CN116743573B - Method, device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack - Google Patents

Method, device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack Download PDF

Info

Publication number
CN116743573B
CN116743573B CN202311025133.XA CN202311025133A CN116743573B CN 116743573 B CN116743573 B CN 116743573B CN 202311025133 A CN202311025133 A CN 202311025133A CN 116743573 B CN116743573 B CN 116743573B
Authority
CN
China
Prior art keywords
server
ipv6
ipv4
load balancer
dual stack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311025133.XA
Other languages
Chinese (zh)
Other versions
CN116743573A (en
Inventor
朱桂华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Suzhou Software Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202311025133.XA priority Critical patent/CN116743573B/en
Publication of CN116743573A publication Critical patent/CN116743573A/en
Application granted granted Critical
Publication of CN116743573B publication Critical patent/CN116743573B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/686Types of network addresses using dual-stack hosts, e.g. in Internet protocol version 4 [IPv4]/Internet protocol version 6 [IPv6] networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a method, a device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack, which relate to the technical field of communication, and are used for switching K8s from IPv4 to IPv6/IPv4 dual stack to a K8s cluster, wherein the K8s cluster comprises a plurality of Kube nodes, a load balancer and a plurality of control plane interface servers, and the plurality of control plane interface servers comprise at least one first server and at least one second server; the method comprises the following steps: the first server isolates a communication connection with the load balancer; the first server is switched into an IPv6/IPv4 dual stack, and communication connection with the load balancer is restored after switching is completed; the second server isolates a communication connection with the load balancer; and the second server is switched into an IPv6/IPv4 dual stack, and communication connection with the load balancer is restored after the switching is completed. The embodiment of the invention can realize the stable switching of K8s from IPv4 to IPv6/IPv4 dual stack.

Description

Method, device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack
Technical Field
The disclosure relates to the technical field of communication, in particular to a method, a device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack.
Background
Kubernetes (a system of open source container orchestration, abbreviated as K8 s) is an open source for managing containerized applications on multiple hosts in a cloud platform, the goal of Kubernetes is to make deploying containerized applications simple and efficient. With the development of the internet and the increase of internet devices, the number of addresses of IPV4 (internet protocol version 4) has been insufficient to support all devices, and thus IPV6 (internet protocol version 6) has been developed and becomes a new generation of general communication protocol. K8s is used as a widely applied container management platform, and a smooth upgrading scheme is needed. However, in the related art, in the context of the IPv4 single stack, only a scheme of switching the K8s service plane to the dual stack exists, and the control plane still maintains the IPv4 single stack, that is, the control plane and the service plane of the K8s cannot be simultaneously switched to the IPv6/IPv4 dual stack.
Disclosure of Invention
The disclosure aims to provide a method, a device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack, which are used for solving the technical problem that a control plane and a service plane of K8s cannot be simultaneously switched to IPv6/IPv4 dual stack in an IPv4 single stack scene.
In a first aspect, an embodiment of the present disclosure provides a method for switching K8s from IPv4 to IPv6/IPv4 dual stack, applied to a K8s cluster, where the K8s cluster includes a plurality of Kube nodes, a load balancer, and a plurality of control plane interface servers, where the Kube nodes and the control plane interface servers are all communicatively connected to the load balancer based on IPv4, and the plurality of control plane interface servers include at least one first server and at least one second server;
the method comprises the following steps:
the first server isolates a communication connection with the load balancer;
the first server is switched into an IPv6/IPv4 dual stack, and communication connection with the load balancer is restored after switching is completed;
the second server isolates a communication connection with the load balancer;
and the second server is switched into an IPv6/IPv4 dual stack, and communication connection with the load balancer is restored after the switching is completed.
In some of these embodiments, the first server isolates the communication connection with the load balancer, comprising:
the first server shields an API request application;
the first server monitors an API request in a processing state;
after the first server finishes processing the API request in the processing state, sending a notification signal to the load balancer;
the load balancer deletes the interface of the first server according to the notification signal.
In some embodiments, the first server switches to an IPv6/IPv4 dual stack, comprising:
generating an interface server certificate and covering an original certificate in the first server;
generating a Kube configuration file based on IPv6 address communication;
modifying the first server configuration supports IPv6.
In some of these embodiments, said modifying said first server configuration to support IPv6 comprises one or more of:
modifying the broadcast address of the Kube API server to include an IPv6 address;
modifying the binding address of the Kube API server to support an IPv6 address;
modifying the service cluster IP address range of the Kube API server to support IPv6/IPv4 dual stack network segments;
modifying the binding address of Kube control management to support IPv6 address;
modifying the service cluster IP address range of Kube control management to support IPv6/IPv4 dual stack network segments;
modifying the binding address of the Kube scheduler to support an IPv6 address;
modifying the address of the Kubelet to support IPv6 address;
the node IP address that modifies the address of the Kubelet is an IPv6/IPv4 address.
In some of these embodiments, restoring the communication connection with the load balancer includes:
the load balancer adds an interface of the first server.
In a second aspect, an embodiment of the present disclosure provides a method for switching K8s from IPv4 to IPv6/IPv4 dual stack, applied to a K8s cluster, where the method includes:
acquiring an IPv6 modified configuration file;
generating configuration information required by IPv6/IPv4 dual stack modification according to the configuration file;
modifying the control plane interface server of the K8s cluster according to the configuration information, wherein the modification of the control plane interface server of the K8s cluster is performed by the method of switching K8s from IPv4 to IPv6/IPv4 dual stack according to any one of the first aspects;
and modifying the service surface interface server of the K8s cluster according to the configuration information.
In a third aspect, an embodiment of the present disclosure provides an apparatus for switching K8s from IPv4 to IPv6/IPv4 dual stack, applied to a K8s cluster, where the K8s cluster includes a plurality of Kube nodes, a load balancer, and a plurality of control plane interface servers, where the Kube nodes and the control plane interface servers are all communicatively connected to the load balancer based on IPv4, and the plurality of control plane interface servers include at least one first server and at least one second server;
the device comprises:
an isolation module for controlling the first server to isolate the communication connection with the load balancer;
the switching module is used for controlling the first server to switch into an IPv6/IPv4 dual stack and recovering the communication connection with the load balancer after the switching is completed;
