CN117908904B

CN117908904B - K8S cluster deployment and operation and maintenance management method and system

Info

Publication number: CN117908904B
Application number: CN202410311131.5A
Authority: CN
Inventors: 刘阔; 王悦良; 李剑; 杜奕威; 侯健; 刘艳彬; 刘涛
Original assignee: Kirin Software Co Ltd
Current assignee: Kirin Software Co Ltd
Priority date: 2024-03-19
Filing date: 2024-03-19
Publication date: 2024-05-31
Anticipated expiration: 2044-03-19
Also published as: CN117908904A

Abstract

The application relates to a method and a system for K8S cluster deployment and operation and maintenance management, which relate to the technical field of operation and maintenance management and comprise a user interaction module, a certificate management module, a configuration management module, an registration management module, an infrastructure management module, a cluster deployment module, a mirror image construction module, an external data module, a log system module, a version upgrading module and a health monitoring module. The technology fully utilizes the characteristics of the cloud base operating system, such as the non-variable infrastructure thought, the atomization updating and the dual file system, combines the K8S Operator mechanism, brings the bottom operating system into the management of the K8S cluster, realizes the seamless integration of the operating system and the container arrangement platform, unifies the management platform and improves the consistency of the whole system. Not only simplifying cluster management and reducing operation and maintenance workload, but also remarkably improving maintenance and management efficiency of containerized infrastructure.

Description

K8S cluster deployment and operation and maintenance management method and system

Technical Field

The application relates to the technical field of operation and maintenance management, in particular to a method and a system for K8S cluster deployment and operation and maintenance management.

Background

Kubernetes (K8S) is a powerful container orchestration platform that has become the tool of choice for cloud-native application development and deployment. However, with the continuous development of cloud-native technology, implementation and management of K8S clusters still involve some complex problems. This involves cluster upgrades, monitoring cluster health, dynamically adjusting resources, and performing quick troubleshooting and repair when a failure occurs. These challenges require specialized knowledge and a significant amount of work, especially in the case of large scale deployments, which can be significant. In addition, K8S is mainly responsible for container orchestration and does not involve management of the underlying operating systems in the cluster. This separation may lead to inconsistencies between the operating system and the K8S, requiring the simultaneous maintenance of two separate management systems, increasing complexity.

Disclosure of Invention

In order to solve the problems, the invention provides a method and a system for K8S cluster deployment and operation and maintenance management, which adopts the following technical scheme:

A K8S cluster deployment and operation management system comprises a user interaction module, a certificate management module, a configuration management module, an registration management module, an infrastructure management module, a cluster deployment module, a mirror image construction module, an external data module, a log system module, a version upgrading module and a health monitoring module, wherein,

The user interaction module is used for acquiring the cluster configuration file uploaded by a user, providing a user graphical interface and a command line tool, and facilitating the deployment, configuration, monitoring and management of clusters;

The certificate management module is used for generating certificates required for communication among all components in the K8S cluster;

the configuration management module is used for analyzing the cluster configuration file to obtain configuration item parameters of the K8S cluster, calling the registration management module and integrating configuration items required by deploying the K8S cluster into the registration file;

the infrastructure management module is used for creating infrastructure resources corresponding to the K8S cluster based on the configuration item parameters of the K8S cluster;

the mirror image construction module is used for constructing a cloud base operating system of the K8S cluster;

the cluster deployment module is used for deploying the K8S clusters based on the infrastructure resources and the registration files, and an operating system operated by the K8S clusters is a cloud base operating system;

The external data module is used for storing the cluster configuration file, the registration file and the operating system image;

The log system module is used for collecting and centrally storing logs in the K8S cluster deployment process and logs in the running process and providing checking and analyzing functions;

The version upgrading module is used for controlling upgrading flows of all component versions in the cloud base operating system and the K8S cluster through the K8S Operator expanding mechanism;

And the health monitoring module is used for monitoring and maintaining the health state of the K8S cluster.

In another possible implementation, the functions of the user interaction module further include:

checking cluster health data fed back by the health monitoring module;

And calling each module is realized through accessing the API interface of each module.

In another possible implementation manner, the configuration management module includes a configuration item needed to create or adjust infrastructure resources, and the functions of the configuration management module further include:

interacting with a certificate management module, and when the certificate is not configured by the configuration management module, acquiring required configuration item parameters by the certificate management module, and generating a certificate based on the required configuration item parameters;

interacting with the infrastructure module, and executing corresponding operations by the infrastructure module according to the configuration items when foundation implementation resources need to be created;

And calling an API (application program interface) of the external data module, and storing the cluster configuration file, the configuration item parameters and the registration file.

In another possible implementation manner, the infrastructure management module creates an infrastructure resource corresponding to the K8S cluster based on the configuration item parameter of the K8S cluster, including:

generating Terraform a configuration file based on configuration item parameters of the K8S cluster;

Infrastructure resources are created based on Terraform profiles.

In another possible implementation manner, the cluster deployment module is configured to create infrastructure resources corresponding to the K8S cluster based on configuration item parameters of the K8S cluster, where scripts, services, parameter configurations and certificates required for deployment executed by the K8S cluster deployment and parameters required by the node when joining the cluster are already defined in the application file, and an operation of applying the application file is automatically completed in a system boot phase to ensure consistency of the K8S cluster.

In another possible implementation, the image build module has integrated therein an image build tool chain, which is a collection of tools and workflows for building operating system images, where the tools and workflows allow developers to customize the RPM package, configuration, and building of operating system images.

In another possible implementation, the external data module includes two parts, a mirror warehouse, and a database, where the mirror warehouse is used to store mirrors constructed by a mirror construction tool chain, and the database is used to store a cluster configuration file, an registration file, and log data for managing the deployment K8S cluster.

In another possible implementation, the functions of the log system module include a log collection end, data processing, data storage, data display, and data alerting.

In another possible implementation manner, the version upgrade module is configured to extend version management of the K8S cluster cloud base operating system by adopting CRD (Custom Resource Definition) in the K8S, design a CRD API object through a Kubernetes API extension mechanism, define a management specification of the version of the cluster operating system, register the management specification into the K8S cluster, and create a plurality of controllers by means of an operator mechanism of the K8S cluster, where the plurality of controllers are responsible for monitoring and managing the created CR (Custom Resource) objects;

The version upgrading module comprises a controller for managing a global OS, a controller for managing a single-node OS and daemon, wherein the controller for managing the global OS and the controller for managing the single-node OS are operated in a container, deployed in a K8S cluster, daemon does not belong to the K8S cluster, and directly operated in a node as a process, and the functions of the three components are as follows:

A controller that manages the global OS: continuously monitoring the change of version information of all nodes of the K8S cluster, controlling the number of nodes to be upgraded at the same time according to user configuration information, and marking the nodes to be upgraded;

A controller that manages the single-node OS: continuously monitoring the change of the version information of the current node, if the current node is marked as a node ready for upgrading by a controller of a management global OS, locking the current node, expelling a service pod, forwarding upgrading information to a daemon end, and when the current node is monitored to finish upgrading operation, recovering the current node to be in a schedulable state;

daemon: receiving upgrade information from a controller managing a single-node OS, downloading a container image for updating from an image warehouse, executing upgrade operation, and restarting the node to finish upgrade;

When the upgrade is needed, the controller of the client management single-node OS forwards the upgrade information in the CR to the daemon terminal, and the daemon terminal executes an rpm-ostree command to switch operating system branches according to the upgrade information in the CR and restarts the operating system to realize the atomization upgrade of the operating system;

when the upgrade mode is upgrade of the K8S component version, the upgrade operation system installs the binary component of the K8S new version, executes the K8S component version update operation, waits for the reapplication of the component Pod, and confirms that all Pods are in a healthy state, namely, completes the K8S version upgrade.

A method for K8S cluster deployment and operation and maintenance management is applied to the K8S cluster deployment and operation and maintenance management system, and comprises the following steps:

Acquiring a cluster configuration file uploaded by a user;

generating certificates required for communication between the components in the K8S cluster;

Analyzing the cluster configuration file to obtain configuration item parameters of the K8S cluster, integrating configuration items required by the K8S cluster into an registration file, storing the registration file, and defining certificates in the registration file;

selecting different infrastructure platforms based on configuration item parameters of the K8S cluster, and dynamically creating infrastructure resources corresponding to the cluster;

A cloud base operating system of the K8S cluster is built in a self-defined mode;

Based on infrastructure resources and an registration file, deploying a K8S cluster, wherein an operating system operated by the K8S cluster is a cloud base operating system;

collecting and centrally storing logs in the K8S cluster deployment process and logs in the running process, and providing checking and analyzing functions;

Controlling the upgrading flow of each component version in the cloud base operating system and the K8S cluster through a K8S Operator expansion mechanism;

monitoring and maintaining health status of the cluster, including cluster node health monitoring, container status monitoring, cluster resource utilization monitoring, and cluster network monitoring.

In summary, the application has the following beneficial technical effects:

The invention combines the concept of 'invariable infrastructure' of the cloud base operating system, ensures the invariance of the bottom operating system environment, namely, once created, the cloud base operating system environment is not updated or modified any more, and improves the controllability and the stability of the environment. If some content needs to be updated and repaired, the system needs to be reconstructed. The technology utilizes the characteristics of atomization updating and a double-root file system to realize smooth system updating and rollback, and avoids intermediate states and potential problems. In terms of automated deployment, this technique employs automation tools and procedures to create and configure infrastructure resources, thereby reducing management effort. The invention brings the bottom operating system into the category of K8S cluster management, realizes the tight integration of the operating system and the container arrangement platform, provides a unified management platform, simplifies the cluster management process, and avoids the problems of inconsistency and high maintenance cost caused by using two independent management systems.

In summary, the invention combines the concept of an invariable infrastructure, atomization updating, automatic deployment and operating system integration, provides a more efficient, controllable and consistent solution for K8S cluster deployment and operation and maintenance management, remarkably improves the maintenance and management efficiency of a containerized infrastructure, and provides better support for deployment and management of modern cloud native applications.

The invention forms a modularized system architecture by calling each component module through the main program logic framework. The architecture facilitates the decomposition and the modularized design of the system implementation function, and improves the maintainability and the expandability of the system. The cooperation among the different component modules ensures the cooperative work of all parts of the system and realizes the coordinated operation of the whole system. The modularized design method reduces the complexity of the system, facilitates the development and testing of each module, and simultaneously makes the system more easily adapt to changes and expands new functions.

Drawings

FIG. 1 is a logical architecture diagram of a system for K8S cluster deployment and operation and maintenance management in accordance with an embodiment of the present application;

FIG. 2 is a flow diagram of a configuration management module in an embodiment of the application;

FIG. 3 is a flow diagram of an infrastructure management module creating infrastructure resources in an embodiment of the application;

FIG. 4 is a flow diagram of K8S cluster deployment in an embodiment of the application;

FIG. 5 is a flow diagram of a log system module in an embodiment of the application;

fig. 6 is a schematic flow chart of a version upgrade module in an embodiment of the present application.

Detailed Description

The present application will be described in further detail with reference to the accompanying drawings.

Modifications of the embodiments which do not creatively contribute to the application may be made by those skilled in the art after reading the present specification, but are protected by patent laws within the scope of the claims of the present application.

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In this context, unless otherwise specified, the term "/" generally indicates that the associated object is an "or" relationship.

Embodiments of the application are described in further detail below with reference to the drawings.

Fig. 1 is a logic architecture diagram of a system for K8S cluster deployment and operation and maintenance management according to an embodiment of the present application, where the system includes a user interaction module, a certificate management module, a configuration management module, an registration management module, an infrastructure management module, a cluster deployment module, a mirror image construction module, an external data module, a log system module, a version upgrade module, and a health monitoring module,

1. User interaction module

The user interaction module is used for acquiring a cluster configuration file uploaded by a user, providing a user-friendly graphical interface and a CLI (command-LINE INTERFACE) command line tool, and facilitating the deployment, configuration, monitoring and management of clusters, and specifically comprises the following steps:

And checking cluster health data fed back by the health monitoring module.

The user can also realize the operation of a certain function by accessing other module API interfaces, and the method specifically comprises the following steps:

The operation of specific functions is realized by accessing the cluster service API interface.

For the embodiment of the application, the user can comprehensively manage the K8S cluster service by accessing the cluster service API interface, including the addition, deletion, modification and inquiry of resources, so as to flexibly adjust and maintain the user service. In addition, the version upgrade module is used for upgrading/rollback maintenance of the cluster components and the underlying cloud base operating system, and the upgrade/rollback maintenance comprises the step of calling the mirror image construction module to manufacture mirror image resources required by cluster upgrade. Inquiring cluster log information through a log system module;

Through accessing the API interface of the configuration management module, a user can realize the operations of adding, deleting, modifying and inquiring the configuration of the cluster nodes. In this process, an "external data" module may be invoked to access configuration data in the database. Specifically, the user can replace the configuration in the cluster node, and can also modify a specific file in the node, and then update the database to ensure the consistency of the configuration. In addition, the adjustment of the cluster certificate can be conveniently carried out by calling the certificate management module, and a user can regenerate, update or replace the cluster certificate through the module, so that the validity and the safety of the certificate are ensured. Such an operation can flexibly cope with the change of the certificate and the maintenance requirement when necessary.

By accessing the infrastructure API interface, the infrastructure management module is called to realize the creation or destruction of the infrastructure resources so as to realize the functions of elastic expansion and contraction of the infrastructure resources and the like. This involves invoking a "configuration management module" and an "external data" module to select a deployment infrastructure configuration. And calling a cluster deployment module to create node resources.

And calling the function of the mirror image construction module by accessing an external data API interface, so as to realize user-defined mirror image construction.

Further, in the embodiment of the application, the user interaction module has the function of creating and managing different clusters. Through the module, a user can easily perform multi-cluster creation, configuration and supervision. The method comprises the steps of calling various modules such as certificate management, configuration management, registration management, infrastructure management, cluster deployment, mirror image construction, external data, log system, version upgrading and health monitoring. The user interaction module enables a user to complete operations on multiple clusters in one unified interface without having to log in to each cluster separately. This design allows the user to more easily create and maintain multiple clusters. The multi-cluster management not only allows for deployment of applications among multiple clusters to achieve high availability, but further, in embodiments of the present application, the multi-cluster management also includes a consistent authentication and authorization mechanism to ensure that users can seamlessly switch among multiple clusters.

2. Certificate management module

The generation and resolution of certificates required for communication between cluster components is required before deployment of the clusters, and in embodiments of the present application is performed using the support of the Go language "crypto/x509" package. Generating certificates is an important security measure in the deployment of K8S clusters to ensure that communications in K8S clusters are secure and trusted. The generated certificates and keys will also be managed to prevent potential security risks. The flow of certificates required to generate the K8S cluster is as follows:

2.1 Generating a root certificate:

A root CA (Certificate Authority) certificate and corresponding key are generated from the signature. This will become the root of trust of the cluster, which root certificate will be used to issue certificates for other components and services.

Generating etcd-CA for issuing certificates of etcd related components and services;

Front-proxy-ca is generated for the front-end proxy.

2.2 Generating components and account certificates:

A certificate is generated for the admin account, which is used for system management.

Service-account credentials are generated to ensure that communications with other components can be securely made.

Certificates are generated for kube-controller-manager components to ensure secure communications between the control manager of the cluster and the components.

A certificate is generated for kube-proxy components.

Certificates are generated kube for the schedulers component to ensure secure communications for the schedulers.

A kubelet certificate is generated, and a certificate and key are generated for kubelet component of each node for secure authentication of the node.

Kube-apiserver certificates are generated for processing API requests.

An etcd certificate is generated.

2.3 Generating kubeconfig files for all components

Kubeconfig profiles are generated for the relevant users and components kubelet, kube-controller-manager, kube-scheduler, admin, etc., which contain credentials and cluster configuration information so that Kubernetes clusters can be accessed.

2.4 Generating an api-server key pair

A key pair for the API-server is generated for encrypting communications and verifying the identity of the API request.

2.5 Certificate preservation

Certificates and keys are created outside the K8S cluster and certificates, keys and configurations to be used by all components will be cached under the root directory/kubernetes/pki directory. The kubeconfig file for K8S cluster API access will be saved in the root directory/auth directory for use by an administrator or an operation and maintenance personnel.

2.6 Periodically alternating certificates

Periodically updating the rotation certificate and the key: and issuing a new certificate by using the root certificate, replacing the old certificate, updating the certificate information contained in the kubeconfig file, and updating the K8S cluster component configuration. The process ensures that the communication between the cluster components is encrypted and trusted, and can perform identity verification, thereby preventing the use of an expiration certificate or a secret key, further maintaining the security of the K8S cluster, ensuring that the K8S cluster is protected in a constantly-changing security threat environment, and further maintaining the credibility of the K8S cluster.

3. Configuration management module

And deploying the clusters according to the configuration information of the cluster configuration files provided by the users, wherein the module is responsible for analyzing the configuration item parameters in the cluster configuration files. If the configuration item parameters are found to be not configured in the parsing process, the configuration management module calls the corresponding parameter generation module to generate missing configuration item parameters. This process will be repeated until all configuration item parameters are successfully configured;

The functions of the configuration management module further include:

and interacting with a certificate management module, and when the certificate is not configured in the configuration management template, acquiring required configuration item parameters by the certificate management module, and generating the certificate based on the required configuration item parameters.

The configuration management module is interacted with the infrastructure module, and contains configuration items such as CPU, memory and the like which need to create or adjust the infrastructure resources. When infrastructure resources need to be created, the infrastructure module performs corresponding operations according to these parameters.

Calling a configuration item generation interface, and if the configuration item (such as a key required for logging in a virtual machine) is not configured in a configuration management module, generating corresponding configuration item parameters by the configuration management module; the registration management module is used to generate registration files, which are files used to configure system initialization, that allow a user to define and apply the configuration required for system initialization, including files, users, user groups, system services, system elements, etc. In the embodiment of the application, the registration management module has a registration file creation function, the configuration management module realizes the registration file creation function by calling the registration file generation interface, and integrates configuration items required by the K8S cluster into the registration file to generate a master node registration file and a slave node registration file, wherein the configuration items required by the K8S cluster comprise: K8S cluster certificates, SSH secure login public keys, container runtime configuration, scripts to deploy K8S clusters, services, etc.

The configuration management module also calls a database API interface, and the configuration item parameters and the registration files generated by the configuration management module are stored in the database and are uniformly managed by the database.

The configuration management module also deletes files such as configuration template files and certificates after the ignition file is generated, wherein the configuration template files are templates for users to fill in cluster configuration files, and the users need to fill in cluster deployment information according to the configuration template files so as to obtain the cluster configuration files, and in the embodiment of the application, the configuration template files comprise:

Basic domain name: a host name for creating a node in the cluster;

And (3) configuring a master node: the method comprises the steps of calculating configuration information such as the number of nodes, namely CPU, memory, hard disk size and the like;

Slave node configuration: the method comprises the steps of calculating configuration information such as the number of nodes, namely CPU, memory, hard disk size and the like;

Key: the SSH public key is used for accessing the cluster nodes after the node machine is established;

When the container is in operation: customizing service starting parameters;

cluster metadata: name, version of cluster;

Mirror source address:

container mirror source repository address: the user private warehouse address comprises a K8S component image, a version upgrading related container image and the like, or an image warehouse address provided by an external data module;

Network: a cluster network, which defines an IP address segment and a network plug-in the cluster;

and (3) a platform: a deployment platform, such as OpenStack, libvirt, is specified, wherein,

The OpenStack platform may optionally configure parameters:

Volume size: i.e., the Cinder volume of OpenStack, the volume size is in GB, and integers are filled or left empty. If filled, a volume of a specified size is created for each node in the cluster. If the cluster node is left blank, a volume is not created for the cluster node;

External network: i.e., a network capable of communicating with the OpenStack management network, requires a user to create in advance in the OpenStack network module and then designate in the cluster template;

Service network: a host network including parameters of network type, network address, subnet mask, gateway, DNS, etc.;

flavor: specification of the virtual machine;

available domains: selecting a node of an OpenStack creation instance;

Safety group: the port rule is opened.

Libvirt platform optional configuration parameters:

address of connection QEMU driver: for example, URIs connecting local addresses default to qemu:///system;

Mirror address: an operating system mirror address;

a routing address;

A gateway address;

The configuration management module plays a vital role in cluster deployment and is responsible for analyzing and processing configuration item parameters so as to ensure that the clusters can be correctly configured and started. As shown in fig. 2, the detailed flow of the configuration management module to parse the cluster configuration file specifically includes:

Step Sa, cluster configuration file acquisition: the configuration management module first obtains a cluster configuration file uploaded by the user, where the cluster configuration file may be a configuration file configured with only basic items, such as a cluster name, or a configuration file configured with detailed configuration item parameters.

Step Sb, analyzing configuration item parameters in the configuration file: the configuration management module starts to analyze the configuration item parameters. This involves extracting information from the configuration file and determining if the specification is met and if there are parameters items not configured by the user. The parsing process ensures the validity and integrity of the configuration item parameters for subsequent processing and use of steps Sc and Se.

And step Sc, checking parameters of configuration items required by the deployment cluster item by item.

The configuration item parameter is all configuration item parameters required to deploy the cluster. The parsed configuration item parameters need to be validated to ensure that deployment requirements are met. Verification includes checking whether the configuration item parameter data is valid, correctly formatted, meets the requirements of the deployment environment, and whether the configuration item parameter is missing, not obtained in the configuration file.

Step Sd, judging whether the configuration item parameters are checked successfully: if yes, go to step Sf. If not, executing step Se, and then executing step Sf.

Step Se, generating configuration item parameters, which are not configured in a configuration file and need to be generated, specifically comprising the following steps:

The configuration management module generates the required configuration item parameters, such as tokens for the nodes to join the cluster, etc.

The configuration management module calls the certificate management module to generate a cluster certificate file according to the provided configuration item parameters, such as an IP address, a user name and the like.

The configuration management module calls the registration generation module to generate the registration file according to the provided configuration item parameters, such as certificates and the like.

The configuration management module invokes the infrastructure module to generate Terraform a configuration file according to the configuration item parameters, such as hardware resources including CPU, disk size, etc.

Step Sf, updating configuration item parameters: and updating the configuration item parameters according to the verification result, and ensuring that all configuration items in the subsequent steps are up-to-date and effective.

Step Sg, configuration files and registration files are stored in a database: and summarizing the updated configuration item parameters into a configuration file and storing the configuration file and the generated registration file into a database.

4. Infrastructure management module

In the embodiment of the application, the infrastructure management module dynamically creates and configures required infrastructure resources, including virtual machines, networks, storage and the like, when the K8S cluster is deployed, and is responsible for providing an operating environment for the containerized application. As shown in fig. 3, the infrastructure management module mainly uses Terraform to create and manage infrastructure resources, and the Ignition is used for initializing the operating system, and the two cooperate to implement a complete automatic deployment process of the infrastructure, so as to ensure the correct creation of the infrastructure resources and the correct configuration of the operating system.

The infrastructure management module utilizes Terraform and Provider plug-ins to implement automated deployment of different platforms (e.g., libvirt and OpenStack platforms) that can run K8S clusters on different infrastructure providers, including libvirt virtualization and OpenStack scenarios.

The specific process of the infrastructure management module when creating infrastructure resources required by the K8S cluster comprises the following steps: and (3) generating a configuration file: the infrastructure management module generates Terraform a configuration file based on the configuration item parameters obtained from the configuration management module and then creates infrastructure resources based on Terraform the configuration file.

Wherein the configuration item parameters include: resources required to create the infrastructure, such as networks, storage, platform information, and the like, terraform configuration files are prefixed with ". Tf".

Further, when the platforms selected by the user are different, terraform configuration files are also different, that is, the infrastructure management module can create infrastructure resources corresponding to different platforms according to the selected platforms by using Terraform configuration files.

In conclusion, the infrastructure management module automatically adjusts the infrastructure according to the load and the demand by dynamically creating and configuring resources, so that the dynamic allocation of the resources according to the demands of the application program is realized, and the resource utilization rate is improved.

5. Cluster deployment module

The cluster deployment module is used for creating infrastructure resources corresponding to the K8S cluster based on configuration item parameters of the K8S cluster, wherein scripts and services executed by the K8S cluster deployment, parameter configuration and certificates required by the deployment and parameters required by the nodes when the nodes join the cluster are already defined in the registration file, the parameters required by the joining of the cluster comprise tokens, API addresses and other necessary parameters, and the operation of applying the registration file is automatically completed in a system boot stage, so that the consistency of the K8S cluster is ensured.

Specifically, when the cluster deployment module deploys the K8S cluster, the cluster deployment module includes deployment of a control plane node K8S cluster component and deployment of a non-control plane node K8S cluster component, where the deployment process of the non-control plane node K8S cluster component needs to wait for the normal operation of the control plane node and then deploy, and join the K8S cluster, and more specifically, the process of deployment of the control plane node K8S cluster component is as follows:

Switching file systems: before deploying a K8S cluster, the system first needs to switch the cloud base operating system to an operating system that contains the required K8S components and environments. This process is triggered and executed using the rpm-ostree mechanism, using the automation services defined in the registration file, to ensure that the system is conditioned to run the K8S. Because the same container mirror image is used by the rpm-ostree, the same operation is executed on all nodes, and the consistency of the cluster node environment is ensured;

certificate configuration: in order to ensure communication between K8S cluster components, the registration file contains the configuration file of the certificate and is automatically written into the node machine in the system boot stage;

Container runtime configuration: the registration file contains configuration parameters of the container during operation so as to ensure that the container can operate correctly, and the configuration parameters are automatically written into corresponding configuration files of the nodes in a system boot stage;

K8S cluster component deployment: the registration file defines services and scripts for deploying K8S cluster components for deploying K8S cluster core components, such as kubelet, kube-APISERVER, KUBE-controller-manager, and kube-scheduler. These components are pulled up as a container image at system boot time;

Network plug-in: the registration file contains services for starting installation calico or flannel network plug-ins and configuration parameters to be adjusted, so that communication between nodes and network policy are ensured to be effective;

deployment CoreDNS: coreNDS is a DNS service in the K8S cluster, responsible for resolving the DNS request of the service and Pod, and the service to pull up CoreDNS the container image is defined in the registration file.

Time synchronization service: time synchronization of each node in the K8S cluster is ensured.

For easy understanding, the embodiment of the application provides a K8S cluster deployment flowchart, which includes a specific implementation process of a user, a configuration management module, a certificate management module, an registration management module and an infrastructure management module in deploying a K8S cluster, as shown in fig. 4.

6. Mirror image construction module

And the mirror image construction module is used for constructing a cloud base operating system of the K8S cluster. The image construction module integrates an image construction tool chain, which is a tool and workflow collection for constructing an operating system image. These tools and procedures allow developers to customize, configure, and build operating system images to meet specific needs and target platforms.

The core functions and characteristics of the mirror image construction module include:

(1) Multi-platform support: support building images for different hardware architectures and operating system platforms. This allows easy creation of images applicable to multiple cloud providers, physical hardware, and virtual machines. The mirror image format includes: ISO format, qemu format, openStack format, container mirror format meeting OCI (Open Container Initiative) standards, etc.;

(2) Customizing: the user can easily customize the operating system image, including adding, deleting, and configuring software packages, services, configuration files, and the like. This allows for creation of customized operating systems according to specific needs;

(3) Version control: managing and tracking source code, configuration files, and scripts built by an operating system image using a version control system (Git);

(4) Automatically constructing a workflow: the automatic construction workflow is integrated, the construction process can be triggered when the version control is changed, and the repeatability and consistency of construction are ensured;

(5) Mirror image storage: the constructed container images are stored in an image repository for deployment and distribution.

(6) Multiple software sources: different sources of software packages are provided for operating system build. Different package sources have different versions of package resources, and different numbers of packages.

Specifically, the main process of the mirror image construction module for constructing the operating system mirror image includes:

(1) Configuring a software package source: ensure that software packages and dependencies of the desired operating system image are available;

(2) Profile modification: such as adding, deleting and configuring software packages to meet specific requirements;

(3) Performing mirror image construction: the mirror image construction tool chain is automatically completed;

(4) Mirror image push: the built image is automatically pushed to a corresponding storage location, such as a database or container image repository, for further deployment and distribution.

7. External data module

The external data module comprises a mirror warehouse and a database, wherein,

(1) Mirror warehouse: the system is used for storing images constructed by the image construction tool chain, including images required by deployment and upgrading;

(2) Database: the system is used for storing and managing configuration files, registration files, log data and the like of the K8S cluster.

8. Log system module

The log system module is used for collecting and centrally storing logs in the cluster deployment process and logs in the running process, and provides the checking and analyzing functions, as shown in fig. 5.

And (3) a log acquisition end: at this stage, the system is responsible for collecting log data from different sources, which may include system logs of the operating system, logs of applications in the container, and so forth. To accomplish this task, the module integrates Fluentd plug-ins, fluentd is a popular log collection tool for collecting, transmitting, and converting data between different data sources;

And (3) data processing: the collected raw data needs to be processed to meet the subsequent requirements. This stage includes filtering and filtering of log information, which can be extracted from a large amount of data according to rules. In addition, structuring of the log is also part of data processing, converting unstructured log information into structured data that can be queried and analyzed;

And (3) data storage: the data storage means that the log data is subjected to storage reservation of a database so as to facilitate subsequent analysis, and the storage can support high throughput and quick retrieval;

And (3) data display: displaying the data stored in the log on a graphical interface interacted with by a user, and simultaneously meeting the functions of log inquiry and data mapping;

and (3) data alarm: according to preset rules and conditions, the system can realize the data alarming function and simultaneously meet the function of highlighting.

9. Version upgrade module

The version upgrading module controls the upgrading flow of each component version in the cloud base operating system and the K8S cluster through the K8S Operator expanding mechanism, so that OS management and service cooperation are realized, the upgrading mode can transfer the service to other non-upgrading nodes before the OS or the K8S cluster is upgraded, so that influence on the service in the OS upgrading and configuration processes is reduced, the upgrading mode is an atomization upgrading mode, the cloud base operating system is always synchronous to an expected state, the consistency of the OS and the K8S component versions is ensured, the problem of version splitting is avoided, and scheduling cooperation is realized.

Specifically, the CRD in the K8S is adopted to extend the version management of the K8S cluster cloud base operating system. Through the K8S API extension mechanism, a CRD API object is designed, which defines the management specification of the version of the cluster operating system and registers the management specification into the K8S cluster. With the operator mechanism of K8S, we created multiple controllers that were responsible for monitoring and managing the CR (Custom Resource) objects created. By modifying CR resources, we can easily implement upgrades to cluster versions or cloud base operating system versions so that managing these versions becomes more flexible and controllable, where CR is an actual custom resource object created based on a defined CRD, which is a resource instance created according to the specifications defined in the CRD.

More specifically, the version upgrade module mainly includes three important components, a controller that manages a global OS, a controller that manages a single-node OS, and daemon. Wherein the controller managing the global OS and the controller managing the single-node OS are operated in a container, deployed in a K8S cluster, and the daemon does not belong to the cluster and is operated in a node directly as a process.

Wherein the functions of the three components are as follows:

A controller that manages the global OS: continuously monitoring the change of version information of all nodes of the cluster, controlling the number of nodes to be upgraded at the same time according to user configuration information, and marking the nodes to be upgraded;

A controller that manages the single-node OS: changes in the current node version information are continuously monitored. If the current node is marked as a node ready for upgrading by the controller of the management global OS, the node is immediately locked and the service pod is evicted, and then upgrade information is forwarded to the daemon terminal. And after the current node is monitored to finish the upgrading operation, the current node is restored to a schedulable state.

Daemon: and receiving upgrade information from a controller for managing the single-node OS, downloading a container image for updating from an image warehouse, executing upgrade operation, and finally restarting the node to finish upgrade.

The process of deploying the version upgrade module into the K8S cluster is as follows:

In the whole K8S cluster deployment process, the main program can continuously detect the K8S cluster state and wait for the establishment of the infrastructure resources and the cluster resources to succeed. The main program deploys resources required by the version upgrade module, and specifically includes:

Creating CRD resources;

Creating a controller for managing a global OS and a controller for managing a single-node OS;

An RBAC (Role-Based Access Control) resource is created, where the RBAC is used to set the access rights of users to the cluster resource.

The version upgrading module designs CRD API objects for version management through a K8S API extension mechanism and registers the CRD API objects in the cluster. A brand new controller logic is designed by relying on an operator mechanism in K8S, and the created CR object is managed and monitored. Thus, the user can trigger the state of CR to upgrade or rollback the operating system or the K8S version.

Further, the upgrade flow of the version upgrade module is shown in fig. 6:

Parameter information such as cluster version, mirror image address and the like is stored in the CRD. The cluster management system adopts a final-state-oriented design mode to detect the CRD resource state at regular time. When the CRD state changes, consistency comparison is carried out with the target state, and if the CRD state does not accord with the target state, the cluster operator controller code logic is executed so as to reach the required target final state.

The management global OS controller traverses the K8S cluster nodes, and marks the master node and the slave node with upgrading labels in sequence according to the number of the parallel upgrading nodes;

The controller of the single-node OS where the K8S cluster node is located detects that the node is marked with an upgrade label, the node is set to be in an unscheduled state, and the service Pod is evicted. After the successful upgrading is detected, the node is recovered and set to be in a schedulable state;

The daemon is systemd service running on the node, the controller managing the single-node OS and the daemon service are Client/Server architecture, and communication is established by using GRPC framework.

When the upgrade is needed, the controller managing the single-node OS forwards the upgrade information in the CR to the daemon terminal, and the daemon terminal executes an rpm-ostree command to switch operating system branches according to the upgrade information in the CR, and then the operating system is restarted to realize the atomization upgrade of the operating system.

If the upgrade mode is upgrade of the K8S component version, the operating system is required to be upgraded at the same time to install the binary component of the K8S new version, then the K8S component version updating operation is executed, the component Pod is waited for reapplication, and all Pods are confirmed to be in a healthy state, namely, the K8S version upgrade is completed.

10. Health monitoring module

The health monitoring module is used for monitoring and maintaining the health state of the K8S cluster. The normal operation of each component and node of the K8S cluster is ensured, and potential faults or problems can be responded quickly.

Monitoring the health status of the component: the health monitoring module periodically checks the health status of the various K8S components in the cluster, including API servers, etcd, controllers, schedulers, etc. The module will check whether the components are functioning properly.

And (3) node health detection: the module checks whether the node is in a health state, and if the node fails or is not available, the health monitoring module feeds back to the user interaction interface.

Recording historical data: the health monitoring module may record historical data of health status in order to analyze and track problems.

The embodiment of the application provides a method for K8S cluster deployment and operation and maintenance management, which is applied to the system for K8S cluster deployment and operation and maintenance management, and specifically comprises the following steps:

Acquiring a cluster configuration file uploaded by a user;

The foregoing is only a partial embodiment of the present application, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present application, and such modifications and adaptations should and are intended to be comprehended within the scope of the present application.

Claims

1. The K8S cluster deployment and operation management system is characterized by comprising a user interaction module, a certificate management module, a configuration management module, an registration management module, an infrastructure management module, a cluster deployment module, a mirror image construction module, an external data module, a log system module, a version upgrading module and a health monitoring module, wherein,

the mirror image construction module is used for constructing a cloud base operating system of the K8S cluster, and comprises the following components: configuring a software package source: software packages and dependencies that ensure the required operating system images are available; profile modification: adding, deleting and configuring software packages to meet the requirements; performing mirror image construction: the mirror image construction tool chain is automatically completed; mirror image push: the built mirror images are automatically pushed to corresponding storage positions, databases or container mirror image warehouses for further deployment and distribution;

The cluster deployment module is used for deploying the K8S cluster based on the infrastructure resources and the registration files, an operating system operated by the K8S cluster is a cloud base operating system, when the cluster deployment module deploys the K8S cluster, the cluster deployment module comprises control plane node K8S cluster component deployment and non-control plane node K8S cluster component deployment, wherein the deployment process of the non-control plane node K8S cluster component needs to wait for the normal work of the control plane node and then deploy, and the K8S cluster is added, and the specific flow of the deployment of the control plane node K8S cluster component is as follows: switching file systems: before the K8S cluster is deployed, the system firstly needs to switch the cloud base operating system to an operating system containing the required K8S components and environments, the process uses an rpm-ostree mechanism, and is triggered and executed by utilizing an automation service defined in an registration file so as to ensure that the system has the conditions required for running the K8S, and as the rpm-ostree uses the same container mirror image, the same operation is executed on all nodes, and the consistency of the cluster node environments is ensured; certificate configuration: in order to ensure communication between K8S cluster components, the registration file contains the configuration file of the certificate and is automatically written into the node machine in the system boot stage; container runtime configuration: the registration file contains configuration parameters of the container during operation so as to ensure that the container operates correctly, and the configuration parameters are automatically written into corresponding configuration files of the nodes in a system boot stage; K8S cluster component deployment: the registration file defines services and scripts for deploying K8S cluster components, core components for deploying K8S clusters, kubelet, kube-APISERVER, KUBE-controller-manager, and kube-scheduler, which are pulled up as container images at system boot; network plug-in: the registration file contains services for starting installation calico or flannel network plug-ins and configuration parameters to be adjusted, so as to ensure that communication between nodes and network policies take effect, and deployment CoreDNS: coreNDS is a DNS service in the K8S cluster, responsible for resolving DNS requests for the service and Pod, and the service to pull up CoreDNS container images is defined in the registration file; time synchronization service: ensuring time synchronization of each node in the K8S cluster;

The version upgrading module is used for controlling upgrading flows of all component versions in the cloud base operating system and the K8S cluster through the K8S Operator expanding mechanism, and comprises the following steps: expanding the version management of a cloud base operating system of a K8S cluster by adopting a CRD in the K8S, designing a CRD API object through a Kubernetes API expansion mechanism, wherein the CRD API object defines the management specification of the version of the cluster operating system, registering the management specification into the K8S cluster, and creating a plurality of controllers by means of an operator mechanism of the K8S cluster, wherein the controllers are responsible for monitoring and managing the created CR object; the version upgrading module comprises a controller for managing a global OS, a controller for managing a single-node OS and daemon, wherein the controller for managing the global OS and the controller for managing the single-node OS are operated in a container, deployed in a K8S cluster, daemon does not belong to the K8S cluster, and directly operated in a node as a process, and the functions of the three components are as follows: a controller that manages the global OS: continuously monitoring the change of version information of all nodes of the K8S cluster, controlling the number of nodes to be upgraded at the same time according to user configuration information, and marking the nodes to be upgraded; a controller that manages the single-node OS: continuously monitoring the change of the version information of the current node, if the current node is marked as a node ready for upgrading by a controller of a management global OS, locking the current node, expelling a service pod, forwarding upgrading information to a daemon end, and when the current node is monitored to finish upgrading operation, recovering the current node to be in a schedulable state; daemon: receiving upgrade information from a controller managing a single-node OS, downloading a container image for updating from an image warehouse, executing upgrade operation, and restarting the node to finish upgrade;

when the upgrade mode is upgrade of the K8S component version, the upgrade operation system installs a binary component of the K8S new version, executes the K8S component version update operation, waits for the reapplication of the component Pod, and confirms that all Pods are in a healthy state, namely, completes the K8S version upgrade;

2. The system for K8S cluster deployment and operation and maintenance management according to claim 1, wherein the functions of the user interaction module further comprise:

checking cluster health data fed back by the health monitoring module;

3. The system for K8S cluster deployment and operation and maintenance management according to claim 1, wherein the configuration management module includes a configuration item for creating or adjusting infrastructure resources, and the function of the configuration management module further includes:

Interacting with the infrastructure module, and executing corresponding operations by the infrastructure module according to the configuration items when the infrastructure resources need to be created;

4. The system for K8S cluster deployment and operation and maintenance management according to claim 1, wherein the infrastructure management module creates infrastructure resources corresponding to the K8S cluster based on configuration item parameters of the K8S cluster, and the system comprises:

Infrastructure resources are created based on Terraform profiles.

5. The system for K8S cluster deployment and operation and maintenance management according to claim 1, wherein the cluster deployment module is configured to create infrastructure resources corresponding to the K8S cluster based on configuration item parameters of the K8S cluster, wherein scripts, services executed by the K8S cluster deployment, parameter configurations and certificates required by the deployment, and parameters required by the node when joining the cluster are already defined in the registration file, and the operation of applying the registration file is automatically completed in a system boot phase to ensure consistency of the K8S cluster.

6. The system for K8S cluster deployment and operation and maintenance management of claim 1, wherein the image build module has an image build tool chain integrated therein, the image build tool chain being a set of tools and workflows for building operating system images, wherein tools and workflows allow developers to customize RPM packages, configure and build operating system images.

7. The system for K8S cluster deployment and operation and maintenance management according to claim 1, wherein the external data module comprises a mirror warehouse and a database, wherein the mirror warehouse is used for storing mirrors constructed by a mirror construction tool chain, and the database is used for storing cluster configuration files, registration files and log data for managing the deployment of the K8S cluster.

8. The system for K8S cluster deployment and operation and maintenance management according to claim 1, wherein the functions of the log system module include log collection, data processing, data storage, data display and data alarm.