CN116743585B - Multi-tenant API gateway service exposure system and method based on cloud protogenesis - Google Patents
Multi-tenant API gateway service exposure system and method based on cloud protogenesis Download PDFInfo
- Publication number
- CN116743585B CN116743585B CN202311000549.6A CN202311000549A CN116743585B CN 116743585 B CN116743585 B CN 116743585B CN 202311000549 A CN202311000549 A CN 202311000549A CN 116743585 B CN116743585 B CN 116743585B
- Authority
- CN
- China
- Prior art keywords
- tenant
- api gateway
- load balancing
- service
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000008859 change Effects 0.000 claims abstract description 4
- 230000037430 deletion Effects 0.000 claims description 11
- 238000012217 deletion Methods 0.000 claims description 11
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000011144 upstream manufacturing Methods 0.000 abstract description 3
- 238000002955 isolation Methods 0.000 description 8
- 230000006872 improvement Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0659—Management of faults, events, alarms or notifications using network fault recovery by isolating or reconfiguring faulty entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/0816—Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1034—Reaction to server failures by a load balancer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a cloud-protogenesis-based multi-tenant API gateway service exposure system and a cloud-protogenesis-based multi-tenant API gateway service exposure method.A tenant configuration management system receives tenant configuration requests, an API gateway instance controller monitors tenant information change, creates an API gateway instance for a newly added tenant and sends a load balancing service configuration request to a load balancing service controller, the load balancing service controller dynamically creates load balancing services for the API gateway instance according to the load balancing service configuration request and distributes IP, a gateway strategy configuration system receives tenant configuration requests, configures routing strategies for the API gateway instance, a domain name analysis configuration management system binds domain names and load balancing service IP in the routing strategies for the newly added tenant, and the tenant accesses services deployed on kubenetes clusters through the domain names or the load balancing service IP. The system provides a management control interface for routing, upstream, service and consumers for tenants.
Description
Technical Field
The invention belongs to the technical field of cloud computing, and particularly relates to a cloud-protogenesis-based multi-tenant API gateway service exposure system and method.
Background
Under a multi-tenant scene, services in kubernetes clusters are exposed through a unified API gateway, traffic of all tenants enters the clusters through the unified API gateway, a certain risk exists, and once the API gateway fails, all the tenants are affected. In addition, for the unified API gateway, the problem of isolation such as routing is faced, and the traditional technical scheme can identify the tenant by using authentication or adding a field in the request, so that the routing achieves the isolation of the tenant level, and the method needs to perform certain modification on the client and is not imperceptible to the tenant.
Disclosure of Invention
Aiming at the technical problems, the invention provides a system and a method for exposing services on kubernetes clusters, wherein the system and the method are not perceived by users, fault isolation among tenants and resource isolation are realized.
A cloud-native based multi-tenant API gateway service exposure system, comprising: the tenant configuration management system is connected with the API gateway instance controller, the API gateway instance controller is respectively connected with the load balancing service controller and the gateway policy configuration system,
the tenant configuration management system is used for receiving tenant configuration requests and storing tenant information into kubernetes clusters in a user-defined resource mode;
the API gateway instance controller is used for monitoring tenant information change in the kuubertenes cluster, creating an API gateway instance for the newly added tenant and sending a load balancing service configuration request to the load balancing service controller; the API gateway instance controller is used for deleting the API gateway instance for the tenant to be deleted and sending a domain name deleting request to the domain name resolution configuration management system;
the load balancing service controller is used for receiving a load balancing service configuration request, dynamically creating kubernetes load balancing service for the API gateway instance according to the load balancing service configuration request and distributing a load balancing service IP;
the gateway policy configuration system is used for receiving the tenant configuration request and configuring the routing policy for the API gateway instance.
Preferably, the system also comprises a domain name resolution configuration management system, wherein the domain name resolution configuration management system is respectively connected with the gateway policy configuration system and the API gateway instance controller, and is used for receiving the binding requirement sent by the gateway policy configuration system and binding the domain name in the routing policy and the load balancing service IP for the newly added tenant; the domain name resolution configuration management system is used for receiving a domain name deletion request sent by the API gateway instance controller and deleting the registered domain name for the tenant to be deleted.
Preferably, the API gateway instance controller and the tenant configuration management system are both controllers implemented based on kubernetes user-defined resources.
Preferably, the load balancing service controller is specifically OpenELB.
Preferably, the API gateway instance is specifically apimix.
Preferably, the domain name resolution configuration management system is embodied as coreDNS.
Preferably, the gateway policy configuration system is specifically an application capable of performing configuration modification on the apisIX policy by using the read-write etcd.
A multi-tenant API gateway service exposure method based on cloud protocal adopts a multi-tenant API gateway service exposure system based on cloud protocal to carry out service exposure, the method comprises the following steps:
s1, constructing a kubernetes cluster environment, deploying a domain name resolution configuration management system, a tenant configuration management system, a gateway strategy configuration system, an API gateway instance controller and a load balancing service controller on the kubernetes cluster environment, and storing the configuration of the domain name resolution configuration management system, the tenant configuration management system and the gateway strategy configuration system into the kubernetes cluster in a user-defined resource mode;
s2, the tenant configuration management system receives tenant configuration requests;
s3, the API gateway instance controller monitors tenant configuration requests in the kuuberes cluster, if the tenant configuration requests are newly added tenants, an API gateway instance is created for the newly added tenants, and a load balancing service configuration request is sent to the load balancing service controller;
s4, the load balancing service controller receives a load balancing service configuration request, dynamically creates kubernetes load balancing service for the API gateway instance and distributes load balancing service IP;
s5, the gateway policy configuration system receives the newly added tenant configuration request, configures a routing policy for the API gateway instance, wherein the routing policy comprises a domain name, and sends a binding request to a domain name resolution configuration management system;
s6, the domain name resolution configuration management system receives the binding request and binds the domain name and the load balancing service IP in the routing strategy for the newly added tenant;
s7, the tenant accesses the service deployed on the kubernetes cluster through a domain name or a load balancing service IP.
Preferably, in S3, the API gateway instance controller monitors a tenant configuration request in the kubernetes cluster, if the tenant configuration request is a deletion tenant, deleting a corresponding API gateway instance through the API gateway instance controller, and sending a domain name deletion request to a domain name resolution configuration management system, where the domain name resolution configuration management system deletes the registered domain name.
Preferably, in S7, when the tenant accesses the service deployed on the kubernetes cluster through the domain name, the method specifically includes:
s71, a domain name configuration management analysis system analyzes the domain name as a load balancing service IP, and guides the tenant service flow to the load balancing service created by a load balancing service controller;
s72, forwarding the tenant service flow to an API gateway instance by the load balancing service;
s73, the API gateway instance forwards the tenant service flow to the corresponding service in the cluster according to the route configuration.
Preferably, in S7, when the tenant accesses a service deployed on the kubernetes cluster through the load balancing service IP, the method specifically includes:
s74, forwarding the tenant service flow to the API gateway instance by the load balancing service;
s75, the API gateway instance forwards the tenant service flow to the corresponding service in the kubernetes cluster.
The system comprises a domain name resolution configuration management system, a tenant configuration management system, a gateway policy configuration system, an API gateway instance controller and a load balancing service controller, wherein the configuration request is received through the tenant configuration management system, and tenant information is stored in the kubernetes cluster in a user-defined resource form; monitoring tenant changes in the kuuberes cluster through an API gateway instance controller, if the tenant changes to be a newly added tenant, creating an API gateway instance for the newly added tenant, and sending a load balancing service configuration request to the tenant configuration request load balancing service controller; receiving a tenant configuration request and a load balancing service configuration request through a load balancing service controller, dynamically creating kubernetes load balancing service for an API gateway instance of the tenant configuration request and distributing an externally accessible IP; receiving a configuration request through a gateway policy configuration system, and configuring a routing policy for a tenant configuration request API gateway instance; the tenant configuration request domain name resolution configuration management system is used for binding domain names in tenant configuration request routing policies and tenant configuration request API gateway instances for newly added tenants; the tenant accesses the service deployed on the kubernetes cluster through a domain name or load balancing service IP. A fault isolation and resource isolation gateway instance can be provided for the tenant, and an API gateway configuration object management interface such as routing, upstream, service, consumer and the like is provided for the tenant.