the isolation module is further used for controlling the second server to isolate communication connection with the load balancer;
and the switching module is also used for controlling the second server to switch into an IPv6/IPv4 dual stack and recovering the communication connection with the load balancer after the switching is completed.
In a fourth aspect, an embodiment of the present disclosure provides an apparatus for switching K8s from IPv4 to IPv6/IPv4 dual stack, applied to a K8s cluster, where the apparatus includes:
the configuration file acquisition module is used for acquiring an IPv6 modified configuration file;
the configuration information generation module is used for generating configuration information required by the IPv6/IPv4 dual stack transformation according to the configuration file;
a control plane modification module, configured to modify a control plane interface server of the K8s cluster according to the configuration information, where modifying the control plane interface server of the K8s cluster is performed by any one of the methods of the first aspect that switches K8s from IPv4 to IPv6/IPv4 dual stack;
and the service plane transformation module is used for transforming the service plane interface server of the K8s cluster according to the configuration information.
In a fifth aspect, embodiments of the present disclosure also provide an electronic device including a processor, a memory, and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the above method when executed by the processor.
In a sixth aspect, the disclosed embodiments also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the above method.
According to the embodiment of the invention, the first server is isolated from the communication connection of the load balancer, the first server is switched into the IPv6/IPv4 dual stack, the communication connection with the load balancer is restored after the switching is completed, then the second server is isolated from the communication connection of the load balancer, the second server is switched into the IPv6/IPv4 dual stack, and the communication connection with the load balancer is restored after the switching is completed. In this way, the embodiment of the invention can keep at least one of the first server and the second server in communication link with the load balancer to provide service, thereby realizing switching the control plane interface server from IPv4 to IPv6/IPv4 dual stack without affecting the normal service provided by the control plane interface server, and improving the switching smoothness.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are needed in the description of the embodiments of the present disclosure will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
FIG. 1 is a schematic diagram of a K8s cluster architecture according to one embodiment of the disclosure;
FIG. 2 is a flow chart of a method for switching K8s from IPv4 to IPv6/IPv4 dual stack according to an embodiment of the present disclosure;
FIG. 3A is a schematic diagram of a K8s cluster switching process according to one embodiment of the disclosure;
FIG. 3B is a second schematic diagram of a K8s cluster switching process according to one embodiment of the disclosure;
FIG. 3C is a third schematic diagram of a K8s cluster switching process according to one embodiment of the disclosure;
FIG. 4 is a flow chart of yet another method for switching K8s from IPv4 to IPv6/IPv4 dual stack provided by an embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of an apparatus for switching K8s from IPv4 to IPv6/IPv4 dual stack according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The following description of the technical solutions in the embodiments of the present disclosure will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without inventive effort, based on the embodiments in this disclosure are intended to be within the scope of this disclosure.
The embodiment of the disclosure provides a method for switching K8s from IPv4 to IPv6/IPv4 dual stack.
As shown in fig. 1, fig. 1 is a schematic diagram of an architecture of a K8s cluster according to an embodiment of the present invention, where the method of this embodiment is applied to the K8s cluster, and in one embodiment, the K8s cluster includes a plurality of Kube nodes, a Load Balancer (LB) and a plurality of control plane interface servers.
In this embodiment, three Kube nodes and three control planes are shown, each control plane including an interface server (apis) instance. The Kube node comprises a Kube-proxy and a Kubelet component, wherein the Kube-proxy is a network proxy component on the Kube node and runs on each node, and the Kube-proxy is an access entry for managing Service, including access from Pod (K8 s schedulable minimum and deployable unit) to Service in a cluster and access Service outside the cluster; the Kubelet component is the component in K8s that is used to manage Pod and containers on the Kube node.
Apis erver examples include Kube control management (controller manager), schedulers, and etcd (a distributed Key-Value store based on the Raft protocol).
The Kube node and the control plane interface servers are both communicatively coupled to the load balancer based on IPv4, wherein the plurality of control plane interface servers includes at least one first server and at least one second server.
For the structure and function of each architecture of the K8s cluster, reference may be made to related technologies, which are not described herein.
As shown in fig. 2, in one embodiment, the method includes:
step 201: the first server isolates a communication connection with the load balancer.
In this embodiment, the communication connection between the first server isolation and the LB is controlled first, and at this time, the second server still maintains the original connection state.
In an exemplary embodiment, the first server includes apis erver1 and apis erver2 of fig. 1, and the second server includes apis erver3.
In practice, the connection of apis erver1 and apis erver2 to LB is first isolated.
In one embodiment, the communication connection of the first server and the load balancer may be isolated by:
the first server shields an API request application;
the first server monitors an API request in a processing state;
after the first server finishes processing the API request in the processing state, sending a notification signal to the load balancer;
the load balancer deletes the interface of the first server according to the notification signal.
As shown in fig. 3A, in this embodiment, the first server first masks the new API request application, that is, APIs erver1 and APIs erver2 no longer receive the new API request application.
Then, APIs server1 and APIs server2 monitor the API requests in the processing state, until the processing of the API requests being processed is completed, and send a notification signal to LB, so that APIs server1 and APIs server2 can process the API requests in the processing state, and do not process new API requests. Thus, when the first server sends a notification signal to the LB, the first server is in an idle state in which it does not process API requests.
Next, the LB modules (LB interfaces) of apis erver1 and apis erver2 are deleted, so that the apis erver instance connected to each node through LB includes only the second server apis erver3.
Through the process, the isolation processing of the first server APIserver1 and the first server APIserver2 can be realized, and no service is provided any more.
Step 202: and the first server is switched into an IPv6/IPv4 dual stack, and communication connection with the load balancer is restored after the switching is completed.
As shown in fig. 3A, when the first server is in the isolated state, the second server can provide a normal server, and at this time, the first server is switched, specifically, the first server apis erver1 and apis erver2 are subjected to IPv6/IPv4 dual stack modification.
In one embodiment, the first server may be modified by IPv6/IPv4 dual stack in the following manner:
generating an interface server certificate and covering an original certificate in the first server;
generating a Kube configuration file based on IPv6 address communication;
modifying the first server configuration supports IPv6.
In this embodiment, an apis server certificate is first generated, and the original certificate is covered by the generated apis server certificate. In one embodiment, this may be achieved by the following commands:
Kubeadm init phase certs apiserver --config Kubeadm-config-v6.yaml。
next, a Kube profile (Kubeconfig file) is regenerated, and IPv6 address communication is used. In one embodiment, this may be achieved by the following commands:
Kubeadm init phase Kubeconfig all --cert-dir=/etc/Kubernetes/ssl/ --apiserver-advertise-address=2409:8c5b:ffff:1943::a。
finally, the configuration of the first server is modified to support IPv6.
In some of these embodiments, modifying the configuration of the first server includes one or more of:
modifying the broadcast address of the Kube API server to include an IPv6 address;
modifying the binding address of the Kube API server to support an IPv6 address;
modifying the service cluster IP address range of the Kube API server to support IPv6/IPv4 dual stack network segments;
modifying the binding address of Kube control management to support IPv6 address;
modifying the service cluster IP address range of Kube control management to support IPv6/IPv4 dual stack network segments;
modifying the binding address of the Kube scheduler to support an IPv6 address;
modifying the address of the Kubelet to support IPv6 address;
the node IP address that modifies the address of the Kubelet is an IPv6/IPv4 address.
In this embodiment, the modification to the Kube API server (Kube-API) includes:
modifications to the Kube-apiserver (Kube API server) include:
(1) The broadcast address is modified into an IPv6 address, so that the externally exposed address of the Kube-apiserver is IPv6.
(2) Modification-bind-address is: : ' so that Kube-apiserver listens to IPv6 addresses.
(3) modification-service-cluster-IP-range = < IPv6 CIDR >, < IPv4 CIDR >, to support dual stack network segments, and IPv6 address prioritization.
Modifications to the Kube-controller-manager (Kube control management) include:
(1) Modification-bind-address is: : ' so that the Kube-controller-manager listens to IPv6 addresses.
(2) modification-service-cluster-IP-range = < IPv6 CIDR >, < IPv4 CIDR >, -cluster-CIDR (CIDR segment for assigning IP to pod) = < IPv6 CIDR >, < IPv4 CIDR >, to support dual stack network segment, IPv6 address prioritization.
Modifications to the Kube-scheduler include: modification-bind-address is: : ' the Kube-scheduler is caused to listen to the IPv6 address.
Modifications to Kubelet include:
(1) Modifying the address parameter to be: : ' so that the Kubelet listens to IPv6 addresses.
(2) The node-IP (node IP address of address) parameter is modified to IPv6 and IPv4 addresses, separated by comma.
Thus, the IPv6/IPv4 dual stack modification of the first server is completed.
And then, after the first server finishes switching transformation for switching to IPv6/IPv4 dual stack, restoring communication connection with the load balancer. In some of these embodiments, the step of restoring the communication connection with the load balancer comprises:
the load balancer adds an interface of the first server.
In implementation, IPv6 of the APIserver1 and the APIserver2 is added as LB members, so that communication connection between each node and the APIserver1 and the APIserver2 can be reestablished, and the APIserver1 and the APIserver2 provide services for the K8s cluster.
Step 203: the second server isolates a communication connection with the load balancer.
As shown in fig. 3B, in the case where apis server1 and apis server2 are able to provide services normally, the communication connection between the second server apis server3 and the load balancer is isolated in the manner described above.
Step 204: and the second server is switched into an IPv6/IPv4 dual stack, and communication connection with the load balancer is restored after the switching is completed.
As shown in fig. 3C, when the second server apis erver3 is in the isolated state, the above manner is referred to perform IPv6/IPv4 dual stack modification on the second server apis erver3, and after the modification is completed, IPv6 of apis erver3 is added as an LB module, so that communication connection between each node and apis erver3 can be recovered.
In this way, in the technical scheme of the embodiment of the invention, when the IPv6/IPv4 dual stack modification is performed on the control plane, part of apis erver examples are always kept in a usable state, and meanwhile, the smooth performance of the IPv6/IPv4 dual stack modification on the control plane can be ensured.
The embodiment of the disclosure provides a method for switching K8s from IPv4 to IPv6/IPv4 dual stack, which is applied to K8s clusters.
In some of these embodiments, the method comprises:
acquiring an IPv6 modified configuration file;
generating configuration information required by IPv6/IPv4 dual stack modification according to the configuration file;
modifying the control plane interface server of the K8s cluster according to the configuration information, wherein the modification of the control plane interface server of the K8s cluster is performed by the method for switching K8s from IPv4 to IPv6/IPv4 dual stack according to any one of the above methods;
and modifying the service surface interface server of the K8s cluster according to the configuration information.
As shown in fig. 4, in this embodiment, the dual stack switching transformation of the K8s cluster may be implemented under the control of a controller (Operator).
In practice, a user first creates an IPv6 retrofit profile (configmap) as needed. After the controller monitors the creation of the configmap, the controller deserializes the configuration information required by the dual stack transformation of IPv6/IPv4 into the cluster according to the data in the configmap.
Next, the controller creates a Check host (Check host) of the K8s cluster, checks the state of the cluster before the double stack modification by the Check service, and updates the Check result into the configmap. In this embodiment, the inspection service needs to inspect the status of the control plane, the nodes, etc., and set the configuration file, etc.
After the check of the check service passes, the controller creates an LB update service (LB update), isolating the control plane API server instance that needs to be updated.
With reference to the above embodiment, the isolated control plane APIs erver instance does not receive new API requests any more, monitors whether APIs erver has already processed the API requests being processed, and if so, modifies LB configuration and removes the control plane APIs erver instance from LB.
After isolating the control plane, the Operator is responsible for creating IPv6/IPv4 remodeled services. The service performs the steps of smoothly switching the K8s cluster from IPv4 to IPv6/IPv4 dual stack according to the steps in sequence, and the dual stack transformation of the K8s cluster control surface is completed. The specific reference to the above embodiment may be made to the dual stack modification of the control plane, and will not be described herein.
In this embodiment, the service plane also needs to be modified by dual stacks. Specifically, the step of modifying the service plane includes dual stack modification of Kube-proxy, 7. CNI (calico), node and coreDNS.
The dual stack modification to Kube-proxy includes:
(1) The parameters-cluster-cidr= < IPv6 CIDR >, < IPv4 CIDR >, are modified to support dual stack segments.
(2) Modifying the binddress parameter to': : ' so that Kube-proxy listens to IPv6 addresses.
The dual stack adaptation of CNI (interworking between containers) comprises:
(1) Edit cniconfig, add "assignment_ipv6": "true", "IP6": "Autoact", "FELIX_IPVs 6SUPPORT": "true".
(2) Setting a parameter of CALICO_IPV6POOL_CIDR, and supporting the network segment of IPv6.
The dual stack modification for the Node includes:
(1) Modifying the address parameter to ": : ", so that the Kubelet listens to IPv6 addresses.
(2) The-node-ip parameter is modified into IPv6 and IPv4 addresses, and the addresses are separated by commas.
The dual stack adaptation for coreDNS includes:
(1) The coredns pod is restarted so that the pod obtains an IPv6/IPv4 dual stack address.
(2) The Kube-dns service is deleted and recreated so that the service has dual stack functionality.
After the double-stack transformation of the control plane and the service plane is completed, the controller cleans the residual resources. In one embodiment, if the modification is completed, the controller deletes the modified residual resources; if the transformation fails, cleaning work is not executed, and related resources are saved for problem investigation.
In this embodiment, the controller actively detects and executes the operation steps of completing the dual stack modification according to the relevant configmap configured by the user; meanwhile, by means of the method that the LB updater actively detects the APIserver state, the APIserver instance can clear resources after updating is successful, and zero influence of dual stack switching on services is guaranteed to the greatest extent.
The embodiment of the disclosure provides a device for switching K8s from IPv4 to IPv6/IPv4 dual stack, which is applied to a K8s cluster, wherein the K8s cluster comprises a plurality of Kube nodes, a load balancer and a plurality of control plane interface servers, the Kube nodes and the control plane interface servers are all in communication connection with the load balancer based on IPv4, and the plurality of control plane interface servers comprise at least one first server and at least one second server;
as shown in fig. 5, in one embodiment, the apparatus 500 for switching K8s from IPv4 to IPv6/IPv4 dual stack includes:
an isolation module 501 for controlling the communication connection of the first server isolation and the load balancer;
a switching module 502, configured to control the first server to switch to an IPv6/IPv4 dual stack, and restore communication connection with the load balancer after switching is completed;
the isolation module 501 is further configured to control the second server to isolate a communication connection with the load balancer;
the switching module 502 is further configured to control the second server to switch to an IPv6/IPv4 dual stack, and restore communication connection with the load balancer after switching is completed.
In some of these embodiments, the isolation module 501 includes:
a shielding submodule, configured to shield an API request application by the first server;
the monitoring submodule is used for monitoring the API request in the processing state by the first server;
a sending sub-module, configured to send a notification signal to the load balancer after the first server finishes processing the API request in the processing state;
and the deleting submodule is used for deleting the interface of the first server according to the notification signal by the load balancer.
In some of these embodiments, the switching module 502 includes:
the covering sub-module is used for generating an interface server certificate and covering the original certificate in the first server;
the configuration file generation submodule is used for generating a Kube configuration file based on IPv6 address communication;
and the modification submodule is used for modifying the first server to configure and support IPv6.
In some of these embodiments, the modification sub-module is specifically configured to perform one or more of the following:
modifying the broadcast address of the Kube API server to include an IPv6 address;
modifying the binding address of the Kube API server to support an IPv6 address;
modifying the service cluster IP address range of the Kube API server to support IPv6/IPv4 dual stack network segments;
modifying the binding address of Kube control management to support IPv6 address;
modifying the service cluster IP address range of Kube control management to support IPv6/IPv4 dual stack network segments;
modifying the binding address of the Kube scheduler to support an IPv6 address;
modifying the address of the Kubelet to support IPv6 address;
the node IP address that modifies the address of the Kubelet is an IPv6/IPv4 address.
In some embodiments, the switching module 502 is specifically configured to:
the load balancer adds an interface of the first server.
The embodiment of the disclosure provides a device for switching K8s from IPv4 to IPv6/IPv4 dual stack, which is applied to a K8s cluster, and comprises:
the configuration file acquisition module is used for acquiring an IPv6 modified configuration file;
the configuration information generation module is used for generating configuration information required by the IPv6/IPv4 dual stack transformation according to the configuration file;
a control plane modification module, configured to modify a control plane interface server of the K8s cluster according to the configuration information, where modifying the control plane interface server of the K8s cluster is performed by any one of the methods of the first aspect that switches K8s from IPv4 to IPv6/IPv4 dual stack;
and the service plane transformation module is used for transforming the service plane interface server of the K8s cluster according to the configuration information.
The device 500 for switching K8s from IPv4 to IPv6/IPv4 dual stack according to the embodiments of the present disclosure can implement each process in the foregoing method embodiment, and achieve the same technical effects, so that repetition is avoided, and no further description is given here.
Referring to fig. 6, fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure, and as shown in fig. 6, the electronic device includes: may include a processor 601, a memory 602, and a program 6021 stored on the memory 602 and executable on the processor 601.
The program 6021, when executed by the processor 601, may implement any steps and achieve the same advantageous effects in the method embodiment corresponding to fig. 1, and will not be described herein.
Those of ordinary skill in the art will appreciate that all or a portion of the steps of implementing the methods of the embodiments described above may be implemented by hardware associated with program instructions, where the program may be stored on a readable medium.
The embodiment of the present disclosure further provides a readable storage medium, where a computer program is stored, where the computer program when executed by a processor may implement any step in the method embodiment corresponding to fig. 1, and may achieve the same technical effect, so that repetition is avoided, and no further description is provided herein.
The computer-readable storage media of the embodiments of the present disclosure may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or terminal. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
While the foregoing is directed to the preferred implementation of the disclosed embodiments, it should be noted that numerous modifications and adaptations to those skilled in the art may be made without departing from the principles of the disclosure, and such modifications and adaptations are intended to be within the scope of the disclosure.

Claims (9)

1. A method for switching K8s from IPv4 to IPv6/IPv4 dual stack, applied to a K8s cluster, wherein the K8s cluster includes a plurality of Kube nodes, a load balancer, and a plurality of control plane interface servers, the Kube nodes and the control plane interface servers are all communicatively connected to the load balancer based on IPv4, and the plurality of control plane interface servers include at least one first server and at least one second server;
the method comprises the following steps:
the first server is isolated from communication connection with the load balancer, and the second server still maintains an original connection state;
the first server is switched into an IPv6/IPv4 dual stack, and communication connection with the load balancer is restored after switching is completed;
when the first server normally provides service, the second server isolates communication connection with the load balancer;
the second server is switched into an IPv6/IPv4 dual stack, and communication connection with the load balancer is restored after switching is completed;
wherein the first server isolates a communication connection with the load balancer, comprising:
the first server shields an API request application;
the first server monitors an API request in a processing state;
after the first server finishes processing the API request in the processing state, sending a notification signal to the load balancer;
the load balancer deletes the interface of the first server according to the notification signal.
2. The method of claim 1, wherein the first server switches to an IPv6/IPv4 dual stack, comprising:
generating an interface server certificate and covering an original certificate in the first server;
generating a Kube configuration file based on IPv6 address communication;
modifying the first server configuration supports IPv6.
3. The method of claim 2, wherein the modifying the first server configuration to support IPv6 comprises one or more of:
modifying the broadcast address of the Kube API server to include an IPv6 address;
modifying the binding address of the Kube API server to support an IPv6 address;
modifying the service cluster IP address range of the Kube API server to support IPv6/IPv4 dual stack network segments;
modifying the binding address of Kube control management to support IPv6 address;
modifying the service cluster IP address range of Kube control management to support IPv6/IPv4 dual stack network segments;
modifying the binding address of the Kube scheduler to support an IPv6 address;
modifying the address of the Kubelet to support IPv6 address;
the node IP address that modifies the address of the Kubelet is an IPv6/IPv4 address.
4. The method of claim 2, wherein restoring the communication connection with the load balancer comprises:
the load balancer adds an interface of the first server.
5. A method for switching K8s from IPv4 to IPv6/IPv4 dual stack, applied to a K8s cluster, the method comprising:
acquiring an IPv6 modified configuration file;
generating configuration information required by IPv6/IPv4 dual stack modification according to the configuration file;
modifying the control plane interface server of the K8s cluster according to the configuration information, wherein the modification of the control plane interface server of the K8s cluster is performed by the method for switching K8s from IPv4 to IPv6/IPv4 dual stack according to any one of claims 1 to 4;
and modifying the service surface interface server of the K8s cluster according to the configuration information.
6. The device for switching K8s from IPv4 to IPv6/IPv4 dual stack is characterized by being applied to a K8s cluster, wherein the K8s cluster comprises a plurality of Kube nodes, a load balancer and a plurality of control plane interface servers, the Kube nodes and the control plane interface servers are in communication connection with the load balancer based on IPv4, and the plurality of control plane interface servers comprise at least one first server and at least one second server;
the device comprises:
the isolation module is used for controlling the first server to isolate the communication connection with the load balancer, and the second server still maintains the original connection state;
the switching module is used for controlling the first server to switch into an IPv6/IPv4 dual stack and recovering the communication connection with the load balancer after the switching is completed;
the isolation module is further used for controlling the second server to isolate communication connection with the load balancer when the first server normally provides service;
the switching module is further used for controlling the second server to switch to an IPv6/IPv4 dual stack and restoring communication connection with the load balancer after switching is completed;
wherein, the isolation module includes:
a shielding submodule, configured to shield an API request application by the first server;
the monitoring submodule is used for monitoring the API request in the processing state by the first server;
a sending sub-module, configured to send a notification signal to the load balancer after the first server finishes processing the API request in the processing state;
and the deleting submodule is used for deleting the interface of the first server according to the notification signal by the load balancer.
7. An apparatus for switching K8s from IPv4 to IPv6/IPv4 dual stack, the apparatus being applied to a K8s cluster, the apparatus comprising:
the configuration file acquisition module is used for acquiring an IPv6 modified configuration file;
the configuration information generation module is used for generating configuration information required by the IPv6/IPv4 dual stack transformation according to the configuration file;
a control plane modification module, configured to modify a control plane interface server of the K8s cluster according to the configuration information, where modifying the control plane interface server of the K8s cluster is performed by a method according to any one of claims 1 to 4, where the method is used to switch K8s from IPv4 to IPv6/IPv4 dual stack;
and the service plane transformation module is used for transforming the service plane interface server of the K8s cluster according to the configuration information.
8. An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the method according to any one of claims 1 to 4 when executed by the processor; or alternatively
The steps of implementing the method of claim 5.
9. A readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the steps of the method according to any of claims 1 to 4; or alternatively
The steps of implementing the method of claim 5.
CN202311025133.XA 2023-08-15 2023-08-15 Method, device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack Active CN116743573B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311025133.XA CN116743573B (en) 2023-08-15 2023-08-15 Method, device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311025133.XA CN116743573B (en) 2023-08-15 2023-08-15 Method, device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack

Publications (2)

Publication Number Publication Date
CN116743573A CN116743573A (en) 2023-09-12
CN116743573B true CN116743573B (en) 2023-11-03

Family

ID=87904796

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311025133.XA Active CN116743573B (en) 2023-08-15 2023-08-15 Method, device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack

Country Status (1)

Country Link
CN (1) CN116743573B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114237812A (en) * 2021-11-10 2022-03-25 上海浦东发展银行股份有限公司 Container network management system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023797B (en) * 2011-09-23 2016-06-15 百度在线网络技术(北京)有限公司 The method of data center systems and device and offer service
US20140006632A1 (en) * 2012-07-02 2014-01-02 Cisco Technology, Inc. Multiplexer Load Balancer for Session Initiation Protocol Traffic

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114237812A (en) * 2021-11-10 2022-03-25 上海浦东发展银行股份有限公司 Container network management system

Also Published As

Publication number Publication date
CN116743573A (en) 2023-09-12

Similar Documents

Publication Publication Date Title
US11429369B2 (en) Distributed upgrade in virtualized computing environments
US7869373B2 (en) High-availability network systems
US10116735B2 (en) Service migration across cluster boundaries
CN107729176B (en) Disaster recovery method and disaster recovery system for configuration file management system
US11314524B2 (en) Method, apparatus, and computer program product for managing service container
US11997015B2 (en) Route updating method and user cluster
CN107210924B (en) Method and apparatus for configuring a communication system
US10110434B2 (en) Cloud orchestrated cloud connector upgrades
US20080183878A1 (en) System And Method For Dynamic Patching Of Network Applications
US20220209992A1 (en) Customer activation on edge computing environment
CN112187532A (en) Node control method and system
US11863377B2 (en) Discovery and configuration in computer networks
CN113760461B (en) Version upgrading method and computer readable storage medium
CN116743573B (en) Method, device and related equipment for switching K8s from IPv4 to IPv6/IPv4 dual stack
CN110768812A (en) Server management system and method
CN113268254A (en) Cluster system installation method and device, electronic equipment and storage medium
CN112667293A (en) Method, device and storage medium for deploying operating system
US11709749B1 (en) Diagnostic data collection for kubernetes
US7805733B2 (en) Software implementation of hardware platform interface
CN111741102B (en) Upgrading method and device for distributed micro-service application
CN115225493A (en) Wiraguard-based configuration generation method and equipment for networking nodes
CN114827017A (en) Kafka cluster communication method and device, electronic equipment and storage medium
CN111857759A (en) Technical method for realizing honeypot service container distributed deployment based on kubernets
US10348673B2 (en) Management server system, system, method of system, and storage medium
CN112395049A (en) Service server calling method, system, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant