CN114461303A - Method and device for accessing cluster internal service - Google Patents
Method and device for accessing cluster internal service Download PDFInfo
- Publication number
- CN114461303A CN114461303A CN202210126123.4A CN202210126123A CN114461303A CN 114461303 A CN114461303 A CN 114461303A CN 202210126123 A CN202210126123 A CN 202210126123A CN 114461303 A CN114461303 A CN 114461303A
- Authority
- CN
- China
- Prior art keywords
- service
- request information
- service request
- cluster
- container group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 230000005540 biological transmission Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 14
- 230000003993 interaction Effects 0.000 claims description 5
- 230000003247 decreasing effect Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 9
- 238000007726 management method Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000018109 developmental process Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
- G06F9/4451—User profiles; Roaming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
- G06F9/505—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the load
Abstract
The present disclosure provides a method and a device for accessing cluster internal services, wherein a cluster comprises at least one service component, each service component corresponds to at least one container group, and each container group loads corresponding internal services; the cluster is connected with a load balancer; the method comprises the following steps: receiving service request information through an external load balancer, wherein the service request information is used for requesting access to internal services of the cluster; determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component; and determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group. Automatic service exposure is realized, and internal services in the cluster can be conveniently and directly accessed.
Description
Technical Field
The disclosure relates to the technical field of cloud platforms, and in particular, to a method and an apparatus for accessing a cluster internal service.
Background
Due to the characteristics of the cloud native cluster, the service deployed in the cluster uses the internet protocol address in the cluster, so that only the services in the cluster can be accessed to each other, and a network outside the cluster cannot directly establish communication with a container group in the cluster. In the prior art, cloud native performs external exposure or internal exposure on a service in one or more combination modes of a cluster address, a node port, load balancing, an entry and the like. However, when service exposure is performed, more means are generally required to achieve the purpose. For example, when the external service is exposed in such a manner as using a portal, additional manual application for the service is required.
Disclosure of Invention
The disclosure provides a self-adaptive external exposure method and system, which are used for overcoming the defect that manual service application is needed in the prior art, realizing automatic external exposure of services, and being capable of directly accessing internal services in a cluster conveniently.
In a first aspect, the present disclosure provides a method for accessing internal services of a cluster, where the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads a corresponding internal service; the cluster is connected with a load balancer;
the method comprises the following steps:
receiving service request information through an external load balancer, wherein the service request information is used for requesting access to internal services of the cluster;
determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component;
and determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group.
According to the method for accessing the cluster internal service provided by the disclosure, the service component comprises: a controller and a service unit;
the determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component includes:
determining a controller corresponding to the service request information based on a first configuration file prestored in the load balancer;
acquiring the service units based on the controller, wherein the controller corresponds to the service units one by one;
and sending the service request information to the controller, and sending the service request information to the service unit through the controller.
According to the method for accessing the cluster internal service provided by the present disclosure, before the determining the service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, the method includes:
performing information interaction with the load balancer through the controller to acquire information of the controller;
configuring a corresponding service unit for the controller through the load balancer based on the information of the controller;
recording, by the load balancer, a service unit of the controller as a first configuration file.
According to the method for accessing the cluster internal service provided by the present disclosure, before the determining the target container group corresponding to the service request information based on the second configuration file pre-stored in the service component, the method includes:
adding an entry resource that accesses an internal service within the target container group;
and synchronously acquiring the entry resources through the service assembly, and converting the entry resources into corresponding second configuration files.
According to the method for accessing the cluster internal service provided by the disclosure, the determining the service component corresponding to the service request information and sending the service request information to the service component includes:
determining first configuration information corresponding to a first entry address in a first configuration file based on the first entry address for receiving service request information, wherein the first configuration information comprises: a first entry address, a first transmission path and a service component identification;
determining a service component corresponding to the service request information based on the first configuration information;
and sending the service request information to a service component corresponding to the service component identification based on the first transmission path.
According to the method for accessing the cluster internal service provided by the present disclosure, the determining the target container group corresponding to the service request information, and the sending the service request information to the target container group includes:
determining second configuration information corresponding to a second entry address in a second configuration file based on the second entry address for receiving the service request information, wherein the second configuration information comprises: a second ingress address, a port address, a second transmission path, and a target container group identification;
determining a target container group corresponding to the service request information based on the second configuration information;
receiving, by the service component, the service request information based on the port address;
and sending the service request information in the service assembly to a target container group corresponding to the target container group identification based on a second transmission path.
According to the method for accessing the cluster internal service provided by the disclosure, the method further comprises the following steps:
updating, by the load balancer, the first profile in the event the controller is increased/decreased.
In a second aspect, the present disclosure provides an apparatus for accessing internal services of a cluster, where the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads a corresponding internal service; the cluster is connected with a load balancer;
the device comprises:
the receiving module is used for receiving service request information through an external load balancer, wherein the service request information is used for requesting to access internal services of the cluster;
the determining module is used for determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer and sending the service request information to the service component;
and the sending module is used for determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group and accessing the internal service in the target container group.
In a third aspect, the present disclosure provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to implement the steps of the method for accessing the cluster internal service according to any one of the above.
In a fourth aspect, the present disclosure provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of accessing intra-cluster services as claimed in any one of the above.
In a fifth aspect, the present disclosure provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of the method of accessing cluster internal services as described in any one of the above.
The method and the device for accessing the cluster internal service provided by the disclosure comprise the steps that a load balancer is arranged outside a cluster, request information for accessing the cluster internal service is received through the load balancer, a service component corresponding to the service request information in the cluster is determined based on a first configuration file prestored in the load balancer, and the service request information is sent to the service component, wherein the service component is generated inside the cluster and does not need to be additionally manually applied for the service component; and then determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group. Automatic service exposure is realized, and internal services in a cluster can be directly accessed conveniently.
Drawings
In order to more clearly illustrate the technical solutions of the present disclosure or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flow chart illustrating a method for accessing a cluster internal service according to an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart of sending service request information to the service component according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of acquiring a first configuration file according to an embodiment of the present disclosure;
FIG. 4 is a second schematic flow chart illustrating sending of service request information to the service component according to the embodiment of the disclosure;
fig. 5 is a schematic flow chart of sending service request information to a target container group according to an embodiment of the present disclosure;
FIG. 6 is a block diagram of accessing cluster internal services provided by embodiments of the present disclosure;
FIG. 7 is a schematic overall flow chart of accessing cluster internal services provided by the embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of an apparatus for accessing a service inside a cluster according to an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of an electronic device provided by the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all, of the embodiments of the present disclosure. All other embodiments, which can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present disclosure, belong to the protection scope of the embodiments of the present disclosure.
Cloud-native is a software development technology, which makes full use of cloud computing and deploys applications as micro-services using a software technology stack. In the prior art, cloud native applications build a set of micro-services running in a Docker container, orchestrated in kubernets, and managed and deployed using DevOps and GitOps workflows. Using a Docker container, all software and environment configurations required for execution can be packaged into one executable package. The container runs in a virtualized environment, isolating the contained application from its environment.
Kubernetes is abbreviated as K8s, is a container cluster management system initiated and maintained by the Google team, and the bottom layer provides strong application management and resource management scheduling capabilities based on container technologies such as Docker and Rkt. The K8s has complete cluster management capability, including multi-level security protection and admission mechanism, multi-tenant application support capability, transparent service registration and service discovery mechanism, built-in intelligent load balancer, powerful fault discovery and self-repair function, service rolling upgrade and online capacity expansion capability, expandable resource automatic scheduling mechanism, and multi-granularity resource allocation management capability. Meanwhile, K8s provides perfect management tools which cover all links including development, test deployment and operation and maintenance monitoring. Therefore, K8s is a completely new distributed architecture solution based on container technology, and is a one-stop, complete distributed system development and support platform.
The external service exposure refers to exposing the application service inside the cluster to the outside so that the network outside the cluster can access the application service inside the cluster.
Internal services are exposed for service access inside the cluster, i.e. given a service inside a cluster, other applications inside the cluster can access the service, which cannot be accessed outside the cluster.
The network model of the Kubernetes cluster is a leading solution to the commonly used container-based distributed architecture, which solves the management problem in the use of large-scale clusters. In a Kubernetes cluster, a container group Pod is the smallest unit deployed by the Kubernetes cluster, and provides a certain service for a client, and usually allocates an internet protocol address within the cluster for the service.