Drawings
FIG. 1 is a schematic diagram of a multi-tenant API gateway service exposure system based on cloud native in accordance with an embodiment of the present invention;
fig. 2 is a flowchart of a method for exposing a multi-tenant API gateway service based on cloud native in an embodiment of the present invention.
Detailed Description
In order to make the technical scheme of the present invention better understood by those skilled in the art, the present invention will be further described in detail with reference to the accompanying drawings.
A multi-tenant API gateway service exposure system based on cloud protogenesis is provided, which is arranged on a kubernetes cluster and comprises a tenant configuration management system, an API gateway instance controller, a load balancing service controller and a gateway strategy configuration system, wherein the tenant configuration management system is connected with the API gateway instance controller, the API gateway instance controller is respectively connected with the load balancing service controller and the gateway strategy configuration system,
the tenant configuration management system is used for receiving tenant configuration requests and storing tenant information into kubernetes clusters in a user-defined resource mode;
the API gateway instance controller is used for monitoring tenant information change in the kuubertenes cluster, creating an API gateway instance for the newly added tenant and sending a load balancing service configuration request to the load balancing service controller; the API gateway instance controller is used for deleting the API gateway instance for the tenant to be deleted and sending a domain name deleting request to the domain name resolution configuration management system;
the load balancing service controller is used for receiving a load balancing service configuration request, dynamically creating kubernetes load balancing service for the API gateway instance according to the load balancing service configuration request and distributing a load balancing service IP;
the gateway policy configuration system is used for receiving the tenant configuration request and configuring the routing policy for the API gateway instance.
Specifically, referring to fig. 1, fig. 1 is a schematic diagram of an architecture of a cloud-native-based multi-tenant API gateway service exposure system according to an embodiment of the invention.
Setting up a kubernetes cluster environment, and arranging a tenant configuration management system, an API gateway instance controller, a load balancing service controller and a gateway strategy configuration system in the kubernetes cluster, wherein the tenant configuration management system is connected with the API gateway instance controller, and the API gateway instance controller is respectively connected with the load balancing service controller and the gateway strategy configuration system. The tenant configuration management system receives tenant configuration requests and stores tenant information into kubernetes clusters in the form of user-defined resources (CRDs, custom Resource Definition); the API gateway instance controller creates or deletes API gateway instances A, B, c. for the tenant by monitoring changes in the tenant CR (customer Resource) in the cluster, and sends a kubernetes load balancing service configuration request for the created API gateway instance; the load balancing service controller monitors a new load balancing service configuration request, dynamically creates a kubernetes load balancing service for an API gateway instance, and distributes an externally accessible IP for the kubernetes load balancing service; the gateway policy configuration system receives the tenant configuration request, configures a routing policy for the API gateway instance, and establishes an association relationship of the proxy for the http request and the specific back-end service.
As a further improvement of the embodiment, the cloud-protogenic multi-tenant API gateway service exposure system further includes a domain name resolution configuration management system, which is respectively connected with the gateway policy configuration system and the API gateway instance controller, and is configured to accept a binding requirement sent by the gateway policy configuration system, and bind a domain name and a load balancing service IP in a routing policy for a newly added tenant; the domain name resolution configuration management system is used for receiving a domain name deletion request sent by the API gateway instance controller and deleting the registered domain name for the tenant to be deleted.
Specifically, if the routing policy includes a domain name, after receiving a binding request from the gateway policy configuration system, the domain name resolution configuration management system binds the domain name with an externally accessible load balancing service IP, for example, binds the domain names www.test.com and IP1.1.1.1, and then resolves www.test.com to 1.1.1.1.1; and after receiving the domain name deleting request sent by the API gateway instance controller, the domain name analysis configuration management system deletes the registered domain name for the tenant to be deleted.
As a further improvement of the present embodiment, the API gateway instance controller and the tenant configuration management system are both controllers implemented based on kubernetes user-defined resources.
Specifically, taking an API gateway instance controller as an example, the working process is as follows:
the method comprises the steps that an API gateway instance controller monitors tenant configuration requests of gateway instances in kubernetes user-defined resources, if a tenant newly-added event occurs, the API gateway instance controller creates an API gateway instance for the newly-added tenant, if the tenant deleting event occurs, the API gateway instance of the deleted tenant is updated, and if the effect updating event occurs, the configuration is updated for the API gateway instance. The working process of the tenant configuration management system is similar to that of the API gateway instance controller, and will not be described here again.
As a further improvement of the present embodiment, the load balancing service controller is specifically OpenELB.
As a further improvement of this embodiment, the API gateway is specifically apimix.
As a further improvement of the present embodiment, the domain name resolution configuration management system is specifically coreDNS.
As a further improvement of this embodiment, the gateway policy configuration system is specifically an http service that receives the user configuration request and performs policy configuration on the apimix.
Specifically, if the API gateway adopts apiix, the gateway policy configuration system is specifically an http service that receives the user configuration request and performs policy configuration on the apiix. The API gateway instance controller monitors an newly added or deleted event of a tenant CR (customer Resource) through a list-watch mechanism, if the monitored event is a newly added tenant, an APISIX instance is created according to the tenant CR, a load balancing service configuration request is created for the APISIX instance, and the load balancing service controller OpenELB selects an unallocated IP as an IP of the load balancing service from an IP pool according to the monitored load balancing service configuration request, and takes the IP as an access entry of the APISIX instance; the gateway policy configuration system configures a routing policy for the newly added tenant, and stores the routing policy in the etcd connected with the apiix instance. If the event monitored by the API gateway instance controller through the list-watch mechanism is the deletion tenant, deleting the corresponding APISIX instance.
If the gateway policy configuration system contains a domain name attribute in the routing policy configured for the newly added tenant, sending a binding requirement to a domain name resolution configuration management system coreDNS, coreDNS to bind the domain name with the newly added tenant gateway instance load balancing service IP and synchronize the domain name with the coreDNS; aiming at the tenant to be deleted, after receiving a domain name deleting request sent by an API gateway instance controller, the coreDNS deletes the registered domain name for the tenant to be deleted.
The invention also provides a multi-tenant API gateway service exposure method based on the cloud protogenesis, which adopts the multi-tenant API gateway service exposure system based on the cloud protogenesis to carry out service exposure, and the method comprises the following steps:
s1, constructing a kubernetes cluster environment, deploying a domain name resolution configuration management system, a tenant configuration management system, a gateway strategy configuration system, an API gateway instance controller and a load balancing service controller on the kubernetes cluster environment, and storing the configuration of the domain name resolution configuration management system, the tenant configuration management system and the gateway strategy configuration system into the kubernetes cluster in a user-defined resource mode;
s2, the tenant configuration management system receives tenant configuration requests;
s3, the API gateway instance controller monitors tenant configuration requests in the kuuberes cluster, if the tenant configuration requests are newly added tenants, an API gateway instance is created for the newly added tenants, and a load balancing service configuration request is sent to the load balancing service controller;
s4, the load balancing service controller receives a load balancing service configuration request, dynamically creates kubernetes load balancing service for the API gateway instance and distributes load balancing service IP;
s5, the gateway policy configuration system receives the newly added tenant configuration request, configures a routing policy for the API gateway instance, wherein the routing policy comprises a domain name, and sends a binding request to a domain name resolution configuration management system;
s6, the domain name resolution configuration management system receives the binding request and binds the domain name and the load balancing service IP in the routing strategy for the newly added tenant;
s7, the tenant accesses the service deployed on the kubernetes cluster through a domain name or a load balancing service IP.
Specifically, referring to fig. 2, fig. 2 is a flowchart of a method for exposing a multi-tenant API gateway service based on cloud native according to an embodiment of the present invention.
A multi-tenant API gateway service exposure method based on cloud protogenesis comprises the following specific processes of creating from tenants, API gateway instances, creating load balancing service, registering domain names and forwarding API traffic:
firstly, constructing a kubernetes cluster environment, and butting a set of available storage schemes on the kubernetes cluster through a container storage interface (csi), wherein object storage services provided by MinIO are used as the storage schemes so as to persist tenants, API gateway instances and load balancing services; then a domain name resolution configuration management system, a tenant configuration management system, a gateway strategy configuration system, an API gateway instance controller and a load balancing service controller are deployed on the kubernetes cluster environment, and tenant configuration information, an API gateway instance and a load balancing service are all stored in the kubernetes cluster through the form of user-defined resources (CRD, custom Resource Definition):
the tenant configuration management system performs operations such as addition, deletion, modification and the like on tenants according to tenant configuration requests, and stores tenant configuration information into a cluster in a form of user-defined resources (CRD, custom Resource Definition);
the API gateway instance controller monitors tenant configuration information of the tenant configuration management system through a list-watch mechanism, namely a newly added tenant or a deleted tenant event, and if the newly added tenant event is the newly added tenant event, the API gateway instance controller creates an API gateway instance and a load balancing service configuration request for the newly added tenant;
the load balancing service controller monitors a load balancing service configuration request through a list-watch mechanism, dynamically creates kubernetes load balancing service for an API gateway instance, and distributes an IP which has a load balancing function and can provide access for an application outside the cluster, namely a load balancing service IP;
configuring a routing policy for the created API gateway instance in the gateway policy configuration system, wherein the routing policy establishes an association relationship between an http request and a specific back-end service, and if the routing policy contains a domain name attribute, the gateway policy configuration system sends a binding request to a domain name resolution configuration management system;
after receiving the binding request, the domain name resolution configuration management system binds the domain name with the load balancing service IP, synchronizes to the domain name resolution configuration management system, and deploys services on the kubernetes cluster through domain name access by the tenant.
In one embodiment, the API gateway instance controller in S3 monitors a tenant configuration request in the kubernetes cluster, if the tenant configuration request is a deletion tenant, deleting a corresponding API gateway instance by the API gateway instance controller, and sending a domain name deletion request to a domain name resolution configuration management system, where the domain name resolution configuration management system deletes the registered domain name.
Specifically, the API gateway instance controller monitors the tenant configuration request of the tenant configuration management system through a list-watch mechanism, that is, adds a tenant or deletes a tenant event, if the tenant event is deleted, the API gateway instance controller deletes the corresponding API gateway instance of the tenant, and notifies the domain name resolution configuration management system to delete the domain name registered by the tenant.
In one embodiment, when the tenant accesses the service deployed on the kubernetes cluster through the domain name in S7, the method specifically includes:
s71, a domain name configuration management analysis system analyzes the domain name as a load balancing service IP, and guides the tenant service flow to the load balancing service created by a load balancing service controller;
s72, forwarding the tenant service flow to an API gateway instance by the load balancing service;
s73, the API gateway instance forwards the tenant service flow to the corresponding service in the cluster according to the route configuration.
In one embodiment, when the tenant accesses the service deployed on the kubernetes cluster through the load balancing service IP in S7, the method specifically includes:
s74, forwarding the tenant service flow to the API gateway instance by the load balancing service;
s75, the API gateway instance forwards the tenant service flow to the corresponding service in the kubernetes cluster.
Specifically, the tenant accesses the service deployed on the kubernetes cluster through a domain name, the domain name configuration management analysis system analyzes the domain name as a load balancing service IP (IP distributed by a load balancing service controller), then the tenant service flow is led to the load balancing service, and then the load balancing service is forwarded to an API gateway instance, and then the API gateway instance is forwarded to the corresponding service in the cluster according to a routing strategy (the routing strategy is that the association relationship between an http request and a specific back-end service is established); if the tenant directly accesses the corresponding service in the cluster through the load balancing service IP, the load balancing service forwards the tenant service flow to the API gateway instance, and then the API gateway instance forwards the tenant service flow to the corresponding service in the cluster.
The system and the method for exposing the multi-tenant API gateway service based on the cloud protogenesis are characterized in that a domain name resolution configuration management system, a tenant configuration management system, a gateway strategy configuration system, an API gateway instance controller and a load balancing service controller are deployed on a kubernetes cluster environment, a configuration request is received through the tenant configuration management system, and tenant information is stored in the kubernetes cluster in a user-defined resource form; monitoring tenant changes in the kuuberes cluster through an API gateway instance controller, if the tenant changes to be a newly added tenant, creating an API gateway instance for the newly added tenant, and sending a load balancing service configuration request to the tenant configuration request load balancing service controller; receiving a tenant configuration request and a load balancing service configuration request through a load balancing service controller, dynamically creating kubernetes load balancing service for an API gateway instance of the tenant configuration request and distributing an externally accessible IP; receiving a configuration request through a gateway policy configuration system, and configuring a routing policy for a tenant configuration request API gateway instance; the tenant configuration request domain name resolution configuration management system is used for binding domain names in tenant configuration request routing policies and tenant configuration request API gateway instances for newly added tenants; the tenant accesses the service deployed on the kubernetes cluster through a domain name or load balancing service IP. By deploying the multi-tenant API gateway service exposure system on the kubernetes cluster, a fault isolation and resource isolation gateway instance is provided for tenants, and a management interface of an API gateway configuration object such as routing, upstream, service, consumer and the like is provided for tenants.
The system and the method for exposing the multi-tenant API gateway service based on the cloud protogenesis are described in detail. The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to facilitate an understanding of the core concepts of the invention. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the invention can be made without departing from the principles of the invention and these modifications and adaptations are intended to be within the scope of the invention as defined in the following claims.
Claims (9)
1. A cloud-native based multi-tenant API gateway service exposure system, comprising: the system comprises a tenant configuration management system, an API gateway instance controller, a load balancing service controller and a gateway policy configuration system which are arranged on a kubernetes cluster, wherein the tenant configuration management system is connected with the API gateway instance controller, the API gateway instance controller is respectively connected with the load balancing service controller and the gateway policy configuration system,
the tenant configuration management system is used for receiving tenant configuration requests and storing tenant information into kubernetes clusters in a user-defined resource mode;
the API gateway instance controller is used for monitoring tenant information change in the kuubertenes cluster, creating an API gateway instance for the newly added tenant and sending a load balancing service configuration request to the load balancing service controller; the API gateway instance controller is used for deleting the API gateway instance for the tenant to be deleted and sending a domain name deleting request to the domain name resolution configuration management system;
the load balancing service controller is used for receiving the load balancing service configuration request, dynamically creating kubernetes load balancing service for the API gateway instance according to the load balancing service configuration request and distributing load balancing service IP;
the gateway policy configuration system is used for receiving the tenant configuration request and configuring a routing policy for the API gateway instance;
the system also comprises a domain name resolution configuration management system, wherein the domain name resolution configuration management system is respectively connected with the gateway policy configuration system and the API gateway instance controller, and is used for receiving a binding requirement sent by the gateway policy configuration system and binding a domain name in the routing policy and the load balancing service IP for a newly added tenant; the domain name resolution configuration management system is configured to receive the domain name deletion request sent by the API gateway instance controller, and delete the registered domain name for the tenant to be deleted.
2. The cloud-native based multi-tenant API gateway service exposure system of claim 1, wherein the API gateway instance controller and the tenant configuration management system are both controllers implemented based on kubernetes user-defined resources.
3. The cloud-native based multi-tenant API gateway service exposure system of claim 2, wherein said load balancing service controller is in particular OpenELB.
4. The cloud-native based multi-tenant API gateway service exposure system of claim 3, wherein said API gateway is specifically apimix.
5. The cloud-native based multi-tenant API gateway service exposure system of claim 4, wherein said domain name resolution configuration management system is embodied as coreDNS.
6. A method for exposing a multi-tenant API gateway service based on cloud proto-genesis, using the multi-tenant API gateway service exposure system based on cloud proto-genesis according to any one of claims 1 to 5, the method comprising:
s1, constructing a kubernetes cluster environment, deploying a domain name resolution configuration management system, a tenant configuration management system, a gateway strategy configuration system, an API gateway instance controller and a load balancing service controller on the kubernetes cluster environment, and storing the configuration of the domain name resolution configuration management system, the tenant configuration management system and the gateway strategy configuration system into the kubernetes cluster in a user-defined resource mode;
s2, the tenant configuration management system receives tenant configuration requests;
s3, the API gateway instance controller monitors the tenant configuration request in the kubernetes cluster, if the tenant configuration request is a new tenant, an API gateway instance is created for the new tenant, and a load balancing service configuration request is sent to the load balancing service controller;
s4, the load balancing service controller receives the load balancing service configuration request, dynamically creates kubernetes load balancing service for the API gateway instance and distributes load balancing service IP;
s5, the gateway policy configuration system receives a newly added tenant configuration request, configures a routing policy for the API gateway instance, wherein the routing policy comprises a domain name, and the gateway policy configuration system sends a binding request to the domain name resolution configuration management system;
s6, the domain name resolution configuration management system receives the binding request and binds the domain name in the routing strategy and the load balancing service IP for the newly added tenant;
s7, the tenant accesses the service deployed on the kubernetes cluster through a domain name or a load balancing service IP.
7. The cloud-native-based multi-tenant API gateway service exposure method of claim 6, wherein the API gateway instance controller in S3 listens to the tenant configuration request in the kubernetes cluster, if the tenant configuration request is a deletion tenant, deleting the corresponding API gateway instance by the API gateway instance controller, and sending a domain name deletion request to the domain name resolution configuration management system, which deletes the registered domain name.
8. The cloud-native based multi-tenant API gateway service exposure method of claim 7, wherein when a tenant accesses a service deployed on a kubernetes cluster through a domain name in S7, specifically comprising:
s71, the domain name configuration management analysis system analyzes the domain name as a load balancing service IP, and guides tenant service flow to the load balancing service created by the load balancing service controller;
s72, the load balancing service forwards the tenant service flow to an API gateway instance;
s73, the API gateway instance forwards the tenant service flow to the corresponding service in the cluster according to the routing configuration.
9. The cloud-native based multi-tenant API gateway service exposure method of claim 8, wherein when a tenant accesses a service deployed on a kubernetes cluster through a load balancing service IP in S7, specifically comprising:
s74, forwarding the tenant service flow to an API gateway instance by the load balancing service;
and S75, forwarding the tenant service flow to a corresponding service in a kubernetes cluster by the API gateway instance.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311000549.6A CN116743585B (en) | 2023-08-10 | 2023-08-10 | Multi-tenant API gateway service exposure system and method based on cloud protogenesis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311000549.6A CN116743585B (en) | 2023-08-10 | 2023-08-10 | Multi-tenant API gateway service exposure system and method based on cloud protogenesis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116743585A CN116743585A (en) | 2023-09-12 |
| CN116743585B true CN116743585B (en) | 2023-11-07 |
Family
ID=87906304
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311000549.6A Active CN116743585B (en) | 2023-08-10 | 2023-08-10 | Multi-tenant API gateway service exposure system and method based on cloud protogenesis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116743585B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117478509B (en) * | 2023-12-27 | 2024-04-09 | 南京研利科技有限公司 | Cluster management system of gateway, route release method and electronic equipment |
| CN117714277B (en) * | 2024-02-05 | 2024-04-26 | 中国电子投资控股有限公司 | Multi-cluster gateway based on cloud protogenesis and working method thereof |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110704164A (en) * | 2019-09-30 | 2020-01-17 | 珠海市新德汇信息技术有限公司 | Cloud native application platform construction method based on Kubernetes technology |
| CN111371679A (en) * | 2020-03-09 | 2020-07-03 | 山东汇贸电子口岸有限公司 | Method for realizing API gateway based on kubernets and Kong |
| CN115454571A (en) * | 2022-09-05 | 2022-12-09 | 上海浪潮云计算服务有限公司 | Kubernetes-based multi-tenant network isolation method and system |
| CN115766458A (en) * | 2022-10-14 | 2023-03-07 | 河南众诚信息科技股份有限公司 | Multi-tenant application unified management system based on kubernets |
| CN115827008A (en) * | 2023-02-14 | 2023-03-21 | 北京邮电大学 | Cloud native big data component management system based on cloud native platform Kubernets |
| WO2023066053A1 (en) * | 2021-10-19 | 2023-04-27 | 中兴通讯股份有限公司 | Service request processing method, network device and computer-readable storage medium |
-
2023
- 2023-08-10 CN CN202311000549.6A patent/CN116743585B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110704164A (en) * | 2019-09-30 | 2020-01-17 | 珠海市新德汇信息技术有限公司 | Cloud native application platform construction method based on Kubernetes technology |
| CN111371679A (en) * | 2020-03-09 | 2020-07-03 | 山东汇贸电子口岸有限公司 | Method for realizing API gateway based on kubernets and Kong |
| WO2023066053A1 (en) * | 2021-10-19 | 2023-04-27 | 中兴通讯股份有限公司 | Service request processing method, network device and computer-readable storage medium |
| CN115454571A (en) * | 2022-09-05 | 2022-12-09 | 上海浪潮云计算服务有限公司 | Kubernetes-based multi-tenant network isolation method and system |
| CN115766458A (en) * | 2022-10-14 | 2023-03-07 | 河南众诚信息科技股份有限公司 | Multi-tenant application unified management system based on kubernets |
| CN115827008A (en) * | 2023-02-14 | 2023-03-21 | 北京邮电大学 | Cloud native big data component management system based on cloud native platform Kubernets |
Non-Patent Citations (4)
| Title |
|---|
| A Multi-Tenant Framework for Cloud Container Services;Chao Zheng等;2021 ICDCS;全文 * |
| An Auto Scaling System for API Gateway Based on Kubernetes;Meina Song等;IEEE;全文 * |
| Research on Network Element Management Model Based on Cloud Native Technology;Yuting Wu;2022 IEEE 2nd International Conference on Computer Communication and Artificial Intelligence;全文 * |
| 基于云原生的物联网使能平台架构优化方案设计与实现;杜洋等;天翼之窗;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116743585A (en) | 2023-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116743585B (en) | Multi-tenant API gateway service exposure system and method based on cloud protogenesis | |
| US11438255B2 (en) | Automated route propagation among networks attached to scalable virtual traffic hubs | |
| US11831600B2 (en) | Domain name system operations implemented using scalable virtual traffic hub | |
| US10742446B2 (en) | Interconnecting isolated networks with overlapping address ranges via scalable virtual traffic hubs | |
| US10797989B2 (en) | Scalable virtual traffic hub interconnecting isolated networks | |
| CN109743415B (en) | Public cloud network elastic IP implementation method and system | |
| US20230079670A1 (en) | Global-scale connectivity using scalable virtual traffic hubs | |
| EP2583211B1 (en) | Virtual computing infrastructure | |
| US7818454B2 (en) | Host migration system | |
| CN113596110B (en) | Cloud primary micro-service platform oriented to heterogeneous cloud | |
| CN103237046B (en) | Support distributed file system and the implementation method of mixed cloud storage application | |
| US20200092201A1 (en) | Scalable cell-based packet processing service using client-provided decision metadata | |
| US8805975B2 (en) | Using routing protocols to optimize resource utilization | |
| US9432321B2 (en) | Method and apparatus for messaging in the cloud | |
| CN101217558A (en) | An operation middleware service load balancing method | |
| US10630508B2 (en) | Dynamic customer VLAN identifiers in a telecommunications network | |
| US20120191769A1 (en) | Site-aware distributed file system access from outside enterprise network | |
| US10771372B2 (en) | Transmitting test traffic on a communication link | |
| CN109005433B (en) | A kind of video cloud service platform architecture and implementation method | |
| CN115086330B (en) | Cross-cluster load balancing system | |
| CN114036236A (en) | Multi-gateway cluster system | |
| Claeys et al. | Hybrid multi-tenant cache management for virtualized ISP networks | |
| CN110011984A (en) | A kind of distributed cluster system and method based on REST and RPC | |
| US8805974B2 (en) | Using static routing to optimize resource utilization | |
| US20120096051A1 (en) | Method and system for provisioning packetized voice communication services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |