tag in the figure) of the Pod, adjusts the definition of the container group according to the operation attribute and the container attribute of the matched sidecar container custom controller, and returns the processing result to the Kubernets API Server to complete the creation of the container group. The sidecar container decoupling management device searches for the sidecar container custom controller matched with the container group Pod according to at least one label, wherein the label may comprise a name space attribute, a container group label and the like.
And adjusting the Pod group Pod according to the acquired operation attribute of the sidecar Pod custom controller. And if the operation is deletion operation, deleting the side car container defined in the container group definition according to the side car container mirror image list. If the operation is an inserting operation, inserting a container mirror image included in the sidecar container mirror image list into the definition of the container group,
when a plurality of sidecar container custom controllers are obtained, the sidecar container configuration of the container group can be adjusted according to the custom sequence of at least one sidecar container custom controller and the operation attribute and the container attribute of the corresponding sidecar container custom controller in sequence, so that multiple modifications of different sidecar units in the same container group are realized.
Based on the decoupling management method for the container group, the invention also provides a decoupling management device for the container group. The apparatus will be described in detail below with reference to fig. 8.
Fig. 8 schematically shows a block diagram of a decoupling management apparatus for a container group according to an embodiment of the present invention.
As shown in fig. 8, in the present embodiment, a container group includes a business container and a sidecar container, and a decoupling management apparatus 800 for a container group provided in the present embodiment includes a custom controller configuration module 810, an adjustment request accepting module 820, a custom controller matching module 830, a container group definition adjusting module 840, and a container group creation modeling block 850.
And the custom controller configuration module 810 is configured to configure a sidecar container custom controller, where the operation attribute and the container attribute are defined in the sidecar container custom controller, the operation attribute includes a deletion operation, and the container attribute includes a sidecar container mirror image list prohibited from running. In an embodiment, the custom controller configuration module 810 may be configured to perform the operation S210 described above, and is not described herein again.
A tuning request accepting module 820 for accepting a defined tuning request for at least one container group. In an embodiment, the adjustment request accepting module 820 may be configured to perform the operation S220 described above, and is not described herein again.
And the custom controller matching module 830 is used for matching at least one container group with the sidecar container custom controller. In an embodiment, the custom controller matching module 830 may be configured to perform the operation S230 described above, and is not described herein again.
A container group definition adjusting module 840, configured to adjust the definition of at least one container group according to the matched sidecar container custom controller, where the adjusting the definition of at least one container group includes: the configuration of the sidecar container mirror in the list of inhibited sidecar container mirrors is deleted from the definition of at least one container group. In an embodiment, the container group definition adjusting module 840 may be configured to perform the operation S240 described above, which is not described herein again.
A container group creating module 850, configured to create at least one container group according to the adjusted definition of the at least one container group, so as to implement decoupling of the service container from the sidecar container in the at least one container group. In an embodiment, the container group creating module 850 may be configured to perform the operation S250 described above, which is not described herein again.
According to the embodiment of the invention, the configuration of the sidecar container custom controller is completed in advance by the custom controller configuration module 810, and when Pod definition is performed, the kubernets API Server sends a request to the adjustment request receiving module 820; the custom controller matching module 830 matches the corresponding sidecar container custom controller according to the name space, tag, etc. of the container group included in the request; after matching with the sidecar container custom controller, the container group definition adjusting module 840 runs the sidecar container custom controller, adjusts the Pod definition according to the operation attribute and the container attribute of the sidecar container custom controller, and specifically includes deleting the sidecar container defined in the container group definition according to the sidecar container mirror image list; and after the adjustment is finished, returning a result to the Kubernets API Server, and finishing the creation of the Pod so as to realize the decoupling of the service container and the sidecar container in the at least one container group.
In one embodiment of the present invention, the custom controller configuration module 810 includes a resource configuration unit for defining operational attributes, container attributes, namespace attributes and tag attributes of the sidecar container custom controller, the namespace attributes including a namespace of at least one container group matching the sidecar container custom controller, and the tag attributes including tags of at least one container group matching the sidecar container custom controller.
The tag attributes may include at least a namespace attribute, a container group tag, and the like. The name space list attribute in the user-configurable sidecar container custom controller is the same as the service container group Pod name space attribute. Namespace attributes support configuring multiple namespaces. When the namespace attribute support configuration is full, the sidecar container custom controller is validated for all namespace Pod configurations. Each service container group Pod has a tag attribute, and the tag attribute in the sidecar container custom controller configured by the user is the same as the tag attribute of the designated service container group Pod. The sidecar container custom controller supports configuration of multiple sets, namely, a user can configure the same sidecar container custom controller for the sidecar containers of multiple sets of container groups Pod, and can configure multiple sets of sidecar container custom controllers for the Pod of the same container group. Furthermore, unique sidecar container labels are set for sidecar containers in the container group Pod, or different labels are set for different functional type sidecar containers in the same container group Pod, and different sidecar container custom controllers are configured for the sidecar containers with different labels, so that different sidecar containers in the container group Pod can be subjected to different custom adjustments.
The operation attributes can include an insert attribute and a delete attribute, the insert attribute indicates that the sidecar container mirror image in the container attribute is inserted into the container group Pod, the delete attribute indicates that the sidecar container in the container attribute which is the same as the mirror image in the container attribute is deleted, and the update of all or part of the sidecar containers in the container group can be realized through the combined operation of deletion and insertion.
In one embodiment of the present invention, the custom controller matching module 830 may include a space name matching unit and a tag matching unit.
The space name matching unit is used for matching the name space attribute of the sidecar container custom controller with the name space of at least one container group, and obtaining the sidecar container custom controller successfully matched.
The tag matching unit is used for matching the acquired tag attribute of the sidecar container custom controller with the tags of at least one container group, and acquiring the successfully matched sidecar container custom controller.
In this embodiment, according to the type and attribute of the Pod, the custom controller matching module 830 searches for the sidecar container custom controller matching the container group in at least two steps, namely name space matching detection and tag matching detection. Firstly, finding out the sidecar container custom controller configuration or the name space attribute configuration which is the same as the current container group Pod name space from all sidecar container custom controller configurations. And after the sidecar container custom controller with the name space attribute including the name space of the container group is matched, performing label matching on the matched sidecar container custom controller, and finding out the sidecar container custom controller with the same label as the Pod group Pod label. If the sidecar container custom controller with the tag attribute including the Pod group Pod tag is matched, the custom controller matching module 830 adjusts the configuration of the sidecar container in the Pod group according to the matched sidecar container custom controller.
When the number of the matched side car container custom controllers is one, adjusting the definition of at least one container group according to the side car container custom controllers; and when the number of the matched side car container custom controllers is more than one, sequentially adjusting the definition of at least one container group according to the custom sequence of the side car container custom controllers. Optionally, when configuring the sidecar container custom controller, a custom sequence may be given to each sidecar container custom controller, so that after the management resource is obtained, the configuration adjustment of the sidecar container is automatically executed according to the custom sequence. Optionally, after the sidecar container custom controller is obtained, the sidecar container may be adjusted according to the custom sequence and the respective sidecar container custom controllers in sequence according to the custom sequence by the user.
In one embodiment of the invention, the custom controller matching module 830 may also terminate the tuning unit.
The termination adjusting unit is configured to notify the container group creation module 850 not to adjust the definition of the at least one container group and create the at least one container group if the sidecar container custom controller whose namespace attribute includes the namespace of the at least one container group is not obtained or if the sidecar container custom controller whose tag attribute includes the tag of the at least one container group is not obtained.
In another embodiment of the present invention, the operation attribute of the sidecar container custom controller further comprises an insertion operation, the container attribute comprises a list of sidecar container images to be inserted, and the container group definition adjusting module 840 is further configured to insert the sidecar container images in the list of sidecar container images to be inserted into the definition of at least one container group.
According to the decoupling management device for the container group, which is provided by the embodiment of the invention, based on an Admission Webhook mechanism and a CRD mechanism of Kubernetes, configuration management of batch sidecar containers can be realized by configuring a lightweight sidecar container custom controller, the configuration of the sidecar containers of the container group can be modified in batch under the condition that the sidecar containers exist in the container group, particularly, batch deletion operation of the sidecar containers in the batch container group can be realized, the disabling efficiency and stability are improved, the decoupling management of the sidecar containers and service containers is further improved, and the decoupling operation efficiency is improved.
Any of custom controller configuration module 810, adjustment request acceptance module 820, custom controller matching module 830, container group definition adjustment module 840, and container group creation module 850 may be combined into one module or any of them may be split into multiple modules according to embodiments of the present invention. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present invention, at least one of the custom controller configuration module 810, the adjustment request accepting module 820, the custom controller matching module 830, the container group definition adjusting module 840 and the container group creation modeling module 850 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or in any one of three implementations of software, hardware and firmware, or in any suitable combination of any of them. Alternatively, at least one of the custom controller configuration module 810, the adjustment request acceptance module 820, the custom controller matching module 830, the container group definition adjustment module 840 and the container group creation module 850 may be implemented at least in part as a computer program module that, when executed, may perform corresponding functions.
Fig. 9 schematically shows a block diagram of an electronic device adapted to implement the decoupled management method for a group of containers according to an embodiment of the invention.
As shown in fig. 9, an electronic apparatus 900 according to an embodiment of the present invention includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present invention.
In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flow according to the embodiment of the present invention by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of method flows according to embodiments of the present invention by executing programs stored in the one or more memories.
Electronic device 900 may also include input/output (I/O) interface 905, input/output (I/O) interface 905 also connected to bus 904, according to an embodiment of the present invention. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
The present invention also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the present invention.
According to embodiments of the present invention, the computer readable storage medium may be a non-volatile computer readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the invention, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.
Embodiments of the invention also include a computer program product comprising a computer program comprising program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to implement the decoupling management method for a container group provided by the embodiment of the invention.
The computer program performs the above-described functions defined in the system/apparatus of the embodiment of the present invention when executed by the processor 901. The above described systems, devices, modules, units, etc. may be implemented by computer program modules according to embodiments of the invention.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, and downloaded and installed through the communication section 909 and/or installed from the removable medium 911. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present invention. The above described systems, devices, apparatuses, modules, units, etc. may be implemented by computer program modules according to embodiments of the present invention.
According to embodiments of the present invention, program code for executing a computer program provided by embodiments of the present invention may be written in any combination of one or more programming languages, and in particular, the computer program may be implemented using a high level procedural and/or object oriented programming language, and/or an assembly/machine language. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be appreciated by a person skilled in the art that features described in the various embodiments of the invention may be combined in various ways and/or combinations, even if such combinations or combinations are not explicitly described in the invention. In particular, various combinations and/or subcombinations of the features described in connection with the various embodiments of the invention may be made without departing from the spirit and teachings of the invention. All such combinations and/or associations fall within the scope of the present invention.
The embodiments of the present invention have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the invention, and these alternatives and modifications are intended to fall within the scope of the invention.

Claims (7)

1. A decoupled management method for a container group, the container group including a business container and a sidecar container, the method comprising:
configuring a sidecar container custom controller comprising: defining operation attributes, container attributes, name space attributes and tag attributes of the sidecar container custom controller, wherein the operation attributes comprise deletion operations, the container attributes comprise a list of sidecar container images prohibited from running, the name space attributes comprise a name space of at least one container group matched with the sidecar container custom controller, and the tag attributes comprise tags of at least one container group matched with the sidecar container custom controller;
Accepting a definition adjustment request for at least one container group;
matching the at least one container group with the sidecar container custom controller, comprising: matching the name space attribute of the sidecar container custom controller with the name space of the at least one container group to obtain a successfully matched sidecar container custom controller; matching the acquired label attribute of the sidecar container custom controller with the label of the at least one container group to acquire a successfully matched sidecar container custom controller;
adjusting the definition of the at least one container group according to the matched sidecar container custom controller, wherein the adjusting the definition of the at least one container group comprises: deleting the configuration of the sidecar container mirror in the list of forbidden sidecar container mirrors from the definition of the at least one container group;
and creating the at least one container group according to the adjusted definition of the at least one container group so as to realize the decoupling of the service container and the sidecar container in the at least one container group.
2. The method of claim 1, wherein said matching the at least one container group with the sidecar container custom controller comprises:
And if the matching is not successful, the definition of the at least one container group is not adjusted, and the at least one container group is created.
3. The method of claim 1, wherein adjusting the definition of the at least one container group according to the matched sidecar container custom controller comprises:
when the number of the matched sidecar container custom controllers is one, adjusting the definition of at least one container group according to the sidecar container custom controllers;
and when the number of the matched side car container custom controllers is more than one, sequentially adjusting the definition of the at least one container group according to the custom sequence of the side car container custom controllers.
4. The method of claim 1, wherein the operation attributes further comprise an insert operation, wherein the container attributes comprise a list of sidecar container images to be inserted, and wherein adjusting the definition of the at least one container group according to the matched sidecar container custom controller comprises:
and inserting the sidecar container mirror image in the sidecar container mirror image list to be inserted into the definition of the at least one container group.
5. A decoupling management apparatus for a container group, the container group including a service container and a sidecar container, comprising:
the custom controller configuration module is used for configuring the custom controller of the sidecar container, and comprises the following components: defining operation attributes, container attributes, name space attributes and tag attributes of the sidecar container custom controller, wherein the operation attributes comprise deletion operations, the container attributes comprise a list of sidecar container images prohibited from running, the name space attributes comprise a name space of at least one container group matched with the sidecar container custom controller, and the tag attributes comprise tags of at least one container group matched with the sidecar container custom controller;
an adjustment request accepting module for accepting a defined adjustment request for at least one container group;
the custom controller matching module is used for matching the at least one container group with the sidecar container custom controller, and comprises: matching the name space attribute of the sidecar container custom controller with the name space of the at least one container group to obtain a successfully matched sidecar container custom controller; matching the acquired label attribute of the sidecar container custom controller with the label of the at least one container group to acquire a successfully matched sidecar container custom controller;
A container group definition adjusting module, configured to adjust the definition of the at least one container group according to the matched sidecar container custom controller, where the adjusting the definition of the at least one container group includes: deleting the configuration of the sidecar container mirror in the list of the disabled sidecar container mirrors from the definition of the at least one container group;
and the container group creating module is used for creating the at least one container group according to the adjusted definition of the at least one container group so as to realize the decoupling of the service container and the sidecar container in the at least one container group.
6. An electronic device, comprising:
one or more processors;
a storage device to store one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-4.
7. A computer-readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any one of claims 1 to 4.
CN202210274795.XA 2022-03-21 2022-03-21 Decoupling management method, device, equipment and medium for container group Active CN114363172B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210274795.XA CN114363172B (en) 2022-03-21 2022-03-21 Decoupling management method, device, equipment and medium for container group