However, due to the characteristics of the kubernets cluster, the internet protocol address in the cluster is used by the service deployed in the kubernets cluster, so that only the services in the kubernets cluster can access each other, and a network outside the cluster cannot directly establish communication with the Pod in the kubernets cluster. In the prior art, based on the fact that kubernets can provide highly available micro services, the kubernets provide four ways for accessing the services: ClusterIP, Nodeport, Loadbalancer and Ingress.
1) The ClusterIP service is the default service of kubernets. For service access inside a cluster, i.e. given a service inside a cluster, other applications inside the cluster can access the service, which cannot be accessed outside the cluster.
2) The nodoport service is the most primitive way to direct external traffic to services within a container group. This approach is mainly to open a specific port on all nodes (nodes may be virtual machines) and any traffic sent to that port is forwarded to the corresponding service. The Nodeport is convenient to use and suitable for the development and test stage, but the number of Nodeports is limited, and the number of Kubernetes services exposed by using the Nodeport mode is limited.
3) The LoadBalancer service is a standard way to expose services to the Internet. On GKE, this way a Network Load Balancer is started, and given a single IP address, all traffic to the specified IP address is forwarded to the corresponding service. This approach has no filtering condition, no routing, etc. I.e. any kind of traffic can be sent to the service like HTTP, TCP, UDP, Websocket, gRPC or any other kind. However, the biggest disadvantage of this approach is that each service exposed by loadbalancers has its own IP address, and each used loadbalancers needs to be paid, which is very expensive.
4) Ingress is a k8s resource object used for exposing services to the outside, but when Ingress is used for exposing services to the outside, additional manual application for Service is required.
The embodiment of the disclosure provides a method for accessing cluster internal services, which utilizes an Ingress-controller built in a cluster and an external load balancer to realize automatic external exposure of services, and can conveniently and directly access the internal services in the cluster.
Referring to fig. 1, a schematic flow chart of a method for accessing an internal service of a cluster according to an embodiment of the present disclosure is shown, where the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads a corresponding internal service; the cluster is connected with a load balancer.
A Cluster (Cluster) is a collection of computing, storage, and network resources that K8s uses to run various container-based applications, and may act as a virtual machine. Each constituent point of a cluster is called a Node (Node), and the nodes are combined to form the cluster. The Node's responsibility is to run container applications, which are responsible for monitoring and reporting the state of the container, while managing the life cycle of the container according to the Cluster's requirements. The Node runs on the operating system of Linux, and can be a physical machine or a virtual machine.
A Node (Node) comprises a plurality of Container groups, wherein the Container groups refer to Pod, Pod is a basic management unit in K8s and is not a Container (Container), and Pod is a layer of encapsulation of K8s on the Container and consists of a group of one or more containers running on the same host.
The method comprises the following steps:
and 110, receiving service request information through an external load balancer, wherein the service request information is used for requesting to access to internal services of the cluster.
In this step, the Load Balance means that the Load (service request information) is balanced and distributed to different container groups in the cluster for execution, so as to cooperatively complete the work task. Under the condition that the services provided by different nodes in the same cluster are consistent, the load balancer can play a role in traffic distribution, and the traffic is distributed to different nodes (container groups).
The service request information may include: a request method for a service, an identifier of the service, and a protocol used, or a domain name of an internal service of the Kubernetes cluster.
And 120, determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component.
In this step, the first configuration file may be understood as key information of all service components inside the cluster.
The service component may be understood as a logical set formed by combining a plurality of container group objects defined by rules, and a policy for accessing the group of containers.
And 130, determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group.
In this step, the second configuration file may be understood as key information of all the container groups.
The method for accessing the cluster internal service includes the steps that firstly, a load balancer is arranged outside a cluster, request information for accessing the cluster internal service is received through the load balancer, a service component corresponding to the service request information in the cluster is determined based on a first configuration file prestored in the load balancer, and the service request information is sent to the service component, wherein the service component is generated inside the cluster, and extra manual application of the service component is not needed; and then determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group. Automatic service exposure is realized, and internal services in a cluster can be directly accessed conveniently.
Based on any of the above embodiments, the service component includes: a controller and a service unit.
The controller refers to Ingress-controller. The Ingress-controller is an Nginx container and plays a forwarding role, the flow in the real network is firstly led into a Node where the Ingress-controller is installed, and then the Ingress-controller is led to a back-end Pod according to the Ingress rule.
The Ingress-controller can be implemented by any service program with reverse proxy function, such as Nginx, Envoy, and Traetik. The Ingress-controller itself is also a Pod resource object running in the cluster, running in the same network as the proxied application running as a Pod resource.
The Service unit refers to a Service, specifically a Service of a nodoport type, which is a type that directs external traffic into a cluster to access internal services.
Access to the subsequent Pod Service is enabled through Service. It should be noted that in fact, the Service is not directly connected to the Pod object, and there is also a middle layer-Endpoints resource object between the Service and the Pod, which is a list composed of IP and port. By default, when a Service resource object is created, its associated endpoint object is automatically created.
Referring to fig. 2, one of the flow diagrams for sending the service request information to the service component according to the embodiment of the present disclosure includes:
210, determining a controller corresponding to the service request information based on a first configuration file pre-stored in the load balancer.
In this step, the first configuration file stores key information of the service component, and therefore, based on the first configuration file pre-stored in the load balancer, the Ingress-controller corresponding to the service request information is determined.
220, obtaining the service units based on the controller, wherein the controller corresponds to the service units one to one.
In the step, Ingress-controllers and services are generated in a one-to-one correspondence mode, and the services are correspondingly acquired after the Ingress-controllers are acquired.
230, sending the service request information to the controller, and sending the service request information to the service unit through the controller.
In this step, the Service request information is sent to the Ingress-controller, and then sent to the corresponding Service by the Ingress-controller.
Referring to fig. 3, a schematic flowchart of acquiring a first configuration file provided in the embodiment of the present disclosure includes:
and 310, performing information interaction with the load balancer through the controller to acquire the information of the controller.
In this step, all Ingress-controllers in the cluster will automatically interact with the external load balancer, and the external load balancer will record the key information of these Ingress-controllers.
And 320, configuring the corresponding service unit for the controller through the load balancer based on the information of the controller.
In this step, the load balancer will apply for Service of nodoport type for Ingress-controller in the cluster according to the key information, that is, configure the corresponding Service unit.
And 330, recording the service unit of the controller as a first configuration file through the load balancer.
In this step, in the external load balancer, the configured Service is recorded as a first configuration file, which includes the IP address of the Node where the Ingress-controller is located and the port in the Service, and a load balancing algorithm may be configured in the external load balancer.
According to any of the above embodiments, the method comprises the following steps 130-132 before the step 130:
step 131, add an entry resource that accesses an internal service within the target container group.
In this step, the Ingress resource refers to an Ingress resource. Ingress is one of the standard resource types of k8s, which is actually a set of rules for forwarding requests to a specified Service resource based on DNS name or URL path, for forwarding request traffic outside the cluster to the cluster internal completion Service distribution. However, Ingress resources themselves cannot perform traffic penetration, and are merely a set of rules that require assistance from other functions in order to function properly, and require configuration of a corresponding Ingress-controller.
Step 132, synchronously obtaining the entry resource through the service component, and converting the entry resource into a corresponding second configuration file.
In this step, the service component synchronously acquires the Ingress resource and converts the Ingress resource into a second configuration file which can be loaded by the service component.
Referring to fig. 4, a second flow diagram for sending service request information to the service component according to the embodiment of the present disclosure includes:
determining, 410, first configuration information corresponding to a first entry address in a first configuration file based on the first entry address for receiving service request information, wherein the first configuration information includes: a first entry address, a first transmission path, and a service component identification.
In this step, the first entry address refers to an IP address designated in the Ingress resource, that is, an IP address of the load balancer, and if the Ingress resource is not particularly designated, the access IP address is automatically allocated.
And 420, determining a service component corresponding to the service request information based on the first configuration information.
In this step, the first configuration information includes the relevant information of the service components in the cluster, so that the corresponding service components are determined according to the service request information.
And 430, sending the service request information to a service component corresponding to the service component identification based on the first transmission path.
In this step, the first transmission path is a first transmission path specified in the Ingress resource, and based on the first transmission path, the service request information is sent to the service component corresponding to the service component identifier.
Referring to fig. 5, a schematic flow chart of sending service request information to a target container group provided in the embodiment of the present disclosure includes:
determining second configuration information corresponding to a second entry address in a second configuration file based on the second entry address for receiving the service request information 510, wherein the second configuration information includes: a second ingress address, a port address, a second transmission path, and a target container group identification.
In this step, the second entry address refers to an entry address into the cluster.
And 520, determining a target container group corresponding to the service request information based on the second configuration information.
530, receiving, by the service component, the service request information based on the port address.
In this step, the port address is consistent with the port address specified in the Ingress resource, i.e. the port address of the service component in the cluster is entered.
And 540, sending the service request information in the service component to the target container group corresponding to the target container group identifier based on the second transmission path.
In this step, Path is the second transmission Path specified in the Ingress resource, and the back end is the Service specified in the Ingress resource.
And sending the service request information in the service component to a target container group corresponding to the target container group identification based on a second transmission path specified in the Ingress resource.
Based on any of the above embodiments, the method further comprises:
updating, by the load balancer, the first profile in the event the controller is increased/decreased.
In this step, when the Ingress-controller is subjected to scalability, that is, when the controller increases/decreases, the external load balancer may automatically update the first configuration file. Events that cause the Ingress-controller to scale may include: service culling events, service creation events, etc.
Further, supplementary description is further made on implementation of the present disclosure, and referring to fig. 6, a block diagram for accessing an internal Service of a cluster provided by an embodiment of the present disclosure includes an external load balancer, and the cluster includes an Ingress-controller, a Service, and a Pod. The number of Service components in a cluster may be set according to a specific scenario, and one cluster in fig. 6 includes two Ingress-controllers, which correspond to two services respectively.
Referring to fig. 7, an overall flow diagram for accessing a cluster internal service provided in the embodiment of the present disclosure is shown, including the following steps 710 to 750:
before executing steps 710-750, a first configuration file and a second configuration file need to be set in advance, specifically:
the process of setting the first configuration file:
and carrying out information interaction with the load balancer through the Ingress-controller to obtain information of the Ingress-controller, and configuring Service of the NodePort type for the Ingress-controller through the load balancer according to the information of the Ingress-controller.
The process of setting the second configuration file:
and adding Ingress resources for accessing the internal services in the target container group, and enabling the Ingress-controller and the Service to synchronously acquire the Ingress resources.
At 710, an external load balancer receives service request information for accessing internal services of the group of cluster contents.
And 720, the entry address is the IP address of the load balancer, the service request information is transmitted to the load balancer based on the first transmission path specified in the Ingress resource, and the rear end is a service component.
730, based on the first configuration file in the load balancer, determining an Ingress-controller corresponding to the Service request information, and determining a Service of the nodoport type according to the Ingress-controller.
740, the entry address is an address entering the cluster, the port address is an address entering the Service component, the Service request information is sent to an Ingress-controller, and the Service request information is sent to the back-end Service through the Ingress-controller.
And 750, sending the Service request information to the target container group corresponding to the target container group identifier based on the second transmission path specified in the Ingress resource, and accessing the internal Service in the target container group.
The following describes an apparatus for accessing an internal service of a cluster according to an embodiment of the present disclosure, and the apparatus for accessing an internal service of a cluster described below and the method for accessing an internal service of a cluster described above may be referred to correspondingly.
Specifically referring to fig. 8, a schematic structural diagram of an apparatus for accessing cluster internal services provided in the embodiment of the present disclosure is shown, where a cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads a corresponding internal service; the cluster is connected with a load balancer.
The device comprises:
and a receiving module 810, configured to receive service request information through an external load balancer, where the service request information is used to request access to an internal service of the cluster.
And the 820 determining module is configured to determine a service component corresponding to the service request information based on a first configuration file pre-stored in the load balancer, and send the service request information to the service component.
And a sending module 830, configured to determine, based on a second configuration file pre-stored in the service component, a target container group corresponding to the service request information, send the service request information to the target container group, and access an internal service in the target container group.
The device for accessing the cluster internal service is characterized in that a load balancer is arranged outside a cluster, request information for accessing the cluster internal service is received through the load balancer, a service component corresponding to the service request information in the cluster is determined based on a first configuration file prestored in the load balancer, and the service request information is sent to the service component, wherein the service component is generated inside the cluster and does not need to be additionally manually applied for the service component; and then determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group. Automatic service exposure is realized, and internal services in a cluster can be directly accessed conveniently.
Based on any of the above embodiments, the service component includes: a controller and a service unit.
The 820 determination module is specifically configured to:
and determining a controller corresponding to the service request information based on a first configuration file prestored in the load balancer.
And acquiring the service units based on the controller, wherein the controller corresponds to the service units one by one.
And sending the service request information to the controller, and sending the service request information to the service unit through the controller.
Based on any embodiment above, before the 820 determining module, the method includes:
and the acquisition module is used for carrying out information interaction with the load balancer through the controller to acquire the information of the controller.
And the configuration module is used for configuring the corresponding service unit for the controller through the load balancer based on the information of the controller.
And the recording module is used for recording the service unit of the controller as a first configuration file through the load balancer.
Based on any embodiment, before 830 sending the module, the method includes:
and the adding module is used for adding an entry resource for accessing the internal service in the target container group.
And the conversion module is used for synchronously acquiring the entry resources through the service assembly and converting the entry resources into corresponding second configuration files.
Based on any of the above embodiments, the 820 determining module is further configured to:
determining first configuration information corresponding to a first entry address in a first configuration file based on the first entry address for receiving service request information, wherein the first configuration information comprises: a first entry address, a first transmission path, and a service component identification.
And determining a service component corresponding to the service request information based on the first configuration information.
And sending the service request information to a service component corresponding to the service component identification based on the first transmission path.
Based on any of the above embodiments, the 830 sending module is configured to:
determining second configuration information corresponding to a second entry address in a second configuration file based on the second entry address for receiving the service request information, wherein the second configuration information comprises: a second ingress address, a port address, a second transmission path, and a target container group identification.
And determining a target container group corresponding to the service request information based on the second configuration information.
Receiving, by the service component, the service request information based on the port address.
And sending the service request information in the service assembly to a target container group corresponding to the target container group identification based on a second transmission path.
Based on any embodiment above, the apparatus further comprises:
an update module to update the first configuration file by the load balancer if the controller is increasing/decreasing.
Fig. 9 illustrates a physical structure diagram of an electronic device, and as shown in fig. 9, the electronic device may include: a processor (processor)910, a communication Interface (Communications Interface)920, a memory (memory)930, and a communication bus 940, wherein the processor 910, the communication Interface 920, and the memory 930 communicate with each other via the communication bus 940. Processor 910 may invoke logic instructions in memory 930 to perform a method of accessing internal services of a cluster, the cluster including at least one service component, each service component corresponding to at least one container group, each container group loading a corresponding internal service; the cluster is connected with a load balancer; the method comprises the following steps: receiving service request information through an external load balancer, wherein the service request information is used for requesting access to internal services of the cluster; determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component; and determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group.
Furthermore, the logic instructions in the memory 930 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present disclosure also provides a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions, which when executed by a computer, enable the computer to perform a method for accessing internal services of a cluster, the cluster comprising at least one service component, each service component corresponding to at least one container group, each container group loading a corresponding internal service, provided by the above methods; the cluster is connected with a load balancer; the method comprises the following steps: receiving service request information through an external load balancer, wherein the service request information is used for requesting access to internal services of the cluster; determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component; and determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group.
In yet another aspect, the present disclosure also provides a non-transitory computer readable storage medium having stored thereon a computer program that, when executed by a processor, is implemented to perform a method for accessing internal services of a cluster as provided in each of the above, the cluster including at least one service component, each service component corresponding to at least one container group, each container group loading a corresponding internal service; the cluster is connected with a load balancer; the method comprises the following steps: receiving service request information through an external load balancer, wherein the service request information is used for requesting access to internal services of the cluster; determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component; and determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solutions of the present disclosure, not to limit them; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.
Claims (11)
1. A method for accessing cluster internal services, wherein the cluster comprises at least one service component, each service component corresponds to at least one container group, and each container group loads corresponding internal services; the cluster is connected with a load balancer;
the method comprises the following steps:
receiving service request information through an external load balancer, wherein the service request information is used for requesting access to internal services of the cluster;
determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component;
and determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group.
2. The method of accessing intra-cluster services of claim 1, wherein the service component comprises: a controller and a service unit;
the determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component includes:
determining a controller corresponding to the service request information based on a first configuration file prestored in the load balancer;
acquiring the service units based on the controller, wherein the controller corresponds to the service units one by one;
and sending the service request information to the controller, and sending the service request information to the service unit through the controller.
3. The method according to claim 2, wherein before determining the service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, the method comprises:
performing information interaction with the load balancer through the controller to acquire information of the controller;
configuring a corresponding service unit for the controller through the load balancer based on the information of the controller;
recording, by the load balancer, a service unit of the controller as a first configuration file.
4. The method according to claim 1, wherein before determining the target container group corresponding to the service request information based on the second configuration file pre-stored in the service component, the method comprises:
adding an entry resource that accesses an internal service within the target container group;
and synchronously acquiring the entry resources through the service assembly, and converting the entry resources into corresponding second configuration files.
5. The method according to claim 1, wherein the determining a service component corresponding to the service request information and sending the service request information to the service component comprises:
determining first configuration information corresponding to a first entry address in a first configuration file based on the first entry address for receiving service request information, wherein the first configuration information comprises: a first entry address, a first transmission path and a service component identification;
determining a service component corresponding to the service request information based on the first configuration information;
and sending the service request information to a service component corresponding to the service component identification based on the first transmission path.
6. The method according to claim 1, wherein the determining a target group of containers to which the service request information corresponds, and the sending the service request information to the target group of containers comprises:
determining second configuration information corresponding to a second entry address in a second configuration file based on the second entry address for receiving the service request information, wherein the second configuration information comprises: a second ingress address, a port address, a second transmission path, and a target container group identification;
determining a target container group corresponding to the service request information based on the second configuration information;
receiving, by the service component, the service request information based on the port address;
and sending the service request information in the service assembly to a target container group corresponding to the target container group identification based on a second transmission path.
7. The method of accessing intra-cluster services of claim 2, further comprising:
updating, by the load balancer, the first profile in the event the controller is increased/decreased.
8. An apparatus for accessing internal services of a cluster, wherein the cluster comprises at least one service component, each service component corresponds to at least one container group, and each container group loads the corresponding internal service; the cluster is connected with a load balancer;
the device comprises:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving service request information through an external load balancer, and the service request information is used for requesting to access internal services of the cluster;
the determining module is used for determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer and sending the service request information to the service component;
and the sending module is used for determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group and accessing the internal service in the target container group.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of accessing intra-cluster services according to any of claims 1 to 7 when executing the program.
10. A non-transitory computer readable storage medium, having stored thereon a computer program, characterized in that the computer program, when being executed by a processor, is adapted to carry out the steps of the method of accessing intra-cluster services according to any of the claims 1 to 7.
11. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method for accessing a cluster internal service according to any one of claims 1 to 7 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210126123.4A CN114461303A (en) | 2022-02-10 | 2022-02-10 | Method and device for accessing cluster internal service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210126123.4A CN114461303A (en) | 2022-02-10 | 2022-02-10 | Method and device for accessing cluster internal service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114461303A true CN114461303A (en) | 2022-05-10 |
Family
ID=81413080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210126123.4A Pending CN114461303A (en) | 2022-02-10 | 2022-02-10 | Method and device for accessing cluster internal service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114461303A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114938375A (en) * | 2022-05-16 | 2022-08-23 | 聚好看科技股份有限公司 | Container group updating equipment and container group updating method |
| CN117453380A (en) * | 2023-12-25 | 2024-01-26 | 阿里云计算有限公司 | Cluster container group scheduling method, system and computer equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302771A (en) * | 2016-08-23 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of method for configuring domain name of the application created based on Docker container |
| CN107508795A (en) * | 2017-07-26 | 2017-12-22 | 中国联合网络通信集团有限公司 | Across the access process device and method of container cluster |
| US20190173840A1 (en) * | 2017-12-01 | 2019-06-06 | Kohl's Department Stores, Inc. | Cloud services management system and method |
| CN110837418A (en) * | 2019-11-06 | 2020-02-25 | 浪潮云信息技术有限公司 | High-concurrency web system based on container and implementation method |
| CN110868465A (en) * | 2019-11-13 | 2020-03-06 | 北京浪潮数据技术有限公司 | Load balancing system and method for container cloud |
| WO2020253347A1 (en) * | 2019-06-17 | 2020-12-24 | 深圳前海微众银行股份有限公司 | Container cluster management method, device and system |
| US20210089415A1 (en) * | 2019-09-25 | 2021-03-25 | Sap Se | High availability for a relational database management system as a service in a cloud platform |
| US11126483B1 (en) * | 2020-04-17 | 2021-09-21 | Oracle International Corporation | Direct message retrieval in distributed messaging systems |
-
2022
- 2022-02-10 CN CN202210126123.4A patent/CN114461303A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302771A (en) * | 2016-08-23 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of method for configuring domain name of the application created based on Docker container |
| CN107508795A (en) * | 2017-07-26 | 2017-12-22 | 中国联合网络通信集团有限公司 | Across the access process device and method of container cluster |
| US20190173840A1 (en) * | 2017-12-01 | 2019-06-06 | Kohl's Department Stores, Inc. | Cloud services management system and method |
| WO2020253347A1 (en) * | 2019-06-17 | 2020-12-24 | 深圳前海微众银行股份有限公司 | Container cluster management method, device and system |
| US20210089415A1 (en) * | 2019-09-25 | 2021-03-25 | Sap Se | High availability for a relational database management system as a service in a cloud platform |
| CN110837418A (en) * | 2019-11-06 | 2020-02-25 | 浪潮云信息技术有限公司 | High-concurrency web system based on container and implementation method |
| CN110868465A (en) * | 2019-11-13 | 2020-03-06 | 北京浪潮数据技术有限公司 | Load balancing system and method for container cloud |
| US11126483B1 (en) * | 2020-04-17 | 2021-09-21 | Oracle International Corporation | Direct message retrieval in distributed messaging systems |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114938375A (en) * | 2022-05-16 | 2022-08-23 | 聚好看科技股份有限公司 | Container group updating equipment and container group updating method |
| CN114938375B (en) * | 2022-05-16 | 2023-06-02 | 聚好看科技股份有限公司 | Container group updating equipment and container group updating method |
| CN117453380A (en) * | 2023-12-25 | 2024-01-26 | 阿里云计算有限公司 | Cluster container group scheduling method, system and computer equipment |
| CN117453380B (en) * | 2023-12-25 | 2024-02-23 | 阿里云计算有限公司 | Cluster container group scheduling method, system and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11368385B1 (en) | System and method for deploying, scaling and managing network endpoint groups in cloud computing environments | |
| US20220078092A1 (en) | Provisioning a service | |
| CN109194502B (en) | Management method of multi-tenant container cloud computing system | |
| US9674103B2 (en) | Management of addresses in virtual machines | |
| US8589554B2 (en) | Intelligent and elastic resource pools for heterogeneous datacenter environments | |
| US11196640B2 (en) | Releasing and retaining resources for use in a NFV environment | |
| US20100293269A1 (en) | Inventory management in a computing-on-demand system | |
| US10608990B2 (en) | Accessing nodes deployed on an isolated network | |
| CN114461303A (en) | Method and device for accessing cluster internal service | |
| US9847903B2 (en) | Method and apparatus for configuring a communication system | |
| CN111683074A (en) | NFV-based secure network architecture and network security management method | |
| US10333901B1 (en) | Policy based data aggregation | |
| US20190356697A1 (en) | Methods and apparatus to assign security in networked computing environments | |
| CN110661707B (en) | Virtual router platform based on Docker | |
| CN112882792B (en) | Information loading method, computer device and storage medium | |
| US20230100276A1 (en) | Runtime customization for network function deployment | |
| US20220043946A1 (en) | Ict resource management device, ict resource management method, and ict resource management program | |
| US11573819B2 (en) | Computer-implemented method for reducing service disruption times for a universal customer premise equipment, uCPE, device with resource constraint in a network functions virtualization, NFV, network infrastructure | |
| CN113127144B (en) | Processing method, processing device and storage medium | |
| US11070515B2 (en) | Discovery-less virtual addressing in software defined networks | |
| US20230138867A1 (en) | Methods for application deployment across multiple computing domains and devices thereof | |
| CN113342457A (en) | Kubernetes scheduling method based on registration and discovery of Eureka service | |
| CN115185637A (en) | Communication method and device for PaaS component management end and virtual machine agent | |
| CN115202820A (en) | Method, device and equipment for creating Pod unit and storage medium | |
| EP3089428A1 (en) | Method and apparatus for deploying applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |