CN110830546A - Available domain construction method, device and equipment based on container cloud platform - Google Patents
Available domain construction method, device and equipment based on container cloud platform Download PDFInfo
- Publication number
- CN110830546A CN110830546A CN201910889656.6A CN201910889656A CN110830546A CN 110830546 A CN110830546 A CN 110830546A CN 201910889656 A CN201910889656 A CN 201910889656A CN 110830546 A CN110830546 A CN 110830546A
- Authority
- CN
- China
- Prior art keywords
- cloud
- container
- network
- cloud host
- available
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010276 construction Methods 0.000 title claims description 21
- 238000002955 isolation Methods 0.000 claims abstract description 40
- 238000000034 method Methods 0.000 claims abstract description 29
- 238000004590 computer program Methods 0.000 claims description 7
- 230000009977 dual effect Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 5
- 238000011217 control strategy Methods 0.000 claims description 4
- 238000013515 script Methods 0.000 claims description 4
- 238000007726 management method Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012827 research and development Methods 0.000 description 2
- 238000012384 transportation and delivery Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1044—Group management mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the application belongs to the technical field of cloud computing, and relates to a method, a device, equipment and a storage medium for constructing an available domain based on a container cloud platform, wherein the method comprises the following steps: creating at least two cloud hosts on a cloud platform according to regions, wherein the cloud hosts are used for providing container services; adding the cloud host into a network isolation area and a network security area respectively; configuring a double-available-domain label for the cloud host and deploying the double-available-domain label to a container cluster; and managing the cloud host joining the container cluster. At least two cloud hosts are created through the container cloud platform, double-available-domain configuration is carried out on each cloud host, the cloud hosts are placed into different network areas and then added into the container cluster for unified management, and the high availability and automation level of the cloud host container cluster can be improved.
Description
Technical Field
The application relates to the technical field of cloud computing, in particular to a container cloud platform-based available domain construction method, device, equipment and storage medium.
Background
In the era of mobile internet, enterprises need to find new software delivery processes and IT architectures, thereby realizing architecture platformization, delivery persistence and business service. The container is a standard delivery part of a new generation of application, and the container cloud helps enterprise users to construct a research and development flow and cloud platform infrastructure, shortens the period of delivering the application to the cloud, reduces the operation threshold, and accelerates the double transformation of the enterprise to internet technology and business.
At present, many container cloud platforms, such as PaaS (platform as a service), SaaS (software as a service), and CaaS (container cloud platform), provide an application operation platform through technologies such as Docker (container) and kubernets (K8s for short), so as to implement operation and maintenance automation, deploy applications quickly, stretch elastically, and dynamically adjust application environment resources, for example, alisun improves high availability of ECS (elastic computing server) through a multi-region deployment scheme, but there are some main problems: 1. the ECS has no high availability and disaster tolerance, and needs to be realized by a multi-region, especially a logical multi-region framework; 2. the application runs on an ECS and needs to be manually scattered and deployed in multiple areas; 3. the cluster load balancing ELB needs to consider the influence after the node is recovered, needs to manually disable the node, and is low in efficiency.
Disclosure of Invention
The embodiment of the application aims to provide an available domain construction method, an available domain construction device, available domain construction equipment and a storage medium of a container cloud platform, and the high availability and automation level of a cloud host container cluster is improved.
In order to solve the above technical problem, an embodiment of the present application provides a method for building an available domain of a container cloud platform, including the following steps:
creating at least two cloud hosts on a cloud platform according to regions, wherein the cloud hosts are used for providing container services;
adding the cloud host into a network isolation area and a network security area respectively;
configuring a double-available-domain label for the cloud host and deploying the double-available-domain label to a container cluster;
and managing the cloud host joining the container cluster.
Further, the step of creating at least two cloud hosts on the cloud platform according to the region specifically includes:
logging in a container cloud platform;
and selecting an available area in the region to create at least two cloud host nodes on the cloud platform.
Further, the step of adding the cloud host to the network isolation area and the network security area respectively specifically includes:
establishing corresponding security groups according to different access control strategies, wherein the security groups comprise a network isolation region security group and a network security region security group;
and respectively binding the created at least two cloud host nodes to the created two security groups.
Further, the step of creating a corresponding security group according to different access control policies specifically includes:
dividing a network where the cloud host is located into at least a network isolation area and a network security area according to the security level;
and respectively creating corresponding security groups, namely a network isolation region security group and a network security region security group, according to the access control policies of the network isolation region and the network security region.
Further, the step of configuring the dual available domain tags for the cloud host and deploying the dual available domain tags to the container cluster specifically includes:
respectively marking double available domain labels on the at least two cloud host nodes;
adding the double-available domain label into a node deployment template of the cloud platform, so as to deploy the cloud host node to the container cluster;
and carrying out load balancing on the container cluster which is added into the network isolation area of the cloud host node.
Further, the step of performing load balancing on the container cluster added to the network isolation area of the cloud host node specifically includes:
adding the cloud host node bound to the network quarantine security group into a resource pool.
Further, the step of managing the cloud host joining the container cluster specifically includes:
and respectively adding monitoring scripts to the at least two cloud host nodes, and acquiring and reporting the running data of the nodes.
In order to solve the above technical problem, an embodiment of the present application further provides an available domain building apparatus based on a container cloud platform, which adopts the following technical solutions:
available domain construction device based on container cloud platform includes:
the system comprises a creating module, a receiving module and a sending module, wherein the creating module is used for creating at least two cloud hosts on a cloud platform according to regions, and the cloud hosts are used for providing container service;
the adding module is used for adding the cloud host into a network isolation area and a network security area respectively;
the deployment module is used for configuring the double available domain labels for the cloud host and deploying the double available domain labels to the container cluster;
and the management module is used for managing the cloud host which is added into the container cluster.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which adopts the following technical solutions:
the computer device comprises a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the available domain building method based on the container cloud platform provided in any one of the embodiments when executing the computer program.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, which adopts the following technical solutions:
the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the available domain construction method based on a container cloud platform according to any one of the embodiments of the present application.
Compared with the prior art, the embodiment of the application mainly has the following beneficial effects: creating at least two cloud hosts on a cloud platform according to regions, wherein the cloud hosts are used for providing container services; adding the cloud host into a network isolation area and a network security area respectively; configuring a double-available-domain label for the cloud host and deploying the double-available-domain label to a container cluster; and managing the cloud host joining the container cluster. At least two cloud hosts are created through the container cloud platform, double-available-domain configuration is carried out on each cloud host, the cloud hosts are placed into different network areas and then added into the container cluster for unified management, and the high availability and automation level of the cloud host container cluster can be improved.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a container cloud platform based available domain construction method according to the present application;
FIG. 3 is a flow diagram for one embodiment of step 201 of FIG. 2;
FIG. 4 is a flow diagram for one embodiment of step 202 of FIG. 2;
FIG. 5 is a flow diagram for one embodiment of step 203 of FIG. 2;
FIG. 6 is a schematic structural diagram of one embodiment of a container cloud platform based domain building apparatus according to the present application;
FIG. 7 is a block diagram of one embodiment of the creation module 301 of FIG. 6;
FIG. 8 is a schematic block diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture experts Group Audio Layer III, mpeg compression standard Audio Layer 3), MP4 players (Moving Picture experts Group Audio Layer IV, mpeg compression standard Audio Layer 4), laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that the available domain construction method based on the container cloud platform provided in the embodiment of the present application is generally executed by a server/terminal device, and accordingly, the available domain construction device based on the container cloud platform is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, a flow diagram of one embodiment of a method for available domain construction based on a container cloud platform is shown, in accordance with the present application. The available domain construction method based on the container cloud platform comprises the following steps:
In this embodiment, the electronic device (for example, the server/terminal device shown in fig. 1) on which the available domain building method based on the container cloud platform operates may be connected and logged in through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future.
The cloud platform address is a platform website domain name, such as yun. pingan. com, all users can access and select service types according to needs, such as file storage and sharing, application program creation and deployment and the like, then cloud hosts providing container services are selected and created according to the service types and the regions where the users are located, and the users can include but are not limited to individuals, organizations or research and development teams.
The network isolation zone and the network security zone are virtual network VPC (virtual Private cloud) obtained by further dividing the internet according to a certain security policy, the VPC is a logic network space customized on a public cloud (all users share a public network resource pool, and no logic isolation is performed between the users), the network isolation zone DMZ is a special area between an external network and an internal network, and a security defense line is added for a network security zone SF (internal network) to be protected. The access control strategy can be formulated, added, deleted and modified according to access requirements, and comprises that the intranet SF can access the extranet, the intranet SF can access the DMZ, the extranet cannot access the intranet SF, the extranet can access the DMZ, the DMZ cannot access the intranet SF, the DMZ cannot access the extranet, and the like.
In this embodiment, the created cloud host may be added to the network isolation area and the network security area, respectively, so as to provide services with different security levels.
In this embodiment, when many container applications are disposed on multiple cloud hosts, a container cluster is formed, and at this time, some tools or systems, such as kubernets (k8s), are required for uniformly managing containerized applications on multiple hosts in the cloud platform; the Kubernetes aims to make it simple and efficient to deploy containerized applications, uniformly manage these container clusters by providing mechanisms of application deployment, planning, updating and maintenance, further manage the container clusters in different regions, provide functions of resource scheduling, deployment operation, service discovery, capacity expansion and capacity reduction and the like for containerized applications, and provide container orchestration service, so that containers can communicate with each other and can pass through operations, and manage behaviors of multiple containers at the same time.
The available domain label can be a self-defined identifier used for representing an available domain in an available area, the created cloud host is configured with the self-defined available domain label and added into the container cluster, the corresponding cloud host node can be found from the container cluster through the available domain label, and then a container on the cloud host node can be managed by using a container cluster management tool.
And step 204, managing the cloud host which is added into the container cluster.
In this embodiment, the container management tool k8s is used to manage the cloud hosts joining the container cluster, such as monitoring the operation status, performing load balancing, performing disaster recovery, and the like.
It should be noted that the available domain construction method based on the container cloud platform provided in the embodiment of the present application may be applied to available domain construction equipment based on the container cloud platform, for example: computers, servers, workstations, etc. may be devices that perform the construction of available domains based on a container cloud platform.
In this embodiment, at least two cloud hosts are created on a cloud platform according to a region, and the cloud hosts are used for providing container services; adding the cloud host into a network isolation area and a network security area respectively; configuring a double-available-domain label for the cloud host and deploying the double-available-domain label to a container cluster; and managing the cloud host joining the container cluster. At least two cloud hosts are created through the container cloud platform, double-available-domain configuration is carried out on each cloud host, the cloud hosts are placed into different network areas and then added into the container cluster for unified management, and the high availability and automation level of the cloud host container cluster can be improved.
Further, as shown in fig. 3, the step 201 may include:
In this embodiment, the cloud platform of the container cloud platform (CaaS) is logged in using an account registered in the cloud platform, and an address of the cloud platform is a domain name of a platform website, such as yun. The container is a running instance created from the mirror image, which can be started, stopped and deleted, and the environment of each container is isolated from each other, so that the safety is guaranteed. And the starting, stopping and destroying of the container are all in units of seconds or milliseconds, and compared with the traditional virtualization technology, the performance loss of the container on resources such as CPU, memory, network IO and the like has the same level or even better performance. The Docker container mirror image can be stored in a local public/private mirror image warehouse, and a user can create a mirror image or update the existing mirror image through the warehouse, and can also directly download a finished mirror image from other places for direct use. The deployment of the container application is convenient to migrate and deploy through the mirror image mechanism.
In this embodiment, one of the two available regions a/B is selected to create a cloud host on the cloud platform according to a region (e.g., hong kong, shenzhen, shanghai, etc.) where the cloud host is located, for example, two available regions A, B are deployed in hong kong, the available region a may be selected, and further, basic configuration parameters of the cloud host, such as the number of CPU cores, memory capacity, and operating system type, may be selected as needed. The available area refers to a physical area in which power and a network are independent in the same region, and intranet intercommunication can be realized between the available area and the available area in the same region.
Wherein, the cloud host can be used for storing data or executing application programs to provide services; further, a plurality of container applications and environments on which the applications depend may also be installed on the cloud host through docker mirroring, for example: an image may contain a complete ubuntu operating system environment with only Apache or other applications that the user needs installed; the mirror may be used to create a Docker container and then run the application with the container.
Further, as shown in fig. 4, the step 202 may include:
Further, the step of creating a corresponding security group according to different access control policies specifically includes:
dividing a network where the cloud host is located into at least a network isolation area and a network security area according to the security level;
and respectively creating corresponding security groups, namely a network isolation region security group and a network security region security group, according to the access control policies of the network isolation region and the network security region.
Specifically, for the internet, the network may be divided into three regions according to security levels: the security level of the security system is the highest SF region (intranet), the security level of the DMZ region and the security level of the Internet region (extranet). The three regions have different access control policies due to being responsible for different tasks.
The DMZ (network isolation zone) zone is a special zone between the external network and the internal network, which adds a security defense line for the internal network SF (network security zone) to be protected, and provides a zone to place public services, and the external network can access the services, such as an enterprise Web server, an FTP server, a forum, and the like.
In this embodiment, the DMZ network isolation area and the SF network security area are virtual network VPCs (virtual Private cloud) further divided from the available area a or B, and the VPCs are logical network spaces customized on a public cloud (all users share a common network resource pool, and no logical isolation is performed between users), so as to autonomously construct an isolated virtual network environment capable of autonomously managing configuration and policy on a cloud platform, thereby improving security of resources in the network environment, further manage their subnet structures, IP address ranges and allocation manners, network routing policies, and the like in the VPC environment, and implement multi-layer security protection through security groups, network ACLs, and the like.
The access control strategy can be formulated, added, deleted and modified according to the access requirement, and comprises that the internal network SF can access the external network, the internal network SF can access the DMZ, the external network cannot access the internal network SF, the external network can access the DMZ, the DMZ cannot access the internal network SF, the DMZ cannot access the external network and the like. For example, the DMZ network isolation zone security group may be created according to the fact that an external network can access the DMZ but cannot directly access the internal network SF; according to the fact that the internal network SF can access the DMZ, and the DMZ can access the internal network SF to create the SF network security zone security group.
In this embodiment, the access policy of the DMZ network isolation zone security group created in step 2021 is issued to one of the at least two cloud host nodes created in the available zone a/B, and the access policy of the SF network security zone security group is issued to the other cloud host node, so as to complete binding, so that the two cloud host nodes respectively belong to different VPCs and provide services with different security levels.
Further, as shown in fig. 5, the step 203 may include:
In this embodiment, the available domain tags may be customized to indicate the available domain identifiers in the available area a/B, such as hka-az1, hka-az2 indicating az1 and az2 available domains in the hong Kong available area a; the available domain label is then associated with the created cloud host through the command line of the container management tool k8s, and the corresponding cloud host node can be found through the available domain label later, as follows: kubectl label no dmz _ node1ip failure-domain, beta, kubernets, io/zone hka-az 1; a kubecect label no dmz _ node2ip failure-domain, beta, kubernets, io/zone hka-az 2; kubecct label no sf _ node1ip failure-domain, beta, kubernets, io/zone hka-az 1; kubecct label no sf _ node2ip failure-domain, beta, kubernets, io/zone hka-az 2;
wherein, DMZ _ node1ip and DMZ _ node2ip represent two independent containers of the cloud host node of the DMZ network region, and are respectively used for bearing available domains hka-az1 and hka-az 2; similarly, SF _ node1ip, SF _ node2ip represent two separate containers for cloud host nodes of the SF network area described above, which are used to carry the available domains hka-az1 and hka-az2, respectively. Thus, the definition, configuration and management of the dual available domain labels by the container management tool k8s can make the cloud host have high available support on the architecture at IAAS (infrastructure) level.
In this embodiment, through the above container management tool k8s, a command of "kubtect _ deplaymentdeplayobject _ name-n _ namespace" is executed, a node affinity deployment template is opened, and the following information is added to the template segment:
thus, the two cloud host nodes with the available domain labels hka-az1 and hka-az2 can be deployed to a k8s cluster for unified management; the deployment mode of the multiple available domains based on the template configuration provided by the container management tool k8s is flexible and convenient.
Load Balance (LB) is a clustering technique for servers or network devices, and shares specific services (network services, network traffic, etc.) to multiple servers or network devices, thereby improving service processing capability and ensuring high availability of services. For example, in this embodiment, a container application cluster that has joined a network isolation area of a cloud host node may be deployed to multiple cloud hosts, and then requests of users are distributed to different servers through load balancing to improve performance and reliability of websites, applications, databases, or other services.
Further, step 2033 may comprise:
step 20331, adding the cloud host node bound to the network quarantine security group to a resource pool.
In this embodiment, under a load balancing ELB page of a CaaS cloud platform of a container cloud platform, a server resource pool of a DMZ network isolation area is found, and the cloud host node bound with the DMZ network isolation area security group is added to the resource pool, i.e., load balancing is performed.
Further, the step 204 may include:
and 2041, adding monitoring scripts to the at least two cloud host nodes respectively, and collecting and reporting the running data of the nodes.
The operating data of the host, such as the occupation condition of a CPU (central processing unit), the utilization rate of a memory and the like, are collected by adding a docker container process monitoring script to the cloud host node, and the operating condition of the host node is reported to the cloud platform at regular time by using a crontab tool command.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
With further reference to fig. 6, as an implementation of the method shown in fig. 2, the present application provides an embodiment of an available domain building apparatus based on a container cloud platform, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 6, the available domain building apparatus 300 based on the container cloud platform according to the present embodiment includes: a creation module 301, a joining module 302, a deployment module 303, and a management module 304. Wherein:
a creating module 301, configured to create at least two cloud hosts on a cloud platform according to a region, where the cloud hosts are used to provide container services;
an adding module 302, configured to add the cloud host to a network isolation area and a network security area respectively;
a deployment module 303, configured to configure a dual available domain tag for the cloud host and deploy the dual available domain tag to a container cluster;
and the management module 304 is configured to manage the cloud hosts joining the container cluster.
Further, as shown in fig. 7, for a structural schematic diagram of an embodiment of the creating module 301, the creating module 301 further includes:
a login submodule 3011 for logging in the container-based cloud platform;
the creating sub-module 3012 is configured to select one available area in the region where the cloud platform is located to create at least two cloud host nodes.
The available domain building device based on the container cloud platform provided by the embodiment of the application can realize each implementation manner in the method embodiments of fig. 2 to 5 and corresponding beneficial effects, and is not repeated here for avoiding repetition.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 8, fig. 8 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 8 comprises a memory 81, a processor 82, a network interface 83 communicatively connected to each other via a system bus. It is noted that only computer device 8 having components 81-83 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable gate array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 81 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 81 may be an internal storage unit of the computer device 8, such as a hard disk or a memory of the computer device 8. In other embodiments, the memory 81 may also be an external storage device of the computer device 8, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash Card (FlashCard), and the like, which are provided on the computer device 8. Of course, the memory 81 may also comprise both an internal storage unit of the computer device 8 and an external storage device thereof. In this embodiment, the memory 81 is generally used for storing an operating system installed in the computer device 8 and various types of application software, such as program codes of an available domain building method based on a container cloud platform. Further, the memory 81 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 82 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 82 is typically used to control the overall operation of the computer device 8. In this embodiment, the processor 82 is configured to execute the program code stored in the memory 81 or process data, for example, execute the program code of the available domain building method based on the container cloud platform.
The network interface 83 may comprise a wireless network interface or a wired network interface, and the network interface 83 is generally used for establishing communication connections between the computer device 8 and other electronic devices.
The present application further provides another embodiment, which is to provide a computer-readable storage medium storing an available domain construction program based on a container cloud platform, where the available domain construction program based on the container cloud platform is executable by at least one processor, so that the at least one processor performs the steps of the available domain construction method based on the container cloud platform as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that the acts and modules referred to are not necessarily required in this application.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may be implemented in the form of a software program module.
The integrated units, if implemented in the form of software program modules and sold or used as stand-alone products, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a memory, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.
Claims (10)
1. An available domain construction method based on a container cloud platform is characterized by comprising the following steps:
creating at least two cloud hosts on the container cloud platform according to regions, wherein the cloud hosts are used for providing container services;
adding the cloud host into a network isolation area and a network security area respectively;
configuring a double-available-domain label for the cloud host and deploying the double-available-domain label to a container cluster;
and managing the cloud host joining the container cluster.
2. The method according to claim 1, wherein the step of creating at least two cloud hosts on the cloud platform according to the region specifically comprises:
logging in a container cloud platform;
and selecting an available area in the region to create at least two cloud host nodes on the container cloud platform.
3. The method according to claim 1, wherein the step of adding the cloud host to the network isolation zone and the network security zone respectively comprises:
establishing corresponding security groups according to different access control strategies, wherein the security groups comprise a network isolation region security group and a network security region security group;
and respectively binding the created at least two cloud host nodes to the created two security groups.
4. The method of claim 3, wherein the step of creating corresponding security groups based on different access control policies specifically comprises:
dividing a network where the cloud host is located into at least a network isolation area and a network security area according to the security level;
and respectively creating corresponding security groups, namely a network isolation region security group and a network security region security group, according to the access control policies of the network isolation region and the network security region.
5. The method of claim 4, wherein the step of configuring the cloud host with the dual available domain label and deploying to the container cluster specifically comprises:
respectively marking double available domain labels on the at least two cloud host nodes;
adding the double-available domain label into a node deployment template of the cloud platform, so as to deploy the cloud host node to the container cluster;
and carrying out load balancing on the container cluster which is added into the network isolation area of the cloud host node.
6. The method according to claim 5, wherein the step of load balancing the container cluster that has joined the network isolation zone of the cloud host node specifically comprises:
adding the cloud host node bound to the network quarantine security group into a resource pool.
7. The method of claim 1, wherein the step of managing the cloud hosts joining the container cluster specifically comprises:
and respectively adding monitoring scripts to the at least two cloud host nodes, and acquiring and reporting the running data of the nodes.
8. An available domain construction device based on a container cloud platform, comprising:
the system comprises a creating module, a receiving module and a sending module, wherein the creating module is used for creating at least two cloud hosts on a cloud platform according to regions, and the cloud hosts are used for providing container service;
the adding module is used for adding the cloud host into a network isolation area and a network security area respectively;
the deployment module is used for configuring the double available domain labels for the cloud host and deploying the double available domain labels to the container cluster;
and the management module is used for managing the cloud host which is added into the container cluster.
9. A computer arrangement comprising a memory having stored therein a computer program and a processor which when executed performs the steps of the available domain construction method based on a container cloud platform of any one of claims 1 to 6.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the available domain construction method based on a container cloud platform of any one of claims 1 to 6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910889656.6A CN110830546A (en) | 2019-09-20 | 2019-09-20 | Available domain construction method, device and equipment based on container cloud platform |
| PCT/CN2020/098934 WO2021051933A1 (en) | 2019-09-20 | 2020-06-29 | Container cloud platform-based available area construction method and apparatus, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910889656.6A CN110830546A (en) | 2019-09-20 | 2019-09-20 | Available domain construction method, device and equipment based on container cloud platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110830546A true CN110830546A (en) | 2020-02-21 |
Family
ID=69548178
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910889656.6A Pending CN110830546A (en) | 2019-09-20 | 2019-09-20 | Available domain construction method, device and equipment based on container cloud platform |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110830546A (en) |
| WO (1) | WO2021051933A1 (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111597011A (en) * | 2020-04-10 | 2020-08-28 | 联通(广东)产业互联网有限公司 | Connection method and system based on private cloud resource model |
| CN111935321A (en) * | 2020-10-12 | 2020-11-13 | 中国传媒大学 | Converged media micro-service platform based on container cloud |
| WO2021051933A1 (en) * | 2019-09-20 | 2021-03-25 | 平安科技(深圳)有限公司 | Container cloud platform-based available area construction method and apparatus, device and storage medium |
| CN113467988A (en) * | 2020-03-30 | 2021-10-01 | 阿里巴巴集团控股有限公司 | Processing method, device and system of disaster recovery system |
| CN113904911A (en) * | 2021-10-15 | 2022-01-07 | 杭州安恒信息技术股份有限公司 | Device management method, system, readable storage medium and computer |
| CN114780168A (en) * | 2022-03-30 | 2022-07-22 | 全球能源互联网研究院有限公司南京分公司 | Method and device for dynamically changing security policy of intelligent terminal container and electronic equipment |
| CN115022317A (en) * | 2022-05-27 | 2022-09-06 | 亚信科技(中国)有限公司 | Application management method and device based on cloud platform, electronic equipment and storage medium |
| CN115134367A (en) * | 2022-06-28 | 2022-09-30 | 浙江吉利控股集团有限公司 | Cloud platform and service processing method |
| CN116797199A (en) * | 2022-04-08 | 2023-09-22 | 西安幸福悦动信息科技有限公司 | Object management operation and maintenance system |
| CN117082058A (en) * | 2023-10-18 | 2023-11-17 | 国网信息通信产业集团有限公司 | File transmission method under database isolation device environment |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113419901B (en) * | 2021-06-21 | 2024-09-24 | 北京金山云网络技术有限公司 | Data disaster recovery method, device and server |
| CN113596190B (en) * | 2021-07-23 | 2023-05-26 | 浪潮云信息技术股份公司 | Application distributed multi-activity system and method based on Kubernetes |
| CN113656181A (en) * | 2021-08-23 | 2021-11-16 | 中国工商银行股份有限公司 | Method and device for issuing real-time application cluster instance resources |
| CN113992511B (en) * | 2021-10-19 | 2024-06-18 | 京东科技信息技术有限公司 | Cloud host creation method and device, electronic equipment and storage medium |
| CN114070637B (en) * | 2021-11-23 | 2024-01-23 | 北京天融信网络安全技术有限公司 | Access control method, system, electronic equipment and storage medium based on attribute tag |
| CN114745391A (en) * | 2022-04-14 | 2022-07-12 | 上海蜜家文化传媒有限公司 | Method and system for global content distribution |
| CN115361283B (en) * | 2022-10-20 | 2023-03-24 | 深圳依时货拉拉科技有限公司 | K8S-based cloud host management method and device and computer equipment |
| CN117389690B (en) * | 2023-12-08 | 2024-03-15 | 中电云计算技术有限公司 | Mirror image package construction method, device, equipment and storage medium |
| CN118018549B (en) * | 2024-02-06 | 2024-10-18 | 中科云谷科技有限公司 | Method, processor, device and system for constructing cross-regional service system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120265976A1 (en) * | 2011-04-18 | 2012-10-18 | Bank Of America Corporation | Secure Network Cloud Architecture |
| CN105959138A (en) * | 2016-04-29 | 2016-09-21 | 深圳前海大数点科技有限公司 | Micro-service dynamic disposition system and method based on cloud calculation |
| CN105991734A (en) * | 2015-02-16 | 2016-10-05 | 广东亿迅科技有限公司 | Cloud platform management method and system |
| CN108737136A (en) * | 2017-04-18 | 2018-11-02 | 微软技术许可有限责任公司 | By new virtual machine and container allocation to the system and method for the server in cloud network |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11483405B2 (en) * | 2015-06-10 | 2022-10-25 | Platform9, Inc. | Private cloud as a service |
| US11138030B2 (en) * | 2016-11-17 | 2021-10-05 | Red Hat, Inc. | Executing code referenced from a microservice registry |
| CN107577496B (en) * | 2017-09-15 | 2020-11-10 | 济南浚达信息技术有限公司 | Docker-based desktop cloud management platform deployment system and working method and application thereof |
| CN110430259B (en) * | 2018-04-16 | 2020-12-01 | 腾讯科技(深圳)有限公司 | Data service system, server, and computer-readable storage medium |
| CN110830546A (en) * | 2019-09-20 | 2020-02-21 | 平安科技(深圳)有限公司 | Available domain construction method, device and equipment based on container cloud platform |
-
2019
- 2019-09-20 CN CN201910889656.6A patent/CN110830546A/en active Pending
-
2020
- 2020-06-29 WO PCT/CN2020/098934 patent/WO2021051933A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120265976A1 (en) * | 2011-04-18 | 2012-10-18 | Bank Of America Corporation | Secure Network Cloud Architecture |
| CN105991734A (en) * | 2015-02-16 | 2016-10-05 | 广东亿迅科技有限公司 | Cloud platform management method and system |
| CN105959138A (en) * | 2016-04-29 | 2016-09-21 | 深圳前海大数点科技有限公司 | Micro-service dynamic disposition system and method based on cloud calculation |
| CN108737136A (en) * | 2017-04-18 | 2018-11-02 | 微软技术许可有限责任公司 | By new virtual machine and container allocation to the system and method for the server in cloud network |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021051933A1 (en) * | 2019-09-20 | 2021-03-25 | 平安科技(深圳)有限公司 | Container cloud platform-based available area construction method and apparatus, device and storage medium |
| CN113467988A (en) * | 2020-03-30 | 2021-10-01 | 阿里巴巴集团控股有限公司 | Processing method, device and system of disaster recovery system |
| CN111597011A (en) * | 2020-04-10 | 2020-08-28 | 联通(广东)产业互联网有限公司 | Connection method and system based on private cloud resource model |
| CN111935321A (en) * | 2020-10-12 | 2020-11-13 | 中国传媒大学 | Converged media micro-service platform based on container cloud |
| CN113904911A (en) * | 2021-10-15 | 2022-01-07 | 杭州安恒信息技术股份有限公司 | Device management method, system, readable storage medium and computer |
| CN114780168B (en) * | 2022-03-30 | 2023-04-28 | 全球能源互联网研究院有限公司南京分公司 | Method and device for dynamically changing security policy of intelligent terminal container and electronic equipment |
| CN114780168A (en) * | 2022-03-30 | 2022-07-22 | 全球能源互联网研究院有限公司南京分公司 | Method and device for dynamically changing security policy of intelligent terminal container and electronic equipment |
| CN116797199A (en) * | 2022-04-08 | 2023-09-22 | 西安幸福悦动信息科技有限公司 | Object management operation and maintenance system |
| CN115022317A (en) * | 2022-05-27 | 2022-09-06 | 亚信科技(中国)有限公司 | Application management method and device based on cloud platform, electronic equipment and storage medium |
| CN115022317B (en) * | 2022-05-27 | 2024-03-08 | 亚信科技(中国)有限公司 | Cloud platform-based application management method and device, electronic equipment and storage medium |
| CN115134367A (en) * | 2022-06-28 | 2022-09-30 | 浙江吉利控股集团有限公司 | Cloud platform and service processing method |
| CN117082058A (en) * | 2023-10-18 | 2023-11-17 | 国网信息通信产业集团有限公司 | File transmission method under database isolation device environment |
| CN117082058B (en) * | 2023-10-18 | 2024-01-23 | 国网信息通信产业集团有限公司 | File transmission method under database isolation device environment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021051933A1 (en) | 2021-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110830546A (en) | Available domain construction method, device and equipment based on container cloud platform | |
| US9967136B2 (en) | System and method for policy-based smart placement for network function virtualization | |
| CN102202049B (en) | Network policy implementation for multi-virtual machine appliance | |
| US9602335B2 (en) | Independent network interfaces for virtual network environments | |
| US8843621B2 (en) | Event prediction and preemptive action identification in a networked computing environment | |
| Huang et al. | Utilize cloud computing to support dust storm forecasting | |
| Goel et al. | Impact of cloud computing on ERP implementations in higher education | |
| CN104052789A (en) | Load balancing for a virtual networking system | |
| CN103238138A (en) | Network interface for partition deployment/re-deployment in a cloud environment | |
| US10021111B2 (en) | Location based authentication of users to a virtual machine in a computer system | |
| CN111800462A (en) | Micro-service instance processing method and device, computer equipment and storage medium | |
| US20140351409A1 (en) | Monitoring client information in a shared environment | |
| US20220138015A1 (en) | Shared enterprise cloud | |
| CN102369714A (en) | Method of cloud terminal accessing cloud server in cloud computing system and cloud computing system | |
| CN105095103A (en) | Storage device management method and device used for cloud environment | |
| CN113711570B (en) | Method and system for enabling a computing device to communicate with a cloud network | |
| US10841363B2 (en) | Streaming API subscription without loss of events | |
| CN109522751A (en) | Access right control method, device, electronic equipment and computer-readable medium | |
| US10938655B2 (en) | Enterprise cloud garbage collector | |
| CN112199200B (en) | Resource scheduling method and device, computer equipment and storage medium | |
| CN102546837A (en) | Virtual host input-output redirection system and implementation method thereof | |
| Zhang et al. | A unified algorithm for virtual desktops placement in distributed cloud computing | |
| Liu et al. | A cloud-based experiment platform for computer-based education | |
| Jin et al. | Construction and Application Research of Colleges and Universities Cloud Service Platform | |
| CN117742931A (en) | Method and device for determining big data cluster deployment scheme, clusters and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40020216 Country of ref document: HK |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200221 |