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210274795.XA CN114363172B (en) 2022-03-21 2022-03-21 Decoupling management method, device, equipment and medium for container group

Publications (2)

Publication Number Publication Date
CN114363172A CN114363172A (en) 2022-04-15
CN114363172B true CN114363172B (en) 2022-06-10

Family

ID=81094304

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210274795.XA Active CN114363172B (en) 2022-03-21 2022-03-21 Decoupling management method, device, equipment and medium for container group

Country Status (1)

Country Link
CN (1) CN114363172B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112506617A (en) * 2020-12-16 2021-03-16 新浪网技术(中国)有限公司 Mirror image updating method and device for sidecar container in Kubernetes cluster
CN113422700A (en) * 2021-06-22 2021-09-21 汇付天下有限公司 Non-inductive upgrading method and non-inductive upgrading device
CN113742660A (en) * 2021-08-11 2021-12-03 阿里巴巴新加坡控股有限公司 Application program permission management system and method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7099818B1 (en) * 2002-03-29 2006-08-29 Cypress Semiconductor Corporation System and method for automatically matching components in a debugging system
US20210281548A1 (en) * 2020-02-27 2021-09-09 Virtru Corporation Methods and systems for securing containerized applications
US11501026B2 (en) * 2020-07-13 2022-11-15 Avaya Management L.P. Method to encrypt the data at rest for data residing on Kubernetes persistent volumes
US11539602B2 (en) * 2020-08-24 2022-12-27 T-Mobile Usa, Inc. Continuous monitoring of containers using monitor containers configured as sidecar containers
CN113391952B (en) * 2021-06-07 2022-03-11 北京同创永益科技发展有限公司 Automatic backup method based on LVM snapshot in cloud native environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112506617A (en) * 2020-12-16 2021-03-16 新浪网技术(中国)有限公司 Mirror image updating method and device for sidecar container in Kubernetes cluster
CN113422700A (en) * 2021-06-22 2021-09-21 汇付天下有限公司 Non-inductive upgrading method and non-inductive upgrading device
CN113742660A (en) * 2021-08-11 2021-12-03 阿里巴巴新加坡控股有限公司 Application program permission management system and method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Research and design of a service gateway for power grid dispatching control system;Wei Chunlei,Wan Shupeng;《2021 3rd International Conference on Electrical Engineering and Control Technologies》;20220120;全文 *
基于云计算的装备保障信息系统集成;李文俊,杨学强;《计算机集成制造系统》;20200430;全文 *
边车容器下的服务网格istio;weixin_33905756;《CSDN》;20180208;全文 *

Also Published As

Publication number Publication date
CN114363172A (en) 2022-04-15

Similar Documents

Publication Publication Date Title
CN109062563B (en) Method and device for generating page
US10411961B2 (en) Image management in cloud environments
CN110019080B (en) Data access method and device
CN110888696A (en) Page display method and system, computer system and computer readable medium
CN111427701A (en) Workflow engine system and business processing method
CN113946425A (en) Service processing method and device, electronic equipment and computer readable storage medium
CN114253734A (en) Resource calling method and device, electronic equipment and computer readable storage medium
CN110223179A (en) The data processing method of fund, device, system, medium
CN110764769B (en) Method and device for processing user request
CN111258988A (en) Asset management method, device, electronic device, and medium
US20230208659A1 (en) Blockchain apparatus and method for mobile edge computing
CN114363172B (en) Decoupling management method, device, equipment and medium for container group
CN114237765B (en) Functional component processing method, device, electronic equipment and medium
CN114070889B (en) Configuration method, traffic forwarding device, storage medium, and program product
WO2021232860A1 (en) Communication method, apparatus and system
CN114780361A (en) Log generation method, device, computer system and readable storage medium
CN112835606A (en) Gradation issuing method, gradation issuing apparatus, electronic device, gradation issuing medium, and program product
CN113741888A (en) Service processing method and device
CN111325621A (en) Protocol processing method, device, computer system and medium
CN115185886A (en) Partition-based data migration method and device
CN114816736A (en) Service processing method, device, equipment and medium
CN116700745A (en) Application deployment method and device based on container cloud platform, electronic equipment and medium
CN115729567A (en) Automatic deployment method and device of operation and maintenance product, electronic equipment and storage medium
CN116737109A (en) Digital resource processing method and device, electronic equipment and storage medium
CN117743353A (en) Data updating method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant