WO2021051933A1 - Container cloud platform-based available area construction method and apparatus, device and storage medium - Google Patents

Container cloud platform-based available area construction method and apparatus, device and storage medium Download PDF

Info

Publication number
WO2021051933A1
WO2021051933A1 PCT/CN2020/098934 CN2020098934W WO2021051933A1 WO 2021051933 A1 WO2021051933 A1 WO 2021051933A1 CN 2020098934 W CN2020098934 W CN 2020098934W WO 2021051933 A1 WO2021051933 A1 WO 2021051933A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud
container
network
zone
security
Prior art date
Application number
PCT/CN2020/098934
Other languages
French (fr)
Chinese (zh)
Inventor
李迎春
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021051933A1 publication Critical patent/WO2021051933A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 

Definitions

  • This application relates to the field of cloud computing technology, and in particular to a method, device, device, and storage medium for building an available domain based on a container cloud platform.
  • Containers are the standard deliverables of a new generation of applications.
  • Container Cloud will help enterprise users build R&D processes and cloud platform infrastructure, shorten the delivery cycle of applications to the cloud, lower operational thresholds, and accelerate the enterprise's dual transformation of Internet technology and business.
  • container cloud platforms such as PaaS (platform as a service), SaaS (software as a service), CaaS (container cloud platform), provide application operating platforms through Docker (containers) and Kubernetes (referred to as K8s) and other technologies to achieve operation and maintenance Automation, rapid application deployment, elastic scaling and dynamic adjustment of application environment resources.
  • PaaS platform as a service
  • SaaS software as a service
  • CaaS container cloud platform
  • K8s Kubernetes
  • K8s Kubernetes
  • Some implementation methods have at least the following problems: 1. ECS itself does not have high availability and disaster tolerance, and requires multiple regions, especially a logical multi-region architecture to achieve; 2. The application runs on ECS, which requires manual multi-regions. Disperse the deployment; 3.
  • the load balancing ELB of the cluster needs to consider the impact of the node recovery, and the node needs to be manually disabled, which is inefficient.
  • the purpose of the embodiments of the present application is to propose a method, device, equipment, and storage medium for building an available domain of a container cloud platform, so as to improve the high availability and automation level of a cloud host container cluster.
  • an embodiment of the present application provides a method for building an available domain of a container cloud platform, which includes the following steps:
  • an embodiment of the present application also provides an available domain construction device based on a container cloud platform, which adopts the following technical solutions:
  • the available domain construction device based on the container cloud platform includes:
  • the creation module is used to create at least two cloud hosts on the cloud platform according to regions, and the cloud hosts are used to provide container services;
  • the joining module is used to join the cloud host to the network isolation zone and the network security zone respectively;
  • a deployment module configured to configure a dual-availability domain label for the cloud host and deploy it to a container cluster
  • the management module is used to manage the cloud hosts added to the container cluster.
  • the embodiments of the present application also provide a computer device, which adopts the following technical solutions:
  • the computer device includes a memory and a processor, and a computer process is stored in the memory.
  • the processor executes the computer process, the container-based cloud platform described in any one of the embodiments of the present application is available. Steps of the domain construction method:
  • the embodiments of the present application also provide a computer-readable storage medium, which adopts the following technical solutions:
  • the computer-readable storage medium stores a computer process, and when the computer process is executed by a processor, the steps of any one of the container cloud platform-based available domain construction methods proposed in the embodiments of the present application are implemented:
  • the cloud hosts are used to provide container services; add the cloud hosts to the network isolation zone and the network security zone respectively; configure the cloud host with dual-availability domain tags and deploy To the container cluster; to manage the cloud hosts added to the container cluster.
  • At least two cloud hosts are created through the container cloud platform, and each cloud host is configured with dual availability domains and placed in different network areas and then added to the container cluster for unified management, which can improve the high availability and automation level of the cloud host container cluster.
  • Figure 1 is an exemplary system architecture diagram to which the present application can be applied;
  • Fig. 2 is a flowchart of an embodiment of a method for building available domains based on a container cloud platform according to the present application
  • FIG. 3 is a flowchart of a specific implementation of step 201 in FIG. 2;
  • FIG. 4 is a flowchart of a specific implementation of step 202 in FIG. 2;
  • FIG. 5 is a flowchart of a specific implementation of step 203 in FIG. 2;
  • Fig. 6 is a schematic structural diagram of an embodiment of an available domain construction device based on a container cloud platform according to the present application
  • FIG. 7 is a schematic structural diagram of a specific implementation of the creation module 301 shown in FIG. 6;
  • Fig. 8 is a schematic structural diagram of an embodiment of a computer device according to the present application.
  • the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105.
  • the network 104 is used to provide a medium for communication links between the terminal devices 101, 102, 103 and the server 105.
  • the network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, and so on.
  • the user can use the terminal devices 101, 102, and 103 to interact with the server 105 through the network 104 to receive or send messages and so on.
  • Various communication client applications such as web browser applications, shopping applications, search applications, instant messaging tools, email clients, and social platform software, may be installed on the terminal devices 101, 102, and 103.
  • the terminal devices 101, 102, and 103 may be various electronic devices with display screens and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, dynamic Video experts compress standard audio layer 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image experts compress standard audio layer 4) players, laptop portable computers and desktop computers, etc.
  • MP3 players Moving Picture Experts Group Audio Layer III, dynamic Video experts compress standard audio layer 3
  • MP4 Moving Picture Experts Group Audio Layer IV, dynamic image experts compress standard audio layer 4
  • laptop portable computers and desktop computers etc.
  • the server 105 may be a server that provides various services, for example, a background server that provides support for pages displayed on the terminal devices 101, 102, and 103.
  • the available domain construction method based on the container cloud platform provided by the embodiments of the present application is generally executed by the server/terminal device. Accordingly, the available domain construction device based on the container cloud platform is generally set in the server/terminal device.
  • terminal devices, networks, and servers in FIG. 1 are merely illustrative. According to implementation needs, there can be any number of terminal devices, networks, and servers.
  • FIG. 2 a flowchart of an embodiment of the method for building available domains based on the container cloud platform according to the present application is shown.
  • the method for constructing available domains based on the container cloud platform includes the following steps:
  • Step 201 Create at least two cloud hosts on the container cloud platform according to regions, where the cloud hosts are used to provide container services.
  • the electronic device such as the server/terminal device shown in FIG. 1
  • the electronic device such as the server/terminal device shown in FIG. 1
  • the electronic device such as the server/terminal device shown in FIG. 1
  • the electronic device such as the server/terminal device shown in FIG. 1
  • the electronic device such as the server/terminal device shown in FIG. 1
  • the electronic device such as the server/terminal device shown in FIG. 1
  • the electronic device such as the server/terminal device shown in FIG. 1
  • the wireless connection methods can include, but are not limited to, 3G/4G connection, WiFi connection, Bluetooth connection, WiMAX connection, Zigbee connection, UWB (ultra wideband) connection, and other wireless connection methods currently known or developed in the future .
  • the address of the cloud platform is the domain name of the platform website, such as yun.pingan.com.
  • All users can access and select the service type according to their needs, such as file storage and sharing, application process creation and deployment, etc., and then according to the service type and location Select and create a cloud host that provides container services.
  • Users can include, but are not limited to, individuals, organizations, or R&D teams.
  • Step 202 Add the cloud host to the network isolation zone and the network security zone respectively.
  • the network isolation zone and the network security zone are the virtual network VPC (Virtual Private Cloud) obtained by further dividing the Internet according to a certain security strategy, and the VPC is in the public cloud (all users share a public network resource pool, and users are not Do logical isolation) on a custom logical network space
  • the above-mentioned network isolation zone DMZ is a special area between the external network and the internal network, which adds a security line of defense to the network security zone SF (internal network) to be protected.
  • the above-mentioned access control policies can be formulated, added, deleted, and modified according to the access needs, including the intranet SF can access the external network, the internal network SF can access the DMZ, the external network cannot access the internal SF, the external network can access the DMZ, and the DMZ cannot access The intranet SF and DMZ cannot access the external network, etc.
  • the created cloud host can be added to the network isolation zone and network security zone respectively, so as to provide services of different security levels.
  • Step 203 Configure a dual-availability domain label for the cloud host and deploy it to the container cluster.
  • a container cluster is formed.
  • some tools or systems such as Kubernetes (k8s) are required to uniformly manage multiple hosts in the cloud platform.
  • Containerized applications on the Internet the goal of Kubernetes is to make the deployment of containerized applications simple and efficient. It provides a unified management of these container clusters by providing application deployment, planning, update, and maintenance mechanisms.
  • the container clusters can be divided into regions. Management, which provides functions such as resource scheduling, deployment and operation, service discovery, capacity expansion and contraction for containerized applications.
  • container orchestration services so that containers can communicate with each other, transfer runtimes to each other, and manage the behavior of multiple containers at the same time
  • the available domain label can be a custom identifier used to indicate the available domain in the availability zone. Configure a customized available domain label for the created cloud host and add it to the container cluster. The available domain label can be used to access the container cluster. Find the corresponding cloud host node in, and then use the container cluster management tool to manage the container on the cloud host node.
  • Step 204 Manage the cloud hosts added to the container cluster.
  • the above-mentioned container management tool k8s is used to manage the cloud hosts added to the container cluster, such as monitoring the running status, performing load balancing, and disaster recovery backup.
  • the available domain construction method based on the container cloud platform provided by the embodiments of the application can be applied to the available domain construction equipment based on the container cloud platform, for example: computers, servers, workstations, etc. can perform the available domain based on the container cloud platform Construction equipment.
  • At least two cloud hosts are created on the cloud platform according to regions, the cloud hosts are used to provide container services; the cloud hosts are added to the network isolation zone and the network security zone respectively; the cloud host is configured The dual-availability domain label is deployed to the container cluster; and the cloud hosts added to the container cluster are managed.
  • At least two cloud hosts are created through the container cloud platform, and each cloud host is configured with dual availability domains and placed in different network areas and then added to the container cluster for unified management, which can improve the high availability and automation level of the cloud host container cluster.
  • the above step 201 may include:
  • an account that has been registered on the cloud platform is used to log in to the above-mentioned container cloud platform (CaaS) cloud platform, and the address of the cloud platform is the domain name of the platform website, such as yun.pingan.com.
  • a container is a running instance created from an image. It can be started, started, stopped, and deleted, and the environment of each container is isolated from each other to ensure safety. Moreover, the start, stop, and destruction of the container are in seconds or milliseconds. Compared with traditional virtualization technology, the performance loss of the CPU, memory, network IO and other resources of the container has the same level or even better performance. .
  • the above-mentioned Docker container image can be stored in a local public/private image warehouse. Users can create an image or update an existing image through the warehouse, or download a ready-made image directly from another place and use it directly. The deployment of container applications is very convenient for migration and deployment through this mirroring mechanism.
  • step 2012 on the cloud platform, select an availability zone in the local area to create at least two cloud host nodes.
  • one of the two Availability Zones A/B is selected to create a cloud host on the aforementioned cloud platform based on the location (such as Hong Kong, Shenzhen, Shanghai, etc.). For example, there are two Availability Zones A in Hong Kong. , B, you can select the available zone A, and further select the basic configuration parameters of the cloud host according to your needs, such as the number of CPU cores, memory capacity, operating system type, etc.
  • the above-mentioned available area refers to a physical area in the same area where power and network are independent of each other. In the same area, the available area and the available area can communicate with each other in the intranet.
  • the cloud host can be used to store data, or to execute application processes to provide services; further, multiple container applications and the environment that the application depends on can also be installed on the cloud host through the docker image, for example: one image can contain A complete ubuntu operating system environment, which only installs Apache or other application processes required by the user; the image can be used to create a Docker container, and then use the container to run the application.
  • the foregoing step 202 may include:
  • Step 2021 Create a corresponding security group according to different access control policies, including a network isolation zone security group and a network security zone security group.
  • the step of creating corresponding security groups according to different access control policies specifically includes:
  • the network can be divided into three zones according to the security level: the SF zone with the highest security level (intranet), the DMZ zone with the medium security level and the Internet zone with the lowest security level (external network).
  • the three areas have different access control strategies due to their different tasks.
  • the above-mentioned DMZ (network isolation zone) area is a special area between the external network and the internal network, which adds a security line of defense for the internal network SF (network security zone) to be protected, and at the same time it provides an area for placement Public services, external networks can access these services, such as corporate Web servers, FTP servers, and forums.
  • the DMZ network isolation zone and the SF network security zone are the virtual network VPC (Virtual Private Cloud) that is further divided on the above availability zone A or B, and the VPC is in the public cloud (all users share public network resources)
  • VPC Virtual Private Cloud
  • the purpose is to build an isolated virtual network environment on the cloud platform that can independently manage configurations and policies, so as to improve resources in the network environment.
  • the above-mentioned access control strategy can be formulated, deleted, and modified according to the access needs, including the intranet SF can access the external network, the internal network SF can access the DMZ, the external network cannot access the internal SF, the external network can access the DMZ, and the DMZ cannot access the internal network SF and DMZ cannot access external networks, etc.
  • Step 2022 Bind the created at least two cloud host nodes to the two created security groups respectively.
  • the access policy of the DMZ network isolation zone security group created in step 2021 is issued to one of the at least two cloud host nodes created in the availability zone A/B, and the SF network security zone The access policy of the security group is issued to the other one to complete the binding, so that the two cloud host nodes belong to different VPCs and provide services of different security levels.
  • the above step 203 may include:
  • Step 2031 Label the at least two cloud host nodes with dual-availability domain labels respectively.
  • the above-mentioned available domain label may be a custom identifier used to indicate the available domain in the above-mentioned Availability Zone A/B, for example, hka-az1 and hka-az2 indicate the az1 and az2 available domains in Zone A of Hong Kong Availability Zone. ;Then use the command line of the container management tool k8s to associate the above available domain label with the cloud host created above, and then the corresponding cloud host node can be found through the available domain label, as follows: Kubectl label no dmz_node1ip failure-domain.beta.
  • dmz_node1ip and dmz_node2ip represent the two independent containers of the cloud host node in the DMZ network area, which are used to carry the available domains hka-az1 and hka-az2 respectively; similarly, sf_node1ip and sf_node2ip represent the cloud host node in the SF network area The two independent containers are used to carry the available domains hka-az1 and hka-az2 respectively.
  • the definition, configuration, and management of dual-availability domain tags through the container management tool k8s can enable cloud hosts to have architectural high-availability support at the IAAS (infrastructure) level.
  • Step 2032 Add the dual-availability domain label to the node deployment template of the cloud platform, thereby deploying the cloud host node to the container cluster.
  • the two cloud host nodes marked with the available domain labels hka-az1 and hka-az2 can be deployed to the k8s cluster for unified management; the multi-availability domain deployment method based on the template configuration provided by the container management tool k8s is flexible and Convenient.
  • Step 2033 Perform load balancing on the container clusters that have been added to the network isolation zone of the cloud host node.
  • Load Balance is a cluster technology of servers or network devices, which shares specific services (network services, network traffic, etc.) to multiple servers or network devices, thereby improving business processing capabilities , To ensure the high availability of the business.
  • a container application cluster that has been added to the network isolation zone of a cloud host node can be deployed to multiple cloud hosts, and then user requests can be distributed to different servers through load balancing to improve websites, applications, and The performance and reliability of databases or other services.
  • step 2033 may include:
  • Step 20331 Add the cloud host node bound to the security group of the network isolation zone to the resource pool.
  • step 204 may include:
  • Step 2041 Add monitoring scripts to the at least two cloud host nodes respectively, and collect and report operating data of the nodes.
  • the docker container process monitoring script is added to the cloud host node to collect the operating data of the host, such as CPU usage, memory usage, etc., and use the crontab tool command to regularly report the operating status of the host node to the cloud platform.
  • the computer process can be stored in a computer readable storage medium. When executed, it may include the procedures of the above-mentioned method embodiments.
  • the aforementioned storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disc, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.
  • this application provides an embodiment of an available domain construction device based on a container cloud platform, which is similar to the method embodiment shown in FIG.
  • the device can be specifically applied to various electronic devices.
  • the device 300 for building an available domain based on a container cloud platform in this embodiment includes: a creation module 301, a joining module 302, a deployment module 303, and a management module 304. among them:
  • the creation module 301 is configured to create at least two cloud hosts on the cloud platform according to regions, and the cloud hosts are used to provide container services;
  • the joining module 302 is used to join the cloud host to the network isolation zone and the network security zone respectively;
  • the deployment module 303 is configured to configure a dual-availability domain label for the cloud host and deploy it to the container cluster;
  • the management module 304 is used to manage the cloud hosts added to the container cluster.
  • the creation module 301 further includes:
  • the login sub-module 3011 is used to log in to the container-based cloud platform
  • the creation sub-module 3012 is used to select an availability zone in the local area to create at least two cloud host nodes on the cloud platform.
  • the device for constructing available domains based on the container cloud platform provided by the embodiments of the present application can implement the various implementation manners in the method embodiments of FIGS. 2 to 5 and the corresponding beneficial effects. To avoid repetition, details are not described herein again.
  • FIG. 8 is a block diagram of the basic structure of the computer device in this embodiment.
  • the computer device 8 includes a memory 81, a processor 82, and a network interface 83 that communicate with each other through a system bus. It should be pointed out that the figure only shows the computer device 8 with components 81-83, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead. Among them, those skilled in the art can understand that the computer device here is a device that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions.
  • Its hardware includes, but is not limited to, a microprocessor, a dedicated Integrated Circuit (Application Specific Integrated Circuit, ASIC), Programmable Gate Array (Field-Programmable Gate Array, FPGA), Digital Processor (Digital Signal Processor, DSP), embedded equipment, etc.
  • ASIC Application Specific Integrated Circuit
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • DSP Digital Processor
  • the computer device may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
  • the computer device can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device.
  • the memory 81 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static memory Random access memory (SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, etc., the computer readable storage The medium can be non-volatile or volatile.
  • the memory 81 may be an internal storage unit of the computer device 8, such as a hard disk or memory of the computer device 8.
  • the memory 81 may also be an external storage device of the computer device 8, such as a plug-in hard disk equipped on the computer device 8, a smart media card (SMC), a secure digital (Secure Digital, SD) card, flash card (Flash Card), etc.
  • the memory 81 may also include both the internal storage unit of the computer device 8 and its external storage device.
  • the memory 81 is generally used to store an operating system and various application software installed on the computer device 8, such as computer readable instructions based on a container cloud platform's available domain construction method.
  • the memory 81 can also be used to temporarily store various types of data that have been output or will be output.
  • the processor 82 may be a central processing unit (CPU), a controller, a microcontroller, a microprocessor, or other data processing chips.
  • the processor 82 is generally used to control the overall operation of the computer device 8.
  • the processor 82 is configured to run computer-readable instructions or processed data stored in the memory 81, for example, run the computer-readable instructions of the container cloud platform-based available domain construction method.
  • the network interface 83 may include a wireless network interface or a wired network interface, and the network interface 83 is generally used to establish a communication connection between the computer device 8 and other electronic devices.
  • This application also provides another implementation manner, that is, to provide a computer-readable storage medium that stores the available domain construction process based on the container cloud platform, and the available domain construction based on the container cloud platform
  • the process may be executed by at least one processor, so that the at least one processor executes the steps of the aforementioned container cloud platform-based available domain construction method.
  • the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present application.
  • a terminal device which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.
  • the disclosed device may be implemented in other ways.
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software flow module.
  • the integrated unit is implemented in the form of a software flow module and sold or used as an independent product, it can be stored in a computer readable memory.
  • the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory.
  • a number of instructions are included to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned memory includes: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or optical disk, etc., which can store computer readable instructions. medium.

Abstract

The embodiments of the present application relate to the field of cloud computing technologies, and relate to a container cloud platform-based available area construction method and apparatus, a device and a storage medium. The method comprises: creating at least two cloud hosts on a cloud platform according to a region, the cloud hosts being used for providing container services; adding the cloud hosts to a network isolation area and a network security area, respectively; configuring double-available-area labels for the cloud hosts and deploying the cloud hosts to a container cluster; and managing the cloud hosts added to the container cluster. By creating at least two cloud hosts by means of a container cloud platform, performing dual-available-area configuration on each cloud host, putting the cloud hosts in different network areas, and then adding the cloud hosts to a container cluster for unified management, the high availability and automation level of the cloud host container cluster can be improved.

Description

容器云平台的可用域建设方法、装置、设备及存储介质Available domain construction method, device, equipment and storage medium of container cloud platform
本申请以2019年09月20日提交的申请号为201910889656.6,名称为“基于容器云平台的可用域建设方法、装置、设备及存储介质”的中国发明专利申请为基础,并要求其优先权。This application is based on the Chinese invention patent application filed on September 20, 2019 with the application number 201910889656.6, titled "Available domain construction method, device, equipment and storage medium based on container cloud platform", and claims its priority.
技术领域Technical field
本申请涉及云计算技术领域,尤其涉及基于容器云平台的可用域建设方法、装置、设备及存储介质。This application relates to the field of cloud computing technology, and in particular to a method, device, device, and storage medium for building an available domain based on a container cloud platform.
背景技术Background technique
在移动互联网时代,企业需要寻找新的软件交付流程和IT架构,从而实现架构平台化,交付持续化,业务服务化。容器就是新一代应用的标准交付件,容器云将帮助企业用户构建研发流程和云平台基础设施,缩短应用向云端交付的周期,降低运营门槛,加速企业向互联网技术和业务的双转型。In the era of mobile Internet, companies need to find new software delivery processes and IT architectures to achieve platform-based architecture, continuous delivery, and service-oriented business. Containers are the standard deliverables of a new generation of applications. Container Cloud will help enterprise users build R&D processes and cloud platform infrastructure, shorten the delivery cycle of applications to the cloud, lower operational thresholds, and accelerate the enterprise's dual transformation of Internet technology and business.
目前很多的容器云平台如PaaS(平台即服务)、SaaS(软件即服务)、CaaS(容器云平台),通过Docker(容器)及Kubernetes(简称K8s)等技术提供应用运行平台,从而实现运维自动化,快速部署应用、弹性伸缩和动态调整应用环境资源,例如,阿里云通过多区域部署方案以提高ECS(弹性计算服务器)的高可用,但是在实现本申请的过程中,发明人意识到现有的实现方式至少存入如下问题:1、ECS本身无高可用和容灾,需要多区域,尤其是逻辑上的多区域架构来实现;2、应用跑在ECS上,需要做多区域的手动打散部署;3、集群的负载均衡ELB需要考虑节点恢复之后的影响,需要手动禁用节点,效率低。At present, many container cloud platforms, such as PaaS (platform as a service), SaaS (software as a service), CaaS (container cloud platform), provide application operating platforms through Docker (containers) and Kubernetes (referred to as K8s) and other technologies to achieve operation and maintenance Automation, rapid application deployment, elastic scaling and dynamic adjustment of application environment resources. For example, Alibaba Cloud uses a multi-region deployment solution to improve the high availability of ECS (Elastic Computing Server). However, in the process of implementing this application, the inventor realized that Some implementation methods have at least the following problems: 1. ECS itself does not have high availability and disaster tolerance, and requires multiple regions, especially a logical multi-region architecture to achieve; 2. The application runs on ECS, which requires manual multi-regions. Disperse the deployment; 3. The load balancing ELB of the cluster needs to consider the impact of the node recovery, and the node needs to be manually disabled, which is inefficient.
发明内容Summary of the invention
本申请实施例的目的在于提出一种容器云平台的可用域建设方法、装置、设备及存储介质,提高云主机容器集群的高可用和自动化水平。The purpose of the embodiments of the present application is to propose a method, device, equipment, and storage medium for building an available domain of a container cloud platform, so as to improve the high availability and automation level of a cloud host container cluster.
为了解决上述技术问题,本申请实施例提供一种容器云平台的可用域建设方法,包括下述步骤:In order to solve the above technical problems, an embodiment of the present application provides a method for building an available domain of a container cloud platform, which includes the following steps:
根据地域在云平台创建至少两台云主机,所述云主机用于提供容器服务;Create at least two cloud hosts on the cloud platform according to regions, where the cloud hosts are used to provide container services;
将所述云主机分别加入到网络隔离区和网络安全区;Adding the cloud host to the network isolation zone and the network security zone respectively;
给所述云主机配置双可用域标签并部署到容器集群;Configure a dual-availability domain label for the cloud host and deploy it to the container cluster;
对所述加入容器集群的云主机进行管理。Manage the cloud hosts added to the container cluster.
为了解决上述技术问题,本申请实施例还提供一种基于容器云平台的可用域建设装置,采用了如下所述的技术方案:In order to solve the above technical problems, an embodiment of the present application also provides an available domain construction device based on a container cloud platform, which adopts the following technical solutions:
基于容器云平台的可用域建设装置,包括:The available domain construction device based on the container cloud platform includes:
创建模块,用于根据地域在云平台创建至少两台云主机,所述云主机用于提供容器服务;The creation module is used to create at least two cloud hosts on the cloud platform according to regions, and the cloud hosts are used to provide container services;
加入模块,用于将所述云主机分别加入到网络隔离区和网络安全区;The joining module is used to join the cloud host to the network isolation zone and the network security zone respectively;
部署模块,用于给所述云主机配置双可用域标签并部署到容器集群;A deployment module, configured to configure a dual-availability domain label for the cloud host and deploy it to a container cluster;
管理模块,用于对所述加入容器集群的云主机进行管理。The management module is used to manage the cloud hosts added to the container cluster.
为了解决上述技术问题,本申请实施例还提供一种计算机设备,采用了如下所述的技 术方案:In order to solve the above technical problems, the embodiments of the present application also provide a computer device, which adopts the following technical solutions:
所述计算机设备,包括存储器和处理器,所述存储器中存储有计算机流程,所述处理器执行所述计算机流程时实现本申请实施例中提出的任一项所述的基于容器云平台的可用域建设方法的步骤:The computer device includes a memory and a processor, and a computer process is stored in the memory. When the processor executes the computer process, the container-based cloud platform described in any one of the embodiments of the present application is available. Steps of the domain construction method:
根据地域在所述容器云平台创建至少两台云主机,所述云主机用于提供容器服务;Create at least two cloud hosts on the container cloud platform according to regions, where the cloud hosts are used to provide container services;
将所述云主机分别加入到网络隔离区和网络安全区;Adding the cloud host to the network isolation zone and the network security zone respectively;
给所述云主机配置双可用域标签并部署到容器集群;Configure a dual-availability domain label for the cloud host and deploy it to the container cluster;
对所述加入容器集群的云主机进行管理。Manage the cloud hosts added to the container cluster.
为了解决上述技术问题,本申请实施例还提供一种计算机可读存储介质,采用了如下所述的技术方案:In order to solve the above technical problems, the embodiments of the present application also provide a computer-readable storage medium, which adopts the following technical solutions:
所述计算机可读存储介质上存储有计算机流程,所述计算机流程被处理器执行时实现本申请实施例中提出的任一项所述的基于容器云平台的可用域建设方法的步骤:The computer-readable storage medium stores a computer process, and when the computer process is executed by a processor, the steps of any one of the container cloud platform-based available domain construction methods proposed in the embodiments of the present application are implemented:
根据地域在所述容器云平台创建至少两台云主机,所述云主机用于提供容器服务;Create at least two cloud hosts on the container cloud platform according to regions, where the cloud hosts are used to provide container services;
将所述云主机分别加入到网络隔离区和网络安全区;Adding the cloud host to the network isolation zone and the network security zone respectively;
给所述云主机配置双可用域标签并部署到容器集群;Configure a dual-availability domain label for the cloud host and deploy it to the container cluster;
对所述加入容器集群的云主机进行管理。Manage the cloud hosts added to the container cluster.
本申请的一个或多个实施例的细节在下面的附图和描述中提出,本申请的其他特征和优点将从说明书、附图以及权利要求变得明显。The details of one or more embodiments of the present application are set forth in the following drawings and description, and other features and advantages of the present application will become apparent from the description, drawings, and claims.
根据地域在云平台创建至少两台云主机,所述云主机用于提供容器服务;将所述云主机分别加入到网络隔离区和网络安全区;给所述云主机配置双可用域标签并部署到容器集群;对所述加入容器集群的云主机进行管理。通过容器云平台来创建至少两台云主机,对每台云主机进行双可用域配置并放入不同网络区域然后加入容器集群中进行统一管理,可以提高云主机容器集群的高可用和自动化水平。Create at least two cloud hosts on the cloud platform according to regions, the cloud hosts are used to provide container services; add the cloud hosts to the network isolation zone and the network security zone respectively; configure the cloud host with dual-availability domain tags and deploy To the container cluster; to manage the cloud hosts added to the container cluster. At least two cloud hosts are created through the container cloud platform, and each cloud host is configured with dual availability domains and placed in different network areas and then added to the container cluster for unified management, which can improve the high availability and automation level of the cloud host container cluster.
附图说明Description of the drawings
为了更清楚地说明本申请中的方案,下面将对本申请实施例描述中所需要使用的附图作一个简单介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the solution in this application more clearly, the following will briefly introduce the drawings used in the description of the embodiments of the application. Obviously, the drawings in the following description are some embodiments of the application. Ordinary technicians can obtain other drawings based on these drawings without creative work.
图1是本申请可以应用于其中的示例性系统架构图;Figure 1 is an exemplary system architecture diagram to which the present application can be applied;
图2根据本申请的基于容器云平台的可用域建设方法的一个实施例的流程图;Fig. 2 is a flowchart of an embodiment of a method for building available domains based on a container cloud platform according to the present application;
图3是图2中步骤201的一种具体实施方式的流程图;FIG. 3 is a flowchart of a specific implementation of step 201 in FIG. 2;
图4是图2中步骤202的一种具体实施方式的流程图;FIG. 4 is a flowchart of a specific implementation of step 202 in FIG. 2;
图5是图2中步骤203的一种具体实施方式的流程图;FIG. 5 is a flowchart of a specific implementation of step 203 in FIG. 2;
图6是根据本申请的基于容器云平台的可用域建设装置的一个实施例的结构示意图;Fig. 6 is a schematic structural diagram of an embodiment of an available domain construction device based on a container cloud platform according to the present application;
图7是图6所示创建模块301一种具体实施方式的结构示意图;FIG. 7 is a schematic structural diagram of a specific implementation of the creation module 301 shown in FIG. 6;
图8是根据本申请的计算机设备的一个实施例的结构示意图。Fig. 8 is a schematic structural diagram of an embodiment of a computer device according to the present application.
具体实施方式detailed description
除非另有定义,本文所使用的所有的技术和科学术语与属于本申请的技术领域的技术人员通常理解的含义相同;本文中在申请的说明书中所使用的术语只是为了描述具体的实施例的目的,不是旨在于限制本申请;本申请的说明书和权利要求书及上述附图说明中的术语“包括”和“具有”以及它们的任何变形,意图在于覆盖不排他的包含。本申请的说明书和权利要求书或上述附图中的术语“第一”、“第二”等是用于区别不同对象,而不是用于描述特定顺序。Unless otherwise defined, all technical and scientific terms used herein have the same meanings as commonly understood by those skilled in the technical field of the application; the terms used in the specification of the application herein are only for describing specific embodiments. The purpose is not to limit the application; the terms "including" and "having" in the specification and claims of the application and the above-mentioned description of the drawings and any variations thereof are intended to cover non-exclusive inclusions. The terms "first", "second", etc. in the specification and claims of the application or the above-mentioned drawings are used to distinguish different objects, rather than to describe a specific sequence.
在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。Reference to "embodiments" herein means that a specific feature, structure, or characteristic described in conjunction with the embodiments may be included in at least one embodiment of the present application. The appearance of the phrase in various places in the specification does not necessarily refer to the same embodiment, nor is it an independent or alternative embodiment mutually exclusive with other embodiments. Those skilled in the art clearly and implicitly understand that the embodiments described herein can be combined with other embodiments.
为了使本技术领域的人员更好地理解本申请方案,下面将结合附图,对本申请实施例中的技术方案进行清楚、完整地描述。In order to enable those skilled in the art to better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be described clearly and completely in conjunction with the accompanying drawings.
如图1所示,系统架构100可以包括终端设备101、102、103,网络104和服务器105。网络104用以在终端设备101、102、103和服务器105之间提供通信链路的介质。网络104可以包括各种连接类型,例如有线、无线通信链路或者光纤电缆等等。As shown in FIG. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used to provide a medium for communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, and so on.
用户可以使用终端设备101、102、103通过网络104与服务器105交互,以接收或发送消息等。终端设备101、102、103上可以安装有各种通讯客户端应用,例如网页浏览器应用、购物类应用、搜索类应用、即时通信工具、邮箱客户端、社交平台软件等。The user can use the terminal devices 101, 102, and 103 to interact with the server 105 through the network 104 to receive or send messages and so on. Various communication client applications, such as web browser applications, shopping applications, search applications, instant messaging tools, email clients, and social platform software, may be installed on the terminal devices 101, 102, and 103.
终端设备101、102、103可以是具有显示屏并且支持网页浏览的各种电子设备,包括但不限于智能手机、平板电脑、电子书阅读器、MP3播放器(Moving Picture Experts Group Audio Layer III,动态影像专家压缩标准音频层面3)、MP4(Moving Picture Experts Group Audio Layer IV,动态影像专家压缩标准音频层面4)播放器、膝上型便携计算机和台式计算机等等。The terminal devices 101, 102, and 103 may be various electronic devices with display screens and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, dynamic Video experts compress standard audio layer 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image experts compress standard audio layer 4) players, laptop portable computers and desktop computers, etc.
服务器105可以是提供各种服务的服务器,例如对终端设备101、102、103上显示的页面提供支持的后台服务器。The server 105 may be a server that provides various services, for example, a background server that provides support for pages displayed on the terminal devices 101, 102, and 103.
需要说明的是,本申请实施例所提供的基于容器云平台的可用域建设方法一般由服务器/终端设备执行,相应地,基于容器云平台的可用域建设装置一般设置于服务器/终端设备中。It should be noted that the available domain construction method based on the container cloud platform provided by the embodiments of the present application is generally executed by the server/terminal device. Accordingly, the available domain construction device based on the container cloud platform is generally set in the server/terminal device.
应该理解,图1中的终端设备、网络和服务器的数目仅仅是示意性的。根据实现需要,可以具有任意数目的终端设备、网络和服务器。It should be understood that the numbers of terminal devices, networks, and servers in FIG. 1 are merely illustrative. According to implementation needs, there can be any number of terminal devices, networks, and servers.
继续参考图2,示出了根据本申请的基于容器云平台的可用域建设的方法的一个实施例的流程图。所述的基于容器云平台的可用域建设方法,包括以下步骤:Continuing to refer to FIG. 2, a flowchart of an embodiment of the method for building available domains based on the container cloud platform according to the present application is shown. The method for constructing available domains based on the container cloud platform includes the following steps:
步骤201,根据地域在所述容器云平台创建至少两台云主机,所述云主机用于提供容器服务。Step 201: Create at least two cloud hosts on the container cloud platform according to regions, where the cloud hosts are used to provide container services.
在本实施例中,可以通过有线连接方式或者无线连接方式连接并登陆到基于容器云平台的可用域建设方法运行于其上的电子设备(例如图1所示的服务器/终端设备)上。需要指出的是,上述无线连接方式可以包括但不限于3G/4G连接、WiFi连接、蓝牙连接、WiMAX连接、Zigbee连接、UWB(ultra wideband)连接、以及其他现在已知或将来开发的无线连接方式。In this embodiment, it is possible to connect and log in to the electronic device (such as the server/terminal device shown in FIG. 1) on which the available domain construction method based on the container cloud platform runs through a wired connection or a wireless connection. It should be pointed out that the above-mentioned wireless connection methods can include, but are not limited to, 3G/4G connection, WiFi connection, Bluetooth connection, WiMAX connection, Zigbee connection, UWB (ultra wideband) connection, and other wireless connection methods currently known or developed in the future .
其中,云平台的地址是平台网站域名,如yun.pingan.com,所有用户都能访问并根据需要选择服务类型,如文件存储和共享、应用流程创建和部署等,然后根据服务类型及所在地域选择并创建提供容器服务的云主机,用户可以包括但不限于个人、组织、或者研发团队。Among them, the address of the cloud platform is the domain name of the platform website, such as yun.pingan.com. All users can access and select the service type according to their needs, such as file storage and sharing, application process creation and deployment, etc., and then according to the service type and location Select and create a cloud host that provides container services. Users can include, but are not limited to, individuals, organizations, or R&D teams.
步骤202,将所述云主机分别加入到网络隔离区和网络安全区。Step 202: Add the cloud host to the network isolation zone and the network security zone respectively.
其中,网络隔离区和网络安全区是根据一定的安全策略对互联网的进一步划分得到的虚拟网络VPC(Virtual Private Cloud),而VPC是在公有云(所有用户共享公共网络资源池,用户之间未做逻辑隔离)上自定义的逻辑网络空间,上述网络隔离区DMZ是一个介于外网与内网之间的特殊区域,为要保护的网络安全区SF(内部网络)增加了一道安全防线。其中,上述访问控制策略可以根据访问需要进行制定、增删、修改,包括内网SF可以访问外网、内网SF可以访问DMZ、外网不能访问内网SF、外网可以访问DMZ、DMZ不能访问内网SF、DMZ不能访问外网等。Among them, the network isolation zone and the network security zone are the virtual network VPC (Virtual Private Cloud) obtained by further dividing the Internet according to a certain security strategy, and the VPC is in the public cloud (all users share a public network resource pool, and users are not Do logical isolation) on a custom logical network space, the above-mentioned network isolation zone DMZ is a special area between the external network and the internal network, which adds a security line of defense to the network security zone SF (internal network) to be protected. Among them, the above-mentioned access control policies can be formulated, added, deleted, and modified according to the access needs, including the intranet SF can access the external network, the internal network SF can access the DMZ, the external network cannot access the internal SF, the external network can access the DMZ, and the DMZ cannot access The intranet SF and DMZ cannot access the external network, etc.
在本实施例中,可以将上述创建好的云主机分别加入到上述网络隔离区和网络安全区, 以便提供不同安全级别的服务。In this embodiment, the created cloud host can be added to the network isolation zone and network security zone respectively, so as to provide services of different security levels.
步骤203,给所述云主机配置双可用域标签并部署到容器集群。Step 203: Configure a dual-availability domain label for the cloud host and deploy it to the container cluster.
在本实施例中,当多台云主机上布置有很多的容器应用时,就形成了容器集群,此时需要一些工具或系统,如Kubernetes(k8s),用于统一管理云平台中多个主机上的容器化的应用;Kubernetes的目标是让部署容器化的应用简单并且高效,通过提供应用部署、规划、更新、维护的机制来统一管理这些容器集群,进一步的还可以对容器集群分区域进行管理,为容器化的应用提供资源调度、部署运行、服务发现、扩容缩容等功能,还可以提供容器编排服务,使容器之间能够通信、彼此可以传递运行时,同时管理多个容器的行为,例如,当容器集群共同构建应用架构时,需要考虑集群环境中的容器,哪些端口需要暴露、哪些卷需要挂载等。In this embodiment, when a lot of container applications are arranged on multiple cloud hosts, a container cluster is formed. At this time, some tools or systems, such as Kubernetes (k8s), are required to uniformly manage multiple hosts in the cloud platform. Containerized applications on the Internet; the goal of Kubernetes is to make the deployment of containerized applications simple and efficient. It provides a unified management of these container clusters by providing application deployment, planning, update, and maintenance mechanisms. Furthermore, the container clusters can be divided into regions. Management, which provides functions such as resource scheduling, deployment and operation, service discovery, capacity expansion and contraction for containerized applications. It can also provide container orchestration services, so that containers can communicate with each other, transfer runtimes to each other, and manage the behavior of multiple containers at the same time For example, when a container cluster builds an application architecture together, it is necessary to consider the containers in the cluster environment, which ports need to be exposed, and which volumes need to be mounted.
其中,可用域标签可以是自定义的用来表示可用区中可用域的标识,给创建好的云主机配置自定义的可用域标签并加入到容器集群,通过该可用域标签就能从容器集群中找到对应的云主机节点,进而可以使用容器集群管理工具管理该云主机节点上的容器。Among them, the available domain label can be a custom identifier used to indicate the available domain in the availability zone. Configure a customized available domain label for the created cloud host and add it to the container cluster. The available domain label can be used to access the container cluster. Find the corresponding cloud host node in, and then use the container cluster management tool to manage the container on the cloud host node.
步骤204,对所述加入容器集群的云主机进行管理。Step 204: Manage the cloud hosts added to the container cluster.
在本实施例中,通过上述容器管理工具k8s对加入容器集群的云主机进行管理,如监控运行状态、做负载均衡、容灾备份等。In this embodiment, the above-mentioned container management tool k8s is used to manage the cloud hosts added to the container cluster, such as monitoring the running status, performing load balancing, and disaster recovery backup.
需要说明的是,本申请实施例提供的基于容器云平台的可用域建设方法可以应用于基于容器云平台的可用域建设设备,例如:计算机、服务器、工作站等可以进行基于容器云平台的可用域建设的设备。It should be noted that the available domain construction method based on the container cloud platform provided by the embodiments of the application can be applied to the available domain construction equipment based on the container cloud platform, for example: computers, servers, workstations, etc. can perform the available domain based on the container cloud platform Construction equipment.
在本实施例中,根据地域在云平台创建至少两台云主机,所述云主机用于提供容器服务;将所述云主机分别加入到网络隔离区和网络安全区;给所述云主机配置双可用域标签并部署到容器集群;对所述加入容器集群的云主机进行管理。通过容器云平台来创建至少两台云主机,对每台云主机进行双可用域配置并放入不同网络区域然后加入容器集群中进行统一管理,可以提高云主机容器集群的高可用和自动化水平。In this embodiment, at least two cloud hosts are created on the cloud platform according to regions, the cloud hosts are used to provide container services; the cloud hosts are added to the network isolation zone and the network security zone respectively; the cloud host is configured The dual-availability domain label is deployed to the container cluster; and the cloud hosts added to the container cluster are managed. At least two cloud hosts are created through the container cloud platform, and each cloud host is configured with dual availability domains and placed in different network areas and then added to the container cluster for unified management, which can improve the high availability and automation level of the cloud host container cluster.
进一步的,如图3所示,上述步骤201可以包括:Further, as shown in FIG. 3, the above step 201 may include:
步骤2011,登陆容器云平台。 Step 2011, log in to the container cloud platform.
在本实施例中,使用已在云平台注册的账号登陆上述容器云平台(CaaS)云平台,云平台的地址是平台网站域名,如yun.pingan.com等。容器是从镜像创建的运行实例,它可以被启动、开始、停止、删除,且每个容器的环境都是相互隔离的,保证安全。而且容器的启动,停止和销毁都是以秒或毫秒为单位的,相比传统的虚拟化技术,使用容器在CPU、内存,网络IO等资源上的性能损耗都有同样水平甚至更优的表现。上述Docker容器镜像可以存放在本地公有/私有镜像仓库中,用户可以通过仓库来创建镜像或者更新现有的镜像,也可以直接从其他地方下载一个已经做好的镜像来直接使用。容器应用的部署通过这种镜像机制,迁移和部署非常便捷。In this embodiment, an account that has been registered on the cloud platform is used to log in to the above-mentioned container cloud platform (CaaS) cloud platform, and the address of the cloud platform is the domain name of the platform website, such as yun.pingan.com. A container is a running instance created from an image. It can be started, started, stopped, and deleted, and the environment of each container is isolated from each other to ensure safety. Moreover, the start, stop, and destruction of the container are in seconds or milliseconds. Compared with traditional virtualization technology, the performance loss of the CPU, memory, network IO and other resources of the container has the same level or even better performance. . The above-mentioned Docker container image can be stored in a local public/private image warehouse. Users can create an image or update an existing image through the warehouse, or download a ready-made image directly from another place and use it directly. The deployment of container applications is very convenient for migration and deployment through this mirroring mechanism.
步骤2012,在所述云平台上,在所在地域选择一个可用区创建至少两台云主机节点。In step 2012, on the cloud platform, select an availability zone in the local area to create at least two cloud host nodes.
在本实施例中,在上述云平台上根据所在地域(如香港、深圳、上海等)选择两个可用区A/B中的一个来创建云主机,例如,在香港部署有两个可用区A、B,可以选择其中的可用区A,并进一步根据需要选取云主机的基础配置参数,如CPU核数、内存容量、操作系统类型等。上述可用区是指在同一地域内,电力和网络互相独立的物理区域,在同一地域内可用区与可用区之间内网可以互通。In this embodiment, one of the two Availability Zones A/B is selected to create a cloud host on the aforementioned cloud platform based on the location (such as Hong Kong, Shenzhen, Shanghai, etc.). For example, there are two Availability Zones A in Hong Kong. , B, you can select the available zone A, and further select the basic configuration parameters of the cloud host according to your needs, such as the number of CPU cores, memory capacity, operating system type, etc. The above-mentioned available area refers to a physical area in the same area where power and network are independent of each other. In the same area, the available area and the available area can communicate with each other in the intranet.
其中,云主机可以用来存储数据,或者用来执行应用流程以提供服务;进一步的,还可以通过docker镜像在云主机上安装多个容器应用及应用所依赖的环境,例如:一个镜像可以包含一个完整的ubuntu操作系统环境,里面仅安装了Apache或用户需要的其它应用流程;镜像可以用来创建Docker容器,然后利用容器来运行应用。Among them, the cloud host can be used to store data, or to execute application processes to provide services; further, multiple container applications and the environment that the application depends on can also be installed on the cloud host through the docker image, for example: one image can contain A complete ubuntu operating system environment, which only installs Apache or other application processes required by the user; the image can be used to create a Docker container, and then use the container to run the application.
进一步的,如图4所示,上述步骤202可以包括:Further, as shown in FIG. 4, the foregoing step 202 may include:
步骤2021,根据不同的访问控制策略创建对应的安全组,包括网络隔离区安全组和网 络安全区安全组。Step 2021: Create a corresponding security group according to different access control policies, including a network isolation zone security group and a network security zone security group.
更进一步的,所述根据不同的访问控制策略创建对应的安全组的步骤具体包括:Furthermore, the step of creating corresponding security groups according to different access control policies specifically includes:
根据安全级别将所述云主机所在的网络至少划分为网络隔离区和网络安全区;Dividing the network where the cloud host is located at least into a network isolation zone and a network security zone according to the security level;
根据网络隔离区和网络安全区的访问控制策略分别创建对应的安全组,即网络隔离区安全组和网络安全区安全组。Create corresponding security groups according to the access control policies of the network isolation zone and the network security zone, namely, the network isolation zone security group and the network security zone security group.
具体地,对于互联网络,可以根据安全级别将网络划分为三个区域:安全级别最高的SF区域(内网),安全级别中等的DMZ区域和安全级别最低的Internet区域(外网)。三个区域因担负不同的任务而拥有不同的访问控制策略。Specifically, for the Internet, the network can be divided into three zones according to the security level: the SF zone with the highest security level (intranet), the DMZ zone with the medium security level and the Internet zone with the lowest security level (external network). The three areas have different access control strategies due to their different tasks.
其中,上述DMZ(网络隔离区)区域是一个介于外网与内网之间的特殊区域,为要保护的内部网络SF(网络安全区)增加了一道安全防线,同时它提供了一个区域放置公共服务,外部网络可以访问这些服务,如企业Web服务器、FTP服务器和论坛等。Among them, the above-mentioned DMZ (network isolation zone) area is a special area between the external network and the internal network, which adds a security line of defense for the internal network SF (network security zone) to be protected, and at the same time it provides an area for placement Public services, external networks can access these services, such as corporate Web servers, FTP servers, and forums.
在本实施例中,DMZ网络隔离区和SF网络安全区是在上述可用区A或B上进一步划分得到的虚拟网络VPC(Virtual Private Cloud),而VPC是在公有云(所有用户共享公共网络资源池,用户之间未做逻辑隔离)上自定义的逻辑网络空间,其目的是可以自主在云平台上构建出一个隔离的、能够自主管理配置和策略的虚拟网络环境,从而提升资源在网络环境中的安全性,进一步的可以在VPC环境中管理自己的子网结构、IP地址范围和分配方式、网络的路由策略等,并通过安全组和网络ACL等实现多层安全防护。In this embodiment, the DMZ network isolation zone and the SF network security zone are the virtual network VPC (Virtual Private Cloud) that is further divided on the above availability zone A or B, and the VPC is in the public cloud (all users share public network resources) The purpose is to build an isolated virtual network environment on the cloud platform that can independently manage configurations and policies, so as to improve resources in the network environment. In the VPC environment, you can further manage your own subnet structure, IP address range and allocation method, network routing strategy, etc., and achieve multi-layer security protection through security groups and network ACLs.
上述访问控制策略可以根据访问需要进行制定、增删、修改,包括内网SF可以访问外网、内网SF可以访问DMZ、外网不能访问内网SF、外网可以访问DMZ、DMZ不能访问内网SF、DMZ不能访问外网等。例如,可以根据外网可以访问DMZ、但不能直接访问内网SF来创建上述DMZ网络隔离区安全组;根据内网SF可以访问DMZ、DMZ可以访问内网SF来创建上述SF网络安全区安全组。The above-mentioned access control strategy can be formulated, deleted, and modified according to the access needs, including the intranet SF can access the external network, the internal network SF can access the DMZ, the external network cannot access the internal SF, the external network can access the DMZ, and the DMZ cannot access the internal network SF and DMZ cannot access external networks, etc. For example, you can create the above-mentioned DMZ network isolation zone security group based on the external network can access the DMZ but not the internal network SF directly; according to the internal network SF can access the DMZ, the DMZ can access the internal network SF to create the above SF network security zone security group .
步骤2022,将所述创建好的至少两台云主机节点分别绑定到所述创建好的两个安全组。Step 2022: Bind the created at least two cloud host nodes to the two created security groups respectively.
在本实施例中,将上述步骤2021中创建的DMZ网络隔离区安全组的访问策略下发到上述可用区A/B中创建的至少两台云主机节点中的一台,将SF网络安全区安全组的访问策略下发到另一台,从而完成绑定,使得两台云主机节点分别属于不同的VPC,提供不同安全级别的服务。In this embodiment, the access policy of the DMZ network isolation zone security group created in step 2021 is issued to one of the at least two cloud host nodes created in the availability zone A/B, and the SF network security zone The access policy of the security group is issued to the other one to complete the binding, so that the two cloud host nodes belong to different VPCs and provide services of different security levels.
进一步的,如图5所示,上述步骤203可以包括:Further, as shown in FIG. 5, the above step 203 may include:
步骤2031,分别给所述至少两台云主机节点打上双可用域标签。Step 2031: Label the at least two cloud host nodes with dual-availability domain labels respectively.
在本实施例中,上述可用域标签可以是自定义的用来表示上述可用区A/B中可用域的标识,如hka-az1、hka-az2表示香港可用区A区的az1、az2可用域;然后通过容器管理工具k8s的命令行将上述可用域标签与上述创建的云主机进行关联,以后通过该可用域标签就能找到对应的云主机节点,如下:Kubectl label no dmz_node1ip failure-domain.beta.kubernetes.io/zone=hka-az1;kubectl label no dmz_node2ip failure-domain.beta.kubernetes.io/zone=hka-az2;kubectl label no sf_node1ip failure-domain.beta.kubernetes.io/zone=hka-az1;kubectl label no sf_node2ip failure-domain.beta.kubernetes.io/zone=hka-az2;In this embodiment, the above-mentioned available domain label may be a custom identifier used to indicate the available domain in the above-mentioned Availability Zone A/B, for example, hka-az1 and hka-az2 indicate the az1 and az2 available domains in Zone A of Hong Kong Availability Zone. ;Then use the command line of the container management tool k8s to associate the above available domain label with the cloud host created above, and then the corresponding cloud host node can be found through the available domain label, as follows: Kubectl label no dmz_node1ip failure-domain.beta. kubernetes.io/zone=hka-az1; kubectl label no dmz_node2ip failure-domain.beta.kubernetes.io/zone=hka-az2; kubectl label no sf_node1ip failure-domain.beta.kubernetes.io/zone=hka-az1; kubectl label no sf_node2ip failure-domain.beta.kubernetes.io/zone=hka-az2;
其中,dmz_node1ip、dmz_node2ip表示上述DMZ网络区域的云主机节点的两个独立的容器,分别用来承载可用域hka-az1和hka-az2;同样的,sf_node1ip、sf_node2ip表示上述SF网络区域的云主机节点的两个独立的容器,分别用来承载可用域hka-az1和hka-az2。这样,通过容器管理工具k8s对双可用域标签的定义、配置和管理可以使云主机在IAAS(基础设施)层面上有了架构上的高可用支持。Among them, dmz_node1ip and dmz_node2ip represent the two independent containers of the cloud host node in the DMZ network area, which are used to carry the available domains hka-az1 and hka-az2 respectively; similarly, sf_node1ip and sf_node2ip represent the cloud host node in the SF network area The two independent containers are used to carry the available domains hka-az1 and hka-az2 respectively. In this way, the definition, configuration, and management of dual-availability domain tags through the container management tool k8s can enable cloud hosts to have architectural high-availability support at the IAAS (infrastructure) level.
步骤2032,将所述双可用域标签加入到云平台的节点部署模板中,从而将云主机节点部署到容器集群。Step 2032: Add the dual-availability domain label to the node deployment template of the cloud platform, thereby deploying the cloud host node to the container cluster.
在本实施例中,通过上述容器管理工具k8s,执行命令kubectl edit deployment deployment_name–n namespace,打开节点node affinity部署模板,在template段添 加如下信息:In this embodiment, through the container management tool k8s, execute the command kubectl edit deployment deployment_name-n namespace, open the node affinity deployment template, and add the following information in the template section:
Figure PCTCN2020098934-appb-000001
Figure PCTCN2020098934-appb-000001
这样,可以将上述打上可用域标签hka-az1和hka-az2的两台云主机节点部署到k8s集群来统一管理;通过容器管理工具k8s提供的基于模板配置的多可用域的部署方式,灵活和便捷。In this way, the two cloud host nodes marked with the available domain labels hka-az1 and hka-az2 can be deployed to the k8s cluster for unified management; the multi-availability domain deployment method based on the template configuration provided by the container management tool k8s is flexible and Convenient.
步骤2033,对上述已加入云主机节点的网络隔离区的容器集群做负载均衡。Step 2033: Perform load balancing on the container clusters that have been added to the network isolation zone of the cloud host node.
其中,负载均衡(Load Balance,简称LB)是一种服务器或网络设备的集群技术,它将特定的业务(网络服务、网络流量等)分担给多个服务器或网络设备,从而提高了业务处理能力,保证了业务的高可用性。例如,在本实施例中,可以将已加入云主机节点的网络隔离区的容器应用集群部署到多台云主机,然后通过负载均衡将用户的请求分发到不同的服务器用来提高网站、应用、数据库或其他服务的性能以及可靠性。Among them, Load Balance (LB) is a cluster technology of servers or network devices, which shares specific services (network services, network traffic, etc.) to multiple servers or network devices, thereby improving business processing capabilities , To ensure the high availability of the business. For example, in this embodiment, a container application cluster that has been added to the network isolation zone of a cloud host node can be deployed to multiple cloud hosts, and then user requests can be distributed to different servers through load balancing to improve websites, applications, and The performance and reliability of databases or other services.
更进一步的,上述步骤2033可以包括:Furthermore, the above step 2033 may include:
步骤20331,将所述绑定到网络隔离区安全组的云主机节点添加到资源池中。Step 20331: Add the cloud host node bound to the security group of the network isolation zone to the resource pool.
在本实施例中,在容器云平台CaaS云平台的负载均衡ELB页面下,找到DMZ网络隔离区域的服务器资源池,将上述绑定DMZ网络隔离区安全组的云主机节点添加到资源池中即可负载均衡。In this embodiment, under the load balancing ELB page of the container cloud platform CaaS cloud platform, find the server resource pool in the DMZ network isolation area, and add the cloud host node bound to the security group of the DMZ network isolation area to the resource pool. Can be load balanced.
进一步的,上述步骤204可以包括:Further, the above step 204 may include:
步骤2041,分别对所述至少两台云主机节点添加监控脚本,采集并上报节点的运行数据。Step 2041: Add monitoring scripts to the at least two cloud host nodes respectively, and collect and report operating data of the nodes.
通过向上述云主机节点添加docker容器进程监控脚本采集主机的运行数据如CPU的占用情况、内存的使用率等,并使用crontab工具命令定时向云平台上报主机节点的运行状况。The docker container process monitoring script is added to the cloud host node to collect the operating data of the host, such as CPU usage, memory usage, etc., and use the crontab tool command to regularly report the operating status of the host node to the cloud platform.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机流程来指令相关的硬件来完成,该计算机流程可存储于一计算机可读取存储介质中,该流程在执行时,可包括如上述各方法的实施例的流程。其中,前述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)等非易失性存储介质,或随机存储记忆体(Random Access Memory,RAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer process. The computer process can be stored in a computer readable storage medium. When executed, it may include the procedures of the above-mentioned method embodiments. Among them, the aforementioned storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disc, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.
应该理解的是,虽然附图的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,其可以以其他的顺序执行。而且,附图的流程图中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,其执行顺序也不必然是依次进行,而是可以与其他步骤或者其他步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the various steps in the flowchart of the drawings are displayed in sequence as indicated by the arrows, these steps are not necessarily executed in sequence in the order indicated by the arrows. Unless explicitly stated in this article, the execution of these steps is not strictly limited in order, and they can be executed in other orders. Moreover, at least part of the steps in the flowchart of the drawings may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed at the same time, but can be executed at different times, and the order of execution is also It is not necessarily performed sequentially, but may be performed alternately or alternately with at least a part of other steps or sub-steps or stages of other steps.
进一步参考图6,作为对上述图2所示方法的实现,本申请提供了一种基于容器云平台的可用域建设装置的一个实施例,该装置实施例与图2所示的方法实施例相对应,该装置具体可以应用于各种电子设备中。With further reference to FIG. 6, as an implementation of the method shown in FIG. 2, this application provides an embodiment of an available domain construction device based on a container cloud platform, which is similar to the method embodiment shown in FIG. Correspondingly, the device can be specifically applied to various electronic devices.
如图6所示,本实施例所述的基于容器云平台的可用域建设装置300包括:创建模块301、加入模块302、部署模块303以及管理模块304。其中:As shown in FIG. 6, the device 300 for building an available domain based on a container cloud platform in this embodiment includes: a creation module 301, a joining module 302, a deployment module 303, and a management module 304. among them:
创建模块301,用于根据地域在云平台创建至少两台云主机,所述云主机用于提供容器服务;The creation module 301 is configured to create at least two cloud hosts on the cloud platform according to regions, and the cloud hosts are used to provide container services;
加入模块302,用于将所述云主机分别加入到网络隔离区和网络安全区;The joining module 302 is used to join the cloud host to the network isolation zone and the network security zone respectively;
部署模块303,用于给所述云主机配置双可用域标签并部署到容器集群;The deployment module 303 is configured to configure a dual-availability domain label for the cloud host and deploy it to the container cluster;
管理模块304,用于对所述加入容器集群的云主机进行管理。The management module 304 is used to manage the cloud hosts added to the container cluster.
进一步的,如图7所示,为创建模块301的一种具体实施方式的结构示意图,创建模块301进一步包括:Further, as shown in FIG. 7, which is a schematic structural diagram of a specific implementation of the creation module 301, the creation module 301 further includes:
登陆子模块3011,用于登陆基于容器云平台;The login sub-module 3011 is used to log in to the container-based cloud platform;
创建子模块3012,用于在所述云平台上,在所在地域选择一个可用区创建至少两台云主机节点。The creation sub-module 3012 is used to select an availability zone in the local area to create at least two cloud host nodes on the cloud platform.
本申请实施例提供的基于容器云平台的可用域建设装置能够实现图2至图5的方法实施例中的各个实施方式,以及相应有益效果,为避免重复,这里不再赘述。The device for constructing available domains based on the container cloud platform provided by the embodiments of the present application can implement the various implementation manners in the method embodiments of FIGS. 2 to 5 and the corresponding beneficial effects. To avoid repetition, details are not described herein again.
为解决上述技术问题,本申请实施例还提供计算机设备。具体请参阅图8,图8为本实施例计算机设备基本结构框图。In order to solve the above technical problems, the embodiments of the present application also provide computer equipment. Please refer to FIG. 8 for details. FIG. 8 is a block diagram of the basic structure of the computer device in this embodiment.
所述计算机设备8包括通过系统总线相互通信连接存储器81、处理器82、网络接口83。需要指出的是,图中仅示出了具有组件81-83的计算机设备8,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。其中,本技术领域技术人员可以理解,这里的计算机设备是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的设备,其硬件包括但不限于微处理器、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程门阵列(Field-Programmable Gate Array,FPGA)、数字处理器(Digital Signal Processor,DSP)、嵌入式设备等。The computer device 8 includes a memory 81, a processor 82, and a network interface 83 that communicate with each other through a system bus. It should be pointed out that the figure only shows the computer device 8 with components 81-83, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead. Among them, those skilled in the art can understand that the computer device here is a device that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions. Its hardware includes, but is not limited to, a microprocessor, a dedicated Integrated Circuit (Application Specific Integrated Circuit, ASIC), Programmable Gate Array (Field-Programmable Gate Array, FPGA), Digital Processor (Digital Signal Processor, DSP), embedded equipment, etc.
所述计算机设备可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述计算机设备可以与用户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互。The computer device may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server. The computer device can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device.
所述存储器81至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等,所述计算机可读存储介质可以是非易失性,也可以是易失性。在一些实施例中,所述存储器81可以是所述计算机设备8的内部存储单元,例如该计算机设备8的硬盘或内存。在另一些实施例中,所述存储器81也可以是所述计算机设备8的外部存储设备,例如该计算机设备8上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。当然,所述存储器81还可以既包括所述计算机设备8的内部存储单元也包括其外部存储设备。本实施例中,所述存储器81通常用于存储安装于所述计算机设备8的操作系统和各类应用软件,例如基于容器云平台的可用域建设方法的计算机可读指令等。此外,所述存储器81还可以用于暂时地存储已经输出或者将要输出的各类数据。The memory 81 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static memory Random access memory (SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, etc., the computer readable storage The medium can be non-volatile or volatile. In some embodiments, the memory 81 may be an internal storage unit of the computer device 8, such as a hard disk or memory of the computer device 8. In other embodiments, the memory 81 may also be an external storage device of the computer device 8, such as a plug-in hard disk equipped on the computer device 8, a smart media card (SMC), a secure digital (Secure Digital, SD) card, flash card (Flash Card), etc. Of course, the memory 81 may also include both the internal storage unit of the computer device 8 and its external storage device. In this embodiment, the memory 81 is generally used to store an operating system and various application software installed on the computer device 8, such as computer readable instructions based on a container cloud platform's available domain construction method. In addition, the memory 81 can also be used to temporarily store various types of data that have been output or will be output.
所述处理器82在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器82通常用于控制所述计算机设备8的总体操作。本实施例中,所述处理器82用于运行所述存储器81中存储的计算机可读指令或者处理数据,例如运行所述基于容器云平台的可用域建设方法的计算机可读指令。In some embodiments, the processor 82 may be a central processing unit (CPU), a controller, a microcontroller, a microprocessor, or other data processing chips. The processor 82 is generally used to control the overall operation of the computer device 8. In this embodiment, the processor 82 is configured to run computer-readable instructions or processed data stored in the memory 81, for example, run the computer-readable instructions of the container cloud platform-based available domain construction method.
所述网络接口83可包括无线网络接口或有线网络接口,该网络接口83通常用于在所述计算机设备8与其他电子设备之间建立通信连接。The network interface 83 may include a wireless network interface or a wired network interface, and the network interface 83 is generally used to establish a communication connection between the computer device 8 and other electronic devices.
本申请还提供了另一种实施方式,即提供一种计算机可读存储介质,所述计算机可读存储介质存储有基于容器云平台的可用域建设流程,所述基于容器云平台的可用域建设流 程可被至少一个处理器执行,以使所述至少一个处理器执行如上述的基于容器云平台的可用域建设方法的步骤。This application also provides another implementation manner, that is, to provide a computer-readable storage medium that stores the available domain construction process based on the container cloud platform, and the available domain construction based on the container cloud platform The process may be executed by at least one processor, so that the at least one processor executes the steps of the aforementioned container cloud platform-based available domain construction method.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above implementation manners, those skilled in the art can clearly understand that the above-mentioned embodiment method can be implemented by means of software plus the necessary general hardware platform, of course, it can also be implemented by hardware, but in many cases the former is better.的实施方式。 Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present application.
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的动作顺序的限制,因为依据本申请,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于可选实施例,所涉及的动作和模块并不一定是本申请所必须的。It should be noted that for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should know that this application is not limited by the described sequence of actions. Because according to this application, some steps can be performed in other order or at the same time. Secondly, those skilled in the art should also know that the embodiments described in the specification are all optional embodiments, and the involved actions and modules are not necessarily required by this application.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own focus. For parts that are not described in detail in an embodiment, reference may be made to related descriptions of other embodiments.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed device may be implemented in other ways. For example, the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件流程模块的形式实现。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software flow module.
所述集成的单元如果以软件流程模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储器中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储器中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储器包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储计算机可读指令的介质。If the integrated unit is implemented in the form of a software flow module and sold or used as an independent product, it can be stored in a computer readable memory. Based on this understanding, the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory. A number of instructions are included to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned memory includes: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or optical disk, etc., which can store computer readable instructions. medium.
显然,以上所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例,附图中给出了本申请的较佳实施例,但并不限制本申请的专利范围。本申请可以以许多不同的形式来实现,相反地,提供这些实施例的目的是使对本申请的公开内容的理解更加透彻全面。尽管参照前述实施例对本申请进行了详细的说明,对于本领域的技术人员来而言,其依然可以对前述各具体实施方式所记载的技术方案进行修改,或者对其中部分技术特征进行等效替换。凡是利用本申请说明书及附图内容所做的等效结构,直接或间接运用在其他相关的技术领域,均同理在本申请专利保护范围之内。Obviously, the embodiments described above are only a part of the embodiments of the present application, rather than all of the embodiments. The drawings show preferred embodiments of the present application, but do not limit the patent scope of the present application. This application can be implemented in many different forms. On the contrary, the purpose of providing these examples is to make the understanding of the disclosure of this application more thorough and comprehensive. Although this application has been described in detail with reference to the foregoing embodiments, for those skilled in the art, it is still possible for those skilled in the art to modify the technical solutions described in each of the foregoing specific embodiments, or equivalently replace some of the technical features. . All equivalent structures made using the contents of the description and drawings of this application, directly or indirectly used in other related technical fields, are similarly within the scope of patent protection of this application.

Claims (20)

  1. 一种基于容器云平台的可用域建设方法,其中,包括:A method for building available domains based on a container cloud platform, which includes:
    根据地域在所述容器云平台创建至少两台云主机,所述云主机用于提供容器服务;Create at least two cloud hosts on the container cloud platform according to regions, where the cloud hosts are used to provide container services;
    将所述云主机分别加入到网络隔离区和网络安全区;Adding the cloud host to the network isolation zone and the network security zone respectively;
    给所述云主机配置双可用域标签并部署到容器集群;Configure a dual-availability domain label for the cloud host and deploy it to the container cluster;
    对所述加入容器集群的云主机进行管理。Manage the cloud hosts added to the container cluster.
  2. 如权利要求1所述方法,其中,所述根据地域在云平台创建至少两台云主机的步骤具体包括:The method according to claim 1, wherein the step of creating at least two cloud hosts on a cloud platform according to regions specifically comprises:
    登陆容器云平台;Log in to the container cloud platform;
    在所述容器云平台上,在所在地域选择一个可用区创建至少两台云主机节点。On the container cloud platform, at least two cloud host nodes are created by selecting an available zone in the local area.
  3. 如权利要求1所述方法,其中,所述将所述云主机分别加入到网络隔离区和网络安全区的步骤具体包括:The method according to claim 1, wherein the step of adding the cloud host to the network isolation zone and the network security zone respectively comprises:
    根据不同的访问控制策略创建对应的安全组,包括网络隔离区安全组和网络安全区安全组;Create corresponding security groups according to different access control policies, including network isolation zone security groups and network security zone security groups;
    将所述创建好的至少两台云主机节点分别绑定到所述创建好的两个安全组。Bind the created at least two cloud host nodes to the two created security groups respectively.
  4. 如权利要求3所述方法,其中,所述根据不同的访问控制策略创建对应的安全组的步骤具体包括:The method according to claim 3, wherein the step of creating corresponding security groups according to different access control policies specifically comprises:
    根据安全级别将所述云主机所在的网络至少划分为网络隔离区和网络安全区;Dividing the network where the cloud host is located at least into a network isolation zone and a network security zone according to the security level;
    根据网络隔离区和网络安全区的访问控制策略分别创建对应的安全组,即网络隔离区安全组和网络安全区安全组。Create corresponding security groups according to the access control policies of the network isolation zone and the network security zone, namely, the network isolation zone security group and the network security zone security group.
  5. 如权利要求4所述方法,其中,所述给所述云主机配置双可用域标签并部署到容器集群的步骤具体包括:The method according to claim 4, wherein the step of configuring a dual-availability domain label for the cloud host and deploying to a container cluster specifically comprises:
    分别给所述至少两台云主机节点打上双可用域标签;Label the at least two cloud host nodes with dual-availability domain labels;
    将所述双可用域标签加入到云平台的节点部署模板中,从而将云主机节点部署到容器集群;Adding the dual-availability domain label to the node deployment template of the cloud platform, thereby deploying the cloud host node to the container cluster;
    对上述已加入云主机节点的网络隔离区的容器集群做负载均衡。Load balance the above-mentioned container clusters that have joined the network isolation zone of the cloud host node.
  6. 如权利要求5所述方法,其中,所述对上述已加入云主机节点的网络隔离区的容器集群做负载均衡的步骤具体包括:The method according to claim 5, wherein the step of performing load balancing on the container clusters that have been added to the network isolation zone of the cloud host node specifically comprises:
    将所述绑定到网络隔离区安全组的云主机节点添加到资源池中。The cloud host node bound to the security group of the network isolation zone is added to the resource pool.
  7. 如权利要求1所述方法,其中,所述对所述加入容器集群的云主机进行管理的步骤具体包括:The method according to claim 1, wherein the step of managing the cloud host added to the container cluster specifically comprises:
    分别对所述至少两台云主机节点添加监控脚本,采集并上报节点的运行数据。Add monitoring scripts to the at least two cloud host nodes respectively, and collect and report the operating data of the nodes.
  8. 一种基于容器云平台的可用域建设装置,其中,包括:An available domain construction device based on a container cloud platform, which includes:
    创建模块,用于根据地域在云平台创建至少两台云主机,所述云主机用于提供容器服务;The creation module is used to create at least two cloud hosts on the cloud platform according to regions, and the cloud hosts are used to provide container services;
    加入模块,用于将所述云主机分别加入到网络隔离区和网络安全区;The joining module is used to join the cloud host to the network isolation zone and the network security zone respectively;
    部署模块,用于给所述云主机配置双可用域标签并部署到容器集群;A deployment module, configured to configure a dual-availability domain label for the cloud host and deploy it to a container cluster;
    管理模块,用于对所述加入容器集群的云主机进行管理。The management module is used to manage the cloud hosts added to the container cluster.
  9. 如权利要求8所述的基于容器云平台的可用域建设装置,其中,所述创建模块包括:The device for building an available domain based on a container cloud platform according to claim 8, wherein the creation module comprises:
    平台登陆子模块,用于登陆容器云平台;Platform login sub-module, used to log in to the container cloud platform;
    节点创建子模块,用于在所述容器云平台上,在所在地域选择一个可用区创建至少两台云主机节点。The node creation submodule is used to select an availability zone in the local area to create at least two cloud host nodes on the container cloud platform.
  10. 如权利要求8所述的基于容器云平台的可用域建设装置,其中,所述加入模块包括:The device for building an available domain based on a container cloud platform according to claim 8, wherein the joining module comprises:
    安全组创建子模块,用于根据不同的访问控制策略创建对应的安全组,包括网络隔离区安全组和网络安全区安全组;The security group creation sub-module is used to create corresponding security groups according to different access control policies, including the network isolation zone security group and the network security zone security group;
    节点绑定子模块,用于将所述创建好的至少两台云主机节点分别绑定到所述创建好的两个安全组。The node binding submodule is used to bind the created at least two cloud host nodes to the two created security groups respectively.
  11. 一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,其中,所述处理器执行所述计算机可读指令时实现如下所述的基于容器云平台的可用域建设方法的步骤:A computer device including a memory, a processor, and computer-readable instructions stored in the memory and capable of running on the processor, wherein the processor executes the computer-readable instructions as follows The steps of the available domain construction method based on the container cloud platform:
    根据地域在所述容器云平台创建至少两台云主机,所述云主机用于提供容器服务;Create at least two cloud hosts on the container cloud platform according to regions, where the cloud hosts are used to provide container services;
    将所述云主机分别加入到网络隔离区和网络安全区;Adding the cloud host to the network isolation zone and the network security zone respectively;
    给所述云主机配置双可用域标签并部署到容器集群;Configure a dual-availability domain label for the cloud host and deploy it to the container cluster;
    对所述加入容器集群的云主机进行管理。Manage the cloud hosts added to the container cluster.
  12. 如权利要求11所述的计算机设备,其中,所述根据地域在云平台创建至少两台云主机的步骤具体包括:The computer device according to claim 11, wherein the step of creating at least two cloud hosts on a cloud platform according to regions specifically comprises:
    登陆容器云平台;Log in to the container cloud platform;
    在所述容器云平台上,在所在地域选择一个可用区创建至少两台云主机节点。On the container cloud platform, at least two cloud host nodes are created by selecting an available zone in the local area.
  13. 如权利要求11所述的计算机设备,其中,所述将所述云主机分别加入到网络隔离区和网络安全区的步骤具体包括:The computer device according to claim 11, wherein the step of adding the cloud host to the network isolation zone and the network security zone respectively comprises:
    根据不同的访问控制策略创建对应的安全组,包括网络隔离区安全组和网络安全区安全组;Create corresponding security groups according to different access control policies, including network isolation zone security groups and network security zone security groups;
    将所述创建好的至少两台云主机节点分别绑定到所述创建好的两个安全组。Bind the created at least two cloud host nodes to the two created security groups respectively.
  14. 如权利要求13所述的计算机设备,其中,所述根据不同的访问控制策略创建对应的安全组的步骤具体包括:The computer device according to claim 13, wherein the step of creating corresponding security groups according to different access control policies specifically comprises:
    根据安全级别将所述云主机所在的网络至少划分为网络隔离区和网络安全区;Dividing the network where the cloud host is located at least into a network isolation zone and a network security zone according to the security level;
    根据网络隔离区和网络安全区的访问控制策略分别创建对应的安全组,即网络隔离区安全组和网络安全区安全组。Create corresponding security groups according to the access control policies of the network isolation zone and the network security zone, namely, the network isolation zone security group and the network security zone security group.
  15. 如权利要求14所述的计算机设备,其中,所述给所述云主机配置双可用域标签并部署到容器集群的步骤具体包括:The computer device according to claim 14, wherein the step of configuring a dual-availability domain label for the cloud host and deploying it to a container cluster specifically comprises:
    分别给所述至少两台云主机节点打上双可用域标签;Label the at least two cloud host nodes with dual-availability domain labels;
    将所述双可用域标签加入到云平台的节点部署模板中,从而将云主机节点部署到容器集群;Adding the dual-availability domain label to the node deployment template of the cloud platform, thereby deploying the cloud host node to the container cluster;
    对上述已加入云主机节点的网络隔离区的容器集群做负载均衡。Load balance the above-mentioned container clusters that have joined the network isolation zone of the cloud host node.
  16. 一种非易失性的计算机可读存储介质,其中,所述计算机可读指令被一种处理器执行时,使得所述一种处理执行所述的基于容器云平台的可用域建设方法的步骤:A non-volatile computer-readable storage medium, wherein, when the computer-readable instruction is executed by a processor, the process is caused to execute the steps of the container cloud platform-based available domain construction method :
    根据地域在所述容器云平台创建至少两台云主机,所述云主机用于提供容器服务;Create at least two cloud hosts on the container cloud platform according to regions, where the cloud hosts are used to provide container services;
    将所述云主机分别加入到网络隔离区和网络安全区;Adding the cloud host to the network isolation zone and the network security zone respectively;
    给所述云主机配置双可用域标签并部署到容器集群;Configure a dual-availability domain label for the cloud host and deploy it to the container cluster;
    对所述加入容器集群的云主机进行管理。Manage the cloud hosts added to the container cluster.
  17. 如权利要求16所述的非易失性的计算机可读存储介质,其中,所述根据地域在云平台创建至少两台云主机的步骤具体包括:The non-volatile computer-readable storage medium of claim 16, wherein the step of creating at least two cloud hosts on a cloud platform according to regions specifically comprises:
    登陆容器云平台;Log in to the container cloud platform;
    在所述容器云平台上,在所在地域选择一个可用区创建至少两台云主机节点。On the container cloud platform, at least two cloud host nodes are created by selecting an available zone in the local area.
  18. 如权利要求16所述的非易失性的计算机可读存储介质,其中,所述将所述云主机分别加入到网络隔离区和网络安全区的步骤具体包括:The non-volatile computer-readable storage medium according to claim 16, wherein the step of adding the cloud host to the network isolation zone and the network security zone respectively comprises:
    根据不同的访问控制策略创建对应的安全组,包括网络隔离区安全组和网络安全区安全组;Create corresponding security groups according to different access control policies, including network isolation zone security groups and network security zone security groups;
    将所述创建好的至少两台云主机节点分别绑定到所述创建好的两个安全组。Bind the created at least two cloud host nodes to the two created security groups respectively.
  19. 如权利要求18所述的非易失性的计算机可读存储介质,其中,所述根据不同的访问控制策略创建对应的安全组的步骤具体包括:The non-volatile computer-readable storage medium of claim 18, wherein the step of creating corresponding security groups according to different access control policies specifically comprises:
    根据安全级别将所述云主机所在的网络至少划分为网络隔离区和网络安全区;Dividing the network where the cloud host is located at least into a network isolation zone and a network security zone according to the security level;
    根据网络隔离区和网络安全区的访问控制策略分别创建对应的安全组,即网络隔离区安全组和网络安全区安全组。Create corresponding security groups according to the access control policies of the network isolation zone and the network security zone, namely, the network isolation zone security group and the network security zone security group.
  20. 如权利要求19所述的非易失性的计算机可读存储介质,其中,所述给所述云主机配置双可用域标签并部署到容器集群的步骤具体包括:The non-volatile computer-readable storage medium of claim 19, wherein the step of configuring the cloud host with a dual-availability domain label and deploying it to a container cluster specifically comprises:
    分别给所述至少两台云主机节点打上双可用域标签;Label the at least two cloud host nodes with dual-availability domain labels;
    将所述双可用域标签加入到云平台的节点部署模板中,从而将云主机节点部署到容器集群;Adding the dual-availability domain label to the node deployment template of the cloud platform, thereby deploying the cloud host node to the container cluster;
    对上述已加入云主机节点的网络隔离区的容器集群做负载均衡。Load balance the above-mentioned container clusters that have joined the network isolation zone of the cloud host node.
PCT/CN2020/098934 2019-09-20 2020-06-29 Container cloud platform-based available area construction method and apparatus, device and storage medium WO2021051933A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910889656.6 2019-09-20
CN201910889656.6A CN110830546A (en) 2019-09-20 2019-09-20 Available domain construction method, device and equipment based on container cloud platform

Publications (1)

Publication Number Publication Date
WO2021051933A1 true WO2021051933A1 (en) 2021-03-25

Family

ID=69548178

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/098934 WO2021051933A1 (en) 2019-09-20 2020-06-29 Container cloud platform-based available area construction method and apparatus, device and storage medium

Country Status (2)

Country Link
CN (1) CN110830546A (en)
WO (1) WO2021051933A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113596190A (en) * 2021-07-23 2021-11-02 浪潮云信息技术股份公司 Application distributed multi-activity system and method based on Kubernetes
CN113656181A (en) * 2021-08-23 2021-11-16 中国工商银行股份有限公司 Method and device for issuing real-time application cluster instance resources
CN113992511A (en) * 2021-10-19 2022-01-28 京东科技信息技术有限公司 Cloud host creation method and device, electronic equipment and storage medium
CN114070637A (en) * 2021-11-23 2022-02-18 北京天融信网络安全技术有限公司 Access control method and system based on attribute label, electronic device and storage medium
CN114745391A (en) * 2022-04-14 2022-07-12 上海蜜家文化传媒有限公司 Method and system for global content distribution
CN115361283A (en) * 2022-10-20 2022-11-18 深圳依时货拉拉科技有限公司 K8S-based cloud host management method and device and computer equipment
CN117389690A (en) * 2023-12-08 2024-01-12 中电云计算技术有限公司 Mirror image package construction method, device, equipment and storage medium

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830546A (en) * 2019-09-20 2020-02-21 平安科技(深圳)有限公司 Available domain construction method, device and equipment based on container cloud platform
CN111597011A (en) * 2020-04-10 2020-08-28 联通(广东)产业互联网有限公司 Connection method and system based on private cloud resource model
CN111935321B (en) * 2020-10-12 2021-01-22 中国传媒大学 Converged media micro-service platform based on container cloud
CN113904911A (en) * 2021-10-15 2022-01-07 杭州安恒信息技术股份有限公司 Device management method, system, readable storage medium and computer
CN114780168B (en) * 2022-03-30 2023-04-28 全球能源互联网研究院有限公司南京分公司 Method and device for dynamically changing security policy of intelligent terminal container and electronic equipment
CN116797199A (en) * 2022-04-08 2023-09-22 西安幸福悦动信息科技有限公司 Object management operation and maintenance system
CN115022317B (en) * 2022-05-27 2024-03-08 亚信科技(中国)有限公司 Cloud platform-based application management method and device, electronic equipment and storage medium
CN115134367A (en) * 2022-06-28 2022-09-30 浙江吉利控股集团有限公司 Cloud platform and service processing method
CN117082058B (en) * 2023-10-18 2024-01-23 国网信息通信产业集团有限公司 File transmission method under database isolation device environment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120265976A1 (en) * 2011-04-18 2012-10-18 Bank Of America Corporation Secure Network Cloud Architecture
CN105959138A (en) * 2016-04-29 2016-09-21 深圳前海大数点科技有限公司 Micro-service dynamic disposition system and method based on cloud calculation
US20160366233A1 (en) * 2015-06-10 2016-12-15 Platform9, Inc. Private Cloud as a service
CN107577496A (en) * 2017-09-15 2018-01-12 济南浚达信息技术有限公司 A kind of system and its method of work and application based on Docker deployment desktop cloud management platforms
CN108512935A (en) * 2018-04-16 2018-09-07 腾讯科技(深圳)有限公司 data service system, method, server and computer readable storage medium
US20180307524A1 (en) * 2016-11-17 2018-10-25 Red Hat, Inc. Executing code referenced from a microservice registry
CN108737136A (en) * 2017-04-18 2018-11-02 微软技术许可有限责任公司 By new virtual machine and container allocation to the system and method for the server in cloud network
CN110830546A (en) * 2019-09-20 2020-02-21 平安科技(深圳)有限公司 Available domain construction method, device and equipment based on container cloud platform

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991734B (en) * 2015-02-16 2019-05-17 广东亿迅科技有限公司 A kind of cloud platform management method and system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120265976A1 (en) * 2011-04-18 2012-10-18 Bank Of America Corporation Secure Network Cloud Architecture
US20160366233A1 (en) * 2015-06-10 2016-12-15 Platform9, Inc. Private Cloud as a service
CN105959138A (en) * 2016-04-29 2016-09-21 深圳前海大数点科技有限公司 Micro-service dynamic disposition system and method based on cloud calculation
US20180307524A1 (en) * 2016-11-17 2018-10-25 Red Hat, Inc. Executing code referenced from a microservice registry
CN108737136A (en) * 2017-04-18 2018-11-02 微软技术许可有限责任公司 By new virtual machine and container allocation to the system and method for the server in cloud network
CN107577496A (en) * 2017-09-15 2018-01-12 济南浚达信息技术有限公司 A kind of system and its method of work and application based on Docker deployment desktop cloud management platforms
CN108512935A (en) * 2018-04-16 2018-09-07 腾讯科技(深圳)有限公司 data service system, method, server and computer readable storage medium
CN110830546A (en) * 2019-09-20 2020-02-21 平安科技(深圳)有限公司 Available domain construction method, device and equipment based on container cloud platform

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113596190A (en) * 2021-07-23 2021-11-02 浪潮云信息技术股份公司 Application distributed multi-activity system and method based on Kubernetes
CN113656181A (en) * 2021-08-23 2021-11-16 中国工商银行股份有限公司 Method and device for issuing real-time application cluster instance resources
CN113992511A (en) * 2021-10-19 2022-01-28 京东科技信息技术有限公司 Cloud host creation method and device, electronic equipment and storage medium
CN114070637A (en) * 2021-11-23 2022-02-18 北京天融信网络安全技术有限公司 Access control method and system based on attribute label, electronic device and storage medium
CN114070637B (en) * 2021-11-23 2024-01-23 北京天融信网络安全技术有限公司 Access control method, system, electronic equipment and storage medium based on attribute tag
CN114745391A (en) * 2022-04-14 2022-07-12 上海蜜家文化传媒有限公司 Method and system for global content distribution
CN115361283A (en) * 2022-10-20 2022-11-18 深圳依时货拉拉科技有限公司 K8S-based cloud host management method and device and computer equipment
CN115361283B (en) * 2022-10-20 2023-03-24 深圳依时货拉拉科技有限公司 K8S-based cloud host management method and device and computer equipment
CN117389690A (en) * 2023-12-08 2024-01-12 中电云计算技术有限公司 Mirror image package construction method, device, equipment and storage medium
CN117389690B (en) * 2023-12-08 2024-03-15 中电云计算技术有限公司 Mirror image package construction method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110830546A (en) 2020-02-21

Similar Documents

Publication Publication Date Title
WO2021051933A1 (en) Container cloud platform-based available area construction method and apparatus, device and storage medium
US10574505B2 (en) Endpoint data centers of different tenancy sets
US10868771B2 (en) Methods and systems for creating and managing network groups
US9329894B2 (en) Method and apparatus for extending local area networks between clouds and permanently migrating virtual machines using static network addresses
US9213568B2 (en) Assigning states to cloud resources
US9430256B2 (en) Method and apparatus for migrating virtual machines between cloud computing facilities using multiple extended local virtual networks and static network addresses
CN109040276B (en) Method and device for constructing cloud platform, computer storage medium and terminal
US9311140B2 (en) Method and apparatus for extending local area networks between clouds and migrating virtual machines using static network addresses
US20150220357A1 (en) Tagging Physical Resources In A Cloud Computing Environment
WO2019152117A1 (en) Systems and methods for synchronizing microservice data stores
JP6739938B2 (en) Service migration across cluster boundaries
CN102427481A (en) System for managing cloud computing service and cloud computing management method
JP2018523192A (en) Executing commands on virtual machine instances in distributed computing environments
CN102882908A (en) Cloud computing management system and cloud computing management method
Alba et al. Efficient and agile storage management in software defined environments
CN104679608A (en) Infrastructure visualization platform building method and mirror management structure of infrastructure visualization platform building method
US20170161101A1 (en) Modularized automated-application-release-management subsystem
WO2014100028A1 (en) System and method for private cloud introduction and implementation
Cao et al. Cluster as a service: A resource sharing approach for private cloud
US20130238673A1 (en) Information processing apparatus, image file creation method, and storage medium
US10447799B2 (en) Method and apparatus for providing computing resources
CN108293047B (en) System and method for accessing resources by a user across multiple distributed computing networks
US9875373B2 (en) Prioritization of users during disaster recovery
US11287982B2 (en) Associating data management policies to portions of data using connection information
US20230148314A1 (en) Fast Launch Based on Hibernated Pre-launch Sessions

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20864698

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20864698

Country of ref document: EP

Kind code of ref document: A1