CN118132203A

CN118132203A - Container management method, device, equipment and medium

Info

Publication number: CN118132203A
Application number: CN202410310073.4A
Authority: CN
Inventors: 孙奔
Original assignee: Douyin Vision Co Ltd
Current assignee: Douyin Vision Co Ltd
Priority date: 2024-03-18
Filing date: 2024-03-18
Publication date: 2024-06-04

Abstract

The embodiment of the disclosure relates to a container management method, a device, equipment and a medium, wherein the method comprises the following steps: in the creation process of the target container, adding a shared file directory in a read-only layer of a root file system of the target container, wherein the shared file directory is a mounting directory of the shared file system; receiving a modification request for a first file in a shared file directory of a target container; and downloading the first file from the shared file system to the shared file directory, copying the first file from the shared file directory to the read-write layer, and performing modification operation on the first file at the read-write layer. By adopting the technical scheme, the sharing of the files in the shared file system is realized in a mounting mode, the time consumption caused by downloading the shared files when the container is started is avoided, the first files copied by the read-write layer are modified instead of the original first files in the shared file system mounted on the read-only layer, the modification of the shared files is realized, and the modification is invisible to other containers.

Description

Container management method, device, equipment and medium

Technical Field

The disclosure relates to the technical field of cloud computing, and in particular relates to a container management method, device, equipment and medium.

Background

With development of cloud computing technology, application of a container arranging system is increasingly wide, when a container is created in the container arranging system, a shared file can be stored in a file system of the container, and generally, storage of the shared file can be realized by means of network downloading, mirror downloading, file system mounting and the like. However, the above methods have the defects that the creation of the container takes a long time, and the shared file cannot be modified without affecting other containers.

Disclosure of Invention

In order to solve the technical problems, the present disclosure provides a container management method, device, equipment and medium.

The embodiment of the disclosure provides a container management method, which comprises the following steps:

In the creation process of a target container, adding a shared file directory in a read-only layer of a root file system of the target container, wherein the shared file directory is a mounting directory of the shared file system;

receiving a modification request for a first file in the shared file directory of the target container;

Downloading the first file from the shared file system to the shared file directory, copying the first file from the shared file directory to a read-write layer, and performing modification operation on the first file at the read-write layer.

The embodiment of the disclosure also provides a container management device, which comprises:

The system comprises a catalog adding module, a catalog adding module and a storage module, wherein the catalog adding module is used for adding a shared file catalog on a read-only layer of a root file system of a target container in the creation process of the target container, wherein the shared file catalog is a mounting catalog of the shared file system;

a first request receiving module, configured to receive a modification request for a first file in the shared file directory of the target container;

and the file modification module is used for downloading the first file from the shared file system to the shared file directory, copying the first file from the shared file directory to a read-write layer, and performing modification operation on the first file at the read-write layer.

The embodiment of the disclosure also provides an electronic device, which comprises: a processor; a memory for storing the processor-executable instructions; the processor is configured to read the executable instructions from the memory and execute the instructions to implement a container management method as provided in an embodiment of the disclosure.

The present disclosure also provides a computer-readable storage medium storing a computer program for executing the container management method as provided by the embodiments of the present disclosure.

The disclosed embodiments also provide a computer program product comprising a computer program/instructions, characterized in that the computer program/instructions, when executed by a processor, implement the steps of the container management method as provided by the disclosed embodiments.

Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: according to the container management scheme provided by the embodiment of the disclosure, in the creation process of the target container, a shared file directory is added to a read-only layer of a root file system of the target container, wherein the shared file directory is a mounting directory of the shared file system; receiving a modification request for a first file in a shared file directory of a target container; and downloading the first file from the shared file system to the shared file directory, copying the first file from the shared file directory to the read-write layer, and performing modification operation on the first file at the read-write layer. By adopting the technical scheme, the mount directory of the shared file system is added in the read-only layer of the root file system of the target container, the sharing of files in the shared file system is realized in a mount mode, the excessively long time consumption caused by downloading the shared files when the container is started is avoided, the first files are subsequently downloaded from the shared file system to the shared file directory of the target container and copied to the read-write layer under the condition that the modification request of the first files is received, the modification operation of the first files is realized in the read-write layer, the first files copied by the read-write layer are modified instead of the original first files in the shared file system mounted on the read-only layer, the modification of the shared files is realized, and the modification is invisible to other containers.

Drawings

The above and other features, advantages, and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. The same or similar reference numbers will be used throughout the drawings to refer to the same or like elements. It should be understood that the figures are schematic and that elements and components are not necessarily drawn to scale.

Fig. 1 is a flow chart of a container management method according to an embodiment of the disclosure;

FIG. 2 is a schematic diagram of a root file system provided by an embodiment of the present disclosure;

FIG. 3 is a flow chart of another method for managing containers according to an embodiment of the disclosure;

FIG. 4 is a schematic diagram of obtaining a snapshot plug-in tag according to an embodiment of the present disclosure;

fig. 5 is a schematic structural diagram of a container management device according to an embodiment of the present disclosure;

Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.

Detailed Description

Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure have been shown in the accompanying drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but are provided to provide a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.

It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.

The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below.

It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.

It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.

The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.

With the development of cloud computing technology, the application of container orchestration systems has become increasingly widespread, and when a container is created in a container orchestration system, there may be shared files in the file system of the container.

In the related art, the shared file may be stored in the network. The shared file is downloaded from the network via a uniform resource locator (Uniform Resource Locator, URL) and stored to a specified location of the container before the container executes the actual launch command. However, in the case of larger shared files, the time consuming for starting up the container increases significantly, and the larger the shared file, the more time consuming.

Or adding the mirror image corresponding to the shared file into the original mirror image of the container through the container mirror image technology to obtain a new mirror image. The new image is downloaded at the time of the container start-up and the container is created using the new image, so that an additional image corresponding to the shared file needs to be downloaded. The larger the shared file, the larger the corresponding image of the shared file, the larger the additionally downloaded image when the container is started, the more time consuming to start the container is significantly increased, and the larger the shared file, the more time consuming. In addition, under the condition that the shared file is frequently changed, a new mirror image needs to be frequently built correspondingly, so that the storage pressure of a mirror image warehouse and the storage pressure of the node mirror image are overlarge, and the maintenance of the mirror image is difficult.

Or storing the shared file in the distributed file system, and mounting the distributed file system to the container when the container is created, so as to realize sharing of the shared file in the distributed file system. In the case of read-only mount, the processes of the containers have no authority to modify the shared file, and in the case of writeable mount, the processes of a certain container may modify the shared file, but may affect the use of the shared file by other containers.

In the method, the defects that the time for creating the container is long, the shared file cannot be modified, and other containers are not affected exist.

In order to solve the above-described problems, embodiments of the present disclosure provide a container management method, which is described below in connection with specific embodiments.

Fig. 1 is a flow chart of a container management method according to an embodiment of the disclosure, where the method may be performed by a container management device, where the device may be implemented in software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 1, the method includes:

step 101, adding a shared file directory in a read-only layer of a root file system of a target container in the creation process of the target container, wherein the shared file directory is a mount directory of the shared file system.

Wherein, the target Container can be a Container (Container) which is currently created or started in the Container arranging system, and the target Container can be any one of a Container group; or the target container may be the container currently being created or launched in the container runtime. The type of the target container is not limited in this embodiment, for example, the target container may be a standard container that meets a certain container interface specification, and the specific container interface specification is not limited.

A containerization system, also known as a containerization engine, may be used to manage containerized applications on multiple hosts in a cloud platform, and may be used to automatically deploy, scale and manage containerized applications, etc. A group of containers in a container orchestration system may be the smallest unit of creation or deployment of the container orchestration system, one group of containers encapsulating one or more containers. When the container is operated as an industrial standard container, one or more of the following functions can be realized through the container operation: managing the lifecycle of the container, pulling or pushing the container image, managing the storage of the image and container data, invoking command line tools to run the container, managing the container network, and network interfaces. The application scenario of the container management method is not limited in this embodiment, and for example, the application scenario may include one of the following: cloud compiling and caching of large projects, dependency management of development environments in cloud development environments and creation of container environments.

The root file system (RootFS) may be a file system for providing an isolated execution environment for the container process, which may be mounted on the root directory of the container. The root file system may include a read-only layer (LowerDir), which may be a layer with access rights that is readable but not writable, and a read-write layer (UpperDir), which may record portions of the operating system in increments. The number of the read-only layers is not limited in this embodiment, and for example, the number of the read-only layers may be plural. The read-write layer may be a layer with access rights that are readable and writable, and may be located above a read-only layer, and the read-write layer may be used to record one or more of creation, modification, and deletion of files in the root file system. The number of the read-write layers is not limited in this embodiment, and for example, the number of the read-write layers may be one. When the file is read, the read-write layer firstly reads the file, and if the read-write layer has the file, the read-write layer does not read the file any more if the file is modified. And if the file does not exist in the read-write layer, reading the file on the read-only layer.

The shared file directory may be a new directory in the read-only layer of the root file system of the target container, which may be mounted to the shared file system. The shared file system may be a file system for enabling file sharing between a plurality of containers in a container orchestration system, the shared file system may comprise a plurality of shared files, each of which may be accessed by the plurality of containers.

In embodiments of the present disclosure, the container management method may be performed by the container orchestration system or the container runtime, i.e. the container management device may be provided in the container orchestration system or the container runtime.

In the embodiment of the disclosure, when a target container is created, a root file system is first constructed according to the mirror image corresponding to the target container. Specifically, fig. 2 is a schematic diagram of a root file system according to an embodiment of the present disclosure, as shown in fig. 2, a container management device may download an image from a preset image repository, where the image includes a plurality of compressed files, one compressed file corresponds to one layer of the read-only layers, decompresses the compressed file into a directory of the corresponding layer, and mounts a shared file system to the shared file directory in a read-only manner, so as to obtain a read-only layer of the root file system. And setting the read-write layer of the root file system as an empty directory, thereby obtaining the root file system.

Fig. 3 is a flow chart of another method for managing containers according to an embodiment of the present disclosure, as shown in fig. 3, in some embodiments of the present disclosure, in a process of creating a target container, adding a shared file directory in a read-only layer of a root file system of the target container, including:

Step 301, in the process of creating the target container, a snapshot plug-in tag is obtained, where the snapshot plug-in tag includes a mount directory of the shared file system.

Wherein the snapshot plug-in tag may be a tag (Label) defined by and supporting reading of a container runtime snapshot plug-in (SnapshotterPlugin) in the container orchestration system, which may be a plug-in for creating or deleting a snapshot or the like. The tag may be a key-value pair for adding an identification to a resource in the container orchestration system.

In the embodiment of the disclosure, in the creation process of the target container, the container management device may obtain a snapshot plug-in tag including the mount directory of the shared file system.

In some embodiments of the present disclosure, obtaining a snapshot plug-in tag includes: acquiring target notes comprising volume numbers of the shared file system, and determining that the mounting catalogue of the volume numbers is the mounting catalogue of the shared file system; the call container runtime interface service converts the target annotation into a snapshot plug-in tag that includes the mount directory of the shared file system.

Wherein the Volume number may be the name of a Volume (Volume) in the shared file system. The target Annotation may be a field added to the shared file system in the Annotation (accounting) of the target container, and the specific value of the target Annotation may be the volume number corresponding to the shared file system. Annotations may be used to attach non-identifying metadata to resource objects of the container orchestration system. The container runtime interface service may be a service implemented by a standardized plug-in interface for interfacing the container runtime with the container orchestration system so that the container orchestration system may interact with different container runtimes.

In this embodiment, when a user creates a container group with a shared file directory, the user may add a target annotation in an annotation field declared by the container group, where the value of the target annotation is a volume number corresponding to the shared file system, so as to record the volume number of the shared file system through the target annotation.

Further, the container control device dispatches the container group to a Node (Node) through the container arrangement system, and mounts the volume corresponding to the volume number to the catalog of the Node on the Node. The configuration code for converting the annotation of the container group of the container orchestration system into the snapshot plug-in tag is added to the code for creating the container of the container runtime interface service. Furthermore, in the process of creating the target container, the container control device invokes the container runtime interface service of the container runtime through the container runtime interface protocol, and converts the target annotation into a snapshot plug-in label agreed by the target snapshot plug-in of the container runtime through the container runtime service interface, wherein the value of the snapshot plug-in label is a catalog of a node corresponding to the volume corresponding to the target annotation, that is, the value of the snapshot plug-in label is a mounting catalog of the shared file system.

In the scheme, the snapshot plug-in label acquisition is realized based on the container arrangement system.

In some embodiments of the present disclosure, obtaining a snapshot plug-in tag includes: and obtaining the snapshot plug-in tag through a remote call service.

The remote call service is also called a remote procedure call service, and is a technology for realizing communication and interaction between different processes or services.

In some embodiments of the present disclosure, a user remotely invokes a service by invoking a container runtime, causing the container control device to obtain a snapshot plug-in tag. Specifically, a user manually establishes an empty directory, sets the empty directory as a mount directory of the shared file system, builds a snapshot plug-in tag comprising the mount directory of the shared file system based on the definition of the snapshot plug-in, and sends the snapshot plug-in tag to a container control device through a remote call service when the container runs, wherein the container control device can acquire the snapshot plug-in tag.

In the scheme, the snapshot plug-in label is acquired based on the container running time.

Fig. 4 is a schematic diagram of obtaining a snapshot plug-in tag according to an embodiment of the present disclosure, where, as shown in fig. 4, a user may obtain a target annotation through a container arrangement system, call a service interface when the container runs to convert the target annotation into the snapshot plug-in tag, and process the snapshot plug-in tag through the target snapshot plug-in. Or the user can remotely call the service to acquire the snapshot plug-in tag through the container runtime, and the snapshot plug-in tag is processed through the target snapshot plug-in.

Step 302, a target snapshot plug-in is called, and a mount directory of a shared file system is added as a shared file directory on a read-only layer of a root file system of a target container based on a snapshot plug-in label.

The target snapshot plug-in can be a snapshot plug-in re-realized in the running process of the container, the realization code of the target snapshot plug-in is modified, and the mounting directory of the shared file system in the snapshot plug-in label can be added to the read-only layer of the root file system when the snapshot plug-in label is found to be carried.

In this embodiment, the container management device may invoke the target snapshot plug-in. And extracting the value of the snapshot plug-in tag through the target snapshot plug-in to obtain a mounting directory of the shared file system, adding the mounting directory of the shared file system into a read-only layer option of a mounting (Mount) parameter of the write-time multiplexing file system, and returning the mounting parameter to the container operation. And when the container runs, calling a mounting system according to the mounting parameters returned by the target snapshot plug-in, and constructing a root file system. The root file system contains the content of the volume to which the shared file system corresponds.

In the scheme, the shared file directory is added in the read-only layer of the root file system based on the snapshot plug-in tag, and a foundation is created for the subsequent personalized file modification for the container.

Step 102, receiving a modification request for a first file in a shared file directory of a target container.

The first file may be a file to be modified and not modified, which is recorded in the shared file directory, and the number, the type, and the like of the first file are not limited in this embodiment. The modification request may be a request indicating a modification to the first file.

In this embodiment, if the user needs to modify the first file in the shared file directory, the target container may create a corresponding file modification process, and send a modification request of the first file to the container management apparatus through the file modification process, where the container management apparatus receives the modification request of the first file.

Step 103, downloading the first file from the shared file system to the shared file directory, copying the first file from the shared file directory to the read-write layer, and performing modification operation on the first file at the read-write layer.

Wherein the modifying operation may be an operation of modifying the first file, the modifying operation may include one or more of adding file content, deleting file content, updating file content.

In the embodiment of the present disclosure, the first file is recorded in a directory manner in the shared file directory based on the copy-on-write characteristic of the copy-on-write file system, but specific data of the first file is not stored in the shared file directory. After receiving the modification request of the first file, the container management apparatus may download the first file from the shared file system to a shared file directory of a read-only layer of the root file system, copy the shared file directory to a read-write layer of the root file system, and perform a modification operation on the first file in the read-write layer. Therefore, the original first file stored in the shared file system is not modified by modifying the copied first file in the read-write layer, so that the original first file is ensured not to be tampered by a certain container.

According to the container management scheme provided by the embodiment of the disclosure, in the creation process of the target container, a shared file directory is added to a read-only layer of a root file system of the target container, wherein the shared file directory is a mounting directory of the shared file system; receiving a modification request for a first file in a shared file directory of a target container; and downloading the first file from the shared file system to the shared file directory, copying the first file from the shared file directory to the read-write layer, and performing modification operation on the first file at the read-write layer. By adopting the technical scheme, the mount directory of the shared file system is added in the read-only layer of the root file system of the target container, the sharing of files in the shared file system is realized in a mount mode, the excessively long time consumption caused by downloading the shared files when the container is started is avoided, the first files are subsequently downloaded from the shared file system to the shared file directory of the target container and copied to the read-write layer under the condition that the modification request of the first files is received, the modification operation of the first files is realized in the read-write layer, the first files copied by the read-write layer are modified instead of the original first files in the shared file system mounted on the read-only layer, the modification of the shared files is realized, and the modification is invisible to other containers.

In addition, the modification of the target container to the copied first file in the read-write layer does not affect the original first file in the shared file system, so that the influence on the use of the original first file by other containers is avoided, and the safety of the shared file among the containers is improved. And the unified management of shared files among containers can be realized through the shared file system, so that the management cost of the files is reduced.

In some embodiments of the present disclosure, the container management method further comprises: and adding configuration codes of snapshot plug-in labels in codes of target snapshot plug-ins, wherein the configuration codes of the snapshot plug-in labels are used for adding values of the snapshot plug-in labels to options of read-only layers of copy-on-write file systems corresponding to the root file systems, and the root file systems are constructed based on the copy-on-write file systems.

The configuration code of the snapshot plug-in tag may be a function code for configuring the snapshot plug-in tag. The copy-on-write file system may be a default file system for a container in which, when a file is modified, the file needs to be copied from the read-only layer to the read-write layer and the copied file is modified at the read-write layer, but the original file in the read-only layer is not modified. The Options (Options) may be parameters in the mount array (mount [0 ]) returned by the multiplex file system at write time.

In this embodiment, the container runtime may invoke the configuration declaration target snapshot plugin during the root filesystem build phase in the process of creating the target container. If the value of the snapshot plug-in tag is found through the target snapshot plug-in, the value of the snapshot plug-in tag is added to the forefront option of the read-only layer in the mount array returned by the copy-on-write file system.

For example, if the value of the snapshot plug-in tag is: the options of the read-only layer in the mount array are: the Options of the read-only layer of the copy-on-write file system after adding the value of the snapshot plug-in tag are: the counts [0]. Operations [ "lowerdir" ] = "/count/nas:/lower 1:lower2:lower3".

In the scheme, the mounting directory of the shared file system recorded by the value of the snapshot plug-in tag is added to the option of the read-only layer of the copy-on-write file system through the configuration code, so that the shared file directory corresponding to the shared file system is added to the read-only layer of the root file system of the target container.

In some embodiments of the present disclosure, the container management method further comprises: the target snapshot plug-in is configured for use at the container runtime and in the container orchestration system.

In this embodiment, since the container runtime is a plug-in mechanism, the target snapshot plug-in needs to be registered to the container runtime before the target snapshot plug-in can operate normally. Specifically, the configuration code is compiled and the target snapshot plug-in is started. The target snapshot plug-in is configured for use in a configuration file at the runtime of the container. Further, the container is restarted while running. Alternatively, the interception of the target snapshot plug-in address may be recorded in a configuration file at the time of container operation.

Since there are multiple snapshot plug-ins in the container orchestration system, default (i.e., native) snapshot plug-ins are used if no configuration of snapshot plug-ins is made in the container orchestration system. In order to use the target snapshot plugin in the container orchestration system, the target snapshot plugin needs to be configured in the container orchestration system. Specifically, the user may modify the configuration file in advance to declare the use of the target snapshot plug-in. Since the interface will not transfer the snapshot plug-in tag to the snapshot plug-in of the container by default, however, the modification to the read-only layer in this embodiment is dependent on the snapshot plug-in tag to implement configuration transfer. In addition, in a container arrangement system, special data transfer is generally performed by annotation or tag of a container group.

Thus, in order to pass the snapshot plug-in tag through into the container orchestration system, it is necessary to define the annotation of the container group, or define the Key (Key) of the tag and its semantics. Further, the container creation logic of the interface service is modified and translating annotations or tags of the container group of the container orchestration system into snapshot plug-in tags is implemented in source code.

In the scheme, the target snapshot plug-in is configured through the container operation time and the container arrangement system, so that a foundation is created for the subsequent normal use of the target snapshot plug-in the container operation time and the container arrangement system.

In some embodiments of the present disclosure, the container management method further comprises: receiving a read request of a second file of the shared file directory of the target container; the second file is downloaded from the shared file system to the shared file directory and returned.

The second file may be a file to be read and not modified, which is recorded in the shared file directory, and the number, type, and the like of the second file are not limited in this embodiment. The read request may be a request indicating that the second file is read.

In this embodiment, after the target container is started, if a process in the target container needs to read a second file in the shared file directory, the process may send a read request of the second file to the container management apparatus, and after receiving the read request of the second file, the container management apparatus downloads the second file from the shared file system to the shared file directory of the read-only layer according to the copy-on-write characteristic of the copy-on-write file system, and returns the second file to the process sending the read request.

In the above scheme, the reading of the files recorded in the shared file directory is realized.

The container management method in the embodiment of the present disclosure will be further described by way of a specific example.

In this embodiment, the snapshot plug-in tag may be obtained by the container orchestration system, or by a remote procedure call service at the time of container operation.

Specifically, the process of obtaining a snapshot plug-in tag through a container orchestration system includes: target notes are declared in the Annography of the container group in advance, and the container runtime interface service of the container runtime is called through the container orchestration system according to the container runtime interface. In a container runtime interface service of the container runtime, target annotations of the container group are converted into snapshot plug-in labels.

The process of obtaining the snapshot plug-in tag through the remote procedure call service when the container runs comprises the following steps: the container management device calls a remote procedure call service when the container runs, and obtains a snapshot plug-in tag.

The target snapshot plug-in this embodiment is implemented based on the write-time multiplexing file system Snapshotter in the container running process, and the target snapshot plug-in specifies an additional directory through the snapshot plug-in tag, so that the shared file directory corresponding to the snapshot plug-in tag is added to the read-only layer parameter of the write-time multiplexing file system mounting parameter.

Specifically, at the stage of creating target container construct RootFS, the container runtime invokes configuration declaration SnapshotterPlugin. If Snapshotter Plugin finds that the snapshot plug-in tag is carried, the front-most snapshot plug-in tag value is added to LowerDir parameters of Options of mount [0] returned by the multiplex file system when writing.

The target snapshot plug-in is configured during container runtime. Specifically, the configuration code is compiled and the boot SnapshotterPlugin is started. In the configuration at the time of container operation, the configuration uses SnapshotterPlugin. Restarting the container while running.

The target snapshot plugin is configured in the container orchestration system. Specifically, the use of the target snapshot plug-in is declared in the configuration file. The key and semantics of the corresponding container group of the analysis or Label are defined. Container creation logic of the container runtime interface is modified to convert the container group of the container orchestration system, either the animation or Label, into a snapshot plug-in tag in source code.

According to the container management method provided by the embodiment of the disclosure, functions of containers are enhanced, and the fact that a process in a certain container can modify shared files among containers is achieved, but modification of the shared files by the container is invisible to other containers. The background can carry out the new addition of the shared file in the shared file catalog, and the newly-built container can see the newly-added shared file, thereby realizing the convenient management of the shared file, avoiding each container to store the shared file respectively and reducing the redundancy of storage. In addition, by means of mounting, all shared files are prevented from being downloaded to the container when the container is started, and the time consumption for starting the container is prevented from being obviously increased.

Fig. 5 is a schematic structural diagram of a container management device according to an embodiment of the present disclosure, where the device may be implemented by software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 5, the container management apparatus includes:

A directory adding module 501, configured to add a shared file directory to a read-only layer of a root file system of a target container in a process of creating the target container, where the shared file directory is a mount directory of the shared file system;

a first request receiving module 502, configured to receive a modification request for a first file in the shared file directory of the target container;

a file modification module 503, configured to download the first file from the shared file system to the shared file directory, copy the first file from the shared file directory to a read-write layer, and perform a modification operation on the first file at the read-write layer.

In some embodiments of the present disclosure, the catalog augmentation module 501 comprises:

the obtaining submodule is used for obtaining a snapshot plug-in label in the creating process of the target container, wherein the snapshot plug-in label comprises a mounting catalog of the shared file system;

And the adding sub-module is used for calling a target snapshot plug-in, and adding the mounting directory of the shared file system as a shared file directory on the read-only layer of the root file system of the target container based on the snapshot plug-in label.

In some embodiments of the disclosure, the acquiring submodule is configured to:

acquiring target notes comprising volume numbers of the shared file system, and determining that a mounting directory of the volume numbers is a mounting directory of the shared file system;

and calling a container runtime interface service to convert the target annotation into a snapshot plug-in tag comprising the mount directory of the shared file system.

And obtaining the snapshot plug-in tag through a remote call service.

In some embodiments of the present disclosure, the container management apparatus further includes:

And the code adding module is used for adding the configuration code of the snapshot plug-in tag into the code of the target snapshot plug-in, wherein the configuration code of the snapshot plug-in tag is used for adding the value of the snapshot plug-in tag into the option of a read-only layer of the copy-on-write file system corresponding to the root file system, and the root file system is constructed based on the copy-on-write file system.

And the plug-in configuration module is used for configuring and using the target snapshot plug-in the container running time and the container arranging system.

a second request receiving module, configured to receive a read request for a second file of the shared file directory of the target container;

And the file downloading module is used for downloading the second file from the shared file system to the shared file directory and returning the second file.

The container management device provided by the embodiment of the disclosure can execute the container management method provided by any embodiment of the disclosure, and has the corresponding functional modules and beneficial effects of the execution method.

A computer program product comprising computer programs/instructions which when executed by a processor implement the steps of the container management method described above.

Referring now in particular to fig. 6, a schematic diagram of an electronic device 600 suitable for use in implementing embodiments of the present disclosure is shown. The electronic device 600 in the embodiments of the present disclosure may include, but is not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), car terminals (e.g., car navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 6 is merely an example and should not be construed to limit the functionality and scope of use of the disclosed embodiments.

As shown in fig. 6, the electronic device 600 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.

In general, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, magnetic tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 shows an electronic device 600 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.

In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via communication means 609, or from storage means 608, or from ROM 602. When executed by the processing device 601, the computer program performs the above-described functions defined in the container management method of the embodiment of the present disclosure.

It should be noted that the computer readable medium described in the present disclosure may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present disclosure, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.

In some embodiments, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.

The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.

The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: in the creation process of the target container, adding a shared file directory in a read-only layer of a root file system of the target container, wherein the shared file directory is a mounting directory of the shared file system; receiving a modification request for a first file in a shared file directory of a target container; and downloading the first file from the shared file system to the shared file directory, copying the first file from the shared file directory to the read-write layer, and performing modification operation on the first file at the read-write layer.

Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including, but not limited to, an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units involved in the embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.

The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.

In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

It will be appreciated that prior to using the technical solutions disclosed in the embodiments of the present disclosure, the user should be informed and authorized of the type of information, the scope of use, the use scenario, etc. related to the present disclosure in an appropriate manner according to relevant legal regulations.

The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in this disclosure is not limited to the specific combinations of features described above, but also covers other embodiments which may be formed by any combination of features described above or equivalents thereof without departing from the spirit of the disclosure. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).

Moreover, although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the present disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.

Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are example forms of implementing the claims.

Claims

1. A method of container management, comprising:

2. The method of claim 1, wherein adding a shared file directory at a read-only layer of a root file system of the target container during creation of the target container comprises:

in the creation process of the target container, a snapshot plug-in label is obtained, wherein the snapshot plug-in label comprises a mounting catalog of the shared file system;

and calling a target snapshot plug-in, and adding a mounting directory of the shared file system as a shared file directory on the read-only layer of the root file system of the target container based on the snapshot plug-in label.

3. The method of claim 2, wherein the obtaining a snapshot plug-in tag comprises:

4. The method of claim 2, wherein the obtaining a snapshot plug-in tag comprises:

And obtaining the snapshot plug-in tag through a remote call service.

5. The method according to claim 2, wherein the method further comprises:

And adding configuration codes of snapshot plug-in labels in codes of the target snapshot plug-ins, wherein the configuration codes of the snapshot plug-in labels are used for adding values of the snapshot plug-in labels into options of read-only layers of copy-on-write file systems corresponding to the root file systems, and the root file systems are constructed based on the copy-on-write file systems.

6. The method of claim 5, wherein the method further comprises:

The target snapshot plug-in is configured for use at the time of container run-time and in a container orchestration system.

7. The method according to claim 1, wherein the method further comprises:

receiving a read request for a second file of the shared file directory of the target container;

And downloading the second file from the shared file system to the shared file directory and returning the second file.

8. A method of container management, comprising:

9. An electronic device, the electronic device comprising:

a processor;

a memory for storing the processor-executable instructions;

The processor is configured to read the executable instructions from the memory and execute the instructions to implement the container management method of any one of the preceding claims 1-7.

10. A computer readable storage medium, characterized in that the storage medium stores a computer program for executing the container management method according to any one of the preceding claims 1-7.

11. A computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the container management method of any of the preceding claims 1-7.