WO2024120227A1

WO2024120227A1 - Container data protection system, method and apparatus, and device and readable storage medium

Info

Publication number: WO2024120227A1
Application number: PCT/CN2023/134107
Authority: WO
Inventors: 王一杰; 张振广
Original assignee: 浪潮电子信息产业股份有限公司
Priority date: 2022-12-09
Filing date: 2023-11-24
Publication date: 2024-06-13
Also published as: CN115576655B; CN115576655A

Abstract

Disclosed in the present application in the technical field of computer application are a container data protection system, method and apparatus, and a device and a non-volatile readable storage medium. In the system, the method comprises: creating, in a local container cluster, a storage class having a duplication type; creating, on a storage, a first persistent volume having a duplication function, and adding the first persistent volume to a protection group; creating a persistent volume claim of the storage class, and associating the first persistent volume, the persistent volume claim and the protection group; sending a volume creation command to a remote container cluster; and creating, in the remote container cluster, a second persistent volume having a duplication relationship with the first persistent volume, and a homonymous protection group of the protection group, and then maintaining data synchronization between the first persistent volume and the second persistent volume. In the present application, a persistent volume having a duplication relationship is created in a container cluster, and persistent volume data in the container cluster is duplicated by using duplication technology of a storage itself, such that the consistency of data is maintained, and data of a container can be protected.

Description

Container data protection system, method, device, equipment and readable storage medium

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to the Chinese patent application filed with the China Patent Office on December 9, 2022, with application number 202211575807.9, and application name “Container Data Protection System, Method, Device, Equipment and Readable Storage Medium”, all contents of which are incorporated by reference in this application.

Technical Field

The present application relates to the field of computer application technology, and in particular to a container data protection system, method, device, equipment and non-volatile readable storage medium.

Background technique

The data in the container can be stored in a medium similar to a virtual machine disk. The container can use external storage devices through persistent volumes. The persistent volume of the container can be used to store the data of the application in the container, and can also be used to share data between containers.

Traditional data protection solutions mainly focus on virtual machines or physical machines, often focusing on protecting a single server and the applications running on it. In the era of container orchestration, containers are a dynamically changing resource, and applications are often widely distributed, sometimes requiring the launch of multiple clouds and multiple data centers. Traditional backup and disaster recovery solutions do not work well in containerized environments.

In summary, how to effectively solve problems such as container data protection is a technical problem that technical personnel in this field urgently need to solve.

Summary of the invention

The purpose of this application is to provide a container data protection system, method, apparatus, device and non-volatile readable storage medium, which can effectively protect the data of the container.

In order to solve the above technical problems, this application provides the following technical solutions:

A container data protection system, comprising:

Replication manager, container storage controller, container orchestration server, and container storage interface;

Among them, the container orchestration server and the container storage controller communicate with the container storage interface through the remote procedure call protocol;

The replication manager and container storage controller communicate with the container orchestration server via the Hypertext Transfer Protocol;

The replication manager includes a replication control management module and a cluster management module;

The container storage controller includes a container storage interface interaction module and a container storage management module;

The container storage interface is used to perform remote replication management and volume operations on the storage system.

In some embodiments, the cluster management module and the container orchestration server in the remote cluster use Rest API calls to query, create, and modify resource object information in the remote cluster.

In some embodiments, the cluster management module is used to obtain cluster access configuration information, communicate between container clusters, and query, create, and modify resource objects in a remote cluster.

In some embodiments, the replication control management module includes a backup object controller, a recovery object controller, a persistent volume controller, a persistent volume declaration controller and a protection group controller to implement monitoring and operation of resource objects.

In some embodiments, the backup object controller is used to obtain resource objects related to cluster and application configuration from the container orchestration server;

The persistent volume controller is used to monitor the status, labels, and annotations of persistent volumes, and query, create, and modify resource objects in the remote cluster as needed.

In some embodiments, the container storage interface interaction module is used to call the RPC service in the container storage interface to perform remote replication management on the storage system.

In some embodiments, the controller management module, including a persistent volume controller, a persistent volume declaration controller, and a protection group controller, monitors a persistent volume or a persistent volume declaration creation event, and if it is a created replica volume, calls an RPC service of a container storage interface through a container storage interface interaction module to perform a storage operation;

The persistent volume controller creates a protection group resource object based on the volume information and associates the persistent volume with the protection group by adding annotations and tags to the persistent volume and persistent volume declaration.

The protection group controller is used to manage protection group instances, process operation requests for protection groups, monitor replication status, and update sub-resource status.

In some embodiments, the container storage interface also includes an RPC service for remote replication volume management;

The remote replication volume management service connects to the storage system and uses the storage system's remote replication function to create replication pairs, add protection groups, synchronize data, and monitor the status of protection groups.

The remote replication function includes synchronous remote replication and asynchronous remote replication.

A container data protection method, applied to the above container data protection system, comprises:

In the local container cluster, create a storage class with the replication type.

Create a first persistent volume with a replication function on the storage, and add the first persistent volume to the protection group;

Create a persistent volume declaration for the storage class and associate the first persistent volume, the persistent volume declaration, and the protection group;

Send a volume creation command to the remote container cluster;

After creating a second persistent volume in a replication relationship with the first persistent volume and a protection group with the same name as the protection group in the remote container cluster, keep data of the first persistent volume and the second persistent volume synchronized.

In some embodiments, associating the first persistent volume, the persistent volume claim, and the protection group includes:

Set the volume annotation and volume label of the first persistent volume;

Set the resource object of the protection group, and set the resource annotation and resource tag;

The first persistent volume, the persistent volume declaration, and the protection group are associated using the volume annotation, the volume tag, the resource annotation, and the resource tag.

In some embodiments, keeping data of the first persistent volume synchronized with data of the second persistent volume includes:

Synchronous remote replication or asynchronous remote replication is used to keep data of the first persistent volume and the second persistent volume synchronized.

In some embodiments, it also includes:

Configure the target storage class with a real-time high-availability replication relationship;

Create two target persistent volume declarations for the target storage class. The target persistent volumes corresponding to the two target persistent volume declarations have a high-availability replication relationship.

Get the storage performance status and select the fastest-response persistent volume from the two target persistent volumes for reading and writing.

In some embodiments, it also includes:

When a target persistent volume fails, switch to another target persistent volume for reading and writing.

In some embodiments, it also includes:

During recovery, the replication relationship is reestablished and data is synchronized from the normally functioning target persistent volume.

In some embodiments, it also includes:

Use the protection group resource objects to maintain the master-slave relationship between the resource objects and the persistent volumes on the storage in the master and slave clusters;

When the primary cluster fails, the secondary cluster is used to restore the container application of the primary cluster based on the backup data of the container resources.

In some embodiments, it also includes:

Set the action attribute of the protection group resource object to failover.

In some embodiments, it also includes:

When the primary cluster fails and recovers, set the action attribute of the protection group resource object to re-protect.

In some embodiments, restoring a container application of a primary cluster based on backup data of container resources using a secondary cluster includes:

Use the replicated data of the persistent volume from the cluster's secondary storage to start the container application business.

In some embodiments, it also includes:

Receive backup requests and create corresponding backup objects;

Query object resources from the container orchestration server and create custom resources for backup objects;

Call the container storage interface to create a snapshot of the volume to be backed up on the storage system;

Use the replication manager to upload the backed-up resource data to the backup storage location.

In some embodiments, it also includes:

Receive the recovery request and create the corresponding recovery object custom resource;

Use the replication manager to verify the recovery object custom resources;

After verification, the backup resource data is obtained from the backup storage location and verified using the recovery object controller;

After verification, use the backup resource data to create and restore the backup resources.

A container data protection device, comprising:

A storage class creation unit, used to create a storage class with a replication type in a local container cluster;

An object association unit, configured to create a first persistent volume with a replication function on the storage, and add the first persistent volume to the protection group; create a persistent volume declaration of the storage class, and associate the first persistent volume, the persistent volume declaration, and the protection group;

A data synchronization unit is used to send a volume creation command to a remote container cluster; after creating a second persistent volume having a replication relationship with the first persistent volume and a protection group with the same name as the protection group in the remote container cluster, the data of the first persistent volume and the second persistent volume are kept synchronized.

An electronic device, comprising:

Memory for storing computer programs;

A processor is used to implement the steps of the above-mentioned container data protection method when executing a computer program.

A non-volatile readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps of the container data protection method are implemented.

The system provided by the embodiment of the present application includes: a replication manager, a container storage controller, a container orchestration server and a container storage interface; wherein the container orchestration server and the container storage controller communicate with the container storage interface through a remote procedure call protocol; the replication manager and the container storage controller communicate with the container orchestration server through a hypertext transfer protocol; the replication manager includes a replication control management module and a cluster management module; the container storage controller includes a container storage interface interaction module and a container storage management module; the container storage interface is used to perform remote replication management and volume operations on the storage system.

Based on the internal components of the system and the communication capabilities between components, it is possible to integrate container resource objects and persistent The volume data backup and recovery function is brought to the container cluster, and the backup and recovery capabilities of the storage system are brought to the container cluster. Persistent volumes with different replication relationship types can be created in the same container cluster or in multiple clusters. The storage's own replication technology (synchronous/asynchronous replication or remote replication) is used to replicate the persistent volume data of the container in the cluster to maintain data consistency.

Applying the method provided in the embodiment of the present application, in a local container cluster, a storage class with a replication type is created; a first persistent volume with a replication function is created on the storage, and the first persistent volume is added to a protection group; a persistent volume declaration of the storage class is created, and the first persistent volume, the persistent volume declaration, and the protection group are associated; a volume creation command is sent to a remote container cluster; after creating a second persistent volume with a replication relationship with the first persistent volume in the remote container cluster, and a protection group with the same name as the protection group, the data of the first persistent volume and the second persistent volume are kept synchronized.

In the present application, a storage class with a replication type is first created, and then a first persistent volume with a replication function is created on the storage, and then the first persistent volume is added to the protection group. A persistent volume of the storage class is created, and the first persistent volume, the persistent volume declaration, and the protection group are associated. By issuing a volume creation command to the remote container cluster, the remote container cluster can create a second persistent volume with a replication relationship with the first persistent volume, and a protection group with the same name as the protection group. In this way, the data in the container can be effectively protected by keeping the data of the first persistent volume and the second persistent volume synchronized. That is to say, in the present application, a persistent volume with a replication relationship is created in the container cluster, and the replication technology of the storage itself is used to replicate the persistent volume data in the container cluster, thereby maintaining data consistency and protecting the container data.

Correspondingly, the embodiments of the present application also provide a container data protection method, apparatus, device and non-volatile readable storage medium corresponding to the above-mentioned container data protection method, which have the above-mentioned technical effects and are not repeated here.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the technical solutions in the embodiments of the present application or the related technologies, the drawings required for use in the embodiments or the related technical descriptions are briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

FIG1 is a flowchart of an implementation method of a container data protection method in an embodiment of the present application;

FIG2 is a schematic diagram of a container data protection system according to an embodiment of the present application;

FIG3 is a functional schematic diagram of a container data protection system according to an embodiment of the present application;

FIG4 is a schematic diagram of the structure of a container data protection device according to an embodiment of the present application;

FIG5 is a schematic diagram of the structure of an electronic device in an embodiment of the present application;

FIG6 is a schematic diagram of a specific structure of an electronic device in an embodiment of the present application;

FIG. 7 is a schematic diagram of the structure of a non-volatile readable storage medium in an embodiment of the present application.

Detailed ways

In order to enable those skilled in the art to better understand the present application, the present application is further described in detail below in conjunction with the accompanying drawings and specific implementation methods. Obviously, the described embodiments are only part of the embodiments of the present application, rather than all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in the field without making creative work are within the scope of protection of the present application.

Please refer to FIG. 2 , which is a schematic diagram of the structure of a container data protection system in an embodiment of the present application. The system includes:

Among them, the container orchestration server and the container storage controller communicate with the container storage interface through the remote procedure call protocol. Communications;

That is to say, the replication manager and the container orchestration server communicate through the http protocol, and use the Rest API (Representational State Transfer Application Programming Interfac) to query, create, and modify the resource object information in the local cluster and the remote cluster, including storage classes, persistent volumes, persistent volume declarations, protection groups, backup objects, recovery objects, and other different resource objects.

The container storage controller and the container orchestration server also communicate through the http protocol, using Rest API calls to query, create, and modify resource object information in this cluster and remote clusters.

The container storage controller and the container storage interface communicate through RPC (Remote Procedure Call Protocol), call the functions provided in the container storage interface, operate the storage system, and complete management operations such as creation and deletion of corresponding persistent volumes and remote replication volumes.

The container orchestration server and the container storage interface communicate through RPC, calling the functions provided in the container storage interface to operate the storage system.

Among them, the cluster management module and the container orchestration server in the remote cluster use Rest API calls to query, create, and modify resource object information in the remote cluster.

Among them, the cluster management module is used to obtain cluster access configuration information, communicate between container clusters, and query, create and modify resource objects in remote clusters.

Among them, the replication control management module includes a backup object controller, a recovery object controller, a persistent volume controller, a persistent volume declaration controller and a protection group controller to realize the monitoring and operation of resource objects.

Among them, the backup object controller is used to obtain resource objects related to cluster and application configuration from the container orchestration server;

Among them, the container storage interface interaction module is used to call the RPC service in the container storage interface to perform remote replication management on the storage system.

Among them, the controller management module includes a persistent volume controller, a persistent volume declaration controller and a protection group controller, which monitors the persistent volume or persistent volume declaration creation event. If it is a created replica volume, it calls the RPC service of the container storage interface through the container storage interface interaction module to perform storage operations;

Among them, the container storage interface also includes RPC services for remote replication volume management;

For example, in actual applications, the replication manager consists of a cluster management module and a replication control management module. The cluster management module is responsible for obtaining cluster access configuration information, communicating between container clusters, and operating remote clusters to query, create, and modify resource objects. You can also perform single cluster operations, set the remote cluster to yourself, and implement operations on the remote cluster in this cluster. The replication control management module includes a backup object controller, a recovery object controller, a persistent volume controller, a persistent volume declaration controller, and a protection group controller to monitor and operate resource objects. The backup object controller can obtain resource objects related to cluster and application configuration from the container orchestration server. The persistent volume controller can monitor the persistent volume status, labels, and annotations, and operate on resource objects in the remote cluster as needed, including querying, creating, and modifying resource objects. Similarly, the protection group controller, the remote persistent volume and the protection group are associated through additional metadata annotations or tables.

The container storage controller consists of a controller management module and a container storage interface interaction module. The container storage interface interaction module can call the RPC service in the container storage interface to perform remote replication management operations on the storage system. The controller management module includes a persistent volume controller, a persistent volume declaration controller, and a protection group controller to monitor and operate resource objects. By monitoring the creation events of persistent volumes or persistent volume declarations, if it is a created replicated volume, the RPC service of the container storage interface will be called through the container storage interface interaction module to perform related storage operations. The persistent volume controller uses volume information to create protection group resource objects, and establishes an association between persistent volumes and protection groups by adding annotations and tags to persistent volumes and persistent volume declarations. The protection group controller is used to manage protection group instances, process operation requests for protection groups, monitor replication status, update sub-resource status, etc.

In addition to general volume operations, the container storage interface also adds an RPC service for remote replication volume management. The remote replication volume management service can connect to the storage system and use the storage system's remote replication function, including synchronous remote replication and asynchronous remote replication. It can create replication pairs, add protection groups, synchronize data, perform some operations on protection groups, modify status, and other functions.

Based on the system's internal components and the ability to communicate with each other, it is possible to integrate container resource objects and persistent volume data backup and recovery functions, and bring the storage system's backup and recovery capabilities to the container cluster. Persistent volumes with different types of replication relationships can be created within the same container cluster or in multiple clusters, and the storage's own replication technology (synchronous/asynchronous replication or remote replication) can be used to replicate the persistent volume data of containers in the cluster to maintain data consistency.

Specifically, when creating a persistent volume, you can create a pair of persistent volumes with a replication relationship through parameter configuration. When a failure occurs, you can seamlessly switch between the replication volumes, and select the fast-responding persistent volume for reading and writing according to the performance and load of the storage where the persistent volume is located. For applications with high access frequency, select high-performance volumes for reading and writing to ensure the high availability of container services and the continuity of applications. For off-site disaster recovery scenarios, you can create a primary and backup volume with a remote replication relationship, and back up container cluster object resources and application configurations at the same time. When the primary site has a problem, you can perform a failover through the slave volume that has a replication relationship with the primary volume, restore the container cluster object resources and application configuration in another cluster, and quickly restore to the disaster recovery site. After the primary site is restored, perform data recovery and master-slave switching of the persistent volume to ensure consistent data availability.

Please refer to Figure 1, which is a flow chart of a container data protection method in an embodiment of the present application. The method can be applied to the container data protection system shown in Figure 2. In order to achieve disaster recovery and high availability of the application system, two sets of storage are used in Figure 2 to connect to two clusters, forming one master and one backup. Of course, it can also be set up as a two-site three-center deployment as needed, or the same cluster can be connected to two sets or active-active storage. The container persistent volume data backup disaster recovery solution includes three components: a replication manager, a container storage controller, and a container storage interface. Among them, the backup object and the protection group (that is, a pair of volumes with a replication relationship) are custom resources, representing the protection group on the storage.

The container data protection method is implemented in the system, which specifically includes the following steps:

S101. In a local container cluster, create a storage class with a replication type.

First, cluster deployment configuration can be performed, that is, the replication manager is deployed in the cluster as an application in the container orchestration server. The local cluster information, remote cluster information, and access information are passed to the replication manager through configuration for use. The remote cluster information can be set to the local cluster. The container storage interface is deployed according to the interface specification, and the container storage controller is deployed as a sidecar container of the container storage interface.

The storage class sets the replication type, starts the replication function, sets the remote cluster identifier, remote storage class name and other parameters. If replication is performed in a single cluster, the remote cluster is set to its own cluster.

In the present application, the replication type may specifically include local replication or remote replication, synchronous replication or asynchronous replication and the like.

After creating a storage class, you can create a persistent volume claim for this storage class.

S102: Create a first persistent volume with a replication function on the storage, and add the first persistent volume to a protection group.

The persistent volume declaration controller of the container storage controller listens to the creation event, calls the container storage interface to create a volume with remote replication function (ie, the first persistent volume) on the storage, and adds it to the protection group.

S103: Create a persistent volume declaration for the storage class, and associate the first persistent volume, the persistent volume declaration, and the protection group.

In this embodiment, after creating the persistent volume declaration of the storage class, it is necessary to establish an association relationship between the first persistent volume, the persistent volume declaration, and the protection group, so as to integrate the resource object and persistent volume data backup and recovery functions, and bring the backup and recovery capabilities of the storage system to the container cluster. Persistent volumes with different replication relationship types can be created in the same container cluster or in multiple clusters, and the storage's own replication technology (synchronous/asynchronous replication or remote replication) can be used to replicate the persistent volume data of the container in the cluster to maintain data consistency.

It should be noted that you can add a pair of persistent volumes with replication relationships in a protection group, or you can add three or more persistent volumes with replication relationships. That is, there are at least two persistent volumes with replication relationships in a protection group, but the actual number of persistent volumes in a protection group can be determined based on actual backup needs. The replication relationship between persistent volumes in a protection group can also be set or adjusted according to actual application needs, which will not be described here one by one.

The first and second in the first persistent volume and the second persistent volume are only used to distinguish the existence of two persistent volumes, but do not limit the order, priority, etc. of the persistent volumes.

In a specific implementation of the present application, associating the first persistent volume, the persistent volume declaration, and the protection group includes:

Step 1: Set the volume annotation and volume label of the first persistent volume.

Step 2: Set the resource object of the protection group, and set the resource annotation and resource tag;

Step 3: Use volume annotations, volume tags, resource annotations, and resource tags to associate the first persistent volume, the persistent volume declaration, and the protection group.

For ease of description, the above three steps are combined for explanation below.

That is to say, when the persistent volume controller detects that the volume has been created successfully, it can set the annotations and labels of the persistent volume. Create a protection group resource object and set the relevant annotations and labels. Associate the persistent volume, persistent volume declaration, and protection group through annotations and labels. For the specific settings of volume annotations, volume labels, resource annotations, and resource labels, as well as the information covered by the content of the annotations and labels themselves, please refer to the specific definitions and implementations of the relevant annotations and labels, which will not be repeated here.

S104: Send a volume creation command to the remote container cluster.

The persistent volume controller in the replication manager monitors the status of the persistent volume and related annotations and labels, obtains remote cluster information, queries the storage class in the remote cluster, sends a command to create a persistent volume to the remote cluster, creates a remote persistent volume, and replicates data. It can set synchronous remote replication and asynchronous remote replication. The protection group controller monitors the status of the protection group and related annotations and labels, sends a command to create a protection group to the remote cluster, and creates a remote protection group.

It should be noted that if only replication backup needs to be implemented in the local container cluster, there is no need to send a volume creation command to the New Year's Day container cluster. Instead, directly refer to the above steps S101 to S103 to create a second persistent volume that has a replication relationship with the first persistent volume, and add the second persistent volume to the protection group corresponding to the first persistent volume, thereby achieving data synchronization between the first persistent volume and the second persistent volume locally.

S105: After creating a second persistent volume in a replication relationship with the first persistent volume and a protection group with the same name as the protection group in the remote container cluster, keep data of the first persistent volume and the second persistent volume synchronized.

A persistent volume and a protection group are created in the source cluster. A persistent volume and a protection group with the same name and a replication relationship are also created in the target cluster. The data in the two persistent volumes are kept synchronized.

Wherein, maintaining data synchronization between the first persistent volume and the second persistent volume includes: maintaining data synchronization between the first persistent volume and the second persistent volume by using synchronous remote replication or asynchronous remote replication. That is, synchronous remote replication or asynchronous remote replication can be used to achieve data synchronization between the first persistent volume and the second persistent volume.

In this way, even if one of the clusters fails, the other cluster can quickly take over all services.

The method provided by the embodiment of the present application is applied, and the method includes: creating a storage class with a replication type in a local container cluster; creating a first persistent volume with a replication function on the storage, and adding the first persistent volume to a protection group; creating a persistent volume declaration for the storage class, and associating the first persistent volume, the persistent volume declaration, and the protection group; sending a volume creation command to a remote container cluster; creating a second persistent volume with a replication relationship with the first persistent volume in the remote container cluster, and a protection group with the same name as the protection group, and then maintaining data synchronization between the first persistent volume and the second persistent volume.

It should be noted that, based on the above embodiments, the embodiments of the present application also provide corresponding improved solutions. In some embodiments, the same steps or corresponding steps as those in the above embodiments can be referenced to each other, and the corresponding beneficial effects can also be referenced to each other, which will not be repeated one by one in some embodiments of this article.

In a specific implementation of the present application, a persistent volume with a highly available replication relationship can also be created to protect the data in the container, thereby maintaining the high availability of the container application. The specific implementation process includes:

Step 1: Configure the target storage class with real-time high-availability replication relationship;

Step 2: Create two target persistent volume declarations for the target storage class. The target persistent volumes corresponding to the two target persistent volume declarations have a high-availability replication relationship.

Step 3: Get the storage performance status and select the fastest-response persistent volume from the two target persistent volumes for reading and writing.

First, you can configure cluster information, set the remote cluster to your own cluster, and connect two sets of storage to maintain high availability. Then, create a storage class with real-time high-availability replication. Create a persistent volume declaration for this storage class, generate two persistent volume declarations, and the corresponding persistent volumes have a high-availability replication relationship.

The container storage controller monitors the storage performance status and automatically switches to different persistent volumes based on the performance and load of the storage where the persistent volume is located. It selects persistent volumes with fast response for reading and writing, and selects high-performance persistent volumes for reading and writing for applications with high access frequency.

In a specific implementation of the present application, after a target persistent volume fails, it switches to another target persistent volume for reading and writing. That is, when a persistent volume fails, it can immediately switch to a persistent volume with a replication relationship to ensure high availability of container services and continuity of applications.

In a specific implementation of the present application, during recovery, the replication relationship is re-established, and data is synchronized from the normally running target persistent volume. That is, during recovery, the replication relationship is re-established, data is synchronized from another volume, and after consistency is maintained, services are provided again.

In a specific implementation of the present application, remote multi-cluster failover and recovery can also be achieved. The specific implementation steps include:

Step 1: Use the protection group resource objects to maintain the master-slave relationship between the resource objects and the persistent volumes on the storage in the master cluster and the slave cluster;

Step 2: When the primary cluster fails, use the secondary cluster to restore the container application of the primary cluster based on the backup data of the container resources.

For ease of description, the above two steps are combined for explanation below.

Assume that there are two container application clusters and two storage systems for remote disaster recovery, forming a master-slave relationship.

When the main cluster fails and cannot provide services, a failover is performed and the cluster's container applications are restored using the backup data of the container resources in the cluster.

To facilitate the processing of the switching operation, the action attribute of the protection group resource object is also set to failover. That is, the action attribute of the protection group resource object is set to failover.

The protection group controller in the container storage controller detects the protection group change, calls the protection group failover operation in the container storage interface, puts the protection group into a failover state in the storage system, and stops data synchronization.

Among them, the backup data of container resources is used to restore the container application of the main cluster by using the slave cluster, including: using the copy data of the persistent volume in the slave storage of the slave cluster to pull up the business of the container application. The copy data of the persistent volume in the slave storage of the slave cluster is used to immediately pull up the business, ensuring business availability and data security at the time of disaster.

Accordingly, when the primary cluster fails and recovers, the action attribute of the protection group resource object is set to re-protect. When the protection group controller in the container storage controller detects the change of the protection group, it calls the protection group re-protection operation in the container storage interface, and in the storage system, the protection group enters the re-protection state, so that the persistent volume resumes replication from the new "source" and performs data synchronization.

In a specific implementation of the present application, data backup and recovery can also be achieved through backup objects. The specific implementation process includes:

Step 1: Receive a backup request and create a corresponding backup object;

Step 2: Query the object resources from the container orchestration server and create custom resources for the backup object;

Step 3: Call the container storage interface to create a snapshot of the volume to be backed up on the storage system;

Step 4: Use the replication manager to upload the backed-up resource data to the backup storage location.

For ease of description, the above four steps are combined for explanation below.

Create a backup object to customize the resource container information/data to be backed up, cluster and storage resources to be backed up.

Configure the backup storage location and access account. After the backup object controller detects the custom resources of the backup object, it will query the container orchestration server to collect cluster container resource objects, application configuration and other object resources. Call the container storage interface to create a snapshot of the volume to be backed up. Upload the backed-up resource data to the backup storage location.

Furthermore, the corresponding data recovery process includes:

Step 1: Receive a recovery request and create a corresponding recovery object custom resource;

Step 2: Use the replication manager to verify the custom resource of the recovery object;

Step 3: After verification, use the recovery object controller to obtain the backup resource data from the backup storage location and verify it;

Step 4: After verification, use the backup resource data to create and restore the backup resources.

After receiving the recovery request, the recovery object custom resource is created. After the recovery object controller detects the recovery object custom resource, it verifies it. The recovery object controller obtains the backup resource data from the backup storage location and verifies it. The recovery object controller creates the resource for restoring the backup.

Among them, as to how to perform resource verification, you can refer to the relevant verification implementation plan for details, which will not be repeated here.

To help those skilled in the art better understand the container data protection method provided in the embodiment of the present application, the container data protection method itself and its technical effects are described in detail below in combination with relevant technologies.

Remote replication is the core technology of storage system disaster recovery and backup, which can realize remote data backup and disaster recovery. Remote replication can be used to synchronize and back up the data of the primary site to maintain data consistency. When a disaster occurs, the business data of the primary site can be quickly taken over by the secondary site to ensure business sustainability and avoid losses caused by business terminals. When the business data of the primary site fails, the data of the primary site can be restored by the data of the secondary site, which can facilitate business recovery. Remote replication is divided into synchronous replication and asynchronous replication. Synchronous remote replication is to synchronize data in real time after the initial remote synchronization, to maximize data consistency and reduce the amount of data loss when a disaster occurs. Asynchronous remote replication is to synchronize data periodically after the initial synchronization, to minimize the degradation of business performance caused by the delay of remote data transmission.

Related container backup and disaster recovery technologies: Container backup and recovery are mainly divided into cluster resource backup and recovery, and persistent volume backup and recovery.

The backup and recovery of cluster resources mainly include:

Method a: Backup and restore of container images. The standard approach is to synchronize images in image repositories between different data centers through the replication function of the image repository.

Method b: Back up resource objects, including various configurations and resource relationships, to restore the same cluster, application, and configuration to ensure functional consistency.

There are several solutions for backing up and restoring persistent volumes:

The first is to directly use the server that stores the data to implement regular snapshot backups.

The second method is to deploy a dedicated backup client on each target server and specify a backup data directory, and regularly copy the data remotely to external storage.

The third method of backing up persistent volumes is to create a snapshot of the persistent volume based on the snapshot function of the container storage interface, perform the backup, and then restore the volume by creating a volume from the snapshot.

As can be seen, traditional data protection solutions mainly focus on virtual machines or physical machines, and often focus on protecting a single server and the applications running on it. In the era of container orchestration, containers are a dynamically changing resource, and applications are usually widely distributed, sometimes requiring the launch of multiple clouds and multiple data centers. Traditional backup and disaster recovery solutions do not work well in containerized environments. Existing container data protection solutions often back up container resource objects and persistent volume data separately, and for the backup and disaster recovery of persistent volumes, use the storage service end to perform backup and deploy proprietary client programs to operate the storage system backup, which has problems such as rigid backup mechanism and slow data recovery. Some protection solutions can back up container resource objects and persistent volume data at the same time, but the persistent volume is only backed up and restored based on the snapshot function of the container storage interface, which takes a long time to backup and restore data, and cannot adapt to the high availability and fast recovery scenarios of containers.

Please refer to Figure 3. From the above-mentioned embodiment description, it can be seen that the technical solution provided by the present application can integrate the container resource object and persistent volume data backup and recovery functions, and bring the backup and recovery capabilities of the storage system to the container cluster. Persistent volumes with different types of replication relationships can be created in the same container cluster or in multiple clusters, and the replication technology of the storage itself (synchronous/asynchronous replication or remote replication) can be used to replicate the persistent volume data of the container in the cluster to maintain data consistency. Through parameter configuration, when creating a persistent volume, a pair of persistent volumes with a replication relationship can be created. When a fault error occurs, it can be seamlessly switched between the replicated volumes, and according to the performance and load of the storage where the persistent volume is located, a fast-responding persistent volume can be selected for reading and writing. For applications with high access frequency, high-performance volumes can be selected for reading and writing, ensuring the high availability of container services and the continuity of applications. For off-site disaster recovery scenarios, a primary and backup volume with a remote replication relationship can be created, and container cluster object resources and application configurations can be backed up at the same time. When a problem occurs at the primary site, a fault switch can be performed through a slave volume with a replication relationship with the primary volume, and the container cluster object resources and application configuration can be restored in another cluster for rapid recovery to the disaster recovery site. After the primary site is restored, data recovery and master-slave switching of persistent volumes are performed to ensure consistent data availability. This technical solution is applicable to various scenarios of container data protection, including backup, high availability, application continuity, and disaster recovery.

In other words, this application can integrate the backup and recovery functions of container resource objects and persistent volume data, bring the backup and recovery capabilities of the storage system to the container cluster, and use the replication and recovery technology of the storage device to achieve the replication of the container persistent volume data, thereby realizing the disaster recovery protection of the container persistent volume. When a disaster occurs in the main data center, the data of the disaster recovery center can be directly used to establish an operation support environment to provide IT (Information Technology) support for the continued operation of the business. At the same time, the data of the disaster recovery center can also be used to restore the business system of the main data center, so that the company's business operations can quickly return to the normal operation state before the disaster. This solution adopts a cloud-native development approach and can be well integrated with the container orchestration server.

This application can simultaneously back up and restore container resource objects, application configurations, and persistent volume data. The backup and recovery methods of persistent volume data support both local snapshots and remote replication.

Bring the backup and recovery capabilities of the storage system to the container cluster. The persistent volume of the container uses the replication technology of the storage itself (synchronous/asynchronous replication, remote replication) to maintain data replication and consistency.

When creating a persistent volume, you can create a pair of persistent volumes with a synchronous replication relationship. When a failure occurs, you can seamlessly switch between the replicated volumes. And based on the performance and load of the storage where the persistent volume is located, you can select a persistent volume with a fast response for reading and writing. For applications with high access frequency, select a high-performance volume for reading and writing, to ensure high availability of container services and application continuity.

It supports cross-cluster and cross-storage area disaster recovery deployment, and can create master and backup volumes with remote replication relationships, while backing up container cluster object resources and application configurations. When the primary site fails, it can perform failover through the slave volume that has a replication relationship with the primary volume, restore the container cluster object resources and application configuration in another cluster, and quickly restore to the disaster recovery site. After the primary site is restored, data recovery and master-slave switching of the persistent volume are performed to ensure consistent data availability.

Corresponding to the above method embodiment, the embodiment of the present application further provides a container data protection device. The container data protection device described below and the container data protection method described above can refer to each other.

As shown in FIG4 , the device comprises:

The storage class creation unit 101 is used to create a storage class with a replication type in a local container cluster;

The object association unit 102 is used to create a first persistent volume with a replication function on the storage, and add the first persistent volume to the protection group; create a persistent volume declaration of the storage class, and associate the first persistent volume, the persistent volume declaration, and the protection group;

The data synchronization unit 103 is used to send a volume creation command to the remote container cluster; after creating a second persistent volume with a replication relationship with the first persistent volume and a protection group with the same name as the protection group in the remote container cluster, the data of the first persistent volume and the second persistent volume are kept synchronized.

Using the device provided in the embodiment of the present application, a storage class with a replication type is created in a local container cluster; a first persistent volume with a replication function is created on the storage, and the first persistent volume is added to a protection group; a persistent volume declaration of the storage class is created, and the first persistent volume, the persistent volume declaration, and the protection group are associated; a volume creation command is sent to a remote container cluster; and after creating a second persistent volume with a replication relationship with the first persistent volume and a protection group with the same name as the protection group in the remote container cluster, the data of the first persistent volume and the second persistent volume are kept synchronized.

In a specific implementation of the present application, the object association unit 102 is specifically used to set the volume annotation and volume label of the first persistent volume;

In a specific implementation of the present application, the object association unit 102 is specifically configured to maintain data synchronization between the first persistent volume and the second persistent volume by using synchronous remote replication or asynchronous remote replication.

In a specific implementation of the present application, the object association unit 102 is further used to configure a target storage class having a real-time high-availability replication relationship;

In a specific implementation of the present application, the object association unit 102 is further configured to switch to another target persistent volume for reading and writing after a target persistent volume fails.

In a specific implementation of the present application, the object association unit 102 is further configured to re-establish the replication relationship during recovery and synchronize data from the normally operating target persistent volume.

In a specific implementation of the present application, the object association unit 102 is further used to use the protection group resource object to maintain the master-slave relationship between the resource objects and the persistent volumes on the storage in the master cluster and the slave cluster;

In a specific implementation manner of the present application, the object association unit 102 is further configured to set the action attribute of the protection group resource object to failover.

In a specific implementation of the present application, the object association unit 102 is further configured to set the action attribute of the protection group resource object to re-protection after the main cluster fails and recovers.

In a specific implementation of the present application, the data synchronization unit 103 is further configured to start the service of the container application by using the replicated data of the persistent volume from the cluster secondary storage.

In a specific implementation of the present application, the data synchronization unit 103 is further used to receive a backup request and create a corresponding backup object;

In a specific implementation of the present application, the data synchronization unit 103 is further used to receive a recovery request and create a corresponding recovery object custom resource;

Use the replication manager to verify the recovery object custom resources;

Corresponding to the above method embodiment, the embodiment of the present application further provides an electronic device. The electronic device described below and the container data protection method described above can refer to each other.

As shown in FIG5 , the electronic device includes:

Memory 332, used for storing computer programs;

The processor 322 is configured to implement the steps of the container data protection method of the above method embodiment when executing a computer program.

Specifically, please refer to Figure 6, which is a schematic diagram of the specific structure of an electronic device provided in this embodiment. The electronic device may have relatively large differences due to different configurations or performances, and may include one or more processors (central processing units, CPU) 322 (for example, one or more processors) and a memory 332, and the memory 332 stores one or more computer programs 342 or data 344. Among them, the memory 332 can be a temporary storage or a permanent storage. The program stored in the memory 332 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations in the data processing device. Furthermore, the central processing unit 322 can be configured to communicate with the memory 332 to execute a series of instruction operations in the memory 332 on the electronic device 301.

The electronic device 301 may further include one or more power supplies 326 , one or more wired or wireless network interfaces 350 , one or more input and output interfaces 358 , and/or one or more operating systems 341 .

The steps in the container data protection method described above can be implemented by the structure of an electronic device.

Corresponding to the above method embodiment, the embodiment of the present application further provides a non-volatile readable storage medium. The non-volatile readable storage medium described below and the container data protection method described above can refer to each other.

Refer to Figure 7, which is a non-volatile readable storage medium provided in this embodiment. The non-volatile readable storage medium stores a computer program. When the computer program is executed by the processor, the steps of the container data protection method of the above method embodiment are implemented.

The non-volatile readable storage medium may specifically be a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and other non-volatile readable storage media that can store program codes.

In this specification, each embodiment is described in a progressive manner, and each embodiment focuses on the differences from other embodiments. The same or similar parts between the embodiments can be referred to each other. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant parts can be referred to the method part.

Those skilled in the art may further appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the interchangeability of hardware and software, the composition and steps of each example have been generally described in terms of function in the above description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of this application.

The steps of the method or algorithm described in conjunction with the embodiments disclosed herein may be implemented directly using hardware, a software module executed by a processor, or a combination of the two. The software module may be placed in a random access memory (RAM), a memory, a read-only memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

Finally, it should be noted that, in this article, relationships such as first and second, etc. are used only to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Moreover, the terms include, include or any other variations are intended to cover non-exclusive inclusion, so that a process, method, article or device that includes a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device.

Specific examples are used herein to illustrate the principles and implementation methods of the present application. The description of the above embodiments is only used to help understand the method and core idea of the present application. At the same time, for those skilled in the art, according to the idea of the present application, there will be changes in the specific implementation methods and application scope. In summary, the content of this specification should not be understood as a limitation on the present application.

Claims

A container data protection system, comprising:

Replication manager, container storage controller, container orchestration server, and container storage interface;

Wherein, the container orchestration server and the container storage controller communicate with the container storage interface via a remote procedure call protocol;

The replication manager and the container storage controller communicate with the container orchestration server via a hypertext transfer protocol;

The replication manager includes a replication control management module and a cluster management module;

The container storage controller includes a container storage interface interaction module and a container storage management module;

The container storage interface is used to perform remote replication management and volume operations on the storage system.
The container data protection system according to claim 1 is characterized in that the cluster management module and the container orchestration server in the remote cluster use Rest API calls to query, create, and modify resource object information in the remote cluster.
The container data protection system according to claim 1 is characterized in that the cluster management module is used to obtain cluster access configuration information, communicate between container clusters, and query, create and modify resource objects in remote clusters.
The container data protection system according to claim 1 is characterized in that the replication control management module includes a backup object controller, a recovery object controller, a persistent volume controller, a persistent volume declaration controller and a protection group controller to realize the monitoring and operation of resource objects.
The container data protection system according to claim 4 is characterized in that the backup object controller is used to obtain resource objects related to cluster and application configuration from the container orchestration server;

The persistent volume controller is used to monitor the persistent volume status, labels and annotations, and query, create and modify resource objects in the remote cluster as needed.
The container data protection system according to claim 1 is characterized in that the container storage interface interaction module is used to call the RPC service in the container storage interface to perform remote replication management on the storage system.
The container data protection system according to claim 1 is characterized in that the controller management module includes a persistent volume controller, a persistent volume declaration controller and a protection group controller, and monitors the persistent volume or persistent volume declaration creation event. If it is a created replica volume, the RPC service of the container storage interface is called through the container storage interface interaction module to perform storage operations;

The persistent volume controller creates a protection group resource object through volume information, and establishes an association between the persistent volume and the protection group by adding annotations and tags to the persistent volume and the persistent volume declaration;

The protection group controller is used to manage protection group instances, process operation requests for protection groups, monitor replication status, and update sub-resource status.
The container data protection system according to claim 1, wherein the container storage interface further comprises an RPC service for remote replication volume management;

The remote replication volume management service is connected to the storage system and uses the remote replication function of the storage system to create replication pairs, add protection groups, synchronize data, and perform status on protection groups;

The remote replication function includes synchronous remote replication and asynchronous remote replication.
A container data protection method, characterized in that it is applied to the container data protection system according to any one of claims 1 to 8, comprising:

In the local container cluster, create a storage class with the replication type.

Creating a first persistent volume with a replication function on the storage, and adding the first persistent volume to the protection group;

Creating a persistent volume declaration for the storage class, and associating the first persistent volume, the persistent volume declaration, and the protection group;

Send a volume creation command to the remote container cluster;

After creating a second persistent volume having a replication relationship with the first persistent volume and a protection group with the same name as the protection group in the remote container cluster, data of the first persistent volume and the second persistent volume are kept synchronized.
The container data protection method according to claim 9, characterized in that associating the first persistent volume, the persistent volume declaration, and the protection group comprises:

Setting a volume annotation and a volume label of the first persistent volume;

Set the resource object of the protection group, and set the resource annotation and resource tag;

The first persistent volume, the persistent volume declaration, and the protection group are associated using the volume annotation, the volume label, the resource annotation, and the resource label.
The container data protection method according to claim 9, characterized in that maintaining data synchronization between the first persistent volume and the second persistent volume comprises:

Synchronous remote replication or asynchronous remote replication is used to keep data of the first persistent volume and the second persistent volume synchronized.
The container data protection method according to claim 9, further comprising:

Configure the target storage class with a real-time high-availability replication relationship;

Creating two target persistent volume declarations for the target storage class, wherein the target persistent volumes corresponding to the two target persistent volume declarations have a high-availability replication relationship;

The storage performance status is obtained, and a persistent volume with a faster response is selected from the two target persistent volumes for reading and writing.
The container data protection method according to claim 12, further comprising:

After one of the target persistent volumes fails, switch to another target persistent volume for reading and writing.
The container data protection method according to claim 13, further comprising:

During recovery, the replication relationship is re-established, and data is synchronized from the target persistent volume that is operating normally.
The container data protection method according to claim 9, further comprising:

Use the protection group resource objects to maintain the master-slave relationship between the resource objects and the persistent volumes on the storage in the master and slave clusters;

When the main cluster fails, the slave cluster is used to restore the container application of the main cluster based on the backup data of the container resources.
The container data protection method according to claim 15, further comprising:

The action attribute of the protection group resource object is set to failover.
The container data protection method according to claim 16, further comprising:

When the main cluster fails and recovers, the action attribute of the protection group resource object is set to re-protection.
The container data protection method according to claim 15 is characterized in that, using the slave cluster to restore the container application of the master cluster based on the backup data of the container resources, comprises:

The business of the container application is started by using the replicated data of the persistent volume in the secondary storage of the secondary cluster.
The container data protection method according to claim 9, further comprising:

Receive backup requests and create corresponding backup objects;

Query object resources from the container orchestration server and create custom resources for the backup object;

Call the container storage interface to create a snapshot of the volume to be backed up on the storage system;

Use the replication manager to upload the backed-up resource data to the backup storage location.
The container data protection method according to claim 19, further comprising:

Receive the recovery request and create the corresponding recovery object custom resource;

Using the replication manager, verifying the recovery object custom resource;

After verification, the backup resource data is obtained from the backup storage location and verified using the recovery object controller;

After verification, the backup resource data is used to create and restore the backup resources.
A container data protection device, comprising:

A storage class creation unit, used to create a storage class with a replication type in a local container cluster;

An object association unit, configured to create a first persistent volume with a replication function on the storage, and add the first persistent volume to a protection group; create a persistent volume declaration of the storage class, and associate the first persistent volume, the persistent volume declaration, and the protection group;

A data synchronization unit is used to send a volume creation command to a remote container cluster; after creating a second persistent volume having a replication relationship with the first persistent volume and a protection group with the same name as the protection group in the remote container cluster, keep the data of the first persistent volume and the second persistent volume synchronized.
An electronic device, comprising:

Memory for storing computer programs;

A processor, configured to implement the steps of the container data protection method as claimed in any one of claims 9 to 20 when executing the computer program.
A non-volatile readable storage medium, characterized in that a computer program is stored on the non-volatile readable storage medium, and when the computer program is executed by a processor, the steps of the container data protection method as described in any one of claims 9 to 20 are implemented.