CN115480877A - External exposure method and device of application service in multi-cluster environment - Google Patents

External exposure method and device of application service in multi-cluster environment Download PDF

Info

Publication number
CN115480877A
CN115480877A CN202211122347.4A CN202211122347A CN115480877A CN 115480877 A CN115480877 A CN 115480877A CN 202211122347 A CN202211122347 A CN 202211122347A CN 115480877 A CN115480877 A CN 115480877A
Authority
CN
China
Prior art keywords
domain name
service
application
cluster
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211122347.4A
Other languages
Chinese (zh)
Inventor
曹兴明
何小锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingdong Technology Information Technology Co Ltd
Original Assignee
Jingdong Technology Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingdong Technology Information Technology Co Ltd filed Critical Jingdong Technology Information Technology Co Ltd
Priority to CN202211122347.4A priority Critical patent/CN115480877A/en
Publication of CN115480877A publication Critical patent/CN115480877A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • G06F9/4451User profiles; Roaming
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses an external exposure method and device of application services in a multi-cluster environment, and relates to the technical field of computers. One embodiment of the method comprises: in response to the application deployment operation, creating customized resources under the application namespace, wherein the customized resources comprise service information exposed by the application to the outside; responding to the monitored creation event of the customized resource, and generating an access domain name of the application service according to the service information; and registering the access domain name into a domain name resolver, and storing the access domain name into a customized resource so as to expose the application service to the outside by accessing the domain name. According to the embodiment, after the application is deployed in the multi-cluster environment, the access domain name exposed to the outside is automatically generated for the application service, the deployed application can be accessed outside the cluster through the access domain name, the condition that the service cannot be accessed due to single-point failure is avoided, and the application service can be accessed more flexibly, conveniently and efficiently.

Description

多集群环境下应用服务的对外暴露方法和装置Method and device for external exposure of application services in multi-cluster environment

技术领域technical field

本发明涉及计算机技术领域,尤其涉及一种多集群环境下应用服务的对外暴露方法和装置。The present invention relates to the field of computer technology, in particular to a method and device for externally exposing application services in a multi-cluster environment.

背景技术Background technique

部署在Kubernetes集群上的应用一般都是运行在Kubernetes集群的私有网络上,因此需要对外提供服务暴露方式以接收外部访问。目前,对Kubernetes集群外部提供服务访问时一般有下面几种方式:Applications deployed on a Kubernetes cluster generally run on the private network of the Kubernetes cluster, so it is necessary to provide a service exposure method to receive external access. At present, there are generally the following ways to provide service access outside the Kubernetes cluster:

1、基于Kubernetes集群的NodePort(节点端口)和LoadBalancer(负载均衡)类型的服务,这种方式通过IP地址+端口的方式暴露服务;1. Based on the NodePort (node port) and LoadBalancer (load balancing) services of the Kubernetes cluster, this method exposes the service through the IP address + port;

2、借助第三方的Ingress(是对集群中服务的外部访问进行管理的API接口对象)控制器,通过域名的方式暴露服务。2. With the help of a third-party Ingress (an API interface object that manages external access to services in the cluster) controller, the service is exposed through the domain name.

在实现本发明过程中,发明人发现现有技术中至少存在如下问题:In the course of realizing the present invention, the inventor finds that there are at least the following problems in the prior art:

对于基于NodePort和LoadBalancer的两种服务暴露方式,用户通过IP地址+端口的方式访问服务,可能会出现单点故障,而导致无法访问服务,而且LoadBalancer方式一般只有云厂商才提供该能力。借助Ingress提供服务暴露的方法,需要为每个Kubernetes集群申请一个泛域名,而一个泛域名只能解析到一个Kubernetes集群,因此无法适用于多集群场景。For the two service exposure methods based on NodePort and LoadBalancer, users access the service through IP address + port, which may cause a single point of failure, resulting in inability to access the service, and the LoadBalancer method is generally only provided by cloud vendors. With the help of Ingress to provide service exposure, you need to apply for a generic domain name for each Kubernetes cluster, and a generic domain name can only be resolved to one Kubernetes cluster, so it cannot be applied to multi-cluster scenarios.

发明内容Contents of the invention

有鉴于此,本发明实施例提供一种多集群环境下应用服务的对外暴露方法和装置,能够在多Kubernetes集群环境部署应用后,自动为应用服务生成对外暴露的访问域名,能够在Kubernetes集群外通过访问域名访问部署的应用,避免了出现单点故障而导致无法访问服务的情况发生,使得对应用服务的访问更灵活、方便、高效。In view of this, the embodiments of the present invention provide a method and device for externally exposing application services in a multi-cluster environment, which can automatically generate externally exposed access domain names for application services after deploying applications in a multi-Kubernetes cluster environment, and can be used outside the Kubernetes cluster By accessing the domain name to access the deployed application, it avoids the situation that the service cannot be accessed due to a single point of failure, making the access to the application service more flexible, convenient and efficient.

为实现上述目的,根据本发明实施例的一个方面,提供了一种多集群环境下应用服务的对外暴露方法,包括:In order to achieve the above purpose, according to an aspect of the embodiments of the present invention, a method for externally exposing application services in a multi-cluster environment is provided, including:

响应于应用部署操作,在所述应用的命名空间下创建定制资源,所述定制资源包括所述应用对外暴露的服务信息;In response to an application deployment operation, create a custom resource under the namespace of the application, where the custom resource includes service information exposed by the application;

响应于监听到所述定制资源的创建事件,根据所述服务信息生成应用服务的访问域名;In response to listening to the creation event of the custom resource, generate an access domain name of the application service according to the service information;

将所述访问域名注册到域名解析器中,并将所述访问域名保存到所述定制资源中,以通过所述访问域名进行所述应用服务的对外暴露。The access domain name is registered in the domain name resolver, and the access domain name is saved in the customized resource, so that the application service is exposed externally through the access domain name.

可选地,在所述应用的命名空间下创建定制资源,包括:在所述应用的命名空间下添加定制资源配置文件,所述定制资源配置文件包括生成定制资源所需的服务信息;根据所述应用对外暴露的服务信息和所述定制资源配置文件创建定制资源。Optionally, creating a custom resource under the namespace of the application includes: adding a custom resource configuration file under the namespace of the application, the custom resource configuration file includes service information required to generate the custom resource; according to the Create a custom resource based on the service information exposed by the application and the custom resource configuration file.

可选地,所述服务信息包括服务名、服务对应的节点端口信息、服务在集群中所属的命名空间信息、集群标识;根据所述服务信息生成应用服务的访问域名,包括:将所述服务名、服务在集群中所属的命名空间信息、集群标识、泛域名后缀和服务对应的节点端口信息,按照设定的域名格式进行拼接生成应用服务的访问域名,其中,所述泛域名后缀是与所述域名解析器相关联的泛域名的后缀。Optionally, the service information includes the service name, the node port information corresponding to the service, the namespace information of the service in the cluster, and the cluster identifier; generating the access domain name of the application service according to the service information includes: name, the namespace information of the service in the cluster, the cluster identifier, the generic domain name suffix, and the node port information corresponding to the service are spliced according to the set domain name format to generate the access domain name of the application service, wherein the generic domain name suffix is the same as The suffix of the generic domain name associated with the domain name resolver.

可选地,将所述访问域名注册到域名解析器中,包括:将部署服务的集群的访问地址和节点端口信息与访问域名的映射关系,按照集群标识和定制资源标识为标记注册到域名解析器中。Optionally, registering the access domain name in the domain name resolver includes: registering the mapping relationship between the access address and node port information of the cluster where the service is deployed and the access domain name in accordance with the cluster ID and the customized resource ID as tags to register in the domain name resolver device.

可选地,将所述访问域名保存到所述定制资源中,包括:将所述访问域名和所述服务信息保存到所述定制资源的状态字段中。Optionally, saving the access domain name in the customized resource includes: saving the access domain name and the service information in a status field of the customized resource.

可选地,所述方法还包括:响应于监听到所述定制资源的删除事件,删除所述定制资源,并根据集群标识和定制资源标识从所述域名解析器中查找与所述定制资源相关的映射关系记录,并删除所述映射关系记录。Optionally, the method further includes: deleting the custom resource in response to listening to the deletion event of the custom resource, and searching the domain name resolver for information related to the custom resource according to the cluster identifier and the custom resource identifier and delete the mapping relationship record.

根据本发明实施例的另一方面,提供了一种多集群环境下应用服务的对外暴露装置,包括:According to another aspect of the embodiments of the present invention, a device for externally exposing application services in a multi-cluster environment is provided, including:

定制资源创建模块,用于响应于应用部署操作,在所述应用的命名空间下创建定制资源,所述定制资源包括所述应用对外暴露的服务信息;A custom resource creation module, configured to create a custom resource under the namespace of the application in response to an application deployment operation, where the custom resource includes service information exposed by the application;

访问域名生成模块,用于响应于监听到所述定制资源的创建事件,根据所述服务信息生成应用服务的访问域名,并将所述访问域名注册到域名解析器中;An access domain name generating module, configured to generate an access domain name of the application service according to the service information in response to listening to the creation event of the custom resource, and register the access domain name in the domain name resolver;

访问域名发布模块,用于将所述访问域名注册到域名解析器中,并将所述访问域名保存到所述定制资源中,以通过所述访问域名进行所述应用服务的对外暴露。The access domain name issuing module is configured to register the access domain name in a domain name resolver, and store the access domain name in the customized resource, so as to expose the application service to the outside through the access domain name.

可选地,所述定制资源创建模块还用于:在所述应用的命名空间下添加定制资源配置文件,所述定制资源配置文件包括生成定制资源所需的服务信息;根据所述应用对外暴露的服务信息和所述定制资源配置文件创建定制资源。Optionally, the custom resource creation module is further configured to: add a custom resource configuration file under the namespace of the application, the custom resource configuration file includes service information required to generate the custom resource; The service information and the custom resource configuration file create a custom resource.

可选地,所述服务信息包括服务名、服务对应的节点端口信息、服务在集群中所属的命名空间信息、集群标识;所述访问域名生成模块还用于:将所述服务名、服务在集群中所属的命名空间信息、集群标识、泛域名后缀和服务对应的节点端口信息,按照设定的域名格式进行拼接生成应用服务的访问域名,其中,所述泛域名后缀是与所述域名解析器相关联的泛域名的后缀。Optionally, the service information includes the service name, the node port information corresponding to the service, the namespace information of the service in the cluster, and the cluster identifier; the access domain name generation module is also used to: use the service name, service Namespace information belonging to the cluster, cluster identifier, generic domain name suffix, and node port information corresponding to the service are spliced according to the set domain name format to generate an access domain name for the application service, wherein the generic domain name suffix is resolved with the domain name The suffix of the wildcard domain name associated with the server.

可选地,所述访问域名生成模块还用于:将部署服务的集群的访问地址和节点端口信息与访问域名的映射关系,按照集群标识和定制资源标识为标记注册到域名解析器中。Optionally, the access domain name generating module is further configured to: register the mapping relationship between the access address and node port information of the cluster where the service is deployed and the access domain name in the domain name resolver according to the cluster ID and the customized resource ID as tags.

可选地,所述访问域名发布模块还用于:将所述访问域名和所述服务信息保存到所述定制资源的状态字段中。Optionally, the access domain name publishing module is further configured to: save the access domain name and the service information in the status field of the customized resource.

可选地,还包括域名删除模块,用于:响应于监听到所述定制资源的删除事件,删除所述定制资源,并根据集群标识和定制资源标识从所述域名解析器中查找与所述定制资源相关的映射关系记录,并删除所述映射关系记录。Optionally, it also includes a domain name deletion module, configured to: delete the custom resource in response to hearing the deletion event of the custom resource, and search the domain name resolver for the domain name resolver according to the cluster identifier and the customized resource identifier Customize resource-related mapping relationship records, and delete the mapping relationship records.

根据本发明实施例的又一方面,提供了一种多集群环境下应用服务的对外暴露电子设备,包括:一个或多个处理器;存储装置,用于存储一个或多个程序,当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现本发明实施例所提供的多集群环境下应用服务的对外暴露方法。According to yet another aspect of the embodiments of the present invention, there is provided an externally exposed electronic device for application services in a multi-cluster environment, including: one or more processors; a storage device for storing one or more programs, when the One or more programs are executed by the one or more processors, so that the one or more processors implement the method for externally exposing application services in a multi-cluster environment provided by the embodiments of the present invention.

根据本发明实施例的再一方面,提供了一种计算机可读介质,其上存储有计算机程序,所述程序被处理器执行时实现本发明实施例所提供的多集群环境下应用服务的对外暴露方法。According to yet another aspect of the embodiments of the present invention, a computer-readable medium is provided, on which a computer program is stored. When the program is executed by a processor, the external communication of application services in a multi-cluster environment provided by the embodiments of the present invention is realized. exposure method.

上述发明中的一个实施例具有如下优点或有益效果:通过响应于应用部署操作,在应用的命名空间下创建定制资源,定制资源包括应用对外暴露的服务信息;响应于监听到定制资源的创建事件,根据服务信息生成应用服务的访问域名;将访问域名注册到域名解析器中,并将访问域名保存到定制资源中,以通过访问域名进行应用服务的对外暴露的技术方案,通过定制资源来维护应用对外暴露的服务信息,通过监听定制资源以根据服务信息生成域名,并将域名注册到域名解析器中,可以将域名解析到对应的集群上,实现了在Kubernetes集群外通过域名访问集群内的应用服务。在多Kubernetes集群环境部署应用后,自动为应用服务生成对外暴露的访问域名,能够在Kubernetes集群外通过访问域名访问部署的应用,避免了出现单点故障而导致无法访问服务的情况发生,使得对应用服务的访问更灵活、方便、高效。An embodiment of the above invention has the following advantages or beneficial effects: by responding to the application deployment operation, creating a custom resource under the namespace of the application, the custom resource includes the service information exposed by the application; in response to listening to the creation event of the custom resource , generate the access domain name of the application service according to the service information; register the access domain name in the domain name resolver, and save the access domain name in the customized resource, so as to expose the technical solution of the application service through the access domain name, and maintain it through the customized resource Apply the service information exposed to the outside world, listen to customized resources to generate a domain name according to the service information, register the domain name in the domain name resolver, and resolve the domain name to the corresponding cluster, realizing access to the cluster through the domain name outside the Kubernetes cluster application services. After the application is deployed in a multi-Kubernetes cluster environment, the access domain name exposed to the outside world is automatically generated for the application service, and the deployed application can be accessed through the access domain name outside the Kubernetes cluster, avoiding the situation that the service cannot be accessed due to a single point of failure. Access to application services is more flexible, convenient and efficient.

上述的非惯用的可选方式所具有的进一步效果将在下文中结合具体实施方式加以说明。The further effects of the above-mentioned non-conventional alternatives will be described below in conjunction with specific embodiments.

附图说明Description of drawings

附图用于更好地理解本发明,不构成对本发明的不当限定。其中:The accompanying drawings are used to better understand the present invention, and do not constitute improper limitations to the present invention. in:

图1是根据本发明实施例的多集群环境下应用服务的对外暴露方法的主要步骤示意图;FIG. 1 is a schematic diagram of main steps of a method for externally exposing application services in a multi-cluster environment according to an embodiment of the present invention;

图2是本发明一个实施例的生成应用服务的对外暴露方式的过程示意图;Fig. 2 is a schematic diagram of the process of generating an external exposure method of an application service according to an embodiment of the present invention;

图3是本发明一个实施例的基于域名的应用服务访问流程示意图;FIG. 3 is a schematic diagram of a domain name-based application service access flow in an embodiment of the present invention;

图4是根据本发明实施例的多集群环境下应用服务的对外暴露装置的主要模块示意图;4 is a schematic diagram of main modules of an externally exposed device for application services in a multi-cluster environment according to an embodiment of the present invention;

图5是本发明实施例可以应用于其中的示例性系统架构图;FIG. 5 is an exemplary system architecture diagram to which the embodiment of the present invention can be applied;

图6是适于用来实现本发明实施例的终端设备或服务器的计算机系统的结构示意图。Fig. 6 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.

具体实施方式detailed description

以下结合附图对本发明的示范性实施例做出说明,其中包括本发明实施例的各种细节以助于理解,应当将它们认为仅仅是示范性的。因此,本领域普通技术人员应当认识到,可以对这里描述的实施例做出各种改变和修改,而不会背离本发明的范围和精神。同样,为了清楚和简明,以下的描述中省略了对公知功能和结构的描述。Exemplary embodiments of the present invention are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present invention to facilitate understanding, and they should be regarded as exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

本发明技术方案中对数据的获取、存储、使用、处理等均符合国家法律法规的相关规定。The acquisition, storage, use, and processing of data in the technical solution of the present invention all comply with the relevant provisions of national laws and regulations.

为了解决现有技术中存在的技术问题,本发明实施例提供了一种多集群环境下应用服务的对外暴露方法,在多Kubernetes集群环境部署应用后,自动为应用服务生成对外暴露的访问域名,使能够在Kubernetes集群外通过访问域名访问部署的应用。本发明的技术方案适用于有一个或多个Kubernetes集群的环境,部署在各集群上的应用通过域名对外暴露访问方式。在本发明的技术方案中提到的应用,默认已经提供了NodePort(节点端口)类型的服务。In order to solve the technical problems existing in the prior art, the embodiment of the present invention provides a method for externally exposing application services in a multi-cluster environment. After the application is deployed in a multi-Kubernetes cluster environment, an externally exposed access domain name is automatically generated for the application service. Make it possible to access the deployed application through the access domain name outside the Kubernetes cluster. The technical scheme of the present invention is applicable to an environment with one or more Kubernetes clusters, and the applications deployed on each cluster expose access methods through domain names. The application mentioned in the technical solution of the present invention has provided NodePort (node port) type service by default.

在本发明的实施例介绍中,所涉及的技术术语及其释义如下:In the introduction of the embodiments of the present invention, the technical terms involved and their interpretations are as follows:

Kubernetes:Google开源的一种容器编排工具,目前在容器编排领域比较流行,简记作k8s;Kubernetes: A container orchestration tool open sourced by Google, currently popular in the field of container orchestration, abbreviated as k8s;

CRD:全称是Custom Resource Definition,它是Kubernetes内置的原生的一种资源类型,它允许用户在Kubernetes中添加一个自定义的API资源类型,即:自定义资源的定义;CRD: The full name is Custom Resource Definition, which is a native resource type built into Kubernetes, which allows users to add a custom API resource type in Kubernetes, namely: the definition of custom resources;

CR:全称是Custom Resource,是按照CRD自定义的一个具体资源;CR: The full name is Custom Resource, which is a specific resource customized according to CRD;

泛域名:利用通配符*(星号)来做次级域名,以实现所有的次级域名均指向同一IP地址。例如:*.demo.com解析到111.1.1.1,则所有以.demo.com结尾的域名都会解析到111.1.1.1上;Generic domain name: Use the wildcard * (asterisk) as a sub-domain name, so that all sub-domain names point to the same IP address. For example: *.demo.com is resolved to 111.1.1.1, then all domain names ending with .demo.com will be resolved to 111.1.1.1;

Pod:Kubernetes进行管理的最小单元,程序要运行必须部署在容器中,而容器必须存在于Pod中。Pod可以认为是容器的封装,一个Pod中可以存在一个或者多个容器;Pod: The smallest unit managed by Kubernetes. To run a program, it must be deployed in a container, and the container must exist in the Pod. Pod can be considered as the package of containers, and one or more containers can exist in a Pod;

Service:将运行在一组Pods上的应用程序公开为网络服务的抽象方法,将代理客户端发来的请求转到后端一组Pod中的一个上。Service: An abstract method that exposes applications running on a set of Pods as network services, and forwards requests from proxy clients to one of the backend set of Pods.

图1是根据本发明实施例的多集群环境下应用服务的对外暴露方法的主要步骤示意图。如图1所示,本发明实施例的多集群环境下应用服务的对外暴露方法主要包括如下的步骤S101至步骤S103。FIG. 1 is a schematic diagram of main steps of a method for externally exposing application services in a multi-cluster environment according to an embodiment of the present invention. As shown in FIG. 1 , the method for externally exposing application services in a multi-cluster environment according to the embodiment of the present invention mainly includes the following steps S101 to S103.

步骤S101:响应于应用部署操作,在应用的命名空间下创建定制资源,定制资源包括应用对外暴露的服务信息。当需要在Kubernetes集群中部署应用时,在应用的命名空间namespace下,创建一个用于进行服务访问方式暴露的定制资源CR(是k8s中的定制资源),在定制资源CR中记录应用需要暴露的节点端口NodePort类型的服务信息,服务信息至少包括服务名name、服务对应的节点端口信息NodePort、服务在集群中所属的命名空间信息namespace、集群标识clusterId等几个部分。Step S101: In response to an application deployment operation, create a custom resource under the namespace of the application, where the custom resource includes service information exposed by the application. When it is necessary to deploy an application in a Kubernetes cluster, under the namespace namespace of the application, create a custom resource CR (a custom resource in k8s) for exposing the service access method, and record what the application needs to expose in the custom resource CR The service information of the node port NodePort type. The service information includes at least the service name, the node port information NodePort corresponding to the service, the namespace information namespace to which the service belongs in the cluster, and the cluster identifier clusterId.

根据本发明的一个实施例,在应用的命名空间下创建定制资源,具体可以包括:在应用的命名空间下添加定制资源配置文件,该定制资源配置文件包括生成定制资源所需的服务信息;根据应用对外暴露的服务信息和定制资源配置文件创建定制资源。在本发明的实施例中,定制资源配置文件例如是CRD,CRD中定义了一个定制资源CR构建时所需要的参数、参数形式,以及如何根据这些参数来生成定制资源CR的相关规则,等。在本发明的实施例中,可以预先定义一个用于进行服务暴露的CRD,并把这种定制资源的定义CRD(类似于表结构)添加到Kubernetes集群中,使能够创建这种类型的定制资源。Kubernetes中CRD的规范包括apiVersion、kind、metadata、spec、status等字段。spec字段中描述想要定制的资源的类型、名称、版本号以及涉及的具体数据结构。在CRD的spec字段中定义一个数组,数组中记录服务信息,每条服务信息至少包含服务的服务名name、节点端口信息NodePort、命名空间信息namespace、集群标识clusterId四个要素。CRD的status字段中定义一个数组,数组中记录服务的四个要素及生成的访问域名。According to an embodiment of the present invention, creating a custom resource under the namespace of the application may specifically include: adding a custom resource configuration file under the namespace of the application, the custom resource configuration file includes service information required to generate the custom resource; Create custom resources using exposed service information and custom resource configuration files. In the embodiment of the present invention, the custom resource configuration file is, for example, a CRD, which defines the parameters and parameter forms required for building a custom resource CR, and how to generate the relevant rules of the custom resource CR according to these parameters, and so on. In the embodiment of the present invention, a CRD for service exposure can be pre-defined, and the definition CRD (similar to a table structure) of this custom resource can be added to the Kubernetes cluster, so that this type of custom resource can be created . The specification of CRD in Kubernetes includes fields such as apiVersion, kind, metadata, spec, status, etc. The spec field describes the type, name, version number of the resource to be customized and the specific data structure involved. Define an array in the spec field of the CRD, and record service information in the array. Each service information includes at least four elements: service name name, node port information NodePort, namespace information namespace, and cluster identifier clusterId. An array is defined in the status field of the CRD, and the four elements of the service and the generated access domain name are recorded in the array.

步骤S102:响应于监听到定制资源的创建事件,根据服务信息生成应用服务的访问域名。在本发明的实施例中,在每个Kubernetes集群中部署了域名控制器,用于监听对定制资源CR的操作事件,并根据CR中的服务信息生成与CR关联的访问域名,并将生成的访问域名注册到域名解析器中。域名解析器用于存储及解析域名,能够记录域名信息,并对域名进行解析,通过域名解析器可以将通过域名的访问请求路由到对应的应用服务。在本发明的实施例中,通过集群中部署的域名控制器来监听定制资源的操作事件。当在集群中部署应用时,会监听到定制资源的创建事件。相应地,在其他场景下,也可监听到定制资源的更新事件或者删除事件,等等。Step S102: In response to listening to the custom resource creation event, generate an access domain name of the application service according to the service information. In the embodiment of the present invention, a domain name controller is deployed in each Kubernetes cluster, which is used to monitor the operation event of the custom resource CR, and generate the access domain name associated with the CR according to the service information in the CR, and the generated The access domain name is registered in the domain name resolver. The domain name resolver is used to store and resolve domain names, and can record domain name information and resolve domain names. Access requests through domain names can be routed to corresponding application services through domain name resolvers. In the embodiment of the present invention, the operation event of the customized resource is monitored through the domain name controller deployed in the cluster. When the application is deployed in the cluster, it will listen to the creation event of the custom resource. Correspondingly, in other scenarios, the update event or delete event of the custom resource can also be monitored, and so on.

根据本发明的其中一个实施例,根据服务信息生成应用服务的访问域名,具体可以包括:将服务名、服务在集群中所属的命名空间信息、集群标识、泛域名后缀和服务对应的节点端口信息,按照设定的域名格式进行拼接生成应用服务的访问域名,其中,泛域名后缀是与域名解析器相关联的泛域名的后缀。其中,泛域名的后缀指的是泛域名中*以后的部分。在本发明的实施例中,为了实现在多集群中部署应用,可以通过一个外部可解析的泛域名,来将访问同一应用的请求都转发到与泛域名相关联的域名解析器中,并通过域名解析器将请求转发到对应的集群中。According to one embodiment of the present invention, generating the access domain name of the application service according to the service information may specifically include: the service name, the namespace information of the service in the cluster, the cluster identifier, the suffix of the generic domain name, and the node port information corresponding to the service , splicing according to the set domain name format to generate the access domain name of the application service, wherein the generic domain name suffix is the suffix of the generic domain name associated with the domain name resolver. Among them, the suffix of the generic domain name refers to the part after * in the generic domain name. In the embodiment of the present invention, in order to deploy applications in multiple clusters, all requests for accessing the same application can be forwarded to the domain name resolver associated with the generic domain name through an externally resolvable generic domain name, and passed The domain name resolver forwards the request to the corresponding cluster.

在本发明的一个实施例中,预先设定的域名格式例如是:name.namespace.clusterId.<泛域名后缀>:NodePort格式。在根据服务信息生成应用服务的访问域名时,具体是将服务名name、命名空间信息namespace、集群标识clusterId、泛域名后缀和节点端口信息NodePort按照该域名格式进行顺序拼接后生成的。In an embodiment of the present invention, the preset domain name format is, for example: name.namespace.clusterId.<Global domain name suffix>:NodePort format. When generating the access domain name of the application service based on the service information, it is specifically generated by concatenating the service name name, namespace information namespace, cluster identifier clusterId, generic domain name suffix, and node port information NodePort according to the domain name format.

步骤S103:将访问域名注册到域名解析器中,并将访问域名保存到定制资源中,以通过访问域名进行应用服务的对外暴露。在生成访问域名后,还将访问域名回写到定制资源CR中,以使用户通过CR来获取到访问域名,通过访问域名进行应用服务的对外暴露。Step S103: Register the access domain name in the domain name resolver, and save the access domain name in a custom resource, so as to expose the application service to the outside through the access domain name. After the access domain name is generated, the access domain name is also written back to the custom resource CR, so that the user can obtain the access domain name through the CR, and expose the application service to the outside through the access domain name.

根据本发明的一个实施例,在将访问域名注册到域名解析器中时,具体可以包括:将部署服务的集群的访问地址和节点端口信息与访问域名的映射关系,按照集群标识和定制资源标识为标记注册到域名解析器中。其中,部署服务的集群的访问地址即为集群的IP地址,定制资源标识例如是定制资源名称等。在本发明的实施例中,例如是将当前Kubernete集群的IP+NodePort与访问域名的映射关系,按照集群标识clusterId+CR名称为标记注册或更新到域名解析器中。According to an embodiment of the present invention, when registering the access domain name in the domain name resolver, it may specifically include: mapping the access address and node port information of the cluster where the service is deployed to the access domain name, according to the cluster ID and the custom resource ID Register the token with the domain name resolver. Wherein, the access address of the cluster where the service is deployed is the IP address of the cluster, and the customized resource identifier is, for example, the name of the customized resource. In the embodiment of the present invention, for example, the mapping relationship between the IP+NodePort of the current Kubernetes cluster and the access domain name is registered or updated in the domain name resolver according to the cluster identifier clusterId+CR name.

根据本发明的一个实施例,将访问域名保存到定制资源中时,具体可以是将访问域名和服务信息保存到定制资源的状态字段中,即将访问域名和服务信息保存到CR的status字段中。According to an embodiment of the present invention, when saving the access domain name in the customized resource, it may specifically save the access domain name and service information in the status field of the customized resource, that is, save the access domain name and service information in the status field of the CR.

根据本发明的其中一个实施例,还可以包括:响应于监听到定制资源的删除事件,删除该定制资源,并根据集群标识和定制资源标识从域名解析器中查找与该定制资源相关的映射关系记录,并删除该映射关系记录。当集群中部署的域名控制器监听到定制资源的删除事件时,将直接删除该定制资源,并从域名解析器中查找与该定制资源相关的访问域名等信息,并删除相应的记录。According to one of the embodiments of the present invention, it may also include: in response to listening to the deletion event of the custom resource, delete the custom resource, and search the mapping relationship related to the custom resource from the domain name resolver according to the cluster ID and the custom resource ID record, and delete the mapping relationship record. When the domain name controller deployed in the cluster monitors the deletion event of the custom resource, it will directly delete the custom resource, and find information such as the access domain name related to the custom resource from the domain name resolver, and delete the corresponding record.

根据本发明的实施例,若监听到定制资源的更新事件,则根据更新事件所对应的服务信息重新生成应用服务的访问域名,并使用新生成的访问域名来替换之前的访问域名,并注册到域名解析器中;将新生成的访问域名保存到定制资源中,以更新定制资源。According to the embodiment of the present invention, if an update event of a customized resource is monitored, the access domain name of the application service is regenerated according to the service information corresponding to the update event, and the newly generated access domain name is used to replace the previous access domain name, and registered in In the domain name resolver; save the newly generated access domain name to the custom resource to update the custom resource.

图2是本发明一个实施例的生成应用服务的对外暴露方式的过程示意图。如图2所示,本发明的实施例中,需要依赖一个外部可解析的泛域名,且在每个Kubernetes集群中都部署了域名控制器。在Kubernetes集群外部署了域名解析器,域名解析器与各Kubernetes集群节点的网络可以联通,泛域名解析域名到域名解析器上。其中,域名控制器能够监听用于进行服务暴露的定制资源CR,并根据CR中的服务Service信息生成与之关联的访问域名,并将访问域名注册到域名解析器。域名解析器,域名存储及解析管理器,能够记录域名信息,并对域名进行解析。当在多集群中进行应用部署时,在每个集群中部署应用的namespace下创建一个定制资源CR,CR中记录应用需要暴露的服务信息。集群的域名控制器监听到定制资源创建事件后,根据CR中的服务信息生成访问域名,并将访问域名回写到CR中,同时将访问域名注册到域名解析器中。其中,域名解析器与泛域名相关联。Fig. 2 is a schematic diagram of the process of generating an external exposure mode of an application service according to an embodiment of the present invention. As shown in FIG. 2 , in the embodiment of the present invention, it is necessary to rely on an externally resolvable generic domain name, and a domain name controller is deployed in each Kubernetes cluster. A domain name resolver is deployed outside the Kubernetes cluster, and the domain name resolver can communicate with the network of each Kubernetes cluster node, and the pan-domain name resolves the domain name to the domain name resolver. Among them, the domain name controller can monitor the customized resource CR for exposing services, and generate the access domain name associated with it according to the service information in the CR, and register the access domain name to the domain name resolver. Domain name resolver, domain name storage and resolution manager, capable of recording domain name information and analyzing domain names. When deploying an application in multiple clusters, create a custom resource CR under the namespace where the application is deployed in each cluster, and record the service information that the application needs to expose in the CR. After the domain name controller of the cluster listens to the custom resource creation event, it generates the access domain name according to the service information in the CR, writes the access domain name back to the CR, and registers the access domain name to the domain name resolver. Wherein, the domain name resolver is associated with the generic domain name.

图3是本发明一个实施例的基于域名的应用服务访问流程示意图。如图3所示,在本发明的一个实施例中,应用服务的使用方通过域名+端口的方式访问应用服务。在访问应用服务时,请求先发送到泛域名上,泛域名将请求转发到域名解析器,域名解析器根据域名与“集群IP+NodePort”的映射关系,将请求转发到相应的Kubernetes集群节点上,再根据iptables规则将请求转发到应用所在的Pod中,其中,Kubernetes集群中各节点上的Pod之间通信,可借助Linux的iptables规则实现。Fig. 3 is a schematic diagram of domain name-based application service access flow in an embodiment of the present invention. As shown in FIG. 3 , in one embodiment of the present invention, the user of the application service accesses the application service through a domain name + port. When accessing application services, the request is first sent to the pan domain name, and the pan domain name forwards the request to the domain name resolver, and the domain name resolver forwards the request to the corresponding Kubernetes cluster node according to the mapping relationship between the domain name and "cluster IP+NodePort". , and then forward the request to the Pod where the application is located according to the iptables rules. Among them, the communication between Pods on each node in the Kubernetes cluster can be realized with the help of Linux iptables rules.

图4是根据本发明实施例的多集群环境下应用服务的对外暴露装置的主要模块示意图。如图4所示,本发明实施例的多集群环境下应用服务的对外暴露装置400主要包括定制资源创建模块401、访问域名生成模块402和访问域名发布模块403。Fig. 4 is a schematic diagram of main modules of an externally exposed device for application services in a multi-cluster environment according to an embodiment of the present invention. As shown in FIG. 4 , the device 400 for externally exposing application services in a multi-cluster environment according to the embodiment of the present invention mainly includes a customized resource creation module 401 , an access domain name generation module 402 and an access domain name publishing module 403 .

定制资源创建模块401,用于响应于应用部署操作,在所述应用的命名空间下创建定制资源,所述定制资源包括所述应用对外暴露的服务信息;A custom resource creation module 401, configured to create a custom resource under the namespace of the application in response to an application deployment operation, where the custom resource includes service information exposed by the application;

访问域名生成模块402,用于响应于监听到所述定制资源的创建事件,根据所述服务信息生成应用服务的访问域名;An access domain name generating module 402, configured to generate an access domain name of the application service according to the service information in response to listening to the creation event of the custom resource;

访问域名发布模块403,用于将所述访问域名注册到域名解析器中,并将所述访问域名保存到所述定制资源中,以通过所述访问域名进行所述应用服务的对外暴露。The access domain name issuing module 403 is configured to register the access domain name in a domain name resolver, and store the access domain name in the customized resource, so as to expose the application service to the outside through the access domain name.

根据本发明的一个实施例,定制资源创建模块401还可以用于:在所述应用的命名空间下添加定制资源配置文件,所述定制资源配置文件包括生成定制资源所需的服务信息;根据所述应用对外暴露的服务信息和所述定制资源配置文件创建定制资源。According to an embodiment of the present invention, the custom resource creation module 401 can also be used to: add a custom resource configuration file under the namespace of the application, the custom resource configuration file includes service information required for generating custom resources; Create a custom resource based on the service information exposed by the application and the custom resource configuration file.

根据本发明的另一个实施例,所述服务信息包括服务名、服务对应的节点端口信息、服务在集群中所属的命名空间信息、集群标识;所述访问域名生成模块还用于:将所述服务名、服务在集群中所属的命名空间信息、集群标识、泛域名后缀和服务对应的节点端口信息,按照设定的域名格式进行拼接生成应用服务的访问域名,其中,所述泛域名后缀是与所述域名解析器相关联的泛域名的后缀。According to another embodiment of the present invention, the service information includes the service name, the node port information corresponding to the service, the namespace information to which the service belongs in the cluster, and the cluster identifier; the access domain name generation module is also used to: The service name, the namespace information of the service in the cluster, the cluster identifier, the generic domain name suffix and the node port information corresponding to the service are spliced according to the set domain name format to generate the access domain name of the application service, wherein the generic domain name suffix is The suffix of the wildcard domain name associated with the domain name resolver.

根据本发明的又一个实施例,访问域名生成模块402还可以用于:将部署服务的集群的访问地址和节点端口信息与访问域名的映射关系,按照集群标识和定制资源标识为标记注册到域名解析器中。According to another embodiment of the present invention, the access domain name generation module 402 can also be used to: register the mapping relationship between the access address and node port information of the cluster where the service is deployed, and the access domain name, according to the cluster ID and the customized resource ID as tags to register with the domain name in the parser.

根据本发明的又一个实施例,访问域名发布模块403还可以用于:将所述访问域名和所述服务信息保存到所述定制资源的状态字段中。According to yet another embodiment of the present invention, the access domain name issuing module 403 may also be configured to: save the access domain name and the service information in the status field of the customized resource.

根据本发明的又一个实施例,本发明实施例的多集群环境下应用服务的对外暴露装置400还包括域名删除模块(图中未示出),用于:响应于监听到所述定制资源的删除事件,删除所述定制资源,并根据集群标识和定制资源标识从所述域名解析器中查找与所述定制资源相关的映射关系记录,并删除所述映射关系记录。According to yet another embodiment of the present invention, the device 400 for externally exposing application services in a multi-cluster environment in the embodiment of the present invention further includes a domain name deletion module (not shown in the figure), configured to: Deleting an event, deleting the custom resource, searching the domain name resolver for a mapping relationship record related to the custom resource according to the cluster identifier and the custom resource identifier, and deleting the mapping relationship record.

根据本发明实施例的技术方案,通过响应于应用部署操作,在应用的命名空间下创建定制资源,定制资源包括应用对外暴露的服务信息;响应于监听到定制资源的创建事件,根据服务信息生成应用服务的访问域名;将访问域名注册到域名解析器中,并将访问域名保存到定制资源中,以通过访问域名进行应用服务的对外暴露的技术方案,通过定制资源来维护应用对外暴露的服务信息,通过监听定制资源以根据服务信息生成域名,并将域名注册到域名解析器中,可以将域名解析到对应的集群上,实现了在Kubernetes集群外通过域名访问集群内的应用服务。在多Kubernetes集群环境部署应用后,自动为应用服务生成对外暴露的访问域名,能够在Kubernetes集群外通过访问域名访问部署的应用,避免了出现单点故障而导致无法访问服务的情况发生,使得对应用服务的访问更灵活、方便、高效。According to the technical solution of the embodiment of the present invention, by responding to the application deployment operation, creating a customized resource under the namespace of the application, the customized resource includes the service information exposed by the application; in response to listening to the creation event of the customized resource, generating The access domain name of the application service; register the access domain name in the domain name resolver, and save the access domain name in the customized resource, so as to expose the application service through the access domain name, and maintain the service exposed by the application through the customized resource Information, by listening to customized resources to generate a domain name based on service information, and registering the domain name in the domain name resolver, the domain name can be resolved to the corresponding cluster, and the application service in the cluster can be accessed through the domain name outside the Kubernetes cluster. After the application is deployed in a multi-Kubernetes cluster environment, the access domain name exposed to the outside world is automatically generated for the application service, and the deployed application can be accessed through the access domain name outside the Kubernetes cluster, avoiding the situation that the service cannot be accessed due to a single point of failure. Access to application services is more flexible, convenient and efficient.

图5示出了可以应用本发明实施例的多集群环境下应用服务的对外暴露方法或多集群环境下应用服务的对外暴露装置的示例性系统架构500。Fig. 5 shows an exemplary system architecture 500 to which the method for externally exposing application services in a multi-cluster environment or the device for externally exposing application services in a multi-cluster environment according to embodiments of the present invention can be applied.

如图5所示,系统架构500可以包括终端设备501、502、503,网络504和服务器505。网络504用以在终端设备501、502、503和服务器505之间提供通信链路的介质。网络504可以包括各种连接类型,例如有线、无线通信链路或者光纤电缆等等。As shown in FIG. 5 , a system architecture 500 may include terminal devices 501 , 502 , and 503 , a network 504 and a server 505 . The network 504 is used as a medium for providing communication links between the terminal devices 501 , 502 , 503 and the server 505 . Network 504 may include various connection types, such as wires, wireless communication links, or fiber optic cables, among others.

用户可以使用终端设备501、502、503通过网络504与服务器505交互,以接收或发送消息等。终端设备501、502、503上可以安装有各种通讯客户端应用,例如数据监听类应用、域名解析类应用、数据集群、应用部署类应用等(仅为示例)。Users can use terminal devices 501 , 502 , 503 to interact with server 505 through network 504 to receive or send messages and the like. Various communication client applications may be installed on the terminal devices 501, 502, and 503, such as data monitoring applications, domain name resolution applications, data clusters, application deployment applications, etc. (just examples).

终端设备501、502、503可以是具有显示屏并且支持网页浏览的各种电子设备,包括但不限于智能手机、平板电脑、膝上型便携计算机和台式计算机等等。The terminal devices 501, 502, 503 may be various electronic devices with display screens and supporting web browsing, including but not limited to smart phones, tablet computers, laptop computers, desktop computers and the like.

服务器505可以是提供各种服务的服务器,例如对用户利用终端设备501、502、503所发来的应用部署操作提供支持的后台管理服务器(仅为示例)。后台管理服务器可以对接收到的应用服务对外暴露请求等数据进行响应于应用部署操作,在所述应用的命名空间下创建定制资源,所述定制资源包括所述应用对外暴露的服务信息;响应于监听到所述定制资源的创建事件,根据所述服务信息生成应用服务的访问域名;将所述访问域名注册到域名解析器中,并将所述访问域名保存到所述定制资源中,以通过所述访问域名进行所述应用服务的对外暴露等处理,并将处理结果(例如访问域名--仅为示例)反馈给终端设备。The server 505 may be a server that provides various services, such as a background management server that provides support for application deployment operations sent by users using terminal devices 501 , 502 , and 503 (just an example). The background management server can respond to the application deployment operation on the received data such as the application service exposure request, and create a customized resource under the namespace of the application, and the customized resource includes the service information exposed by the application; Listening to the creation event of the custom resource, generating the access domain name of the application service according to the service information; registering the access domain name in the domain name resolver, and saving the access domain name in the custom resource, to pass The access domain name performs processing such as external exposure of the application service, and feeds back the processing result (for example, access domain name—just an example) to the terminal device.

需要说明的是,本发明实施例所提供的多集群环境下应用服务的对外暴露方法一般由服务器505执行,相应地,多集群环境下应用服务的对外暴露装置一般设置于服务器505中。It should be noted that the method for exposing application services in a multi-cluster environment provided by the embodiment of the present invention is generally executed by the server 505 , and correspondingly, the device for exposing application services in a multi-cluster environment is generally set in the server 505 .

应该理解,图5中的终端设备、网络和服务器的数目仅仅是示意性的。根据实现需要,可以具有任意数目的终端设备、网络和服务器。It should be understood that the numbers of terminal devices, networks and servers in Fig. 5 are only illustrative. According to the implementation needs, there can be any number of terminal devices, networks and servers.

下面参考图6,其示出了适于用来实现本发明实施例的终端设备或服务器的计算机系统600的结构示意图。图6示出的终端设备或服务器仅仅是一个示例,不应对本发明实施例的功能和使用范围带来任何限制。Referring now to FIG. 6 , it shows a schematic structural diagram of a computer system 600 suitable for implementing a terminal device or a server according to an embodiment of the present invention. The terminal device or server shown in FIG. 6 is only an example, and should not limit the functions and application scope of this embodiment of the present invention.

如图6所示,计算机系统600包括中央处理单元(CPU)601,其可以根据存储在只读存储器(ROM)602中的程序或者从存储部分608加载到随机访问存储器(RAM)603中的程序而执行各种适当的动作和处理。在RAM 603中,还存储有系统600操作所需的各种程序和数据。CPU 601、ROM 602以及RAM 603通过总线604彼此相连。输入/输出(I/O)接口605也连接至总线604。As shown in FIG. 6 , a computer system 600 includes a central processing unit (CPU) 601 that can be programmed according to a program stored in a read-only memory (ROM) 602 or a program loaded from a storage section 608 into a random-access memory (RAM) 603 Instead, various appropriate actions and processes are performed. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601 , ROM 602 , and RAM 603 are connected to each other via a bus 604 . An input/output (I/O) interface 605 is also connected to the bus 604 .

以下部件连接至I/O接口605:包括键盘、鼠标等的输入部分606;包括诸如阴极射线管(CRT)、液晶显示器(LCD)等以及扬声器等的输出部分607;包括硬盘等的存储部分608;以及包括诸如LAN卡、调制解调器等的网络接口卡的通信部分609。通信部分609经由诸如因特网的网络执行通信处理。驱动器610也根据需要连接至I/O接口605。可拆卸介质611,诸如磁盘、光盘、磁光盘、半导体存储器等等,根据需要安装在驱动器610上,以便于从其上读出的计算机程序根据需要被安装入存储部分608。The following components are connected to the I/O interface 605: an input section 606 including a keyboard, a mouse, etc.; an output section 607 including a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and a speaker; a storage section 608 including a hard disk, etc. and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the Internet. A drive 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, optical disk, magneto-optical disk, semiconductor memory, etc. is mounted on the drive 610 as necessary so that a computer program read therefrom is installed into the storage section 608 as necessary.

特别地,根据本发明公开的实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本发明公开的实施例包括一种计算机程序产品,其包括承载在计算机可读介质上的计算机程序,该计算机程序包含用于执行流程图所示的方法的程序代码。在这样的实施例中,该计算机程序可以通过通信部分609从网络上被下载和安装,和/或从可拆卸介质611被安装。在该计算机程序被中央处理单元(CPU)601执行时,执行本发明的系统中限定的上述功能。In particular, according to the disclosed embodiments of the present invention, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, the disclosed embodiments of the present invention include a computer program product, which includes a computer program carried on a computer-readable medium, where the computer program includes program codes for executing the methods shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via communication portion 609 and/or installed from removable media 611 . When this computer program is executed by a central processing unit (CPU) 601, the above-mentioned functions defined in the system of the present invention are performed.

需要说明的是,本发明所示的计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本发明中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。而在本发明中,计算机可读的信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读的信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。计算机可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于:无线、电线、光缆、RF等等,或者上述的任意合适的组合。It should be noted that the computer-readable medium shown in the present invention may be a computer-readable signal medium or a computer-readable storage medium or any combination of the above two. A computer readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to, electrical connections with one or more wires, portable computer diskettes, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above. In the present invention, a computer-readable storage medium may be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In the present invention, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, in which computer-readable program codes are carried. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. A computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium, which can send, propagate, or transmit a program for use by or in conjunction with an instruction execution system, apparatus, or device. . Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

附图中的流程图和框图,图示了按照本发明各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,上述模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图或流程图中的每个方框、以及框图或流程图中的方框的组合,可以用执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in a flowchart or block diagram may represent a module, program segment, or portion of code that includes one or more logical functions for implementing specified executable instructions. It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. It should also be noted that each block in the block diagrams or flowchart illustrations, and combinations of blocks in the block diagrams or flowchart illustrations, can be implemented by a dedicated hardware-based system that performs the specified function or operation, or can be implemented by a A combination of dedicated hardware and computer instructions.

描述于本发明实施例中所涉及到的单元或模块可以通过软件的方式实现,也可以通过硬件的方式来实现。所描述的单元或模块也可以设置在处理器中,例如,可以描述为:一种处理器包括定制资源创建模块、访问域名生成模块和访问域名发布模块。其中,这些单元或模块的名称在某种情况下并不构成对该单元或模块本身的限定,例如,定制资源创建模块还可以被描述为“用于响应于应用部署操作,在所述应用的命名空间下创建定制资源的模块”。The units or modules involved in the embodiments of the present invention may be implemented by means of software or hardware. The described units or modules can also be set in a processor, for example, it can be described as: a processor includes a customized resource creation module, an access domain name generation module and an access domain name issuance module. Wherein, the names of these units or modules do not constitute limitations on the units or modules themselves under certain circumstances. For example, the custom resource creation module can also be described as "used to respond to the application deployment operation, in the application's A module that creates custom resources under the namespace".

作为另一方面,本发明还提供了一种计算机可读介质,该计算机可读介质可以是上述实施例中描述的设备中所包含的;也可以是单独存在,而未装配入该设备中。上述计算机可读介质承载有一个或者多个程序,当上述一个或者多个程序被一个该设备执行时,使得该设备包括:响应于应用部署操作,在所述应用的命名空间下创建定制资源,所述定制资源包括所述应用对外暴露的服务信息;响应于监听到所述定制资源的创建事件,根据所述服务信息生成应用服务的访问域名;将所述访问域名注册到域名解析器中,并将所述访问域名保存到所述定制资源中,以通过所述访问域名进行所述应用服务的对外暴露。As another aspect, the present invention also provides a computer-readable medium. The computer-readable medium may be contained in the device described in the above embodiments, or it may exist independently without being assembled into the device. The computer-readable medium carries one or more programs, and when the one or more programs are executed by the device, the device includes: responding to an application deployment operation, creating a custom resource under the namespace of the application, The customized resource includes service information exposed by the application; in response to monitoring the creation event of the customized resource, generating an access domain name of the application service according to the service information; registering the access domain name in a domain name resolver, And save the access domain name in the customized resource, so as to expose the application service to the outside through the access domain name.

根据本发明实施例的技术方案,通过响应于应用部署操作,在应用的命名空间下创建定制资源,定制资源包括应用对外暴露的服务信息;响应于监听到定制资源的创建事件,根据服务信息生成应用服务的访问域名;将访问域名注册到域名解析器中,并将访问域名保存到定制资源中,以通过访问域名进行应用服务的对外暴露的技术方案,通过定制资源来维护应用对外暴露的服务信息,通过监听定制资源以根据服务信息生成域名,并将域名注册到域名解析器中,可以将域名解析到对应的集群上,实现了在Kubernetes集群外通过域名访问集群内的应用服务。在多Kubernetes集群环境部署应用后,自动为应用服务生成对外暴露的访问域名,能够在Kubernetes集群外通过访问域名访问部署的应用,避免了出现单点故障而导致无法访问服务的情况发生,使得对应用服务的访问更灵活、方便、高效。According to the technical solution of the embodiment of the present invention, by responding to the application deployment operation, creating a customized resource under the namespace of the application, the customized resource includes the service information exposed by the application; in response to listening to the creation event of the customized resource, generating The access domain name of the application service; register the access domain name in the domain name resolver, and save the access domain name in the customized resource, so as to expose the application service through the access domain name, and maintain the service exposed by the application through the customized resource Information, by listening to customized resources to generate a domain name based on service information, and registering the domain name in the domain name resolver, the domain name can be resolved to the corresponding cluster, and the application service in the cluster can be accessed through the domain name outside the Kubernetes cluster. After the application is deployed in a multi-Kubernetes cluster environment, the access domain name exposed to the outside world is automatically generated for the application service, and the deployed application can be accessed through the access domain name outside the Kubernetes cluster, avoiding the situation that the service cannot be accessed due to a single point of failure. Access to application services is more flexible, convenient and efficient.

上述具体实施方式,并不构成对本发明保护范围的限制。本领域技术人员应该明白的是,取决于设计要求和其他因素,可以发生各种各样的修改、组合、子组合和替代。任何在本发明的精神和原则之内所作的修改、等同替换和改进等,均应包含在本发明保护范围之内。The above specific implementation methods do not constitute a limitation to the protection scope of the present invention. It should be apparent to those skilled in the art that various modifications, combinations, sub-combinations and substitutions may occur depending on design requirements and other factors. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (10)

1.一种多集群环境下应用服务的对外暴露方法,其特征在于,包括:1. A method for externally exposing application services in a multi-cluster environment, characterized in that it comprises: 响应于应用部署操作,在所述应用的命名空间下创建定制资源,所述定制资源包括所述应用对外暴露的服务信息;In response to an application deployment operation, create a custom resource under the namespace of the application, where the custom resource includes service information exposed by the application; 响应于监听到所述定制资源的创建事件,根据所述服务信息生成应用服务的访问域名,并将所述访问域名注册到域名解析器中;In response to listening to the creation event of the custom resource, generate an access domain name of the application service according to the service information, and register the access domain name in the domain name resolver; 将所述访问域名保存到所述定制资源中,以通过所述访问域名进行所述应用服务的对外暴露。The access domain name is stored in the customized resource, so as to expose the application service to the outside through the access domain name. 2.根据权利要求1所述的方法,其特征在于,在所述应用的命名空间下创建定制资源,包括:2. The method according to claim 1, wherein creating a custom resource under the namespace of the application comprises: 在所述应用的命名空间下添加定制资源配置文件,所述定制资源配置文件包括生成定制资源所需的服务信息;Adding a custom resource configuration file under the namespace of the application, the custom resource configuration file includes service information required to generate the custom resource; 根据所述应用对外暴露的服务信息和所述定制资源配置文件创建定制资源。Create a customized resource according to the service information exposed by the application and the customized resource configuration file. 3.根据权利要求1所述的方法,其特征在于,所述服务信息包括服务名、服务对应的节点端口信息、服务在集群中所属的命名空间信息、集群标识;3. The method according to claim 1, wherein the service information includes a service name, node port information corresponding to the service, namespace information to which the service belongs in the cluster, and a cluster identifier; 根据所述服务信息生成应用服务的访问域名,包括:Generate the access domain name of the application service according to the service information, including: 将所述服务名、服务在集群中所属的命名空间信息、集群标识、泛域名后缀和服务对应的节点端口信息,按照设定的域名格式进行拼接生成应用服务的访问域名,其中,所述泛域名后缀是与所述域名解析器相关联的泛域名的后缀。The service name, the namespace information of the service in the cluster, the cluster identifier, the generic domain name suffix and the node port information corresponding to the service are spliced according to the set domain name format to generate the access domain name of the application service, wherein the generic The domain name suffix is the suffix of the generic domain name associated with the domain name resolver. 4.根据权利要求3所述的方法,其特征在于,将所述访问域名注册到域名解析器中,包括:4. The method according to claim 3, wherein registering the access domain name in the domain name resolver comprises: 将部署服务的集群的访问地址和节点端口信息与访问域名的映射关系,按照集群标识和定制资源标识为标记注册到域名解析器中。The mapping relationship between the access address and node port information of the cluster where the service is deployed and the access domain name is registered in the domain name resolver according to the cluster ID and the custom resource ID. 5.根据权利要求1所述的方法,其特征在于,将所述访问域名保存到所述定制资源中,包括:5. The method according to claim 1, wherein saving the access domain name in the customized resource comprises: 将所述访问域名和所述服务信息保存到所述定制资源的状态字段中。Save the access domain name and the service information in the status field of the customized resource. 6.根据权利要求1所述的方法,其特征在于,所述方法还包括:6. The method according to claim 1, further comprising: 响应于监听到所述定制资源的删除事件,删除所述定制资源,并根据集群标识和定制资源标识从所述域名解析器中查找与所述定制资源相关的映射关系记录,并删除所述映射关系记录。In response to listening to the deletion event of the custom resource, delete the custom resource, and search for a mapping relationship record related to the custom resource from the domain name resolver according to the cluster ID and the custom resource ID, and delete the mapping Relationship records. 7.一种多集群环境下应用服务的对外暴露装置,其特征在于,包括:7. A device for externally exposing application services in a multi-cluster environment, characterized in that it includes: 定制资源创建模块,用于响应于应用部署操作,在所述应用的命名空间下创建定制资源,所述定制资源包括所述应用对外暴露的服务信息;A custom resource creation module, configured to create a custom resource under the namespace of the application in response to an application deployment operation, where the custom resource includes service information exposed by the application; 访问域名生成模块,用于响应于监听到所述定制资源的创建事件,根据所述服务信息生成应用服务的访问域名,并将所述访问域名注册到域名解析器中;An access domain name generating module, configured to generate an access domain name of the application service according to the service information in response to listening to the creation event of the custom resource, and register the access domain name in the domain name resolver; 访问域名发布模块,用于将所述访问域名保存到所述定制资源中,以通过所述访问域名进行所述应用服务的对外暴露。The access domain name issuing module is configured to store the access domain name in the customized resource, so as to expose the application service to the outside through the access domain name. 8.根据权利要求7所述的装置,其特征在于,所述服务信息包括服务名、服务对应的节点端口信息、服务在集群中所属的命名空间信息、集群标识;8. The device according to claim 7, wherein the service information includes service name, node port information corresponding to the service, namespace information of the service in the cluster, and cluster identifier; 所述访问域名生成模块还用于:The access domain name generation module is also used for: 将所述服务名、服务在集群中所属的命名空间信息、集群标识、泛域名后缀和服务对应的节点端口信息,按照设定的域名格式进行拼接生成应用服务的访问域名,其中,所述泛域名后缀是与所述域名解析器相关联的泛域名的后缀。The service name, the namespace information of the service in the cluster, the cluster identifier, the generic domain name suffix and the node port information corresponding to the service are spliced according to the set domain name format to generate the access domain name of the application service, wherein the generic The domain name suffix is the suffix of the generic domain name associated with the domain name resolver. 9.一种电子设备,其特征在于,包括:9. An electronic device, characterized in that it comprises: 一个或多个处理器;one or more processors; 存储装置,用于存储一个或多个程序,storage means for storing one or more programs, 当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现如权利要求1-6中任一所述的方法。When the one or more programs are executed by the one or more processors, the one or more processors are made to implement the method according to any one of claims 1-6. 10.一种计算机可读介质,其上存储有计算机程序,其特征在于,所述程序被处理器执行时实现如权利要求1-6中任一所述的方法。10. A computer-readable medium, on which a computer program is stored, wherein, when the program is executed by a processor, the method according to any one of claims 1-6 is implemented.
CN202211122347.4A 2022-09-15 2022-09-15 External exposure method and device of application service in multi-cluster environment Pending CN115480877A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211122347.4A CN115480877A (en) 2022-09-15 2022-09-15 External exposure method and device of application service in multi-cluster environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211122347.4A CN115480877A (en) 2022-09-15 2022-09-15 External exposure method and device of application service in multi-cluster environment

Publications (1)

Publication Number Publication Date
CN115480877A true CN115480877A (en) 2022-12-16

Family

ID=84392658

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211122347.4A Pending CN115480877A (en) 2022-09-15 2022-09-15 External exposure method and device of application service in multi-cluster environment

Country Status (1)

Country Link
CN (1) CN115480877A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405462A (en) * 2023-06-07 2023-07-07 阿里巴巴(中国)有限公司 Domain name resolution method, container service system, computing device and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405462A (en) * 2023-06-07 2023-07-07 阿里巴巴(中国)有限公司 Domain name resolution method, container service system, computing device and storage medium
CN116405462B (en) * 2023-06-07 2023-10-20 阿里巴巴(中国)有限公司 Domain name resolution method, container service system, computing device and storage medium

Similar Documents

Publication Publication Date Title
US11625281B2 (en) Serverless platform request routing
CN112119374B (en) Selectively providing mutual transport layer security using alternate server names
US9363195B2 (en) Configuring cloud resources
US8645672B2 (en) Configuring a computer system for a software package installation
CN113301116A (en) Cross-network communication method, device, system and equipment for microservice application
CN115517009B (en) Cluster management method, cluster management device, storage medium and electronic equipment
US20200412788A1 (en) Asynchronous workflow and task api for cloud based processing
CN116155978B (en) Multi-registration center adaptation method, device, electronic device and storage medium
US12074918B2 (en) Network-based Media Processing (NBMP) workflow management through 5G Framework for Live Uplink Streaming (FLUS) control
CN113821352A (en) Remote service calling method and device
CN109347936A (en) Implementation method, system, storage medium and the electronic equipment of Redis agent client
CN116016667A (en) A unified management method and system for multiple types of registration centers on a cloud native platform
CN111290871A (en) Method and device for obtaining application crash information
CN112306984B (en) A data source routing method and device
CN115480877A (en) External exposure method and device of application service in multi-cluster environment
CN115442129B (en) A method, device and system for managing cluster access rights
US11663058B1 (en) Preemptive filtering of events of an event bus with a deterministic filter
WO2024001240A1 (en) Task integration method and apparatus for multiple technology stacks
CN114500485B (en) Data processing method and device
CN112099841A (en) Method and system for generating configuration file
CN112817737A (en) Method and device for calling model in real time
CN113495747B (en) Gray scale release method and device
CN118567833A (en) Custom configuration method, device, equipment and medium for container host name
CN118301656A (en) Multi-network plane work load state detection method and device and related equipment
CN119576644A (en) Service node determining method, device, equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination