CN117056029B - Resource processing method, system, device, storage medium and electronic equipment - Google Patents
Resource processing method, system, device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN117056029B CN117056029B CN202311300079.5A CN202311300079A CN117056029B CN 117056029 B CN117056029 B CN 117056029B CN 202311300079 A CN202311300079 A CN 202311300079A CN 117056029 B CN117056029 B CN 117056029B
- Authority
- CN
- China
- Prior art keywords
- container
- virtual disk
- storage
- secure
- volume
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 12
- 238000000034 method Methods 0.000 claims abstract description 76
- 238000013507 mapping Methods 0.000 claims abstract description 52
- 230000004927 fusion Effects 0.000 claims description 85
- 230000008569 process Effects 0.000 claims description 33
- 238000012545 processing Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 16
- 238000004458 analytical method Methods 0.000 claims description 13
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000000926 separation method Methods 0.000 claims description 3
- 241001026509 Kata Species 0.000 description 13
- 238000010586 diagram Methods 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000004140 cleaning Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000004064 recycling Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The embodiment of the application provides a resource processing method, a system, a device, a storage medium and electronic equipment, wherein the method comprises the following steps: dispatching the secure container to a target load node of a server cluster, and generating a container volume creation request; responding to a container volume creation request through a first container storage plug-in, creating a virtual disk corresponding to the container volume in a storage space, and mapping the virtual disk to a host where a secure container is located; formatting the virtual disk through a second container storage plug-in, adding the formatted virtual disk into a virtual machine of the secure container, and mounting the formatted virtual disk on the secure container; the secure enclosure is operated at the target load node and data generated during operation is stored in virtual disk. Through the method and the device, the problems of complex operation and low efficiency when the safe container uses the storage resources in the super-fusion environment are solved, and the effects of simplifying the operation steps of the safe container for using the storage resources and improving the efficiency are achieved.
Description
Technical Field
The embodiment of the application relates to the field of computers, in particular to a resource processing method, a system, a device, a storage medium and electronic equipment.
Background
With the development of the current cloud computing technology, kubernetes (K8 s for short) is a software system for performing container scheduling and cluster management, which can provide a basic mechanism for container expandability and perform life cycle management of containers), and related container technologies are widely used, but the conventional docker container and runc container share a kernel with a host machine, so that certain security problems exist in certain scenes.
In order to improve the safety and stability of container operation, a lightweight virtualized kata container (a lightweight virtualized secure container) and other secure containers have been developed. The Kata container runs in a cut virtual machine (e.g. qemu, i.e. virtual operating system simulator), so that isolation from a host system can be realized through virtualization, and the requirement of quick starting of the container can be met. When kata An Rongqi is deployed in a super fusion environment, if a space using a storage pool requires an administrator to manually create a storage volume for a container to use, the operation is complicated and complicated, and the requirement for storage resources when the container is created in a large scale cannot be met.
Disclosure of Invention
The embodiment of the application provides a resource processing method, a system, a device, a storage medium and electronic equipment, which are used for at least solving the problems of complex operation and low efficiency when a safety container uses storage resources in a super fusion environment in the related technology.
According to an embodiment of the present application, a resource processing method is provided, which is applied to a super fusion system, where the super fusion system includes a server cluster and a storage space, a primary node of the server cluster is deployed with a first container storage plugin, and a load node of the server cluster is deployed with a second container storage plugin, and the method includes: dispatching the secure container to a target load node of the server cluster, and generating a container volume creation request, wherein the container volume creation request is used for requesting to create a container volume of the secure container; responding to a container volume creation request through a first container storage plug-in, creating a virtual disk corresponding to the container volume in a storage space, and mapping the virtual disk to a host where a secure container is located; formatting the virtual disk through a second container storage plug-in, adding the formatted virtual disk into a virtual machine of the secure container, and mounting the formatted virtual disk on the secure container; the secure enclosure is operated at the target load node and data generated during operation is stored in virtual disk.
In an exemplary embodiment, the method further comprises: unloading the virtual disk on the safe container through the second container storage plug-in under the condition that the safe container stops running, and removing the virtual disk from the virtual machine of the safe container; and removing the virtual disk from the host computer where the secure container is located through the first container storage plug-in, canceling the mapping relation from the virtual disk to the host computer, and deleting the virtual disk from the storage space.
In one exemplary embodiment, generating the container volume creation request includes: setting container volume declaration information in a deployment configuration file of the security container, wherein the container volume declaration information at least comprises the following information: the method comprises the steps of storing a storage pool required to be used by a secure container in a storage space, the size of a container volume to be applied, and the file system type used for formatting the container volume; a container volume creation request is generated based on a deployment profile of the secure container.
In one exemplary embodiment, before determining the container volume declaration information in the deployment configuration file of the secure container, the method further comprises: setting at least the following information in a storage class of the server cluster: the storage pool required by the safe container, the size of the container volume to be applied, the file system type used for formatting the container volume and the storage space size allowed to be applied by the super fusion system; the storage class is referenced in the container volume declaration information.
In one exemplary embodiment, before responding to the container volume creation request by the first container storage plug-in, the method further comprises: setting authentication information of the super fusion system in a configuration file of the first container storage plug-in, wherein the authentication information at least comprises the following information: system information of the super fusion system and key information of the login super fusion system; the first container storage plug-in logs in the super fusion system according to the authentication information, and responds to a container volume creation request under the condition that the login is successful.
In one exemplary embodiment, a container volume creation interface is provided in a first container storage plug-in, and a virtual disk corresponding to a container volume created in a storage space includes: invoking a container volume creation interface to analyze a container volume creation request to obtain an analysis result, wherein the analysis result at least comprises a storage pool required to be used by a security container and the size of a container volume to be applied; and calling an interface of the super fusion system based on the analysis result, and creating a virtual disk in the storage pool.
In one exemplary embodiment, the first container storage plug-in is provided with a mapping container volume interface, and mapping the virtual disk to the host where the secure container is located includes: and calling a mapping container volume interface, and establishing a mapping relation between the virtual disk and the host, wherein the host logs in a target service of the super fusion system, and acquires information of the virtual disk based on the target service and the mapping relation.
In one exemplary embodiment, the second container storage plug-in has an additional container volume interface disposed therein, and formatting the virtual disk through the second container storage plug-in includes: and calling an additional container volume interface to inquire the virtual disk, and formatting the virtual disk according to the file system type.
In one exemplary embodiment, adding the formatted virtual disk to the virtual machine of the secure container comprises: and calling an additional container volume interface, and adding the virtual disk into the process of the virtual machine of the secure container through a virtual machine protocol command.
In one exemplary embodiment, the second container storage plug-in has a mount container volume interface disposed therein, and mounting the formatted virtual disk on the secure container includes: and calling a mounting container volume interface, and sending a mounting notification message to a proxy process of the virtual machine through a container runtime command and a container volume adding command, wherein the proxy process responds to the mounting notification message to execute mounting operation on the formatted virtual disk.
In one exemplary embodiment, an unloading container volume interface is provided in the second container storage plug-in, and unloading the virtual disk on the secure container by the second container storage plug-in includes: and calling an unloading container volume interface, and sending an unloading notification message to a proxy process of the virtual machine through a container runtime command and a container volume removal command, wherein the proxy process responds to the unloading notification message to execute unloading operation on the formatted virtual disk.
In one exemplary embodiment, a split container volume interface is provided in the second container storage plug-in, removing the virtual disk from the virtual machine of the secure container comprises: the separation container volume interface is called, and the virtual disk is removed from the process of the virtual machine of the secure container through the device control command.
In one exemplary embodiment, a unmapped container volume interface is provided in a first container storage plug-in, removing, by the first container storage plug-in, a virtual disk from a host in which a secure container resides includes: and calling the unmapped container volume interface to remove the virtual disk from the host where the secure container is located.
In one exemplary embodiment, canceling the virtual disk to host mapping includes: and calling an interface of the super fusion system based on the unmapped container volume interface, and canceling the mapping relation from the virtual disk to the host.
In one exemplary embodiment, a delete container volume interface is provided in a first container storage plug-in, deleting a virtual disk from storage space comprising: and calling an interface of the super fusion system based on the deleted container volume interface, and deleting the virtual disk from the storage space.
According to another embodiment of the present application, there is provided a resource processing system including: the super fusion system comprises a server cluster and a storage space; the first container storage plug-in is deployed at a main node of the server cluster and is used for responding to a container volume creation request, creating a virtual disk in a storage space and mapping the virtual disk to a host where a security container is located, wherein the container volume creation request is used for requesting to create a container volume of the security container; the second container storage plug-in is deployed at a load node of the server cluster and used for formatting the virtual disk, adding the formatted virtual disk into a virtual machine of the secure container, and mounting the formatted virtual disk on the secure container, wherein the secure container operates in the load node, and data generated in operation is stored in the virtual disk.
In one exemplary embodiment, the first container storage plug-in is further configured to unload the virtual disk on the secure container and remove the virtual disk from the virtual machine of the secure container in the event that the secure container is out of operation; the second container storage plug-in is further used for removing the virtual disk from the host where the secure container is located under the condition that the secure container stops running, canceling the mapping relation from the virtual disk to the host, and deleting the virtual disk from the storage space.
According to another embodiment of the present application, there is provided a resource processing device, applied in a super fusion system, where the super fusion system includes a server cluster and a storage space, a primary node of the server cluster is deployed with a first container storage plugin, and a load node of the server cluster is deployed with a second container storage plugin, and the device includes: a scheduling unit, configured to schedule the secure container to a target load node of the server cluster, and generate a container volume creation request, where the container volume creation request is used to request to create a container volume of the secure container; the creation unit is used for responding to the container volume creation request through the first container storage plug-in, creating a virtual disk corresponding to the container volume in the storage space, and mapping the virtual disk to a host where the security container is located; the mounting unit is used for formatting the virtual disk through the second container storage plug-in, adding the formatted virtual disk into the virtual machine of the safety container, and mounting the formatted virtual disk on the safety container; and the running unit is used for running the safe container at the target load node and storing the data generated in the running process in the virtual disk.
According to a further embodiment of the present application, there is also provided a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
According to a further embodiment of the present application, there is also provided an electronic device comprising a memory, in which a computer program is stored, and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
In the application, a first container storage plug-in responds to a container volume creation request, creates a virtual disk corresponding to a container volume in a storage space, and maps the virtual disk to a host where a secure container is located; the virtual disk is formatted through the second container storage plug-in, the formatted virtual disk is added into the virtual machine of the secure container, and the formatted virtual disk is mounted on the secure container, so that the problems of complex operation and low efficiency when the secure container uses storage resources in a super fusion environment in the related technology can be solved, and compared with the use of the storage volume supply container manually created by an administrator in the related technology, the method has the advantages of simplifying the operation steps of the secure container for using the storage resources and improving the efficiency of using the storage resources.
Drawings
Fig. 1 is a hardware block diagram of a mobile terminal according to an embodiment of the present application;
FIG. 2 is a block diagram of a resource processing system according to an embodiment of the present application;
FIG. 3 is a schematic diagram of the operation of a resource processing system according to an embodiment of the present application;
FIG. 4 is a flow chart of a resource processing method according to an embodiment of the present application;
FIG. 5 is a block diagram of a resource processing device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application will be described in detail below with reference to the accompanying drawings in conjunction with the embodiments.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the embodiments of the present application may be performed in a mobile terminal, a computer terminal or similar computing device. Taking the mobile terminal as an example, fig. 1 is a block diagram of a hardware structure of the mobile terminal of a resource processing method according to an embodiment of the present application. As shown in fig. 1, a mobile terminal may include one or more (only one is shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, wherein the mobile terminal may also include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those skilled in the art that the structure shown in fig. 1 is merely illustrative and not limiting of the structure of the mobile terminal described above. For example, the mobile terminal may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1.
The memory 104 may be used to store computer programs, such as software programs and modules of application software, such as computer programs corresponding to the resource processing methods in the embodiments of the present application, and the processor 102 executes the computer programs stored in the memory 104, thereby performing various functional applications and data processing, that is, implementing the methods described above. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the mobile terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is configured to communicate with the internet wirelessly.
In this embodiment, a resource processing system is provided, fig. 2 is a block diagram of a structure of the resource processing system according to an embodiment of the present application, and as shown in fig. 2, the resource processing system includes:
the super fusion system comprises a server cluster and a storage space.
The server cluster may be a k8s cluster, and the super fusion system is a system that can fuse and deploy virtual machines and containers in the server cluster and allocate storage spaces for the virtual machines and containers respectively.
The first container storage plug-in is deployed at a master node of the server cluster and is used for responding to a container volume creation request, creating a virtual disk in a storage space and mapping the virtual disk to a host where a secure container is located, wherein the container volume creation request is used for requesting to create a container volume of the secure container.
In one exemplary embodiment, the first container storage plug-in is further configured to unload the virtual disk on the secure container and remove the virtual disk from the virtual machine of the secure container in the event that the secure container ceases to function.
The first container storage plug-in may be a csi-controller module, where the csi-controller module operates at a master node of the k8s cluster, and four interfaces including createVolume (create container volume interface), deleteVolume (map container volume interface), publichVolume (unmap container volume interface), and un publichVolume (delete container volume interface) are implemented in the csi-controller module, so as to implement functions of automatic creation, mapping, unmap, deletion, etc. of a storage volume (i.e. a container volume) of a secure container, thereby completing configuration management on storage resources of the super fusion system.
The second container storage plug-in is deployed at a load node of the server cluster and used for formatting the virtual disk, adding the formatted virtual disk into a virtual machine of the secure container, and mounting the formatted virtual disk on the secure container, wherein the secure container operates in the load node, and data generated in operation is stored in the virtual disk.
In an exemplary embodiment, the second container storage plug-in is further configured to remove the virtual disk from the host in which the secure container is located, cancel the mapping relationship of the virtual disk to the host, and delete the virtual disk from the storage space in the event that the secure container stops running.
The second container storage plug-in unit can be a csi-node module, the csi-node module operates at a work load node of the k8s cluster, and four interfaces of NodeStageVolume (attached container volume interface), nodePublishVolume (mount container volume interface), nodeUnPublishVolume (unload container volume interface) and NodeUnStageVolume (separate container volume interface) are mainly realized in the csi-node module, so that formatting, mounting canceling and removing of container volumes are realized.
FIG. 3 is an active schematic diagram of a resource processing system according to an embodiment of the present application, where a secure container may be a kata container, a first container storage plug-in may be a csi-controller module, and a second container storage plug-in may be a csi-node module, as shown in FIG. 3, in the kata container operation stage, in the csi-controller module, a virtual disk is created on a storage space of a super-fusion system through a CreateVolume, publishVolume interface, so as to implement division of the storage space on a storage pool of the super-fusion system, and map the virtual disk to a container operation node, that is, a host where the container is located. In the csi-node module, the virtual disk is formatted through a NodeStageVolume, nodePublishVolume interface and is added to the virtual machine of the kata container as a container volume, the container volume is scanned and found through a container agent process, and the mounting of the container volume in the virtual machine of the security container is completed.
And when the container stops running, unloading the container volume in the container through a NodeUnPublishVolume, nodeUnStageVolume interface of the csi-node, removing the container volume from the virtual machine of the security container, and finally canceling the mapping from the virtual disk to the running node through a UnPublishVolume, deleteVolume interface of the csi-controller, and deleting the virtual disk from the storage space of the super fusion system.
According to the embodiment, under the condition that the safety container is deployed in the super fusion system, the storage space of the super fusion system is managed through the container storage plug-in, the first container storage plug-in and the second container storage plug-in are deployed on the nodes of the server cluster of the super fusion system, the virtual disk is used as a resource management mode of the container volume, and according to the storage use requirement of the container, the functions of creating, mapping, formatting, mounting, resource recycling and the like of the container volume on the super fusion system are completed through the relevant interfaces in the first container storage plug-in and the second container storage plug-in module, so that the efficiency of using the storage space by the container is improved, and the complexity and the workload of the operation and maintenance of the container environment are reduced.
In this embodiment, a resource processing method is provided, which is applied to a super fusion system, where the super fusion system includes a server cluster and a storage space, a first container storage plugin is deployed at a master node of the server cluster, a second container storage plugin is deployed at a load node of the server cluster, and fig. 4 is a flowchart of the resource processing method according to an embodiment of the present application, and as shown in fig. 4, the flowchart includes the following steps:
step S402, a secure container is dispatched to a target load node of the server cluster, and a container volume creation request is generated, wherein the container volume creation request is for requesting creation of a container volume of the secure container.
The security container can be a kata container, the kata container is a security container based on lightweight virtualization, the security container can run in the process of a customized virtual machine, and the container application of a user and a host machine of a load node are isolated through the virtual machine, so that the container application is ensured not to damage a host machine system, and the security of the container and the host machine is improved.
The server cluster may be a k8s cluster and the start-up and operation of the secure container requires the utilization of storage resources, and thus, the secure container is deployed after the target load node of the k8s cluster, a container volume creation request needs to be generated to request the storage resources.
In step S404, the first container storage plugin responds to the container volume creation request, creates a virtual disk corresponding to the container volume in the storage space, and maps the virtual disk to the host where the secure container is located.
The first container storage plug-in unit can be a csi-controller module, the csi-controller module operates on a master node of the k8s cluster, an interface of the csi-controller module can be called to realize creation of a virtual disk, the virtual disk is mapped to a host where the security container is located, and the virtual disk can be iscsi Lun. The iscsi Lun is Lun (Logical Unit Number, logic unit) connected by iscsi (Internet Small Computer System Interface, small computer system interface).
In step S406, the virtual disk is formatted by the second container storage plug-in, the formatted virtual disk is added to the virtual machine of the secure container, and the formatted virtual disk is mounted on the secure container.
The second container storage plug-in unit can be a csi-node module, the csi-node module operates on a work load node of the k8s cluster, and the virtual disk can be added in a virtual machine of the secure container and mounted in the secure container through an interface in the csi-node module.
In step S408, the secure container is operated at the target load node, and the data generated in the operation is stored in the virtual disk.
After the virtual hard disk is mounted on the safe container, the safe container has own storage resources, can be started and operated normally, and stores operation data in the virtual disk.
In the method, the first container storage plug-in responds to the container volume creation request, the virtual disk corresponding to the container volume is created in the storage space, the virtual disk is mapped to the host where the safety container is located, the second container storage plug-in is used for formatting the virtual disk, the formatted virtual disk is added into the virtual machine of the safety container, and the formatted virtual disk is mounted on the safety container, so that the problems of complex operation and low efficiency when the safety container uses storage resources in a super fusion environment in the related art can be solved, and compared with the case that the safety container is manually created by an administrator to supply the storage volume to the use of the safety container in the related art, the method has the advantages of simplifying the operation steps of using the storage resources and improving the efficiency of using the storage resources.
In an exemplary embodiment, the method further comprises: unloading the virtual disk on the safe container through the second container storage plug-in under the condition that the safe container stops running, and removing the virtual disk from the virtual machine of the safe container; and removing the virtual disk from the host computer where the secure container is located through the first container storage plug-in, canceling the mapping relation from the virtual disk to the host computer, and deleting the virtual disk from the storage space.
And when the safe container stops running, unloading the virtual disk in the safe container through an interface of the csi-node, removing the virtual disk from a virtual machine where the safe container is positioned, and finally canceling the mapping of the virtual disk corresponding to the container volume, namely the mapping from the virtual disk to a host through an interface of the csi-controller. The virtual disk may be iscsi Lun, and after the mapping from the iscsi Lun to the host is canceled, the iscsi Lun is deleted from the storage pool of the super fusion system, thereby realizing the recovery of storage resources.
In one exemplary embodiment, generating the container volume creation request includes: setting container volume declaration information in a deployment configuration file of the security container, wherein the container volume declaration information at least comprises the following information: the method comprises the steps of storing a storage pool required to be used by a secure container in a storage space, the size of a container volume to be applied, and the file system type used for formatting the container volume; a container volume creation request is generated based on a deployment profile of the secure container.
The container volume declaration information is used to describe the requirements of the secure container for storage resources, such as the size of the container volume, the file system type, the storage pool in which it resides, and so on. When the security container uses the storage space of the super fusion system, a storage volume declaration is specified in the container deployment yaml file, and the storage class defined by reference in the storage volume declaration, that is, the storage pool space of the super fusion system used and the storage space size of the security container application are specified by the storage volume declaration. The yaml file format of the storage volume declaration is as follows:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: example-sds-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
storageClassName: example-sds-storage
wherein persistence volume claim is a container volume declaration that specifies the size of the space of the container volume in the requests/storage field and the storage class used in the storage class name field.
The manner in which storage resources on a hyper-fusion system may be used by a storage class definition, in one exemplary embodiment, before determining container volume declaration information in a deployment configuration file of a secure container, the method further comprises: setting at least the following information in a storage class of the server cluster: the storage pool required by the safe container, the size of the container volume to be applied, the file system type used for formatting the container volume and the storage space size allowed to be applied by the super fusion system; the storage class is referenced in the container volume declaration information.
The server cluster may be a k8s cluster, and first, a storage pool used in the super fusion system, a storage pool Id of the super fusion system, and a file system type used when formatting the container volume are specified in a storage class of the k8s cluster, and an ext4 or xfs file system may be selectively used. Yaml definition file of storage class is as follows:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: example-sds-storage
provisioner: csi.incloudrail.inspur.com
allowVolumeExpansion: true
parameters:
datastoreid: "8ab1a2968145ef35018145fc98ee0097"
fstype: "ext4"
wherein, the Storageclass is a storage class, which specifies the storage pool Id on the super fusion system in the datastore field and the file system type used by the container volume in the fstetype field.
In yaml file of user container, the storage volume declaration defined above is referenced as follows:
apiVersion: v1
kind: Pod
metadata:
name: example-busybox-pod
spec:
containers:
- name: test-container
image: busybox
volumeMounts:
- name: test-volume
mountPath: /mnt/volume1
volumes:
- name: test-volume
persistentVolumeClaim:
claimName: example-sds-pvc
wherein the container-defined claimName field specifies the storage volume declaration used, and the mount point of the container volume within the secure container is specified through the mount path field.
In one exemplary embodiment, before responding to the container volume creation request by the first container storage plug-in, the method further comprises: setting authentication information of the super fusion system in a configuration file of the first container storage plug-in, wherein the authentication information at least comprises the following information: system information of the super fusion system and key information of the login super fusion system; the first container storage plug-in logs in the super fusion system according to the authentication information, and responds to a container volume creation request under the condition that the login is successful.
It should be noted that, because the first container storage plug-in needs to call the management interface of the super fusion system, the configuration file of the first container storage plug-in specifies the system information of the super fusion system and the authentication information such as the key information of logging in the super fusion system, the system information may be ip and port of the super fusion management system, the key information may be the access key of logging in the system, and in the initialization stage of the first container storage plug-in, the login authentication in the super fusion system is completed through the authentication information, so that the management interface of the super fusion system is conveniently called subsequently to perform tasks such as virtual disk creation and mapping. The configuration file format of the first container storage plug-in is as follows:
[Global]
ics-manager-ip = 10.20.30.40
port = 443
access-key-id = N25kdygf8597HgKTvMi9
access-key-secret = 277JK83Q9P14Mek2Aah584LGQ1ndg8dEYW4CR0q6
wherein, ics-manager-ip is the management ip of the super fusion system, and access-key is the login authentication key.
In one exemplary embodiment, a container volume creation interface is provided in a first container storage plug-in, and a virtual disk corresponding to a container volume created in a storage space includes: invoking a container volume creation interface to analyze a container volume creation request to obtain an analysis result, wherein the analysis result at least comprises a storage pool required to be used by a security container and the size of a container volume to be applied; and calling an interface of the super fusion system based on the analysis result, and creating a virtual disk in the storage pool.
The first container storage plug-in may be a csi-controller module, and the creating container volume interface may be a createVolume interface implemented in the csi-controller module, where when the container is scheduled by the server cluster, storage resources required by the container need to be prepared, and the createVolume interface is called.
In the createholume interface, a request for creating a container volume is parsed, the request includes a used storage pool id and a container volume size, an interface of the super fusion system may be a REST, representational State Transfer, representational state transfer protocol, and the REST interface of the super fusion system is called to complete virtual disk creation on a designated storage pool.
In one exemplary embodiment, the first container storage plug-in is provided with a mapping container volume interface, and mapping the virtual disk to the host where the secure container is located includes: and calling a mapping container volume interface, and establishing a mapping relation between the virtual disk and the host, wherein the host logs in a target service of the super fusion system, and acquires information of the virtual disk based on the target service and the mapping relation.
The first container storage plug-in may be a csi-controller module, the mapping container volume interface may be a publishfolume interface implemented in the csi-controller module, the virtual disk may be an iscsi Lun, the iscsi Lun is mapped to a host where the container operates by means of the iscsi, the host scans the iscsi Lun and obtains information thereof, for example, a scsid, and it is to be noted that the iscsi Lun on the super fusion system and the storage volume of the container are in a one-to-one correspondence relationship.
It should be noted that, when the host accesses the iscsi Lun and needs to successfully log in the iscsi-target (target service), if the host does not log in the target service of the super fusion system before, the host logs in the target service according to the ip and the service port of the super fusion data network, so as to facilitate the host to access the created iscsi Lun.
In one exemplary embodiment, the second container storage plug-in has an additional container volume interface disposed therein, and formatting the virtual disk through the second container storage plug-in includes: and calling an additional container volume interface to inquire the virtual disk, and formatting the virtual disk according to the file system type.
The second container storage plug-in may be a csi-node module, the additional container volume interface may be a nodstagevolume interface of the csi-node module, the interface is called to query a specified virtual disk according to the obtained information of the virtual disk, and the virtual disk is formatted according to a file system type specified in a storage class, for example, the disk is formatted by using mkfs.ext4 or mkfs.xfs, so that the disk can be used by a secure container.
In one exemplary embodiment, adding the formatted virtual disk to the virtual machine of the secure container comprises: and calling an additional container volume interface, and adding the virtual disk into the process of the virtual machine of the secure container through a virtual machine protocol command.
It should be noted that, the secure container may be a Kata container, and since the Kata container runs in a lightweight virtual machine, for example, a qemu virtual machine, a nodstagevolume interface may be called, and a virtual disk is added to a process of the qemu virtual machine corresponding to the secure container through a qmp (qemu machine protocol, qemu virtual machine protocol) management command blockdev-add.
In one exemplary embodiment, the second container storage plug-in has a mount container volume interface disposed therein, and mounting the formatted virtual disk on the secure container includes: and calling a mounting container volume interface, and sending a mounting notification message to a proxy process of the virtual machine through a container runtime command and a container volume adding command, wherein the proxy process responds to the mounting notification message to execute mounting operation on the formatted virtual disk.
The second container storage plug-in unit may be a csi-node module, the mount container volume interface may be a nodublishfolume interface of the csi-node module, and the agent process in the virtual machine of the kata container may be notified by a container runtime command (kata-run command) and a container volume add command (add-volume command), so as to mount the added disk.
In the operation stage of the safe container, the first container storage plug-in and the second container storage plug-in are used for creating, mapping, formatting and mounting the used storage volumes, when the safe container stops operating, cleaning work such as unloading, deleting and the like is needed for the storage volumes, resource recovery is realized, and the content for recovering the storage space used by the safe container on the super fusion system through the first container storage plug-in and the second container storage plug-in is described below.
In one exemplary embodiment, an unloading container volume interface is provided in the second container storage plug-in, and unloading the virtual disk on the secure container by the second container storage plug-in includes: and calling an unloading container volume interface, and sending an unloading notification message to a proxy process of the virtual machine through a container runtime command and a container volume removal command, wherein the proxy process responds to the unloading notification message to execute unloading operation on the formatted virtual disk.
The second container storage plug-in may be a csi-node module, and the unloading container volume interface may be a nodublishfolume interface of the csi-node module, through which an unloading operation of the storage volume is implemented when the container stops running, specifically, through notifying a container agent process in the kata virtual machine of completing an unloading operation of a mount point used by the container through a container runtime command (kata-run) and a container volume removal command (remove-volume command).
In one exemplary embodiment, a split container volume interface is provided in the second container storage plug-in, removing the virtual disk from the virtual machine of the secure container comprises: the separation container volume interface is called, and the virtual disk is removed from the process of the virtual machine of the secure container through the device control command.
The second container storage plug-in may be a csi-node module, and the separate container volume interface may be a nodustagevolume interface implemented in the csi-node module, and since the Kata container runs in a lightweight virtual machine, for example, a qemu virtual machine, the disk may be removed from the qemu virtual machine corresponding to the secure container by calling qmp (qemu machine protocol, qemu virtual machine protocol) to manage a command blockdev-del.
In one exemplary embodiment, a unmapped container volume interface is provided in a first container storage plug-in, removing, by the first container storage plug-in, a virtual disk from a host in which a secure container resides includes: and calling the unmapped container volume interface to remove the virtual disk from the host where the secure container is located.
The second container storage plug-in may be a csi-node module, the unmapped container volume interface may be a un publishing volume interface implemented in the csi-controller module, and the virtual disk corresponding to the container volume is removed from the host end operated by the container by calling the interface.
In one exemplary embodiment, canceling the virtual disk to host mapping includes: and calling an interface of the super fusion system based on the unmapped container volume interface, and canceling the mapping relation from the virtual disk to the host.
The unmapped container volume interface may be a un publishvolume interface implemented in the csi-controller module, and the remapi interface of the super fusion system is called through the unmapped container volume interface, so that the mapping of the virtual disk to the host is canceled, and the host running in the container cannot access the virtual disk any more.
In one exemplary embodiment, a delete container volume interface is provided in a first container storage plug-in, deleting a virtual disk from storage space comprising: and calling an interface of the super fusion system based on the deleted container volume interface, and deleting the virtual disk from the storage space.
The second container storage plug-in unit can be a csi-node module, the deletion container volume interface can be a delevolome interface realized in the csi-controller module, the interface of the super fusion system can be a restapi interface, and the restapi interface of the super fusion system is called through the interface to delete the virtual disk corresponding to the storage volume in the storage pool.
According to the embodiment, cleaning work such as unloading, deleting and the like of the storage volumes is completed through each interface of the first container storage plug-in and the second container storage plug-in, so that the storage space used by the safety container on the super fusion system is recovered.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in the embodiments of the present application.
In this embodiment, a resource processing device is further provided, and the device is used to implement the foregoing embodiments and preferred embodiments, and will not be described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
The resource processing device of the embodiment is applied to a super fusion system, the super fusion system includes a server cluster and a storage space, a first container storage plug-in is deployed on a master node of the server cluster, a second container storage plug-in is deployed on a load node of the server cluster, and fig. 5 is a block diagram of a resource processing device according to an embodiment of the application, as shown in fig. 5, the device includes:
a scheduling unit 52, configured to schedule the secure container to a target load node of the server cluster, and generate a container volume creation request, where the container volume creation request is for requesting to create a container volume of the secure container;
a creating unit 54, configured to respond to a container volume creation request through the first container storage plugin, create a virtual disk corresponding to the container volume in the storage space, and map the virtual disk to a host where the secure container is located;
The mounting unit 56 is configured to format the virtual disk through the second container storage plug-in, add the formatted virtual disk to the virtual machine of the secure container, and mount the formatted virtual disk on the secure container;
an operation unit 58 for operating the secure enclosure at the target load node and storing data generated in the operation in the virtual disk.
In an exemplary embodiment, the apparatus further comprises: the unloading unit is used for unloading the virtual disk on the safe container through the second container storage plug-in unit under the condition that the safe container stops running, and removing the virtual disk from the virtual machine of the safe container; the removing unit is used for removing the virtual disk from the host computer where the secure container is located through the first container storage plug-in, canceling the mapping relation between the virtual disk and the host computer, and deleting the virtual disk from the storage space.
In one exemplary embodiment, the creation unit 54 includes: the first setting module is used for setting the container volume declaration information in the deployment configuration file of the security container, wherein the container volume declaration information at least comprises the following information: the method comprises the steps of storing a storage pool required to be used by a secure container in a storage space, the size of a container volume to be applied, and the file system type used for formatting the container volume; and the configuration module is used for generating a container volume creation request based on the deployment configuration file of the security container.
In an exemplary embodiment, the apparatus further comprises: a second setting module, configured to set, before determining the container volume declaration information in the deployment configuration file of the secure container, at least the following information in a storage class of the server cluster: the storage pool required by the safe container, the size of the container volume to be applied, the file system type used for formatting the container volume and the storage space size allowed to be applied by the super fusion system; and the reference module is used for referencing the storage class in the container volume declaration information.
In an exemplary embodiment, the apparatus further comprises: an authentication unit, configured to set, before a response to a container volume creation request by the first container storage plug-in, authentication information of the super fusion system in a configuration file of the first container storage plug-in, where the authentication information includes at least the following information: system information of the super fusion system and key information of the login super fusion system; and the login unit is used for controlling the first container storage plug-in to login the super fusion system according to the authentication information and responding to the container volume creation request under the condition that the login is successful.
In one exemplary embodiment, the first container storage plug-in has a create container volume interface disposed therein, and the creation unit 54 further includes: the analysis module is used for calling the container volume creation interface to analyze the container volume creation request to obtain an analysis result, wherein the analysis result at least comprises a storage pool required to be used by the security container and the size of the container volume to be applied; and the creation module is used for calling the interface of the super fusion system based on the analysis result and creating a virtual disk in the storage pool.
In an exemplary embodiment, the first container storage insert has a mapping container volume interface disposed therein, and the creation unit 54 further includes: the mapping relation establishing module is used for calling the mapping container volume interface, establishing the mapping relation between the virtual disk and the host, wherein the host logs in the target service of the super fusion system, and acquires the information of the virtual disk based on the target service and the mapping relation.
In one exemplary embodiment, an additional container volume interface is provided in the second container storage insert, and the mounting unit 56 includes: and the formatting module is used for calling the additional container volume interface to inquire the virtual disk and formatting the virtual disk according to the file system type.
In one exemplary embodiment, mounting unit 56 further includes: and the adding module is used for calling the additional container volume interface and adding the virtual disk into the process of the virtual machine of the secure container through the virtual machine protocol command.
In one exemplary embodiment, the second container storage insert has a mounted container volume interface disposed therein, and the mounting unit 56 further includes: the mounting module is used for calling a mounting container volume interface, and sending a mounting notification message to a proxy process of the virtual machine through a container running command and a container volume adding command, wherein the proxy process responds to the mounting notification message and executes mounting operation on the formatted virtual disk.
In an exemplary embodiment, an unloading container volume interface is provided in the second container storage plug-in, and the unloading unit includes a first unloading module, where the first unloading module is configured to call the unloading container volume interface, send an unloading notification message to a proxy process of the virtual machine through a container runtime command and a container volume removal instruction, where the proxy process responds to the unloading notification message, and execute an unloading operation on the formatted virtual disk.
In an exemplary embodiment, the second container storage plug-in is provided with a separate container volume interface, and the unloading unit further includes a removal module, where the removal module is configured to call the separate container volume interface to remove the virtual disk from the process of the virtual machine of the secure container through a device control command.
In an exemplary embodiment, the first container storage plug-in is provided with a unmapped container volume interface, and the removing unit includes a second unloading module, where the second unloading module is configured to call the unmapped container volume interface to remove the virtual disk from the host where the secure container is located.
In an exemplary embodiment, the removing unit further includes a cancellation module, where the cancellation module is configured to cancel the mapping relationship between the virtual disk and the host based on the interface of the demapping container volume calling the interface of the super fusion system.
In an exemplary embodiment, the removing unit further includes a deleting module, configured to delete the virtual disk from the storage space based on deleting the interface of the container volume to invoke the interface of the super fusion system.
It should be noted that each of the above modules may be implemented by software or hardware, and for the latter, it may be implemented by, but not limited to: the modules are all located in the same processor; alternatively, the above modules may be located in different processors in any combination.
Embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
In one exemplary embodiment, the computer readable storage medium may include, but is not limited to: a usb disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing a computer program.
An embodiment of the present application further provides an electronic device, fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application, and as shown in fig. 6, the electronic device includes a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the computer program to perform steps in any of the method embodiments described above.
In an exemplary embodiment, the electronic device may further include a transmission device connected to the processor, and an input/output device connected to the processor.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, the present application is not limited to any specific combination of hardware and software.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the principles of the present application should be included in the protection scope of the present application.
Claims (20)
1. The utility model provides a resource processing method, which is characterized in that the utility model is applied in super fusion system, super fusion system includes server cluster and storage space, the main node of server cluster disposes first container storage plug-in, the load node of server cluster disposes the second container storage plug-in, the method includes:
scheduling a secure container to a target load node of the server cluster and generating a container volume creation request, wherein the container volume creation request is used for requesting to create a container volume of the secure container;
responding to the container volume creation request through the first container storage plug-in, creating a virtual disk corresponding to the container volume in the storage space, and mapping the virtual disk to a host where the secure container is located;
formatting the virtual disk through the second container storage plug-in, adding the formatted virtual disk into a virtual machine of the secure container, and mounting the formatted virtual disk on the secure container, wherein the secure container is a secure container based on lightweight virtualization and operates in a process of a customized virtual machine;
And operating the secure container at the target load node, and storing data generated in operation in the virtual disk.
2. The method according to claim 1, wherein the method further comprises:
unloading the virtual disk on the secure container through the second container storage plug-in under the condition that the secure container stops running, and removing the virtual disk from the virtual machine of the secure container;
and removing the virtual disk from the host computer where the secure container is located through the first container storage plug-in, canceling the mapping relation from the virtual disk to the host computer, and deleting the virtual disk from the storage space.
3. The method of claim 1, wherein generating a container volume creation request comprises:
setting container volume declaration information in a deployment configuration file of the security container, wherein the container volume declaration information at least comprises the following information: the security container comprises a storage pool required to be used in the storage space, the size of a container volume to be applied and the file system type used for formatting the container volume;
the container volume creation request is generated based on a deployment profile of the secure container.
4. The method of claim 3, wherein prior to determining container volume declaration information in the deployment configuration file of the secure container, the method further comprises:
setting at least the following information in a storage class of the server cluster: the storage pool required by the secure container, the size of the container volume to be applied, the file system type used for formatting the container volume, and the storage space size allowed by the super fusion system to be applied by the container;
the storage class is referenced in the container volume declaration information.
5. The method of claim 1, wherein prior to responding to the container volume creation request by the first container storage plug-in, the method further comprises:
setting authentication information of the super fusion system in a configuration file of the first container storage plug-in, wherein the authentication information at least comprises the following information: the system information of the super fusion system and the key information of the login super fusion system;
and the first container storage plug-in logs in the super fusion system according to the authentication information, and responds to the container volume creation request under the condition that the login is successful.
6. A method according to claim 3, wherein the first container storage plug-in has a container volume creation interface provided therein, and creating a virtual disk corresponding to a container volume in the storage space comprises:
invoking the created container volume interface to analyze the container volume creation request to obtain an analysis result, wherein the analysis result at least comprises the storage pool required to be used by the secure container and the size of the container volume to be applied;
and calling an interface of the super fusion system based on the analysis result, and creating the virtual disk in the storage pool.
7. The method of claim 1, wherein the first container storage plug-in has a mapping container volume interface disposed therein, and wherein mapping the virtual disk to the host in which the secure container resides comprises:
and calling the mapping container volume interface, and establishing a mapping relation between the virtual disk and the host, wherein the host logs in a target service of the super fusion system, and acquires information of the virtual disk based on the target service and the mapping relation.
8. A method according to claim 3, wherein the second container storage plug-in has an additional container volume interface provided therein, and formatting the virtual disk through the second container storage plug-in comprises:
And calling the additional container volume interface to inquire the virtual disk, and formatting the virtual disk according to the file system type.
9. The method of claim 8, wherein adding the formatted virtual disk to the virtual machine of the secure container comprises:
and calling the additional container volume interface, and adding the virtual disk to the process of the virtual machine of the secure container through a virtual machine protocol command.
10. The method of claim 1, wherein the second container storage plug-in has a mount container volume interface disposed therein, and wherein mounting the formatted virtual disk on the secure container comprises:
and calling the mounting container volume interface, and sending a mounting notification message to a proxy process of the virtual machine through a container runtime command and a container volume adding command, wherein the proxy process responds to the mounting notification message and executes mounting operation on the formatted virtual disk.
11. The method of claim 2, wherein the second container storage plug-in has an unload container volume interface disposed therein, wherein unloading the virtual disk on the secure container by the second container storage plug-in comprises:
And calling the unloading container volume interface, and sending an unloading notification message to a proxy process of the virtual machine through a container runtime command and a container volume removal command, wherein the proxy process responds to the unloading notification message to execute unloading operation on the formatted virtual disk.
12. The method of claim 2, wherein the second container storage plug-in has a split container volume interface disposed therein, the removing the virtual disk from the secure container's virtual machine comprising:
and calling the separation container volume interface, and removing the virtual disk from the process of the virtual machine of the security container through a device control command.
13. The method of claim 2, wherein the first container storage plug-in has a unmapped container volume interface disposed therein, wherein removing the virtual disk from the host in which the secure container resides by the first container storage plug-in comprises:
and calling the unmapped container volume interface, and removing the virtual disk from the host where the secure container is located.
14. The method of claim 13, wherein cancelling the mapping of the virtual disk to the host comprises:
And calling an interface of the super fusion system based on the unmapped container volume interface, and canceling the mapping relation from the virtual disk to the host.
15. The method of claim 2, wherein the first container storage plug-in has a delete container volume interface disposed therein, deleting the virtual disk from the storage space comprising:
and calling an interface of the super fusion system based on the deletion container volume interface, and deleting the virtual disk from the storage space.
16. A resource processing system, comprising:
the super fusion system comprises a server cluster and a storage space;
the first container storage plug-in is deployed at a main node of the server cluster and is used for responding to a container volume creation request, creating a virtual disk in the storage space and mapping the virtual disk to a host where a security container is located, wherein the container volume creation request is used for requesting to create a container volume of the security container;
the second container storage plug-in is deployed at a load node of the server cluster and is used for formatting the virtual disk, adding the formatted virtual disk into a virtual machine of the secure container and mounting the formatted virtual disk on the secure container, wherein the secure container is a secure container based on lightweight virtualization, operates in a process of a customized virtual machine, operates in the load node and stores data generated in operation in the virtual disk.
17. The resource processing system of claim 16, wherein the first container storage plug-in is further configured to offload the virtual disk on the secure container and remove the virtual disk from the secure container's virtual machine if the secure container is out of service;
and the second container storage plug-in is also used for removing the virtual disk from the host where the secure container is located under the condition that the secure container stops running, canceling the mapping relation from the virtual disk to the host, and deleting the virtual disk from the storage space.
18. A resource processing device, characterized by being applied to a super fusion system, the super fusion system comprising a server cluster and a storage space, a primary node of the server cluster being deployed with a first container storage plugin, and a load node of the server cluster being deployed with a second container storage plugin, the device comprising:
a scheduling unit, configured to schedule a secure container to a target load node of the server cluster, and generate a container volume creation request, where the container volume creation request is used to request creation of a container volume of the secure container;
The creating unit is used for responding to the container volume creating request through the first container storage plug-in, creating a virtual disk corresponding to the container volume in the storage space, and mapping the virtual disk to a host where the security container is located;
the mounting unit is used for formatting the virtual disk through the second container storage plug-in, adding the formatted virtual disk into a virtual machine of the secure container, and mounting the formatted virtual disk on the secure container, wherein the secure container is a secure container based on lightweight virtualization and operates in a process of a customized virtual machine;
and the running unit is used for running the secure container at the target load node and storing data generated in running in the virtual disk.
19. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program, wherein the computer program, when executed by a processor, realizes the steps of the method as claimed in any of claims 1 to 15.
20. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method as claimed in any one of claims 1 to 15 when the computer program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311300079.5A CN117056029B (en) | 2023-10-09 | 2023-10-09 | Resource processing method, system, device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311300079.5A CN117056029B (en) | 2023-10-09 | 2023-10-09 | Resource processing method, system, device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117056029A CN117056029A (en) | 2023-11-14 |
| CN117056029B true CN117056029B (en) | 2024-02-09 |
Family
ID=88659371
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311300079.5A Active CN117056029B (en) | 2023-10-09 | 2023-10-09 | Resource processing method, system, device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117056029B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170344270A1 (en) * | 2016-05-31 | 2017-11-30 | Vmware, Inc. | Enforcing limits on a self-serve model for provisioning data volumes for containers running in virtual machines |
| CN111857954A (en) * | 2020-07-17 | 2020-10-30 | 苏州浪潮智能科技有限公司 | Container management method, device, equipment and medium |
| CN114281263A (en) * | 2021-12-27 | 2022-04-05 | 深圳市名竹科技有限公司 | Storage resource processing method, system and equipment of container cluster management system |
| WO2022267428A1 (en) * | 2021-06-25 | 2022-12-29 | 航天云网科技发展有限责任公司 | Kubernetes-based storage configuration method and system, and electronic device |
| CN116382585A (en) * | 2023-04-11 | 2023-07-04 | 安超云软件有限公司 | Temporary volume storage method, containerized cloud platform and computer readable medium |
-
2023
- 2023-10-09 CN CN202311300079.5A patent/CN117056029B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170344270A1 (en) * | 2016-05-31 | 2017-11-30 | Vmware, Inc. | Enforcing limits on a self-serve model for provisioning data volumes for containers running in virtual machines |
| CN111857954A (en) * | 2020-07-17 | 2020-10-30 | 苏州浪潮智能科技有限公司 | Container management method, device, equipment and medium |
| WO2022267428A1 (en) * | 2021-06-25 | 2022-12-29 | 航天云网科技发展有限责任公司 | Kubernetes-based storage configuration method and system, and electronic device |
| CN114281263A (en) * | 2021-12-27 | 2022-04-05 | 深圳市名竹科技有限公司 | Storage resource processing method, system and equipment of container cluster management system |
| CN116382585A (en) * | 2023-04-11 | 2023-07-04 | 安超云软件有限公司 | Temporary volume storage method, containerized cloud platform and computer readable medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117056029A (en) | 2023-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109104467B (en) | Development environment construction method and device, platform system and storage medium | |
| CN109525624B (en) | Container login method and device and storage medium | |
| CN110413288B (en) | Application deployment method, device, server and storage medium | |
| CN107145380B (en) | Virtual resource arranging method and device | |
| US20190108079A1 (en) | Remote Procedure Call Method for Network Device and Network Device | |
| CN113296792B (en) | Storage method, device, equipment, storage medium and system | |
| CN111880902A (en) | Pod creation method, device, equipment and readable storage medium | |
| CN113742031B (en) | Node state information acquisition method and device, electronic equipment and readable storage medium | |
| CN103677858A (en) | Method, system and device for managing virtual machine software in cloud environment | |
| CN106293847B (en) | A kind of method of virtual platform supporting | |
| CN113032099B (en) | Cloud computing node, file management method and device | |
| CN112035121B (en) | Edge application deployment method and system | |
| KR20070001974A (en) | Military data link integration apparatus and method | |
| CN112463290A (en) | Method, system, apparatus and storage medium for dynamically adjusting the number of computing containers | |
| CN111708550A (en) | Application deployment method and device, computer equipment and storage medium | |
| CN108540408B (en) | Openstack-based distributed virtual switch management method and system | |
| CN113127144B (en) | Processing method, processing device and storage medium | |
| CN111367804B (en) | Method for realizing front-end cooperative debugging based on cloud computing and network programming | |
| CN108234174B (en) | Management method and device of virtual network function | |
| CN115357198B (en) | Mounting method and device of storage volume, storage medium and electronic equipment | |
| CN116724543A (en) | Container cluster management method and device | |
| CN117056029B (en) | Resource processing method, system, device, storage medium and electronic equipment | |
| CN112328402A (en) | High-efficiency self-adaptive space-based computing platform architecture and implementation method thereof | |
| CN114816665B (en) | Hybrid arrangement system and virtual machine container resource hybrid arrangement method under super-fusion architecture | |
| CN115167985A (en) | Virtualized computing power providing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |