CN117827224A - OCM-based multi-Kubernetes cluster nanotube method and system - Google Patents
OCM-based multi-Kubernetes cluster nanotube method and system Download PDFInfo
- Publication number
- CN117827224A CN117827224A CN202311700197.5A CN202311700197A CN117827224A CN 117827224 A CN117827224 A CN 117827224A CN 202311700197 A CN202311700197 A CN 202311700197A CN 117827224 A CN117827224 A CN 117827224A
- Authority
- CN
- China
- Prior art keywords
- cluster
- management
- hub
- ocm
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 239000002071 nanotube Substances 0.000 title claims abstract description 44
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000013475 authorization Methods 0.000 claims abstract description 21
- 230000008859 change Effects 0.000 claims abstract description 9
- 238000012790 confirmation Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of cloud platforms, and particularly discloses an OCM-based multi-Kubernetes cluster nanotube method and system, wherein the method comprises the following steps: creating a plurality of custom resource clusters in a crd mode, wherein the custom resource clusters comprise hub clusters and management clusters; performing component deployment on the hub cluster and the management cluster; the component changes the state of the cluster crd according to the hub cluster and the management cluster, and performs nano-tube task circulation according to a change result; wherein the component is a controller or OCM component. The method disclosed by the invention realizes centralized management of multiple Kubernetes clusters, improves management efficiency and operation safety in an automatic and safe authorization mode, and is suitable for a scene needing to be efficiently managed in a multi-cluster environment.
Description
Technical Field
The invention relates to the technical field of multi-cloud multi-cluster, in particular to a multi-Kubernetes cluster nano-tube method and system based on OCM.
Background
With the widespread use of Kubernetes clusters, multi-cloud multi-clusters have become a trend, and cluster administrators often need to manage multiple sets of Kubernetes clusters, deploy application distribution into the multiple sets of Kubernetes clusters, and uniformly maintain.
OCM (Open Cluster Management) is one mainstream implementation of multiple Kubernetes cluster nanotubes, application distribution, and the architecture of OCM is shown in fig. 1. The OCM uses a certain cluster as hub cluster and other clusters as management clusters. Numerous manager clusters can be incorporated into hub cluster management by installing servers and agent components of the OCM in the hub cluster and the manager cluster, respectively, through a clusteradm command line tool. The cluster administrator may distribute applications in the hub cluster to the multi-manager cluster unified deployment.
The community version OCM nanotube process is an open source project for managing multiple Kubernetes clusters, and provides a centralized control platform for managing, monitoring and operating multiple clusters, as shown in fig. 2. The method comprises the steps that a hub cluster manager is required to execute a clusteradm init to deploy a server component of an OCM in the hub cluster, the generated token is distributed to each manager of the manager cluster, the manager of the manager cluster executes a clusteradm join command to deploy the agent component of the OCM in the manager cluster, the agent component initiates a csr issuing certificate request to the hub cluster after being connected with the server component, and then the manager of the hub cluster finds out the corresponding csr in the hub cluster and executes clusteradm accept to carry out approval.
The OCM only supports the Clusteradm command line operation at present, and under a trusted scene, clusters need to be frequently switched during operation, and particularly when a hub cluster manager and a management cluster manager are the same person or the cluster amount is large, mistakes are easy to occur; in an untrusted scenario, the hub cluster administrator and the manager cluster administrator are required to mutually cooperate and operate successively, so that the efficiency of the multi-Kubernetes cluster nanotube is lower. The trusted scene means that the hub cluster administrator simultaneously has the hub and the management cluster operation authority. The untrusted scene means that a hub cluster manager and a manager cluster manager respectively manage credentials such as kubeconfig of each cluster, and the hub cluster manager has no manager cluster operation authority before the nanotubes.
Therefore, how to improve the efficiency of multiple Kubernetes cluster nanotubes is a problem to be solved in the industry.
Disclosure of Invention
The invention aims to provide an OCM-based multi-Kubernetes cluster nanotube method, which comprises the following steps:
creating a plurality of custom resource clusters in a crd mode, wherein the custom resource clusters comprise hub clusters and management clusters;
performing component deployment on the hub cluster and the management cluster; the component changes the state of the cluster crd according to the hub cluster and the management cluster, and performs nano-tube task circulation according to a change result;
wherein the component is a controller or OCM component.
Further, the hub cluster and the manager cluster are both Kubernetes clusters.
Further, a plurality of custom resource clusters are created in a crd mode, wherein the custom resource clusters comprise hub clusters and management clusters, and the method comprises the following steps: the management cluster crd is kubeconfig file content embedded in cr; or, the management cluster crd is a specific way to obtain the kubeconfig file content; or, the managed cluster crd is a network API interface address that can create resources in the cluster.
Further, creating a plurality of custom resource clusters by means of crd includes:
and selecting one custom resource cluster to perform controller component deployment, and defining the custom resource cluster deployed with the controller as the hub cluster.
Further, a hub cluster cr is created in the hub cluster, a management cluster cr is created in the management cluster, and after the hub cluster cr and the management cluster cr are created, the states of the hub cluster cr and the management cluster cr are updated to initial states.
Further, the method for creating the management cluster cr in the hub cluster includes:
creating by using a kubectl command line tool through a YAML configuration file of a batch-generated management cluster cr; or, created in code by Kubernetes SDK in bulk.
Further, the controller monitors states of the hub cluster cr and the management cluster cr;
and the controller performs component deployment on the hub cluster and the management cluster, and updates the states of the hub cluster cr and the management cluster cr according to the monitored state result.
Further, when the controller monitors that the state of the hub cluster cr is an initial state, the controller deploys an OCM component in the hub cluster to generate and store a token, and meanwhile, the state of the hub cluster cr is updated to be a stable state.
Further, the OCM component deployed by the controller in the hub cluster is an OCM server component.
Further, when the controller monitors that the state of the management cluster cr is an initial state, the management cluster cr is connected with the management cluster cr, and the controller deploys an OCM component in the management cluster cr.
Further, the OCM component deployed by the controller in the management cluster is an OCM agent component.
Further, under an untrusted scene, an authentication authorization approval mode and interface information are configured in the management cluster cr, and the controller performs cluster connection so as to deploy an OCM agent component; and the controller performs secondary confirmation in key steps of join and accept according to the authentication authorization approval mode and the interface information.
Further, when one of the management clusters initiates a csr certificate signing request to the hub cluster by using the token, the current state of the management cluster cr is updated to an intermediate state.
Further, the controller monitors the csr certificate signing request, determines the managerial cluster information of the current managerial cluster initiating the request according to the information in the csr certificate signing request, searches whether the resources of the current managerial cluster cr exist or not, and searches the state of the resources of the managerial cluster cr at the same time;
and the controller checks the resources of the management cluster cr, and decides to pass or reject the csr certificate signature request according to a check result.
Further, the controller checks the resource of the management cluster cr, and decides to pass or reject the csr certificate signature request according to the check result, where the check includes:
and the controller decides whether to call a third party system to authenticate and acquire authorization according to the authentication and authorization information configuration condition of the resources of the management cluster cr, decides to pass or reject the csr certificate signature request initiated by the management cluster according to the result, and updates the state of the management cluster.
Further, after deciding to pass or reject the csr certificate signature request initiated by the management cluster according to the result, updating the state of the management cluster into a stable state to complete the task circulation of the nano tube.
The second objective of the present invention is to provide an OCM-based multi-Kubernetes cluster nanotube system, which is configured to implement any one of the OCM-based multi-Kubernetes cluster nanotube methods, including hub clusters and manager clusters;
the hub cluster and the management cluster are Kubernetes clusters;
a controller and an OCM component are deployed in the hub cluster;
OCM components are deployed in the management clusters.
Further, kube-apiserver is deployed in the hub cluster.
Further, kube-apiserver is deployed in the management cluster.
Further, the controller is configured to monitor states of the hub cluster cr and the management cluster cr.
Further, the controller is further configured to perform component deployment on the hub cluster and the management cluster.
Further, the controller is further configured to update the states of the hub cluster cr and the management cluster cr according to the monitored state result.
Further, the controller is further configured to monitor the csr certificate signing request, determine, according to information in the csr certificate signing request, the managerial cluster information of the current managerial cluster that initiates the request, find whether a resource of the current managerial cluster cr exists, and find a state of the resource of the managerial cluster cr.
Further, the controller is further configured to verify the resource of the management cluster cr, and determine to pass or reject the csr certificate signature request according to the verification result.
Further, the OCM component deployed in the hub cluster is an OCM server component.
Further, the OCM component deployed in the management cluster is an OCM agent component.
The invention has the advantages that:
the OCM multi-Kubernetes cluster nanotube method realizes a full-flow automation mechanism from cluster registration, component deployment to automatic approval based on a Kubernetes operator mode. Through introducing the OCM, the controller and the OCM component, the centralized management of the multiple Kubernetes clusters is realized, and meanwhile, the management efficiency and the operation safety are improved in an automatic and safe authorization mode, so that the method is suitable for a scene needing to be efficiently managed in a multiple cluster environment.
The OCM multi-Kubernetes cluster nano-tube method provides an optional interface to call a third party system for authentication and authorization secondary confirmation, so that the validity and the security of authorization can be ensured, unauthorized access is avoided, the secure connection and authorization approval under an untrusted scene are ensured, and the management efficiency and the stability are improved.
According to the OCM multi-Kubernetes cluster nanotube method, a hub cluster and a management cluster are defined in a crd mode, task issuing and component deployment are carried out according to crd states, multi-cluster nanotube interaction is simplified, multi-cluster nanotube time is shortened, manual intervention is reduced, and error probability is reduced.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
FIG. 1 is a schematic diagram of a OCM (Open Cluster Management) architecture;
FIG. 2 is a schematic flow diagram of a community version OCM nanotube process;
FIG. 3 is a flow chart of a multi-Kubernetes cluster nanotube method based on OCM of the present invention;
fig. 4 is a schematic connection diagram of an OCM-based multi-Kubernetes cluster nanotube system according to the present invention.
Detailed Description
The technical scheme of the invention is further described below through the attached drawings and the embodiments.
It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the invention. Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention.
As shown in fig. 3, the present invention provides a multi-Kubernetes cluster nanotube method based on OCM, including:
creating a plurality of custom resource clusters in a crd mode, wherein the custom resource clusters comprise hub clusters and management clusters;
performing component deployment on the hub cluster and the management cluster; the component changes the state of the cluster crd according to the hub cluster and the management cluster, and performs nano-tube task circulation according to a change result;
wherein the component is a controller or OCM component.
It will be appreciated that hub clusters generally refer to a centralized data processing system that includes a central node (hub) and a plurality of external nodes connected to the central node. These external nodes are typically used to perform specific tasks or process specific types of data and return the results to the central node. A managed cluster refers to a hosted cluster solution provided by a cloud service provider or a specific platform. The user need not be concerned with the configuration and management of the underlying infrastructure, but rather may create, configure, monitor, and maintain clusters through interfaces or tools provided by the provider.
In this embodiment, corresponding components are deployed to the hub cluster and the management cluster, so that automatic monitoring and management of cluster states are achieved, the requirement for manual intervention is reduced, and efficiency is improved. Through the OCM component, a unified management interface can be provided, so that a plurality of Kubernetes clusters can be managed in a centralized manner.
Further, the hub cluster and the manager cluster are both Kubernetes clusters.
In some embodiments of the present application, a number of custom resource clusters are created by way of crd, where the custom resource clusters include hub clusters and management clusters, and include: the management cluster crd is kubeconfig file content embedded in cr; or, the management cluster crd is a specific way to obtain the kubeconfig file content; or, the managed cluster crd is a network API interface address that can create resources in the cluster.
In some embodiments of the present application, creating a number of custom resource clusters by way of crd includes:
and selecting one custom resource cluster to perform controller component deployment, and defining the custom resource cluster deployed with the controller as the hub cluster.
It can be appreciated that the controller is deployed by selecting one custom resource cluster, so that the system has more modularization and flexibility, and different types of clusters can be flexibly configured and managed according to actual requirements. The cluster for deploying the controller is defined as a hub cluster, which means that the cluster is specially used for managing other clusters, and a clear cluster distinction is provided, so that responsibilities and functions among the clusters can be more definite, the problem can be more easily positioned during fault detection and processing, and the reliability and stability of the system are improved.
In some embodiments of the present application, a hub cluster cr is created in the hub cluster, a management cluster cr is created in the management cluster, and after the hub cluster cr and the management cluster cr are created, the states of the hub cluster cr and the management cluster cr are updated to initial states.
In some embodiments of the present application, the method for creating the management cluster cr in the hub cluster is:
creating by using a kubectl command line tool through a YAML configuration file of a batch-generated management cluster cr; or, created in code by Kubernetes SDK in bulk.
kubenctl is a command line tool of Kubernetes for interacting and managing with Kubernetes clusters. It allows users to perform various operations through the command line interface, such as creating, deploying, managing containerized applications, managing cluster resources, and the like.
It can be appreciated that in this embodiment, the management cluster cr is created in batches in a code manner by using a kubectl command line tool or a Kubernetes SDK, so that the creation efficiency can be improved, the consistency is ensured, and meanwhile, the method is more suitable for automatic flow and version control, thereby improving the overall management efficiency and reliability.
In some embodiments of the present application, the controller listens to the states of the hub cluster cr and the management cluster cr;
and the controller performs component deployment on the hub cluster and the management cluster, and updates the states of the hub cluster cr and the management cluster cr according to the monitored state result.
In this embodiment, the controller may continuously monitor the state changes of the hub cluster cr and the managed cluster cr, and even if their states change, the controller may respond immediately. The controller deploys components of the hub cluster and the management cluster, and accordingly deploys components in the hub cluster and the management cluster according to the monitored state change so as to ensure that the configuration and the components of the controller can meet the required functions and requirements. The controller updates the states of the hub cluster cr and the management cluster cr according to the monitored state results, and updates the state information of the hub cluster cr and the management cluster cr according to the deployment results so as to reflect the current states of the hub cluster cr and the management cluster cr, including deployed component information and the like.
It can be understood that the controller can monitor the change of the cluster cr state in real time and make corresponding operation to ensure that the cluster state is kept synchronous with the actual requirement. The controller automatically deploys the components of the hub cluster and the management cluster, so that the workload of manual operation is reduced, and the deployment efficiency is improved. The controller feeds back the deployment result to the states of the hub cluster cr and the management cluster cr, so that the cr can accurately reflect the actual situation of the clusters. By automatic deployment and status updating, the possibility of errors caused by manual operation is reduced, and the stability and reliability of the system are improved. The Controller can respond to the state change in real time, so that the Controller can adapt to the cluster environment with dynamic change, and the flexibility and the adaptability of the system are ensured.
In general, the implementation method improves the efficiency and stability of cluster management through the automatic management and state update of the Controller, and is suitable for the cluster management requirement under the dynamic environment.
In some embodiments of the present application, when the controller monitors that the state of the hub cluster cr is an initial state, the controller deploys an OCM component in the hub cluster, generates and saves a token, and updates the state of the hub cluster cr to a stable state.
It can be appreciated that in this embodiment, the controller automatically triggers deployment of the OCM component according to the monitored status. This means that no manual intervention is required, reducing the likelihood of human error. And generating and storing a token so that the OCM component can safely access the hub cluster in subsequent operation, thereby ensuring the safety of communication. And updating the state of the hub cluster cr to be a stable state, reflecting the actual state of the hub cluster, and ensuring the consistency of the state of cr and the actual situation. Automatic deployment and status updating improves cluster management efficiency and reduces time and labor costs for manual operations. Automatic deployment and status updating may reduce the occurrence of human error, making it easier to locate and troubleshoot problems in subsequent operations. The automatic deployment and state update can ensure the timely deployment of the OCM component and the synchronization of the cluster state, and the stability and the reliability of the whole system are improved.
Further, the OCM component deployed by the controller in the hub cluster is an OCM server component.
In some embodiments of the present application, when the controller monitors that the state of the management cluster cr is an initial state, the management cluster cr is connected to the management cluster, and the controller deploys an OCM component in the management cluster.
It can be appreciated that in this embodiment, the controller automatically performs a connection operation according to the monitored state, and deploys an OCM component in the management cluster. Manual intervention is not needed, and the possibility of human errors is reduced. According to the connection information in the management clusters cr, the management clusters can be flexibly adapted to different types of management clusters, and diversified cluster management requirements are met. The automatic connection and deployment improves the efficiency of cluster management and reduces the time and labor cost of manual operation. Automatic connection and deployment can reduce the occurrence of human error, making it easier to locate and troubleshoot problems in subsequent operations. The deployment of the OCM component ensures that corresponding management tools can be used in the managed cluster, and provides a necessary basis for subsequent operations.
Further, the OCM component deployed by the controller in the management cluster is an OCM agent component.
In some embodiments of the present application, in an untrusted scenario, an authentication authorization approval manner and interface information are configured in the management cluster cr, and the controller performs cluster connection, so as to deploy an OCM agent component; and the controller performs secondary confirmation in key steps of join and accept according to the authentication authorization approval mode and the interface information.
It can be understood that the method in this embodiment ensures the secure connection and authorization approval in the untrusted scenario by configuring the authentication authorization mode and interface information and performing the secondary confirmation in the key steps, and improves the management efficiency and stability at the same time, so that the method is suitable for a multi-cluster environment that needs to perform the secure connection and authorization approval in the untrusted scenario.
In some embodiments of the present application, when one of the management clusters initiates a csr certificate signing request to a hub cluster using the token, the state of the current management cluster cr is updated to an intermediate state.
It can be appreciated that in this embodiment, the update of the status of the management cluster cr to the intermediate status can clearly indicate that the current operation is in progress, and provide an explicit feedback to the user or other systems. The update of the intermediate state allows the system to track the progress of the certificate signing request, helping to understand the state and outcome of the request in subsequent operations. The introduction of the intermediate state can provide error handling and fault tolerance for subsequent operations, and if a problem occurs in the signature request process, corresponding measures can be found and taken in time according to the intermediate state.
In some embodiments of the present application, the controller monitors the csr certificate signing request, determines, according to information in the csr certificate signing request, the managerial cluster information of the current managerial cluster from which the request is initiated, searches whether a resource of the current managerial cluster cr exists, and searches a state of the resource of the managerial cluster cr at the same time;
and the controller checks the resources of the management cluster cr, and decides to pass or reject the csr certificate signature request according to a check result.
It can be understood that in this embodiment, by checking the request and the managed cluster cr, the controller ensures validity and security of the csr certificate signing request, avoids an unauthorized signing request, and improves reliability and stability of the method, so that the method is suitable for a multi-cluster environment that needs to perform security approval on the signing request.
In some embodiments of the present application, the controller checks the resource of the management cluster cr, and decides to pass or reject the csr certificate signature request according to the check result, where the check includes:
and the controller decides whether to call a third party system to authenticate and acquire authorization according to the authentication and authorization information configuration condition of the resources of the management cluster cr, decides to pass or reject the csr certificate signature request initiated by the management cluster according to the result, and updates the state of the management cluster.
It can be understood that, according to the configuration situation of the authentication and authorization information, the embodiment can flexibly determine whether the third party system needs to be invoked or not, and adapt to different scenes and requirements.
In some embodiments of the present application, after deciding to pass or reject the csr certificate signature request initiated by the management cluster according to the result, updating the state of the management cluster to be a stable state, and completing the task flow of the nanotubes.
The state of the management cluster is updated to be a stable state, so that the current operation can be clearly indicated to be completed, and an explicit feedback is provided for a user or other systems. Updating to a steady state indicates that the managed cluster has been successfully managed, and the management tool can safely access the cluster, providing the necessary basis for subsequent operations.
As shown in fig. 4, another object of the present invention is to provide an OCM-based multi-Kubernetes cluster nanotube system, which is configured to implement any one of the OCM-based multi-Kubernetes cluster nanotube methods, including hub clusters and manager clusters;
the hub cluster and the management cluster are Kubernetes clusters;
a controller and an OCM component are deployed in the hub cluster;
OCM components are deployed in the management clusters.
It can be understood that the multi-Kubernetes cluster nano-tube system based on the OCM can simultaneously manage a plurality of Kubernetes clusters, including hub clusters and management clusters, thereby providing unified management capability in a multi-cluster environment. In the hub cluster, a controller component and a OCM (Open Cluster Management) component are deployed, which are key parts for implementing the nanotube system. At the same time, OCM components are also deployed in the management clusters to perform the necessary management operations in the management clusters. The multi-Kubernetes cluster nano-tube system based on the OCM provides a convenient, efficient and extensible mode for managing a plurality of Kubernetes clusters, so that cluster management becomes more convenient and controllable.
Further, kube-apiserver is deployed in the hub cluster.
Further, kube-apiserver is deployed in the management cluster.
Further, the controller is configured to monitor states of the hub cluster cr and the management cluster cr.
Further, the controller is further configured to perform component deployment on the hub cluster and the management cluster.
Further, the controller is further configured to update the states of the hub cluster cr and the management cluster cr according to the monitored state result.
Further, the controller is further configured to monitor the csr certificate signing request, determine, according to information in the csr certificate signing request, the managerial cluster information of the current managerial cluster that initiates the request, find whether a resource of the current managerial cluster cr exists, and find a state of the resource of the managerial cluster cr.
Further, the controller is further configured to verify the resource of the management cluster cr, and determine to pass or reject the csr certificate signature request according to the verification result.
Further, the OCM component deployed in the hub cluster is an OCM server component.
Further, the OCM component deployed in the management cluster is an OCM agent component.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention and not for limiting it, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that: the technical scheme of the invention can be modified or replaced by the same, and the modified technical scheme cannot deviate from the spirit and scope of the technical scheme of the invention.
The system provided in the foregoing embodiment is only exemplified by the division of the foregoing functional modules, and in practical applications, the foregoing functional allocation may be performed by different functional modules according to needs, that is, the modules or steps in the embodiments of the present invention are further decomposed or combined, for example, the modules in the foregoing embodiment may be combined into one module, or may be further split into multiple sub-modules, so as to complete all or part of the functions described above. The names of the modules and steps related to the embodiments of the present invention are merely for distinguishing the respective modules or steps, and are not to be construed as unduly limiting the present invention.
Those of skill in the art will appreciate that the various illustrative modules, method steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the program(s) corresponding to the software modules, method steps, may be embodied in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, a register, a hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. To clearly illustrate this interchangeability of electronic hardware and software, various illustrative components and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as electronic hardware or software depends upon the particular application and design constraints imposed on the solution. Those skilled in the art may implement the described functionality using different approaches for each particular application, but such implementation is not intended to be limiting.
Claims (10)
1. An OCM-based multi-Kubernetes cluster nanotube method, comprising:
creating a plurality of custom resource clusters in a crd mode, wherein the custom resource clusters comprise hub clusters and management clusters;
performing component deployment on the hub cluster and the management cluster; the component changes the state of the cluster crd according to the hub cluster and the management cluster, and performs nano-tube task circulation according to a change result;
wherein the component is a controller or OCM component;
wherein, a plurality of custom resource clusters are created by crd mode, which comprises: and selecting one custom resource cluster to perform controller component deployment, and defining the custom resource cluster deployed with the controller as the hub cluster.
2. The OCM-based multi-Kubernetes cluster nanotube method of claim 1, wherein a hub cluster cr is created in the hub cluster, a managerial cluster cr is created in the managerial cluster, and after the hub cluster cr and the managerial cluster cr are created, the states of the hub cluster cr and the managerial cluster cr are updated to initial states;
the method for creating the management cluster cr in the hub cluster comprises the following steps: creating by using a kubectl command line tool through a YAML configuration file of a batch-generated management cluster cr; or, created in code by Kubernetes SDK in bulk.
3. The OCM-based multi-Kubernetes cluster nanotube method of claim 2, wherein the controller listens to the states of the hub cluster cr and the managed cluster cr;
the controller performs component deployment on the hub cluster and the management cluster, and updates the states of the hub cluster cr and the management cluster cr according to the monitored state results;
when the controller monitors that the state of the hub cluster cr is an initial state, the controller deploys an OCM component in the hub cluster to generate and store a token, and meanwhile, the state of the hub cluster cr is updated to be a stable state.
4. The OCM-based multi-Kubernetes cluster nanotube method of claim 3 wherein the management cluster cr is connected to the management cluster when the controller monitors that the status of the management cluster cr is an initial status, the controller deploying OCM components in the management cluster.
5. The OCM-based multi-Kubernetes cluster nanotube method of claim 4, wherein in an untrusted scenario, an authentication authorization approval manner and interface information are configured in the management cluster cr, and the controller performs cluster connection to further deploy an OCM agent component; and the controller performs secondary confirmation in key steps of join and accept according to the authentication authorization approval mode and the interface information.
6. The OCM-based multi-Kubernetes cluster nanotube method of claim 5, wherein when one of the managed clusters initiates a csr certificate signing request to a hub cluster using the token, the state of the managed cluster cr is updated to an intermediate state.
7. The OCM-based multi-Kubernetes cluster nanotube method of claim 6, wherein the controller listens to the csr certificate signing request, determines, according to information in the csr certificate signing request, the manager cluster information of the current manager cluster that initiates the request, searches for whether a resource of the current manager cluster cr exists, and searches for a state of the resource of the manager cluster cr;
and the controller checks the resources of the management cluster cr, and decides to pass or reject the csr certificate signature request according to the checking result.
8. The OCM-based multi-Kubernetes cluster nanotube method of claim 7, wherein the controller checks the resources of the managed cluster cr, and decides to pass or reject the csr certificate signature request according to a result of the check, the check comprising:
and the controller decides whether to call a third party system to authenticate and acquire authorization according to the authentication and authorization information configuration condition of the resources of the management cluster cr, decides to pass or reject the csr certificate signature request initiated by the management cluster according to the result, and updates the state of the management cluster.
9. The OCM-based multi-Kubernetes cluster nanotube method of claim 8, wherein after determining to pass or reject the csr certificate signing request initiated by the management cluster according to the result, updating the state of the management cluster to be a stable state, and completing the task flow of nanotubes.
10. An OCM-based multi-Kubernetes cluster nanotube system for implementing the OCM-based multi-Kubernetes cluster nanotube method of any one of claims 1-9, comprising a hub cluster and a manager cluster;
the hub cluster and the management cluster are Kubernetes clusters;
a controller and an OCM component are deployed in the hub cluster;
OCM components are deployed in the management clusters.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311700197.5A CN117827224A (en) | 2023-12-12 | 2023-12-12 | OCM-based multi-Kubernetes cluster nanotube method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311700197.5A CN117827224A (en) | 2023-12-12 | 2023-12-12 | OCM-based multi-Kubernetes cluster nanotube method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117827224A true CN117827224A (en) | 2024-04-05 |
Family
ID=90508843
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311700197.5A Pending CN117827224A (en) | 2023-12-12 | 2023-12-12 | OCM-based multi-Kubernetes cluster nanotube method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117827224A (en) |
-
2023
- 2023-12-12 CN CN202311700197.5A patent/CN117827224A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108549580B (en) | Method for automatically deploying Kubernets slave nodes and terminal equipment | |
| US8667096B2 (en) | Automatically generating system restoration order for network recovery | |
| US9940208B2 (en) | Generating reverse installation file for network restoration | |
| CN112074807A (en) | Method and system for providing artifacts in a cloud computing environment | |
| US20100223609A1 (en) | Systems and methods for automatic discovery of network software relationships | |
| CN111404924B (en) | Security management and control method, device, equipment and storage medium of cluster system | |
| CN110995480B (en) | Block chain network deployment method, device, electronic equipment and medium | |
| US20060259594A1 (en) | Progressive deployment and maintenance of applications on a set of peer nodes | |
| WO2002044835A2 (en) | A method and system for software and hardware multiplicity | |
| CN103200036A (en) | Automated configuration method of electrical power system cloud computing platform | |
| CN112486466B (en) | Method for realizing quick universal basic framework based on micro-service architecture | |
| US7434041B2 (en) | Infrastructure for verifying configuration and health of a multi-node computer system | |
| CN1322422C (en) | Automatic startup of cluster system after occurrence of recoverable error | |
| CN108733477B (en) | Method, device and equipment for data clustering processing | |
| CN117827224A (en) | OCM-based multi-Kubernetes cluster nanotube method and system | |
| JP2020184330A (en) | Method and apparatus for continuous delivery of permissioned blockchain application | |
| CN104572255A (en) | Multilayer application hosting method, device and system | |
| CN110502252B (en) | Configuration method and device for database all-in-one machine | |
| CN113438287B (en) | Block chain deployment system and method | |
| CN115766618A (en) | Resource allocation system of multiple servers | |
| CN112099879B (en) | Configuration information management method and device, computer equipment and storage medium | |
| CN115629856A (en) | Operation and maintenance tool of cloud management platform and system operation and maintenance method of cloud management platform | |
| CN116614323B (en) | Cloud storage enterprise network management method and system based on Rclone | |
| CN117908904B (en) | K8S cluster deployment and operation and maintenance management method and system | |
| CN112804089B (en) | Method, device, equipment and storage medium for realizing operation of alliance network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |