CN116743457A

CN116743457A - Cluster permission changing method and device, electronic equipment and storage medium

Info

Publication number: CN116743457A
Application number: CN202310699355.3A
Authority: CN
Inventors: 许明珍; 张志成; 董杰; 张杭俊
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2023-06-13
Filing date: 2023-06-13
Publication date: 2023-09-12

Abstract

The disclosure provides a cluster authority changing method, a cluster authority changing device, electronic equipment and a storage medium, and can be applied to the distributed technical field and the financial and technological field. The method comprises the following steps: in response to receiving a change request of initial authority information for a target cluster, determining initial configuration files of the at least one target cluster from the initial configuration files of the at least one target cluster based on instructions carried by the change request, wherein the change request comprises the change authority information; obtaining target configuration files corresponding to at least one target cluster according to the change authority information and the initial configuration files of the at least one target cluster; and sending target configuration files corresponding to the at least one target cluster, wherein the target cluster is configured to change the initial authority information according to the target configuration files to obtain changed target authority information.

Description

Cluster permission changing method and device, electronic equipment and storage medium

Technical Field

The disclosure relates to the field of distributed technology, and in particular, to a cluster authority changing method, device, electronic equipment, medium and program product.

Background

A Kubernetes cluster may be a cluster that implements an application by invoking a container deployed at the cluster, and may include a master node that may be used to manage the container deployed at the cluster, etc., and other nodes in addition to the master node, which may include virtual machines that deploy the container.

In the process of realizing the inventive concept, the inventor finds that under the condition of carrying out authority change on a plurality of clusters, the number of clusters is more, the cluster environment is more complex, and in the related art, the code of the clusters needs to be manually modified to change the authority of the clusters, so that the problem of lower flexibility of changing the authority of the clusters and the problem of resource waste exist.

Disclosure of Invention

In view of the foregoing, the present disclosure provides a cluster authority changing method, apparatus, electronic device, medium, and program product.

According to a first aspect of the present disclosure, there is provided a cluster authority changing method, applied to a target server, including: in response to receiving a change request of initial authority information for a target cluster, determining initial configuration files of the at least one target cluster from the initial configuration files of the at least one target cluster based on instructions carried by the change request, wherein the change request comprises the change authority information; obtaining target configuration files corresponding to at least one target cluster according to the change authority information and the initial configuration files of the at least one target cluster; and sending target configuration files corresponding to the at least one target cluster, wherein the target cluster is configured to change the initial authority information according to the target configuration files to obtain changed target authority information.

According to an embodiment of the present disclosure, the above-mentioned cluster authority changing method further includes: receiving respective configuration files from at least one cluster; reading configuration files of at least one cluster to obtain cluster attribute information; checking the cluster attribute information to obtain a checking result; and displaying cluster attribute information on a visual interface based on the detection result, wherein the cluster attribute information comprises initial authority information.

According to an embodiment of the present disclosure, the cluster attribute information includes cluster identification information including container identification information of a container disposed in at least one cluster, and container call information characterizing call information of the container; the method for testing the cluster attribute information comprises the steps of: determining container inspection information corresponding to the container according to the container identification information; and matching the container inspection information with the container call information to inspect the container call information to obtain an inspection result.

According to an embodiment of the present disclosure, displaying cluster attribute information on a visual interface based on a test result includes: generating prompt information under the condition that the test result represents that the cluster attribute information is abnormal; and displaying prompt information on a visual interface.

According to an embodiment of the present disclosure, determining, based on an instruction carried by a change request, an initial configuration file of each of at least one target cluster from initial configuration files of each of at least one cluster includes: analyzing the change request to obtain target cluster identification information and change authority information; and executing the instruction carried by the change request to determine the initial configuration file of each of the at least one target cluster from the initial configuration files of each of the at least one cluster according to the target cluster identification information.

According to an embodiment of the present disclosure, obtaining, according to change permission information and an initial configuration file of each of at least one target cluster, a target configuration file corresponding to each of the at least one target cluster includes: determining a permission field corresponding to the initial permission information from the initial configuration file; and changing the authority field in the initial configuration file according to the change authority information to obtain the target configuration file.

According to an embodiment of the present disclosure, the above-mentioned cluster authority changing method further includes: health examination is carried out on a plurality of clusters to obtain a cluster examination result; at least one cluster in an operational state is determined from the plurality of clusters based on the cluster inspection results.

According to a second aspect of the present disclosure, there is provided a cluster authority changing method, applied to a target cluster, including: receiving a target configuration file from a target server; according to the target configuration file, changing the initial authority information of the target cluster to obtain changed target authority information; the target configuration file is obtained by the target server according to the change permission information and the initial configuration file of the target cluster, and the change permission information is obtained based on a change request of the initial permission information of the target cluster, which is received by the target server.

A third aspect of the present disclosure provides a cluster authority changing device deployed on a target server, including: the first determining module is used for determining initial configuration files of at least one target cluster from the initial configuration files of the at least one target cluster based on instructions carried by the change request in response to receiving the change request of the initial authority information of the target cluster, wherein the change request comprises the change authority information; the acquisition module is used for acquiring target configuration files corresponding to at least one target cluster according to the change authority information and the initial configuration files of the at least one target cluster; and the sending module is used for sending the target configuration files corresponding to the at least one target cluster, wherein the target cluster is configured to change the initial permission information according to the target configuration files to obtain changed target permission information.

A fourth aspect of the present disclosure provides a cluster authority changing device deployed on a target cluster, including: the first receiving module is used for receiving the target configuration file from the target server; the changing module is used for changing the initial authority information of the target cluster according to the target configuration file to obtain changed target authority information; wherein the target configuration file is obtained by the target server according to the change permission information and the initial configuration file of the target cluster, the change permission information is obtained based on a change request of the initial permission information of the target cluster received by the target server _。

A fifth aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method described above.

A sixth aspect of the present disclosure also provides a computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the above-described method.

A seventh aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above method.

According to the cluster authority changing method, device, electronic equipment, medium and program product provided by the disclosure, the target configuration file is obtained according to the changing authority information and the initial configuration file in the changing request, the authority information corresponding to the changing configuration file is realized based on the target configuration file, the flexibility of authority changing is improved, and the authority information of the target cluster is changed only by sending the target configuration file to the target cluster, so that the flexibility and accuracy of authority changing are further improved. Moreover, the permission information of the clusters can be changed without adapting according to the environments of different clusters, so that the resource waste is reduced.

Drawings

The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:

FIG. 1 schematically illustrates an application scenario diagram of a cluster authority change method according to an embodiment of the disclosure;

FIG. 2 schematically illustrates a flow diagram of a cluster authority change method in accordance with an embodiment of the disclosure;

FIG. 3 schematically illustrates a schematic diagram of a transmission profile according to an embodiment of the present disclosure;

FIG. 4 schematically illustrates a flow diagram of a cluster authority change method in accordance with an embodiment of the disclosure;

FIG. 5 schematically illustrates a block diagram of a cluster rights alteration apparatus in accordance with an embodiment of the disclosure;

FIG. 6 schematically illustrates a block diagram of a cluster authority change apparatus according to an embodiment of the disclosure; and

fig. 7 schematically illustrates a block diagram of an electronic device adapted to implement a cluster rights altering method according to an embodiment of the disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.

Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

In the technical scheme of the disclosure, the related data (such as including but not limited to personal information of a user) are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public welcome is not violated.

According to an embodiment of the present disclosure, the Kubernetes cluster is rich in resources, including, for example: a duplicate, pod, custom resource, etc., where the duplicate may be a resource for defining and managing a multi-copy application and the pod may be the smallest unit of creation or deployment of a cluster.

Even in the multi-cluster resource management and control scene, finer granularity of authority change cannot be given, namely, the authority change aiming at the multi-cluster is low in flexibility. For example: under the condition that the roles of the users logging in the master node are different, the flexibility of changing the cluster authority is low. For example: for clusters 1-5, user A has viewing and editing rights for resources in the namespaces of clusters 1-3, respectively, but for resources in the namespaces of clusters 4 and 5, user A has only viewing rights. Based on this, the authority of the user a to the cluster resource control is difficult to change.

Furthermore, based on the above scenario, when the rights of the multiple clusters are changed, the environment variable needs to be adapted according to different cluster environments, which is more complex, and as the number of Kubernetes clusters increases, the corresponding configuration manager needs to maintain the call relationship between the clusters, so there is a problem of resource waste.

The embodiment of the disclosure provides a cluster authority changing method, which is applied to a target server and comprises the following steps: and in response to receiving a change request of initial authority information for the target clusters, determining initial configuration files of the at least one target cluster from the initial configuration files of the at least one target cluster based on instructions carried by the change request, wherein the change request comprises the change authority information. And obtaining the target configuration files corresponding to the at least one target cluster according to the change authority information and the initial configuration files of the at least one target cluster. And sending target configuration files corresponding to the at least one target cluster, wherein the target cluster is configured to change the initial authority information according to the target configuration files to obtain changed target authority information.

Fig. 1 schematically illustrates an application scenario diagram of a cluster authority change method according to an embodiment of the present disclosure.

As shown in fig. 1, the application scenario 100 according to this embodiment may include a server 110, a cluster 121, a cluster 122, and a cluster 123. The servers 110, clusters 121, clusters 122, and clusters 123 may all have a medium of communication links, i.e., a network, between each other. The network may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

A user may interact with at least one of cluster 121, cluster 122, and cluster 123 via a network to receive or transmit data, etc., through a terminal device, invoking server 110. Various communication client applications may be installed on the terminal device, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, and the like (by way of example only).

The terminal device may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.

The server 110 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using terminal devices. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.

Cluster 121, cluster 122, and cluster 123 may be Kubernetes clusters as described above. Clusters 121, 122, and 123 may each be deployed with containers that may be used to implement application functionality. For example: in the case of processing a transaction, the container a may be utilized to process transaction data first to obtain processed transaction data, then the container a invokes the container B, and the container B processes the processed transaction data to obtain target transaction data. Containers may be packaged into pods, one pod may package one or more containers, which may be used to store resources and manage and control the manner in which the containers operate.

It should be noted that, the cluster authority changing method provided by the embodiments of the present disclosure may be generally performed by at least one of the cluster 121, the cluster 122, and the cluster 123 or the server 110. Accordingly, the cluster authority modification device provided in the embodiments of the present disclosure may be generally disposed in at least one of the clusters 121, 122, and 123 or the server 110. The cluster authority changing method provided by the embodiment of the present disclosure may also be performed by a server or a server cluster that is different from the server 110, the cluster 121, the cluster 122, and the cluster 123 and is capable of communicating with at least one of the terminal device, the server 110, the cluster 121, the cluster 122, and the cluster 123. Accordingly, the cluster authority changing apparatus provided in the embodiments of the present disclosure may also be disposed in a server or a server cluster that is different from the server 110, the cluster 121, the cluster 122, and the cluster 123 and is capable of communicating with at least one of the terminal device, the server 110, the cluster 121, the cluster 122, and the cluster 123.

It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

The cluster authority changing method of the disclosed embodiment will be described in detail with reference to fig. 2 to 4 based on the scenario described in fig. 1.

Fig. 2 schematically illustrates a flow chart of a cluster authority change method according to an embodiment of the disclosure.

As shown in fig. 2, the cluster authority changing method of the embodiment is applied to a target server, and includes operations S210 to S230.

In operation S210, in response to receiving a change request for initial authority information of a target cluster, determining, from initial configuration files of at least one target cluster, based on an instruction carried by the change request, the initial configuration files of the at least one target cluster, where the change request includes the change authority information.

In operation S220, a target configuration file corresponding to each of the at least one target cluster is obtained according to the change authority information and the initial configuration file of each of the at least one target cluster.

In operation S230, a target configuration file corresponding to each of the at least one target cluster is sent to the at least one target cluster, where the target cluster is configured to change the initial rights information according to the target configuration file, so as to obtain changed target rights information.

According to embodiments of the present disclosure, a target server may be used to configure rights information for a cluster. The cluster may be a Kubernetes cluster that implements an application by invoking a container deployed at the cluster. The target cluster may be a cluster of rights to be changed. The rights information may include read-only rights information and edit rights information of the cluster, etc. The read-only permission information can be used for only providing the read permission when the client accesses the resources in the cluster naming space; the editing rights information may be used to provide the client with editing rights for a resource in the cluster namespace if the client has access to the resource.

According to an embodiment of the present disclosure, the change request may be a request for making a change to initial rights information of the cluster. The change authority information included in the change request may be used to change the initial authority information. The initial rights information may be rights information to be changed. The instruction carried by the change request may be an instruction for executing the change request.

Changes are made to the initial rights information, for example: and changing the read-only authority information to the edit authority information.

According to an embodiment of the present disclosure, the initial profile may be a profile to be changed. By changing the initial configuration file according to the change authority information, the change of the initial authority information can be realized, and based on the change, the target authority information can be obtained. The target rights information may be changed rights information.

According to an embodiment of the present disclosure, the target profile may be a profile of changed rights information. The target configuration file may be used to configure the target cluster. For example: a cluster management component, which may be constructed based on CRD (Custom Resource Definition, custom resource data) tables of Kubernetes clusters, may be used to manage at least one cluster.

The cluster management component may be divided into a server-side component and a cluster-side component. The server-side component can be deployed on the target server, and the cluster-side component can be deployed on the cluster. For example: the server-side component may be utilized to send a configuration file to the cluster-side component to configure the cluster-side component, and the configured cluster-side component manages the cluster in which the configured cluster-side component is deployed. The cluster side component may be used to control rights information for the deployed clusters. By sending the target configuration file to the cluster-side component by the server-side component, the modification of the authority information of the target cluster for deploying the cluster-side component can be realized.

According to the embodiment of the disclosure, the instruction carried by the change request can be executed when the change request is received, and based on the instruction, the determining operation of the initial configuration file, the changing operation and the sending operation of the target configuration file for the target cluster can be executed.

According to the embodiment of the disclosure, a target cluster requiring change permission information can be determined from a plurality of clusters, then an initial configuration file is changed into a target configuration file according to the change permission information, and then the target configuration file is sent to the target cluster corresponding to the target configuration file. Wherein, the target cluster corresponding to the target configuration file may be determined according to the initial configuration file from which the target configuration file is obtained.

According to an embodiment of the present disclosure, the change request may further include identification information, which may be used to determine a configuration file of the target cluster from the plurality of initial configuration files. The identification information may include target cluster identification information and target profile identification information. The target cluster identification information may be identification information of a target cluster; the target profile identification information may be identification information of a profile of the target cluster.

According to the embodiment of the disclosure, a new authority field can be generated according to the change authority information, and then a field corresponding to the initial authority information in the initial configuration file is changed according to the new authority field, so that the target configuration file can be obtained.

According to the embodiment of the disclosure, a target configuration file corresponding to a target cluster can be sent to the target cluster according to the target cluster identification information. When the target cluster receives the target configuration file, the initial configuration file of the target cluster can be replaced by the target configuration file, so that the change of the authority information of the target cluster can be realized, but the method is not limited to the method, and the field describing the initial authority information in the initial configuration file can be changed according to the field describing the authority information in the target configuration file, so that the change of the authority information can be realized.

According to the embodiment of the disclosure, the target configuration file is obtained according to the change permission information and the initial configuration file in the change request, the permission information corresponding to the change configuration file is realized based on the target configuration file, the flexibility of permission change is improved, and the permission information of the target cluster is only changed due to the fact that the target configuration file is only sent to the target cluster, so that the flexibility and the accuracy of permission change are further improved. Moreover, the permission information of the clusters can be changed without adapting according to the environments of different clusters, so that the resource waste is reduced.

According to the embodiment of the disclosure, when the target server receives the initial configuration file, the security certificate information of the cluster in the initial configuration file can be authenticated, so that the security of the received data can be improved.

Fig. 3 schematically illustrates a schematic diagram of a transmission profile according to an embodiment of the present disclosure.

As shown in fig. 3, the server 310 may perform operation S310, transmitting the target profile 1 and the target profile 2. The target cluster 320 may perform operation S320, receiving the target profile 1. The target cluster 320 may be configured to change its authority information according to the target profile 1 in case of receiving the target profile 1. The target cluster 330 may perform operation S330, receiving the target profile 2. The target cluster 330 may be configured to change its authority information according to the target profile 2 in case of receiving the target profile 2.

According to an embodiment of the present disclosure, the above-mentioned cluster authority changing method further includes: and performing health examination on the plurality of clusters to obtain a cluster examination result. At least one cluster in an operational state is determined from the plurality of clusters based on the cluster inspection results.

According to the embodiment of the disclosure, the health check information can be sent to a plurality of clusters, and based on the health check information can be fed back by the plurality of clusters, so that a cluster check result can be obtained.

According to embodiments of the present disclosure, the cluster examination results may be determined from feedback information and feedback conditions of the cluster to the health examination information. In the case where the cluster does not feed back health check information, it may be determined that the cluster is not in an operational state. In the case where the cluster feeds back health check information, it may be determined that the cluster is in an operational state.

In accordance with embodiments of the present disclosure, in the case of sending a configuration file to a cluster in an inactive state, it may be difficult for the cluster in the inactive state to receive the configuration file. Therefore, by performing health examination on the cluster, the problem of resource waste caused by changing the configuration file of the cluster in an unoperated state can be avoided.

According to the embodiment of the disclosure, by performing health check on the plurality of clusters, at least one cluster in an operating state is determined from the plurality of clusters, the accuracy of determining the cluster in the operating state is improved, and the problem of resource waste caused by changing the configuration file of the cluster in an unoperated state can be avoided. Moreover, the cluster in the running state can be flexibly determined through health examination, so that the flexibility of determining the authority information of the cluster is further improved.

According to an embodiment of the present disclosure, the above-mentioned cluster authority changing method further includes: a respective configuration file is received from at least one cluster. And reading the configuration files of at least one cluster to obtain cluster attribute information. And checking the cluster attribute information to obtain a checking result. And displaying cluster attribute information on a visual interface based on the detection result, wherein the cluster attribute information comprises initial authority information.

According to embodiments of the present disclosure, the cluster attribute information may include cluster identification information, initial authority information, response time length information, and the like. The response time length information may represent time length information of the cluster response under the condition of calling the cluster. The cluster attribute information of the cluster can be obtained by reading the configuration file of the cluster.

According to embodiments of the present disclosure, a custom API (Application Programming Interface ) interface may be invoked to read respective configuration files of at least one cluster at regular intervals. The configuration file to be read can be determined from the configuration files of at least one cluster by calling the self-defined API interface. Therefore, the cluster attribute information corresponding to the configuration file, which is displayed on the visual interface, can be changed, and the flexibility of displaying the cluster attribute information is improved.

According to the embodiment of the disclosure, the response time length information and the preset response time length can be compared to test the response time length information, so that a test result can be obtained. Under the condition that the test result represents that the response time length information is smaller than or equal to the preset response time length, the response time length information can be determined to pass the test; and under the condition that the test result represents that the response time length information is larger than the preset response time length, determining that the response time length information fails to be tested, and generating prompt information based on the response time length information to prompt the response time length information which fails to be tested.

According to the embodiment of the disclosure, the cluster identification information, the initial authority information corresponding to the cluster identification information, the response time length information corresponding to the cluster identification information and the like of each of the plurality of clusters can be displayed on the visual interface, and the checking result can be displayed on the visual interface.

According to the embodiment of the disclosure, a change request of the initial authority information of the target cluster can be generated in response to a selection operation of the authority information of the target cluster displayed by the visual interface, then an instruction carried by the change request can be executed, and a target configuration file corresponding to the selection operation can be obtained based on the instruction carried by the change request.

According to the embodiment of the disclosure, the cluster attribute information is displayed on the visualization interface, so that the visualization of the cluster resources is realized, the determination of the authority information of the clusters according to the displayed cluster attribute information is facilitated, and the user experience is improved. Moreover, because the cluster attribute information is displayed based on the test result, the clusters which are not tested can be prompted, and the user experience is improved.

According to the embodiment of the disclosure, the cluster attribute information can be displayed on the visual interface and operated without the need of a user to log in a host machine to send an operation instruction, so that the safety is improved.

According to an embodiment of the present disclosure, the initial configuration file may further include log information of the cluster collected by the cluster side component, and the log information may also be presented on the visualization interface.

According to the embodiment of the disclosure, the visual interface can also be used for responding to the query operation and inquiring the cluster attribute information corresponding to the query operation, and based on the cluster attribute information, the user experience is further improved.

According to an embodiment of the present disclosure, the cluster attribute information includes cluster identification information including container identification information of a container disposed in at least one cluster, and container call information characterizing call information of the container. The method for testing the cluster attribute information comprises the steps of: and determining container inspection information corresponding to the container according to the container identification information. And matching the container inspection information with the container call information to inspect the container call information to obtain an inspection result.

According to embodiments of the present disclosure, containers may be used to implement application functions. For example: in the case of processing a transaction, the container a may be utilized to process transaction data first to obtain processed transaction data, then the container a invokes the container B, and the container B processes the processed transaction data to obtain target transaction data. Based on the above, in the process of realizing the application function, the container can call other containers to realize the application function together. The containers may be packaged into a pod, which may be the smallest unit of creation or deployment of a cluster, one pod may package one or more containers, which may be used to store resources and manage the manner in which the containers are controlled.

According to embodiments of the present disclosure, the container verification information may include preset container call information. The preset container call information may characterize call information preset between containers. For example: container a may only call container B, container B may not call container C, etc.

According to the embodiment of the present disclosure, by comparing the preset container call information and the container call information, it is possible to determine whether the container call information is changed. Under the condition that no difference exists between preset container call information and container call information, the container call information can be determined to pass the inspection; in the case where there is a difference between the preset container call information and the container call information, it may be determined that the container call information fails the verification.

According to the embodiment of the disclosure, the container call information is checked by matching the container check information with the container call information, so that the container call information with the abnormality can be displayed based on the container check information, and the user experience is improved.

According to embodiments of the present disclosure, hint information may be used to hint cluster attribute information that fails inspection, but is not limited thereto, and in some embodiments hint information may also be used to hint cluster attribute information that fails inspection.

According to the embodiment of the disclosure, in the case that the cluster attribute information passes the inspection, the inspection result can represent that the cluster attribute information is normal; under the condition that the cluster attribute information fails to pass the inspection, the inspection result can represent that the cluster attribute information has abnormality, based on the result, prompt information can be generated, and the cluster attribute information with abnormality and the prompt information are associated and displayed on a visual interface.

According to the embodiment of the disclosure, when the inspection result represents that the cluster attribute information is abnormal, the prompting information is displayed on the visual interface so as to prompt the abnormal cluster attribute information, and therefore user experience is improved.

According to an embodiment of the present disclosure, determining, based on an instruction carried by a change request, an initial configuration file of each of at least one target cluster from initial configuration files of each of at least one cluster includes: and analyzing the change request to obtain the target cluster identification information and the change authority information. And executing the instruction carried by the change request to determine the initial configuration file of each of the at least one target cluster from the initial configuration files of each of the at least one cluster according to the target cluster identification information.

According to the embodiment of the disclosure, the fields in the change request can be analyzed to obtain the fields for characterizing the target cluster identification information and the fields for characterizing the change permission information.

According to the embodiment of the disclosure, the determining operation of the initial configuration file for the target cluster can be performed by executing the instruction carried by the change request.

According to the embodiment of the disclosure, the configuration file corresponding to the target cluster is determined based on the instruction carried by the change request, so that the flexibility and accuracy of determining the target configuration file are improved.

According to an embodiment of the present disclosure, obtaining, according to change permission information and an initial configuration file of each of at least one target cluster, a target configuration file corresponding to each of the at least one target cluster includes: from the initial configuration file, a rights field corresponding to the initial rights information is determined. And changing the authority field in the initial configuration file according to the change authority information to obtain the target configuration file.

According to an embodiment of the present disclosure, the authority field may be a field for determining authority information. The modification of the initial authority information can be achieved by modifying the authority field corresponding to the initial authority information.

According to an embodiment of the present disclosure, the change authority information may include a target authority field corresponding to the target authority information, and based on this, the authority field may be changed to the target authority field in case of determining the authority field in the initial configuration file, and thus, the initial configuration file including the target authority field may be determined as the target configuration file.

According to the embodiment of the disclosure, the permission is changed by changing the permission field corresponding to the permission information in the initial configuration file, so that the accuracy of changing the permission is improved.

Fig. 4 schematically illustrates a flowchart of a cluster authority change method according to an embodiment of the disclosure.

As shown in fig. 4, the cluster authority changing method of the embodiment is applied to a target cluster, and includes operations S410 to S420.

In operation S410, a target profile from a target server is received.

In operation S420, the initial authority information of the target cluster is changed according to the target configuration file, so as to obtain changed target authority information.

According to an embodiment of the disclosure, the target configuration file is obtained by the target server according to the change permission information and the initial configuration file of the target cluster, and the change permission information is obtained based on a change request of the initial permission information of the target cluster, which is received by the target server.

Based on the cluster authority changing method, the disclosure also provides a cluster authority changing device. The device will be described in detail below in connection with fig. 5.

Fig. 5 schematically illustrates a block diagram of a cluster authority modification apparatus according to an embodiment of the present disclosure.

As shown in fig. 5, the cluster authority changing apparatus 500 of this embodiment includes a first determining module 510, an obtaining module 520, and a sending module 530.

The first determining module 510 is configured to determine, in response to receiving a change request for initial authority information of a target cluster, from initial configuration files of at least one target cluster, based on an instruction carried by the change request, where the change request includes the change authority information. In an embodiment, the first determining module 510 may be configured to perform the operation S210 described above, which is not described herein.

The obtaining module 520 is configured to obtain, according to the change permission information and the initial configuration file of each of the at least one target cluster, a target configuration file corresponding to each of the at least one target cluster. In an embodiment, the obtaining module 520 may be configured to perform the operation S220 described above, which is not described herein.

The sending module 530 is configured to send, to at least one target cluster, a target configuration file corresponding to each of the at least one target cluster, where the target cluster is configured to change the initial rights information according to the target configuration file, so as to obtain changed target rights information. In an embodiment, the sending module 530 may be configured to perform the operation S230 described above, which is not described herein.

According to an embodiment of the disclosure, the cluster authority changing device further includes a second receiving module, a reading module, a checking module and a display module. The second receiving module is used for receiving the configuration files from at least one cluster; the reading module is used for reading the configuration files of at least one cluster to obtain cluster attribute information; the checking module is used for checking the cluster attribute information to obtain a checking result; the display module is used for displaying cluster attribute information on a visual interface based on the detection result, wherein the cluster attribute information comprises initial authority information.

According to an embodiment of the present disclosure, the inspection module includes a first determination sub-module and a matching sub-module. The first determination submodule is used for determining container inspection information corresponding to the container according to the container identification information; the matching submodule is used for matching the container inspection information with the container call information so as to inspect the container call information and obtain an inspection result.

According to an embodiment of the present disclosure, the presentation module includes a generation sub-module and a presentation sub-module. The generation sub-module is used for generating prompt information under the condition that the test result represents that the cluster attribute information is abnormal; the display submodule is used for displaying prompt information on the visual interface.

According to an embodiment of the present disclosure, the first determination module 510 includes a parsing sub-module and an execution module. The analysis submodule is used for analyzing the change request to obtain target cluster identification information and change authority information; the execution module is used for executing the instruction carried by the change request so as to determine the initial configuration file of each of the at least one target cluster from the initial configuration files of each of the at least one cluster according to the target cluster identification information.

According to an embodiment of the present disclosure, the acquisition module 520 includes a second determination sub-module and a modification sub-module. The second determining submodule is used for determining a permission field corresponding to the initial permission information from the initial configuration file; the change sub-module is used for changing the authority field in the initial configuration file according to the change authority information to obtain the target configuration file.

According to an embodiment of the disclosure, the cluster authority changing module further includes a checking module and a second determining module. The checking module is used for performing health checking on the plurality of clusters to obtain a cluster checking result; the second determining module is used for determining at least one cluster in an operation state from a plurality of clusters according to the cluster checking result.

According to an embodiment of the present disclosure, any of the plurality of modules of the first determining module 510, the acquiring module 520, and the transmitting module 530 may be combined in one module to be implemented, or any of the plurality of modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the first determination module 510, the acquisition module 520, and the transmission module 530 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware, such as any other reasonable way of integrating or packaging circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the first determining module 510, the obtaining module 520 and the sending module 530 may be at least partially implemented as a computer program module, which when executed may perform the respective functions.

Based on the cluster authority changing method, the disclosure also provides a cluster authority changing device. The device will be described in detail below in connection with fig. 6.

Fig. 6 schematically illustrates a block diagram of a cluster authority modification apparatus according to an embodiment of the present disclosure.

As shown in fig. 6, the cluster authority changing apparatus 600 of this embodiment includes a first receiving module 610 and a changing module 620.

The first receiving module 610 is configured to receive a target configuration file from a target server. In an embodiment, the first receiving module 610 may be configured to perform the operation S410 described above, which is not described herein.

The changing module 620 is configured to change the initial authority information of the target cluster according to the target configuration file, so as to obtain changed target authority information; the target configuration file is obtained by the target server according to the change permission information and the initial configuration file of the target cluster, and the change permission information is obtained based on a change request of the initial permission information of the target cluster, which is received by the target server. In an embodiment, the modification module 620 may be configured to perform the operation S420 described above, which is not described herein.

Any of the first receiving module 610 and the altering module 620 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules, according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the first receiving module 610 and the altering module 620 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging the circuits, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the first receiving module 610 and the altering module 620 may be at least partially implemented as a computer program module that, when executed, performs the corresponding functions.

As shown in fig. 7, an electronic device 700 according to an embodiment of the present disclosure includes a processor 701 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The processor 701 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 701 may also include on-board memory for caching purposes. The processor 701 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.

In the RAM 703, various programs and data necessary for the operation of the electronic apparatus 700 are stored. The processor 701, the ROM 702, and the RAM 703 are connected to each other through a bus 704. The processor 701 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 702 and/or the RAM 703. Note that the program may be stored in one or more memories other than the ROM 702 and the RAM 703. The processor 701 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.

According to an embodiment of the present disclosure, the electronic device 700 may further include an input/output (I/O) interface 705, the input/output (I/O) interface 705 also being connected to the bus 704. The electronic device 700 may also include one or more of the following components connected to an input/output (I/O) interface 705: an input section 706 including a keyboard, a mouse, and the like; an output portion 707 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to an input/output (I/O) interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.

The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.

According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 702 and/or RAM 703 and/or one or more memories other than ROM 702 and RAM 703 described above.

Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to implement the cluster authority modification method provided by the embodiments of the present disclosure.

The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 701. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed over a network medium in the form of signals, downloaded and installed via the communication section 709, and/or installed from the removable medium 711. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 701. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.

The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. A cluster authority changing method is applied to a target server and comprises the following steps:

in response to receiving a change request of initial authority information aiming at a target cluster, determining at least one initial configuration file of each target cluster from the initial configuration files of each target cluster based on an instruction carried by the change request, wherein the change request comprises the change authority information;

Obtaining target configuration files corresponding to the at least one target cluster according to the change authority information and the initial configuration files of the at least one target cluster;

and sending target configuration files corresponding to the at least one target cluster, wherein the target cluster is configured to change the initial authority information according to the target configuration files to obtain changed target authority information.

2. The method of claim 1, further comprising:

receiving respective configuration files from the at least one cluster;

reading the configuration files of the at least one cluster to obtain cluster attribute information;

checking the cluster attribute information to obtain a checking result;

and displaying the cluster attribute information on a visual interface based on the checking result, wherein the cluster attribute information comprises the initial authority information.

3. The method of claim 2, wherein the cluster attribute information includes cluster identification information and container call information, the cluster identification information including container identification information of a container disposed at the at least one cluster, the container call information characterizing call information of the container;

The step of checking the cluster attribute information to obtain a checking result includes:

determining container inspection information corresponding to the container according to the container identification information;

and matching the container inspection information with the container call information to inspect the container call information to obtain the inspection result.

4. A method according to claim 2 or 3, wherein said presenting said cluster attribute information at a visual interface based on said test result comprises:

generating prompt information under the condition that the inspection result represents that the cluster attribute information is abnormal;

and displaying the prompt information on the visual interface.

5. A method according to any one of claims 1 to 3, wherein said determining, based on the instruction carried by the change request, the initial profile of each of at least one of the target clusters from the initial profiles of each of at least one of the clusters, comprises:

analyzing the change request to obtain target cluster identification information and change authority information;

executing the instruction carried by the change request to determine the initial configuration file of each target cluster from the initial configuration files of each target cluster according to the target cluster identification information.

6. A method according to any one of claims 1 to 3, wherein the obtaining, according to the change authority information and the initial configuration file of each of the at least one target cluster, a target configuration file corresponding to each of the at least one target cluster includes:

determining a permission field corresponding to the initial permission information from the initial configuration file;

and changing the authority field in the initial configuration file according to the change authority information to obtain the target configuration file.

7. A method according to any one of claims 1 to 3, further comprising:

health examination is carried out on a plurality of clusters to obtain a cluster examination result;

and determining the at least one cluster in the running state from the plurality of clusters according to the cluster checking result.

8. A cluster authority determination method is applied to a target cluster, and comprises the following steps:

receiving a target configuration file from a target server;

according to the target configuration file, changing the initial authority information of the target cluster to obtain changed target authority information;

the target configuration file is obtained by the target server according to the change permission information and the initial configuration file of the target cluster, and the change permission information is obtained based on a change request of the initial permission information of the target cluster, which is received by the target server.

9. A cluster authority changing device is deployed on a target server and comprises:

the first determining module is used for determining at least one initial configuration file of each target cluster from the initial configuration files of each target cluster based on an instruction carried by a change request in response to receiving the change request of the initial authority information of the target cluster, wherein the change request comprises the change authority information;

the acquisition module is used for acquiring target configuration files corresponding to the at least one target cluster according to the change permission information and the initial configuration files of the at least one target cluster;

and the sending module is used for sending the target configuration files corresponding to the at least one target cluster, wherein the target cluster is configured to change the initial authority information according to the target configuration files to obtain changed target authority information.

10. A cluster authority change device deployed on a target cluster, comprising:

the first receiving module is used for receiving the target configuration file from the target server;

the changing module is used for changing the initial authority information of the target cluster according to the target configuration file to obtain changed target authority information;

11. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs,

wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.

12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-8.

13. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 8.