CN117555648A - Inbound filter updating method, device, electronic equipment, system and storage medium - Google Patents
Inbound filter updating method, device, electronic equipment, system and storage medium Download PDFInfo
- Publication number
- CN117555648A CN117555648A CN202311554666.7A CN202311554666A CN117555648A CN 117555648 A CN117555648 A CN 117555648A CN 202311554666 A CN202311554666 A CN 202311554666A CN 117555648 A CN117555648 A CN 117555648A
- Authority
- CN
- China
- Prior art keywords
- inbound
- update
- filter
- rules
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 74
- 230000004044 response Effects 0.000 claims abstract description 6
- 238000012545 processing Methods 0.000 claims description 68
- 230000006870 function Effects 0.000 claims description 62
- 230000008569 process Effects 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 16
- 230000008859 change Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- 230000001939 inductive effect Effects 0.000 claims description 3
- 230000001172 regenerating effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4488—Object-oriented
- G06F9/449—Object-oriented method invocation or resolution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45579—I/O management, e.g. providing access to device drivers or storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the application provides an inbound filter updating method, an inbound filter updating device, electronic equipment, an inbound filter updating system and a storage medium. Generating updated inbound rules for the container according to the target resources if the target resources exist in the target cluster; updating the pre-update inbound rules in the pre-update inbound rule set according to the post-update inbound rules of the container, and determining the post-update inbound rule set; in response to a set of update requests, for each of the set of update requests, if each of the update requests is detected to be of the same type as the type of inbound rule corresponding to the update request, sending the corresponding set of post-update inbound rules to an inbound filter to update the pre-update inbound rule set of the inbound filter. The invention can configure the inbound rules of the inbound filter through the updating component, further can release the calculation force of the control center and improve the performance of the target cluster.
Description
Technical Field
Embodiments of the present disclosure relate to the field of computer technologies, and in particular, to an inbound filter updating method, an inbound filter updating device, an electronic device, a system, and a storage medium.
Background
Kubernetes (K8 s) is an open source platform for automated deployment, extension, and management of containerized applications. To secure containerized applications in a K8s cluster, inbound filters are typically deployed in the K8s cluster to define rules that allow or deny traffic into containers (Pod). By deploying the inbound filter, filtering and control of inbound traffic may be achieved to ensure that only authorized traffic can enter the container.
The goal, when deploying the inbound filter, is typically to use a hierarchical arrangement, i.e. the K8s cluster is divided into a plurality of nodes, each node is provided with an inbound filter, wherein a plurality of containers are arranged in each node, and the inbound filter stores allowed inbound configuration of each container. When the inbound filter detects that the load of the containers is abnormal or fails and updates the inbound rules of one or more containers are needed, the inbound filter sends update requests equal to the number of containers to the control center according to the number of containers of the current node, the control center configures each container inbound rule of the node according to the received update requests, and the configured inbound rule set is sent to the inbound filter.
When updating the inbound rule set in the inbound filter, the inbound filter sends a large amount of update requests to the control center, occupies a large amount of resources of the control center, and reduces the performance of the K8s cluster.
Disclosure of Invention
In view of this, embodiments of the present application provide an inbound filter update scheme for improving performance of a target cluster.
According to a first aspect of an embodiment of the present application, there is provided an inbound filter updating method applied to a target cluster, the target cluster being configured to generate a target resource, and to configure inbound rules of the inbound filter according to the target resource, the step of configuring the inbound rules of the inbound filter according to the target resource being performed by an updating component, one end of the updating component being connected to a control center, the other end being connected to the inbound filter, wherein each of the inbound filters is connected to a plurality of containers, the method comprising:
generating updated inbound rules of the container according to the target resources under the condition that the target resources exist in the target cluster, wherein the target resources are resources which cause the inbound rules of the container to change;
updating pre-update inbound rules in a pre-update inbound rule set according to the post-update inbound rules of the container, and determining a post-update inbound rule set, wherein the post-update inbound rule set is stored in a set area of the update component;
for each update request in the update set requests, if the type of each update request is detected to be the same as the type of the inbound rule corresponding to the update request, sending the corresponding post-update inbound rule set to the inbound filter to update the pre-update inbound rule set of the inbound filter, wherein the update request set is sent by the inbound filter, and the inbound rule comprises the pre-update inbound rule and the post-update inbound rule.
In some embodiments, the generating updated inbound rules for the container from the target resource comprises:
obtaining the type of the target resource, and determining a processing function corresponding to the target resource, wherein the type of the target resource comprises at least one of the following: adding, updating and deleting events, the processing function comprising at least one of: adding a function, updating a function and deleting a function;
and calling the processing function, processing the target resource, and generating the updated inbound rule of the container.
In some embodiments, in determining a processing function according to the type of the target resource, the method further comprises:
caching the target resource to the set area of the updating component;
the invoking the processing function to process the target resource, determining the updated inbound rules for the container, comprising:
and acquiring the target resource in the set area of the updating component, thereby calling the processing function to process the target resource and determining the updated inbound rule of the container.
In some embodiments, when the processing function is invoked to process the target resource to generate the updated inbound rule for the container, the method further comprises:
and when the number of the processing functions which are called simultaneously is detected to reach a preset threshold value, suspending the calling of the processing functions to process the target resources.
In some embodiments, the method further comprises:
in response to the update request set, acquiring the update request with a different type than the inbound rule corresponding to the update request when the type of the update request set is detected and the type of the inbound rule is different;
the update request is sent to the control center, and a first resource sent by the control center is received;
regenerating the inbound rule according to the received first resource;
sending the regenerated inbound rules to the inbound filter to update the inbound rule set of the inbound filter.
According to a second aspect of embodiments of the present application, there is provided an inbound filter update device, applied to a target cluster, the device comprising:
the generating module is used for generating updated inbound rules of the container according to the target resources under the condition that the target resources exist in the target cluster, wherein the target resources are resources for inducing the inbound rules of the container to change;
the updating module is used for updating the pre-update inbound rules in the pre-update inbound rule set according to the post-update inbound rules of the container and determining the post-update inbound rule set, wherein the post-update inbound rule set is stored in a set area of the updating component;
a sending module, configured to send, in response to a set of update requests, for each update request in the set of update requests, a corresponding set of post-update inbound rules to the inbound filter to update the pre-update inbound rule set of the inbound filter if each update request is detected to have a same type of inbound rule corresponding to the update request, where the set of update requests is sent by the inbound filter, and the inbound rules include the pre-update inbound rules and the post-update inbound rules.
According to a third aspect of embodiments of the present application, there is provided an inbound filter update system applied to a target cluster, the system comprising an update component, an inbound filter and a control center, wherein one end of the update component is connected to the control center, and the other end is connected to the inbound filter, for performing the inbound filter update method of any one of claims 1-6, the inbound filter being provided with a plurality of containers, each of the inbound filters being connected to a plurality of containers, and the control center being for issuing target resources and/or first resources to the update component.
According to a fourth aspect of embodiments of the present application, there is provided an electronic device, including: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus; the memory is configured to store at least one executable instruction that causes the processor to perform operations corresponding to the inbound filter update method according to the first aspect.
According to a fifth aspect of embodiments of the present application, there is provided a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the inbound filter update method as described in the first aspect.
According to the inbound filter updating scheme provided by the embodiment of the application, the updating component is used for detecting the target resource of the target cluster, and generating the updated inbound rule of the container according to the target resource when the updating component detects that the target resource exists in the target cluster, the updating component is used for configuring the inbound rule of the inbound filter, so that the computing power of the control center can be released, the performance of the target cluster is improved, and further, the updating component is used for storing the updated inbound rule set in the setting area of the updating component, and when the inbound rule set of the inbound filter can be updated, the stored updated inbound rule set is sent to the inbound filter by responding to the update request set sent by the inbound filter, so that the inbound filter is effectively prevented from sending the update request set to the control center, and the performance of the target cluster is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following description will briefly introduce the drawings that are required to be used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present application, and other drawings may also be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a flow chart of steps of an inbound filter update method according to an embodiment of the present application;
FIG. 2 is a flow chart of steps of an inbound filter update method according to another embodiment of the present application;
FIG. 3 is a block diagram of an inbound filter update device according to an embodiment of the present application;
FIG. 4 is a block diagram of an inbound filter update system according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to better understand the technical solutions in the embodiments of the present application, the following descriptions will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the embodiments of the present application shall fall within the scope of protection of the embodiments of the present application.
Embodiments of the present application are further described below with reference to the accompanying drawings of embodiments of the present application.
The embodiment of the application provides an inbound filter updating method, which is applied to a target cluster, wherein the target cluster is used for generating target resources, and according to the target resources, configuring inbound rules of an inbound filter, an updating component executes the inbound rules of the inbound filter according to the target resources, one end of the updating component is connected with a control center, the other end of the updating component is connected with the inbound filter, the target cluster can be a K8s cluster, each inbound filter is connected with a plurality of containers, and the specific steps are as shown in fig. 1, and the method comprises the following steps:
s101, under the condition that the existence of the target resource in the target cluster is detected, generating updated inbound rules of the container according to the target resource.
In the embodiment of the application, when the updating component works, the target cluster is monitored, whether target resources exist in the target cluster is detected in real time, namely, the updating component monitors whether the control center configures inbound rules of the container in real time, and when the control center configures the inbound rules of the container, the updating component determines that the target resources exist in the target cluster.
And under the condition that the updating component detects that the target resource exists in the target cluster, the updating component generates updated inbound rules of the container by utilizing the target resource. Specifically, the target resource in this embodiment is a resource that causes the inbound rule of the container to change.
In one example, for example, the target resource is an inbound configuration for updating container 1, the pre-update inbound rule for container 1 is to allow entry of data messages with a byte count greater than 64 bytes, the target resource is an inbound byte count for container 1 that is reduced by 10, and the update component is to reduce the updated inbound rule for container 1 to allow entry of data messages with a byte count greater than 54 bytes based on the inbound byte count for container 1 for the target resource that is reduced by 10.
In one example, the updating component in the embodiment of the present application may detect whether a target resource exists in the target cluster through the filter notifier, and the target resource in the embodiment of the present application may include adding a container, deleting a container, and updating a container inbound rule.
In one example, the update component can establish a first-in-first-out (FIFO) queue as the target resource is monitored, adding the target resource to the FIFO queue in turn according to the time of generation of the target resource. And further, the target resource can be managed.
S102, determining an updated inbound rule set according to the pre-update inbound rule corresponding to the updated inbound rule in the updated inbound rule update corresponding to the updated inbound rule of the container.
In this embodiment, after the updating component updates the inbound rule of the container to the updated inbound rule, the updating component first determines an inbound rule set to which the updated inbound rule belongs, determines, after determining the inbound rule set to which the updated inbound rule belongs, a pre-update inbound rule corresponding to the updated inbound rule in the inbound rule set, and updates the pre-update inbound rule by using the updated inbound rule, to determine the updated inbound rule set.
In one example, the post-update inbound rule set of the embodiments is stored in a setup area of the update component, which may be a local store of the update component.
S103, responding to the update request set, aiming at each update request in the update set requests, and sending the corresponding first inbound rule set updated inbound rule set to the inbound filter to update the pre-update inbound rule set of the inbound filter under the condition that the type of each update request is detected to be the same as the type of the inbound rule corresponding to the update request.
In this embodiment, when the update component updates the inbound rule set to an updated inbound rule set, and receives an update request set sent by the inbound filter, the update component receives an update request set sent by the inbound filter, obtains a type of each update request for each update request in the update set request, and compares each update request type with a type of an inbound rule corresponding to the update request, where the update request type in the update request set is the same as the type of the inbound rule corresponding to the update request, and the update component sends the corresponding updated inbound rule set to the inbound filter to update the inbound rule set of the inbound filter.
In one example, for example, an inbound filter is connected with 3 containers, namely container 1, container 2 and container 3, when the inbound filter updates the inbound rule set, the inbound filter sends an update request set to an update component, the update request set comprises a first update request corresponding to container 1, a second update request corresponding to container 2 and a third update request corresponding to container 3, when the update request set is received, the update component determines the type of the first update request, the type of the second update request and the type of the third update request respectively, compares the type of the first update request with the type of the inbound rule of container 1 stored in the updated inbound rule set, further determines whether the type of the first update request is the same as the type of the inbound rule of container 1 stored in the updated inbound rule set, and so on, sequentially determines whether the type of the update request in the update request set, and the type of the rule corresponding to the update request are the same, and when the update request is the type of the rule, the update component sends the corresponding update rule to the inbound filter to update the inbound rule set, and to update the inbound rule set.
In one example, the inbound rules of the embodiments of the present application include the pre-update inbound rule and post-update inbound rule, i.e., the update component may update all pre-update inbound rules in the inbound rule set to post-update inbound rules, or may update some pre-update inbound rules in the inbound rule set to post-update inbound rules.
According to the method for updating the inbound filter, the updating component is used for detecting the target resource of the target cluster, and when the updating component is used for detecting that the target resource exists in the target cluster, the updated inbound rule of the container is generated according to the target resource, the inbound rule of the inbound filter can be configured through the updating component, so that the computing power of a control center can be released, the performance of the target cluster is improved, the updating component is used for storing the updated inbound rule set in the setting area of the updating component, and when the inbound rule set of the inbound filter can be updated, the stored updated inbound rule set is sent to the inbound filter through responding to the update request set sent by the inbound filter, and further, the inbound filter is effectively prevented from sending the update request set to the control center, and the performance of the target cluster is further improved.
Further, when performing the step of generating updated inbound rules for a container according to a target resource, embodiments of the present application may include the steps of:
s1011, obtaining the type of the target resource and determining the processing function corresponding to the target resource.
In the embodiment of the application, when generating the post-update inbound rule of the container, the update component first obtains the type of the target resource, and determines a processing function required for processing the target resource according to the type of the target resource.
In one example, when the FIFO queue releases a target resource, the update component obtains the type of the target resource and determines the processing functions needed to process the target resource.
In one example, the types of target resources in the embodiments of the present application include at least one of: adding, updating and deleting events, the processing function comprising at least one of: adding functions, updating functions, and deleting functions.
S1012, calling a processing function to process the target resource and generating the updated inbound rule of the container.
In the embodiment of the application, after determining the processing function corresponding to each target resource, the updating component calls the processing function to process the corresponding target resource, and updates the inbound rule.
In one example, when a processing function is called to process a corresponding target resource, the updating component may establish a speed limit queue, after the updating component determines a processing function corresponding to the target resource, the corresponding processing item is added to the speed limit queue, and when the updating component calls the processing function to process the target resource, the updating component calls a plurality of processing items in the speed limit queue at the same time so as to process a plurality of target resources at the same time, and generate a plurality of updated inbound rules at the same time.
Further, the method for updating the inbound filter according to the embodiment of the present application may further include the following steps when determining the processing function when the type of the target resource is determined:
s104, caching the target resource to the set area of the updating component.
In the embodiment of the application, when the processing function required by processing the target resource is determined, the updating component simultaneously caches the data of the target resource to the setting area of the updating component, and then when the updating component calls the processing function to process the target resource, the target resource can be read in the setting area, the processing function is called to process the target resource, and the updated inbound rule of the container is determined, so that the data of the target resource does not need to be read in the database of the target cluster, and the data processing efficiency is improved.
Further, when the processing function is called to process the target resource and generate the updated inbound rule of the container, the embodiment of the application may further include the following steps:
s1013, when the number of the simultaneous calling processing functions reaches a preset threshold, the calling processing functions are stopped to process the target resources.
In the embodiment of the application, when the updating component calls the processing function to process the target resource, the updating component obtains the number of the processing functions which are called simultaneously, compares the number of the processing functions which are called simultaneously with a preset threshold value, determines whether the actual processing speed of the updating component reaches the maximum processing speed of the updating component, and when the number of the processing functions which are called simultaneously reaches the preset threshold value, the updating component pauses to continuously call the processing function, and after the processing function which is called currently by the updating component finishes processing, the updating component continuously calls the processing function to process the target resource.
In one example, the update component in this embodiment limits the processing speed of the update component by using the speed limit queue to prevent too many processing functions from being invoked at the same time, thereby ensuring the processing performance of the update component.
In one example, the preset threshold in this embodiment may be determined according to the actual configuration of the update component, e.g., the preset threshold may be set to 5, 10, 15, 20, etc.
Further, the inbound filter update method according to the embodiment of the present application may further include the following steps:
s105, responding to the update request set, and acquiring the update request with different types from the inbound rule when detecting that the types of the update requests of the update request set are different from the types of the inbound rule corresponding to the update request.
In this embodiment of the present application, when detecting that the type of the update request set is different from the type of the inbound rule corresponding to the update request, the update component acquires the update request different from the type of the inbound rule. For example, the update request set includes a first update request corresponding to the container 1, a second update request corresponding to the container 2, and a third update request corresponding to the container 3, and when the update request set is received, the update component determines a type of the first update request, a type of the second update request, and a type of the third update request, respectively, compares the type of the first update request with a type of an inbound rule of the container 1 stored in the post-update inbound rule set, further determines whether the type of the first update request is the same as the type of an inbound rule of the container 1 stored in the post-update inbound rule set, and so on, sequentially determines whether the type of the update request in the update request set is the same as the type of the inbound rule corresponding to the update request.
The update component obtains the update request when the update component determines that the type of the first update request is different from the type of its corresponding inbound rule.
S106, sending an update request to the control center and receiving the first resource sent by the control center.
In the embodiment of the application, after the update component determines an update request with a different type from the inbound rule, the update request is forwarded to the control center, and the control center generates a first resource according to the received update request and sends the first resource to the update component.
S107, regenerating the inbound rule according to the received first resource.
In this embodiment, after the update component receives the first resource, the update component invokes a processing function corresponding to the first resource to regenerate the inbound rule, so as to update the original inbound rule.
S108, sending the regenerated inbound rule to an inbound filter to update the inbound rule set of the inbound filter.
In an embodiment of the present application, after the updating component regenerates the inbound rules, the regenerated inbound rules are sent to an inbound filter to update the inbound rule set of the inbound filter.
In one example, the update requests in the set of update requests sent by the inbound filter to the update component include: first update request of container 1: second update request to update container 1, container 2: the third update request of container 2, 3 is not changed: deleting container 3, updating inbound rules stored in the inbound rule set in the component includes: container 1: update pre-update inbound rules for container 1 to post-update inbound rules, container 2: container 2 is a pre-update inbound rule, container 3: the pre-update inbound rules for container 3 are updated to post-update inbound rules.
The updating component determines that the type of the first updating request is the same as the type of the corresponding inbound rule, the type of the second updating request is different from the type of the corresponding inbound rule, the type of the third updating request is different from the type of the corresponding inbound rule, the updating component further sends the inbound rule of the container 1 to the inbound filter, meanwhile, the second updating request and the third updating request are forwarded to the control center, the control center generates a corresponding number of first resources according to the received second updating request and the third updating request, the first resources are sent to the updating component, the updating component calls a processing function to process the first resources, regenerates the inbound rule and sends the inbound rule to the inbound filter.
Further, an embodiment of the present application provides yet another inbound filter update method, as illustrated in fig. 2, including:
when the inbound rule set of the inbound filter is updated, the updating component monitors the target cluster to determine whether a target resource exists in the target cluster, wherein the target resource is configured by the control center and is used for changing inbound rules of the container, and when the updating component detects the target resource, the updating component caches data of the target resource into a set area and acquires the type of the target resource to determine a processing function corresponding to the target resource. Further, the update component invokes the processing function to process the target resource to generate post-update inbound rules for the container, and further to update pre-update inbound rules for the container with the post-update inbound rules, determining a post-update inbound rule set, and thereby updating the pre-update inbound rule set for the inbound filter.
When the updating component calls the processing functions to process the target resources, the updating component obtains the quantity of the processing functions which are called simultaneously, compares the quantity of the processing functions which are called simultaneously with a preset threshold value, determines whether the actual processing speed of the updating component reaches the maximum processing speed of the updating component, and pauses to call the processing functions continuously when the quantity of the processing functions which are called simultaneously reaches the preset threshold value.
After the updating component updates the inbound rule set of the set area into an updated inbound rule set, the updating component receives an update request set sent by an inbound filter, obtains the type of each update request of the update request set, and compares the type of the update request with the type of the inbound rule corresponding to the update request to determine the type of the update request, wherein the type of the update request is the same as the type of the inbound rule corresponding to the update request.
In the case that the update component determines that the types of the update requests in the update request set are the same as the types of the inbound rules corresponding to the update requests, the update component sends the corresponding updated inbound rule set to the inbound filter to update the inbound rule set of the inbound filter.
When the updating component determines that the type of the updating request set is different from the type of the inbound rule corresponding to the updating request, the updating component acquires the updating request which is different from the type of the inbound rule and forwards the updating request to the control center, the control center generates a first resource according to the received updating request and sends the first resource to the updating component, after the updating component receives the first resource, the updating component invokes a processing function corresponding to the first resource to regenerate the inbound rule so as to update the original inbound rule, and further sends the regenerated inbound rule to the inbound filter so as to update the inbound rule set of the inbound filter.
Further, an embodiment of the present application provides an inbound filter updating device, applied to a target cluster, as shown in fig. 3, where the device includes:
the generating module 301 is configured to generate, when it is detected that a target resource exists in the K8s, an updated inbound rule of the container according to the target resource, where the target resource is a resource that causes a change in the inbound rule of the container;
an updating module 302, configured to update a corresponding inbound rule set according to the updated inbound rule of the container, and determine a pre-update inbound rule corresponding to the updated inbound rule, where the updated inbound rule set is stored in a setting area of the updating component;
a sending module 303, configured to send, in response to detecting that the type of the update request in the update request set is the same as the type of the inbound rule corresponding to the update request, a corresponding updated inbound rule set to the inbound filter to update the inbound rule set of the inbound filter, where the update request set is sent by the inbound filter, and the inbound rule includes a pre-update inbound rule and an post-update inbound rule.
The inbound filter updating device of the present embodiment is configured to implement the corresponding inbound filter updating method in the foregoing method embodiments, and has the beneficial effects of the corresponding method embodiments, which are not described herein. In addition, the functional implementation of each module in the inbound filter updating apparatus of the present embodiment may refer to the description of the corresponding portion in the foregoing method embodiment, which is not repeated herein.
Further, an embodiment of the present application provides an inbound filter update system, applied to a target cluster, specifically as shown in fig. 4, where the system includes an update component, an inbound filter, and a control center, where one end of the update component is connected to the control center, and the other end of the update component is connected to the inbound filter, and is used to execute the inbound filter update method of the embodiment of the present application, where the inbound filter is provided with a plurality of inbound filters, each inbound filter is connected to a plurality of containers, and the control center is used to issue a target resource and/or a first resource to the update component.
Referring to fig. 5, a schematic structural diagram of an electronic device according to an embodiment of the present application is shown, and embodiments of the present application are not limited to specific implementations of the electronic device.
As shown in fig. 5, the electronic device may include: a processor 502, a communication interface (Communications Interface) 504, a memory 506, and a communication bus 508.
Wherein:
processor 502, communication interface 504, and memory 506 communicate with each other via communication bus 508.
A communication interface 504 for communicating with other electronic devices or servers.
The processor 502 is configured to execute the program 510, and may specifically perform relevant steps in the foregoing embodiments of the method for generating a check code.
In particular, program 510 may include program code including computer-operating instructions.
The processor 502 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present application. The one or more processors comprised by the smart device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
A memory 506 for storing a program 510. Memory 506 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may be specifically operable to cause the processor 502 to:
in an alternative embodiment, the program 510 is further configured to enable the specific implementation of each step of the processor 502 in the program 510 to refer to corresponding descriptions in the corresponding steps and units in the foregoing embodiment of the method for generating the check code, which is not described herein in detail. It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus and modules described above may refer to corresponding procedure descriptions in the foregoing method embodiments, which are not repeated herein.
Embodiments of the present application also provide a computer program product comprising computer instructions that instruct a computing device to perform operations corresponding to any one of the inbound filter update methods of the method embodiments described above.
It should be noted that, according to implementation requirements, each component/step described in the embodiments of the present application may be split into more components/steps, and two or more components/steps or part of operations of the components/steps may be combined into new components/steps, so as to achieve the purposes of the embodiments of the present application.
The above-described methods according to embodiments of the present application may be implemented in hardware, firmware, or as software or computer code storable in a recording medium such as a CD ROM, RAM, floppy disk, hard disk, or magneto-optical disk, or as computer code originally stored in a remote recording medium or a non-transitory machine-readable medium and to be stored in a local recording medium downloaded through a network, so that the methods described herein may be stored on such software processes on a recording medium using a general purpose computer, special purpose processor, or programmable or special purpose hardware such as an ASIC or FPGA. It is understood that a computer, processor, microprocessor controller, or programmable hardware includes a memory component (e.g., RAM, ROM, flash memory, etc.) that can store or receive software or computer code that, when accessed and executed by the computer, processor, or hardware, implements the methods of generating the check code described herein. Further, when the general-purpose computer accesses code for implementing the check code generation method shown herein, execution of the code converts the general-purpose computer into a special-purpose computer for executing the check code generation method shown herein.
Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or as a combination of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments of the present application.
The above embodiments are only for illustrating the embodiments of the present application, but not for limiting the embodiments of the present application, and various changes and modifications can be made by one skilled in the relevant art without departing from the spirit and scope of the embodiments of the present application, so that all equivalent technical solutions also fall within the scope of the embodiments of the present application, and the scope of the embodiments of the present application should be defined by the claims.
Claims (10)
1. An inbound filter updating method applied to a target cluster, the target cluster being configured to generate a target resource and configure inbound rules of the inbound filter according to the target resource, wherein the inbound rules of the inbound filter are configured according to the target resource, and wherein an updating component is executed, one end of the updating component is connected to a control center, and the other end of the updating component is connected to an inbound filter, and wherein each of the inbound filters is connected to a plurality of containers, the method comprising:
generating updated inbound rules of the container according to the target resources under the condition that the target resources exist in the target cluster, wherein the target resources are resources for inducing the inbound rules of the container to change;
updating pre-update inbound rules in a pre-update inbound rule set according to the post-update inbound rules of the container, and determining a post-update inbound rule set, wherein the post-update inbound rule set is stored in a set area of the update component;
in response to a set of update requests, for each of the update requests, if each of the update requests is detected to be of the same type as the type of inbound rule corresponding to the update request, sending a corresponding set of post-update inbound rules to the inbound filter to update the pre-update inbound rule set of the inbound filter, wherein the set of update requests is sent by the inbound filter, and the inbound rules include the pre-update inbound rules and the post-update inbound rules.
2. The method of claim 1, wherein generating updated inbound rules for the container from the target resource comprises:
obtaining the type of the target resource, and determining a processing function corresponding to the target resource, wherein the type of the target resource comprises at least one of the following: adding, updating and deleting events, the processing function comprising at least one of: adding a function, updating a function and deleting a function;
and calling the processing function, processing the target resource, and generating the updated inbound rule of the container.
3. The method of claim 2, wherein in determining a processing function based on the type of the target resource, the method further comprises:
caching the target resource to the set area of the updating component;
the invoking the processing function to process the target resource, determining the updated inbound rules for the container, comprising:
and acquiring the target resource in the set area of the updating component, thereby calling the processing function to process the target resource and determining the updated inbound rule of the container.
4. A method according to claim 2 or 3, wherein, when the processing function is invoked to process the target resource to generate the updated inbound rules for the container, the method further comprises:
and when the number of the processing functions which are called simultaneously is detected to reach a preset threshold value, suspending the calling of the processing functions to process the target resources.
5. The method according to claim 1, wherein the method further comprises:
responding to the update request set, and acquiring the update requests with different types from the inbound rules under the condition that the types of the update requests are detected to be different from the types of the inbound rules corresponding to the update requests for each update request in the update request set;
the update request is sent to the control center, and a first resource sent by the control center is received;
regenerating the inbound rule according to the received first resource;
sending the regenerated inbound rules to the inbound filter to update the inbound rule set of the inbound filter.
6. An inbound filter updating apparatus for application to a target cluster, the target cluster being configured to generate a target resource and configure inbound rules of the inbound filter according to the target resource, the apparatus comprising:
the generating module is used for generating updated inbound rules of the container according to the target resources under the condition that the target resources exist in the target cluster, wherein the target resources are resources for inducing the inbound rules of the container to change;
the updating module is used for updating the pre-update inbound rules in the pre-update inbound rule set according to the post-update inbound rules of the container and determining the post-update inbound rule set, wherein the post-update inbound rule set is stored in a set area of the updating component;
a sending module, configured to send, in response to a set of update requests, for each update request in the set of update requests, a corresponding set of post-update inbound rules to the inbound filter to update the pre-update inbound rule set of the inbound filter if each update request is detected to have a same type of inbound rule corresponding to the update request, where the set of update requests is sent by the inbound filter, and the inbound rules include the pre-update inbound rules and the post-update inbound rules.
7. An inbound filter update system for application to a target cluster, comprising an update component, an inbound filter and a control center, wherein one end of the update component is connected to the control center and the other end is connected to the inbound filter for performing the inbound filter update method of any of claims 1-6, the inbound filter being provided with a plurality of containers, each of the inbound filters being connected to a plurality of containers, and the control center being for issuing target resources and/or first resources to the update component.
8. An electronic device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction that causes the processor to perform operations corresponding to the inbound filter update method as claimed in any one of claims 1 to 6.
9. A computer storage medium having stored thereon a computer program which when executed by a processor implements the inbound filter update method of any of claims 1-6.
10. A computer program product comprising computer instructions that instruct a computing device to perform operations corresponding to the inbound filter update method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311554666.7A CN117555648A (en) | 2023-11-21 | 2023-11-21 | Inbound filter updating method, device, electronic equipment, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311554666.7A CN117555648A (en) | 2023-11-21 | 2023-11-21 | Inbound filter updating method, device, electronic equipment, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117555648A true CN117555648A (en) | 2024-02-13 |
Family
ID=89810583
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311554666.7A Pending CN117555648A (en) | 2023-11-21 | 2023-11-21 | Inbound filter updating method, device, electronic equipment, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117555648A (en) |
-
2023
- 2023-11-21 CN CN202311554666.7A patent/CN117555648A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104219316A (en) | Method and device for processing call request in distributed system | |
| WO2018121334A1 (en) | Web application service providing method, apparatus, electronic device and system | |
| CN110138753B (en) | Distributed message service system, method, apparatus, and computer-readable storage medium | |
| CN113872951B (en) | Hybrid cloud security policy issuing method and device, electronic equipment and storage medium | |
| CN109669637B (en) | System, method and apparatus for providing container services | |
| CN111988355A (en) | Current limiting method and device, server and server cluster | |
| CN113709810A (en) | Method, device and medium for configuring network service quality | |
| CN113590595A (en) | Database multi-writing method and device and related equipment | |
| CN106412123B (en) | Method and system for distributed processing of terminal equipment information by cloud access controller | |
| CN112835639B (en) | Hook realization method, device, equipment, medium and product | |
| CN112187570A (en) | Risk detection method and device, electronic equipment and readable storage medium | |
| CN113254166A (en) | Method for processing IO request, storage medium and virtualization simulator | |
| CN105468941A (en) | Right control method and device | |
| CN117555648A (en) | Inbound filter updating method, device, electronic equipment, system and storage medium | |
| US7350065B2 (en) | Method, apparatus and program storage device for providing a remote power reset at a remote server through a network connection | |
| CN116366634A (en) | File downloading method, device, terminal, source server and medium | |
| CN113515458B (en) | Method and system for reducing test environment resource consumption based on Envoy plug-in | |
| CN103034545A (en) | Communication framework and method based on ACE (adaptive communication environment) and communication method among function modules | |
| CN112148496B (en) | Energy efficiency management method and device for computing storage resources of super-fusion virtual machine and electronic equipment | |
| CN113595887B (en) | Flow control method and device in mail system | |
| CN112988405B (en) | Automatic degradation method and device for micro-service and computing equipment | |
| CN114416470A (en) | Cloud monitoring method, system, equipment and computer storage medium | |
| CN113805957A (en) | Dynamic loading method and device for edge terminal program | |
| CN108055305B (en) | Storage expansion method and storage expansion device | |
| CN102156646B (en) | Feature library upgrading method and device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |