[go: up one dir, main page]

CN114461303A - A method and apparatus for accessing services within a cluster - Google Patents

A method and apparatus for accessing services within a cluster Download PDF

Info

Publication number
CN114461303A
CN114461303A CN202210126123.4A CN202210126123A CN114461303A CN 114461303 A CN114461303 A CN 114461303A CN 202210126123 A CN202210126123 A CN 202210126123A CN 114461303 A CN114461303 A CN 114461303A
Authority
CN
China
Prior art keywords
service
request information
service request
cluster
container group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210126123.4A
Other languages
Chinese (zh)
Inventor
王萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingdong Technology Information Technology Co Ltd
Original Assignee
Jingdong Technology Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingdong Technology Information Technology Co Ltd filed Critical Jingdong Technology Information Technology Co Ltd
Priority to CN202210126123.4A priority Critical patent/CN114461303A/en
Publication of CN114461303A publication Critical patent/CN114461303A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • G06F9/4451User profiles; Roaming
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/505Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the load

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides a method and a device for accessing cluster internal services, wherein a cluster comprises at least one service component, each service component corresponds to at least one container group, and each container group loads corresponding internal services; the cluster is connected with a load balancer; the method comprises the following steps: receiving service request information through an external load balancer, wherein the service request information is used for requesting access to internal services of the cluster; determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component; and determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group. Automatic service exposure is realized, and internal services in the cluster can be conveniently and directly accessed.

Description

一种访问集群内部服务的方法和装置A method and apparatus for accessing services within a cluster

技术领域technical field

本公开涉及云平台技术领域,尤其涉及一种访问集群内部服务的方法和装置。The present disclosure relates to the technical field of cloud platforms, and in particular, to a method and apparatus for accessing services within a cluster.

背景技术Background technique

由于云原生集群的特性,部署在集群内的服务使用的是集群内的互联网协议地址,因此,只有集群内部的服务之间能够相互访问,集群外部的网络无法直接与集群内部的容器组建立通信。现有技术中,云原生通过集群地址、节点端口、负载均衡、入口等方式中的一种或者多种组合方式,对服务进行外部暴露或者内部暴露。但是,在进行服务暴露时,通常需要更多的手段来达成目的。例如使用入口这种方式进行对外服务暴露时,要额外人工申请服务。Due to the characteristics of cloud-native clusters, the services deployed in the cluster use the Internet protocol addresses in the cluster. Therefore, only the services inside the cluster can access each other, and the network outside the cluster cannot directly establish communication with the container group inside the cluster. . In the prior art, cloud native exposes services externally or internally through one or more combinations of cluster addresses, node ports, load balancing, and portals. However, when exposing services, more means are usually needed to achieve the goal. For example, when using the portal method to expose external services, additional manual service application is required.

发明内容SUMMARY OF THE INVENTION

本公开提供一种自适应的对外暴露方法和系统,用以解决现有技术中需要人工申请服务的缺陷,实现自动化的服务对外暴露,能够便捷地直接访问集群内部的内部服务。The present disclosure provides an adaptive external exposure method and system, which are used to solve the defect of manual service application in the prior art, realize automatic external exposure of services, and can conveniently and directly access the internal services inside the cluster.

第一方面,本公开提供一种访问集群内部服务的方法,所述集群包括至少一个服务组件,每个服务组件对应有至少一个容器组,每个容器组加载对应的内部服务;所述集群连接有负载均衡器;In a first aspect, the present disclosure provides a method for accessing an internal service of a cluster, the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads a corresponding internal service; the cluster connection There is a load balancer;

所述方法包括:The method includes:

通过外置的负载均衡器接收服务请求信息,其中,所述服务请求信息用于请求访问所述集群的内部服务;Receive service request information through an external load balancer, where the service request information is used to request access to internal services of the cluster;

基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件;Determine the service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, and send the service request information to the service component;

基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,将所述服务请求信息发送至所述目标容器组,并对所述目标容器组内的内部服务进行访问。Based on the second configuration file pre-stored in the service component, the target container group corresponding to the service request information is determined, the service request information is sent to the target container group, and the internal services in the target container group are sent to the target container group. to access.

根据本公开提供的访问集群内部服务的方法,所述服务组件包括:控制器和服务单元;According to the method for accessing a service within a cluster provided by the present disclosure, the service component includes: a controller and a service unit;

所述基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件包括:The determining the service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, and sending the service request information to the service component includes:

基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的控制器;determining the controller corresponding to the service request information based on the first configuration file pre-stored in the load balancer;

基于所述控制器获取所述服务单元,其中,所述控制器与服务单元一一对应;Obtain the service unit based on the controller, wherein the controller corresponds to the service unit one-to-one;

将所述服务请求信息发送至所述控制器,通过所述控制器将所述服务请求信息发送至所述服务单元。The service request information is sent to the controller, and the service request information is sent to the service unit through the controller.

根据本公开提供的访问集群内部服务的方法,在所述基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件之前,包括:According to the method for accessing services within a cluster provided by the present disclosure, before the determining of the service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, the method includes:

通过所述控制器与所述负载均衡器进行信息交互,获取所述控制器的信息;Obtain information of the controller through information interaction between the controller and the load balancer;

基于所述控制器的信息,通过所述负载均衡器对所述控制器配置相应的服务单元;Based on the information of the controller, configure a corresponding service unit on the controller through the load balancer;

通过所述负载均衡器将所述控制器的服务单元记录为第一配置文件。The service unit of the controller is recorded as a first configuration file by the load balancer.

根据本公开提供的访问集群内部服务的方法,在所述基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,之前,包括:According to the method for accessing a service within a cluster provided by the present disclosure, before determining the target container group corresponding to the service request information based on the second configuration file pre-stored in the service component, the steps include:

添加访问所述目标容器组内的内部服务的入口资源;Add the entry resource for accessing the internal service in the target container group;

通过所述服务组件同步获取所述入口资源,并将所述入口资源转换成对应的第二配置文件。The ingress resource is synchronously acquired by the service component, and the ingress resource is converted into a corresponding second configuration file.

根据本公开提供的访问集群内部服务的方法,所述确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件包括:According to the method for accessing a service within a cluster provided by the present disclosure, the determining a service component corresponding to the service request information and sending the service request information to the service component includes:

基于接收服务请求信息的第一入口地址,在第一配置文件中确定与所述第一入口地址对应的第一配置信息,其中,所述第一配置信息包括:第一入口地址、第一传输路径和服务组件标识;Based on the first entry address of the received service request information, first configuration information corresponding to the first entry address is determined in the first configuration file, wherein the first configuration information includes: the first entry address, the first transmission Path and service component identification;

基于所述第一配置信息确定所述服务请求信息对应的服务组件;Determine the service component corresponding to the service request information based on the first configuration information;

基于第一传输路径,将所述服务请求信息发送至所述服务组件标识对应的服务组件。Based on the first transmission path, the service request information is sent to the service component corresponding to the service component identifier.

根据本公开提供的访问集群内部服务的方法,所述确定所述服务请求信息对应的目标容器组,将所述服务请求信息发送至所述目标容器组包括:According to the method for accessing services within a cluster provided by the present disclosure, the determining a target container group corresponding to the service request information, and sending the service request information to the target container group includes:

基于接收服务请求信息的第二入口地址,在第二配置文件中确定与所述第二入口地址对应的第二配置信息,其中,所述第二配置信息包括:第二入口地址、端口地址、第二传输路径和目标容器组标识;Based on the second entry address of the received service request information, second configuration information corresponding to the second entry address is determined in the second configuration file, wherein the second configuration information includes: the second entry address, the port address, The second transmission path and the target container group identifier;

基于所述第二配置信息确定所述服务请求信息对应的目标容器组;determining a target container group corresponding to the service request information based on the second configuration information;

通过所述服务组件基于所述端口地址接收所述服务请求信息;receiving, by the service component, the service request information based on the port address;

基于第二传输路径,将所述服务组件中的服务请求信息发送至所述目标容器组标识对应的目标容器组。Based on the second transmission path, the service request information in the service component is sent to the target container group corresponding to the target container group identifier.

根据本公开提供的访问集群内部服务的方法,所述方法还包括:According to the method for accessing a service within a cluster provided by the present disclosure, the method further includes:

在所述控制器增加/减少的情况下,通过所述负载均衡器更新所述第一配置文件。The first configuration file is updated by the load balancer in the event of an increase/decrease of the controller.

第二方面,本公开提供一种访问集群内部服务的装置,所述集群包括至少一个服务组件,每个服务组件对应有至少一个容器组,每个容器组加载对应的内部服务;所述集群连接有负载均衡器;In a second aspect, the present disclosure provides an apparatus for accessing an internal service of a cluster, the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads a corresponding internal service; the cluster connection There is a load balancer;

所述装置包括:The device includes:

接收模块,用于通过外置的负载均衡器接收服务请求信息,其中,所述服务请求信息用于请求访问所述集群的内部服务;a receiving module, configured to receive service request information through an external load balancer, wherein the service request information is used to request access to internal services of the cluster;

确定模块,用于基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件;a determining module, configured to determine a service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, and send the service request information to the service component;

发送模块,用于基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,将所述服务请求信息发送至所述目标容器组,并对所述目标容器组内的内部服务进行访问。A sending module, configured to determine a target container group corresponding to the service request information based on the second configuration file pre-stored in the service component, send the service request information to the target container group, and send the target container to the target container group. Access to internal services within the group.

第三方面,本公开提供一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上述任一项所述访问集群内部服务的方法的步骤。In a third aspect, the present disclosure provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the program to achieve any of the above Steps of methods to access services inside the cluster.

第四方面,本公开提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如上述任一项所述访问集群内部服务的方法的步骤。In a fourth aspect, the present disclosure provides a non-transitory computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the method for accessing a service within a cluster according to any one of the above.

第五方面,本公开提供一种计算机程序产品,包括计算机程序,所述计算机程序被处理器执行时实现如上述任一项所述访问集群内部服务的方法的步骤。In a fifth aspect, the present disclosure provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the method for accessing a service within a cluster according to any one of the above.

本公开提供的一种访问集群内部服务的方法和装置,首先在集群外部设置负载均衡器,通过负载均衡器接收访问集群的内部服务的请求信息,基于负载均衡器中预存的第一配置文件,确定集群内与服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件,所述服务组件是集群内部生成的,不需要额外人工申请服务组件;再基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,并将所述服务请求信息发送给目标容器组,且对目标容器组内的内部服务进行访问。实现自动化的服务对外暴露,能够便捷地直接访问集群内部的内部服务。The present disclosure provides a method and device for accessing services within a cluster, firstly setting a load balancer outside the cluster, receiving request information for accessing the internal services of the cluster through the load balancer, and based on the first configuration file pre-stored in the load balancer, Determine the service component corresponding to the service request information in the cluster, and send the service request information to the service component. The service component is generated inside the cluster and does not require additional manual application for the service component; and then based on the service component The second configuration file pre-stored in the server determines the target container group corresponding to the service request information, sends the service request information to the target container group, and accesses the internal services in the target container group. The automated services are exposed to the outside world, and the internal services within the cluster can be easily and directly accessed.

附图说明Description of drawings

为了更清楚地说明本公开或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本公开的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the present disclosure or the technical solutions in the prior art more clearly, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are the For the disclosed embodiments, for those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.

图1是为本公开实施例提供的一种访问集群内部服务的方法的流程示意图;FIG. 1 is a schematic flowchart of a method for accessing an internal service of a cluster according to an embodiment of the present disclosure;

图2是本公开实施例提供的将服务请求信息发送至所述服务组件的流程示意图之一;2 is one of the schematic flowcharts of sending service request information to the service component provided by an embodiment of the present disclosure;

图3是本公开实施例提供的获取第一配置文件的流程示意图;3 is a schematic flowchart of obtaining a first configuration file provided by an embodiment of the present disclosure;

图4是本公开实施例提供的将服务请求信息发送至所述服务组件的流程示意图之二;FIG. 4 is the second schematic flowchart of sending service request information to the service component provided by an embodiment of the present disclosure;

图5是本公开实施例提供的服务请求信息发送至目标容器组的流程示意图;5 is a schematic flowchart of sending service request information to a target container group provided by an embodiment of the present disclosure;

图6是本公开实施例提供的访问集群内部服务的框图;FIG. 6 is a block diagram of accessing an internal service of a cluster provided by an embodiment of the present disclosure;

图7是本公开实施例提供的访问集群内部服务的整体流程示意图;7 is a schematic diagram of an overall flow of accessing an internal service of a cluster provided by an embodiment of the present disclosure;

图8是本公开实施例提供的一种访问集群内部服务的装置的结构示意图;FIG. 8 is a schematic structural diagram of an apparatus for accessing services within a cluster provided by an embodiment of the present disclosure;

图9是本公开提供的电子设备的结构示意图。FIG. 9 is a schematic structural diagram of an electronic device provided by the present disclosure.

具体实施方式Detailed ways

为使本公开实施例的目的、技术方案和优点更加清楚,下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开实施例一部分实施例,而不是全部的实施例。基于本公开实施例中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本公开实施例保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present disclosure clearer, the technical solutions in the embodiments of the present disclosure will be described clearly and completely below with reference to the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments It is a part of the embodiments of the present disclosure, but not all of the embodiments. Based on the embodiments in the embodiments of the present disclosure, all other embodiments obtained by persons of ordinary skill in the art without creative work fall within the protection scope of the embodiments of the present disclosure.

云原生是一种软件开发技术,它充分利用了云计算,使用软件技术栈将应用程序部署为微服务。现有技术中,云原生应用程序构建在Docker容器中运行的一组微服务,在Kubernetes中编排,并使用DevOps和GitOps工作流进行管理和部署。使用Docker容器能够将执行所需的所有软件及环境配置打包到一个可执行包中。容器在虚拟化环境中运行,从而将包含的应用程序与其环境隔离。Cloud native is a software development technology that leverages cloud computing to deploy applications as microservices using a software technology stack. In the prior art, cloud-native applications are built as a set of microservices running in Docker containers, orchestrated in Kubernetes, and managed and deployed using DevOps and GitOps workflows. Using a Docker container can package all the software and environment configuration required for execution into an executable package. Containers run in a virtualized environment, isolating the contained application from its environment.

Kubernetes缩写为K8s,是Google团队发起并维护的一个容器集群管理系统,底层基于Docker、Rkt等容器技术,提供强大的应用管理和资源管理调度能力。K8s具有完备的集群管理能力,包括多层次的安全防护和准入机制、多租户应用支撑能力、透明的服务注册和服务发现机制、内建智能负载均衡器、强大的故障发现和自我修复功能、服务滚动升级和在线扩容能力、可扩展的资源自动调度机制,以及多粒度的资源配置额管理能力。同时,K8s提供了完善的管理工具,这些工具覆盖了包括开发、测试部署、运维监控在内的各个环节。因此,K8s是一个全新的、基于容器技术的分布式架构解决方案,并且,是一个一站式的、完备的分布式系统开发和支撑平台。Kubernetes, abbreviated as K8s, is a container cluster management system initiated and maintained by the Google team. The bottom layer is based on container technologies such as Docker and Rkt, providing powerful application management and resource management scheduling capabilities. K8s has complete cluster management capabilities, including multi-level security protection and access mechanisms, multi-tenant application support capabilities, transparent service registration and service discovery mechanisms, built-in intelligent load balancers, powerful fault discovery and self-healing functions, Service rolling upgrade and online expansion capabilities, scalable automatic resource scheduling mechanism, and multi-granularity resource allocation management capabilities. At the same time, K8s provides comprehensive management tools, which cover all aspects including development, test deployment, and operation and maintenance monitoring. Therefore, K8s is a brand-new distributed architecture solution based on container technology, and is a one-stop, complete distributed system development and support platform.

对外服务暴露指的是将集群内部的应用服务暴露在外面,以使集群外部网络能够访问集群内部的应用服务。External service exposure refers to exposing the application services inside the cluster to the outside, so that the network outside the cluster can access the application services inside the cluster.

对内服务暴露用于集群内部的服务访问,即给定一个集群内的服务,集群内的其它应用都可以访问该服务,集群外部无法访问它。Internal service exposure is used for service access inside the cluster, that is, given a service in the cluster, other applications in the cluster can access the service, but cannot access it outside the cluster.

Kubernetes集群的网络模型是一种被普遍使用的基于容器的分布式架构领先方案,其解决了大规模集群在使用中的管理难题。在Kubernetes集群中,容器组Pod是Kubernetes集群部署的最小单元,为客户端提供某种服务,通常为服务分配集群内的互联网协议地址。The network model of Kubernetes cluster is a widely used leading solution of container-based distributed architecture, which solves the management problems of large-scale clusters in use. In a Kubernetes cluster, a container group Pod is the smallest unit deployed in a Kubernetes cluster. It provides a certain service to the client, and usually assigns an Internet Protocol address within the cluster to the service.

但是,由于Kubernetes集群的特性,部署在Kubernetes集群内的服务使用的是集群内的互联网协议地址,因此,只有Kubernetes集群内部的服务之间能够相互访问,集群外部的网络无法直接与Kubernetes集群内部的Pod建立通信。现有技术中,基于Kubernetes能够提供高可用的微服务,为了访问这些服务,Kubernetes提供了四种方式:ClusterIP、Nodeport、Loadbalancer、Ingress。However, due to the characteristics of the Kubernetes cluster, the services deployed in the Kubernetes cluster use the Internet Protocol addresses in the cluster. Therefore, only the services inside the Kubernetes cluster can access each other, and the network outside the cluster cannot directly communicate with the internal Kubernetes cluster. Pods establish communication. In the existing technology, Kubernetes can provide highly available microservices. In order to access these services, Kubernetes provides four methods: ClusterIP, Nodeport, Loadbalancer, and Ingress.

1)ClusterIP服务是Kubernetes的默认服务。用于集群内部的服务访问,即给定一个集群内的服务,集群内的其它应用都可以访问该服务,集群外部无法访问它。1) The ClusterIP service is the default service of Kubernetes. It is used for service access inside the cluster, that is, given a service in the cluster, other applications in the cluster can access the service, but cannot access it outside the cluster.

2)NodePort服务是引导外部流量到容器组内的服务的最原始方式。这种方式主要是在所有节点(节点可以为虚拟机)上开放一个特定端口,任何发送到该端口的流量都被转发到对应服务。Nodeport使用起来比较方便,适合于开发测试阶段,但是Nodeport个数有限,使用Nodeport方式暴露的Kubernetes服务个数有限。2) The NodePort service is the most primitive way to direct external traffic to services within a container group. This method mainly opens a specific port on all nodes (nodes can be virtual machines), and any traffic sent to this port is forwarded to the corresponding service. Nodeport is more convenient to use and is suitable for development and testing. However, the number of Nodeports is limited, and the number of Kubernetes services exposed by Nodeport is limited.

3)LoadBalancer服务是暴露服务到Internet的标准方式。在GKE上,这种方式会启动一个Network Load Balancer,将会给定一个单独的IP地址,所有通往指定的IP地址的流量都会被转发到对应的服务。这种方式没有过滤条件,没有路由等。即可以发送任何种类的流量到该服务,像HTTP,TCP,UDP,Websocket,gRPC或其它任意种类。但是,这种方式的最大缺点是每一个用LoadBalancer暴露的服务都会有它自己的IP地址,每个用到的LoadBalancer都需要付费,这将是非常昂贵的。3) The LoadBalancer service is a standard way of exposing services to the Internet. On GKE, this method will start a Network Load Balancer, which will be given a single IP address, and all traffic to the specified IP address will be forwarded to the corresponding service. This way there are no filtering conditions, no routing, etc. That is, any kind of traffic can be sent to the service, like HTTP, TCP, UDP, Websocket, gRPC or any other kind. However, the biggest disadvantage of this method is that each service exposed with LoadBalancer will have its own IP address, and each LoadBalancer used will need to be paid, which will be very expensive.

4)Ingress是k8s资源对象,用于对外暴露服务,但是使用Ingress进行对外服务暴露时,要额外人工申请Service。4) Ingress is a k8s resource object, which is used to expose services to the outside world. However, when using Ingress to expose external services, you need to apply for additional services manually.

本公开的实施例提供一种访问集群内部服务的方法,利用集群内置的Ingress-controller以及外置的负载均衡器,实现自动化的服务对外暴露,能够便捷地直接访问集群内部的内部服务。The embodiments of the present disclosure provide a method for accessing internal services of a cluster, which utilizes the built-in Ingress-controller and external load balancer of the cluster to realize automatic external exposure of services, and can conveniently and directly access the internal services inside the cluster.

参照图1所示,为本公开实施例提供的一种访问集群内部服务的方法的流程示意图,所述集群包括至少一个服务组件,每个服务组件对应有至少一个容器组,每个容器组加载对应的内部服务;所述集群连接有负载均衡器。Referring to FIG. 1, which is a schematic flowchart of a method for accessing services within a cluster according to an embodiment of the present disclosure, the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads The corresponding internal service; the cluster is connected with a load balancer.

集群(Cluster)是计算、存储和网络资源的集合,K8s利用这些资源运行各种基于容器的应用,集群可以作为一个虚拟机。集群的每个组成点称为节点(Node),由节点组合形成群集。Node的职责是运行容器应用,Node负责监控并汇报容器的状态,同时根据Cluster的要求管理容器的生命周期。Node运行在Linux的操作系统上,也可以是物理机或者是虚拟机。A cluster is a collection of computing, storage and network resources. K8s uses these resources to run various container-based applications. The cluster can be used as a virtual machine. Each constituent point of the cluster is called a node (Node), and the nodes are combined to form a cluster. The responsibility of Node is to run container applications. Node is responsible for monitoring and reporting the status of the container, and managing the life cycle of the container according to the requirements of the Cluster. Node runs on the Linux operating system, and can also be a physical machine or a virtual machine.

一个节点(Node)中包括多个容器组,容器组指的是Pod,Pod在K8s中是基本的管理单元,而不是容器(Container),Pod是K8s在容器上的一层封装,由一组运行在同一主机的一个或多个容器组成。A node (Node) includes multiple container groups. A container group refers to a Pod. A Pod is a basic management unit in K8s, not a container. A Pod is a layer of encapsulation of K8s on a container. Consists of one or more containers running on the same host.

所述方法包括:The method includes:

110,通过外置的负载均衡器接收服务请求信息,其中,所述服务请求信息用于请求访问所述集群的内部服务。110. Receive service request information through an external load balancer, where the service request information is used to request access to an internal service of the cluster.

该步骤中,负载均衡器(Load Balance),其含义就是指负载(服务请求信息)进行平衡、分摊到集群内不同容器组上执行,从而协同完成工作任务。在同一集群内的不同节点所提供的服务一致的情况下,负载均衡器就会起到流量分配的作用,将流量分配到不同的节点(容器组)中。In this step, the meaning of load balancer (Load Balance) means that the load (service request information) is balanced and distributed to different container groups in the cluster for execution, so as to complete the work tasks collaboratively. In the case where the services provided by different nodes in the same cluster are consistent, the load balancer will play the role of traffic distribution and distribute traffic to different nodes (container groups).

服务请求信息中可以包括:对服务的请求方法、服务的标识符及使用的协议或Kubernetes集群的内部服务的域名等。The service request information may include: the request method for the service, the identifier of the service, the protocol used, or the domain name of the internal service of the Kubernetes cluster, etc.

120,基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件。120. Determine a service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, and send the service request information to the service component.

该步骤中,第一配置文件可以理解为集群内部的所有的服务组件的关键信息。In this step, the first configuration file can be understood as key information of all service components in the cluster.

服务组件可以理解为是通过规则定义出多个容器组对象组合而成的逻辑集合,以及访问这组容器组的策略。A service component can be understood as a logical collection composed of multiple container group objects defined by rules, and a policy for accessing this group of container groups.

130,基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,将所述服务请求信息发送至所述目标容器组,并对所述目标容器组内的内部服务进行访问。130. Based on the second configuration file pre-stored in the service component, determine a target container group corresponding to the service request information, send the service request information to the target container group, and analyze the target container group for the service request information. access to internal services.

该步骤中,第二配置文件可以理解为所有容器组的关键信息。In this step, the second configuration file can be understood as key information of all container groups.

本公开提供的一种访问集群内部服务的方法,首先在集群外部设置负载均衡器,通过负载均衡器接收访问集群的内部服务的请求信息,基于负载均衡器中预存的第一配置文件,确定集群内与服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件,所述服务组件是集群内部生成的,不需要额外人工申请服务组件;再基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,并将所述服务请求信息发送给目标容器组,且对目标容器组内的内部服务进行访问。实现自动化的服务对外暴露,能够便捷地直接访问集群内部的内部服务。The present disclosure provides a method for accessing services within a cluster. First, a load balancer is set outside the cluster, request information for accessing the internal services of the cluster is received through the load balancer, and the cluster is determined based on a first configuration file pre-stored in the load balancer. The service component corresponding to the service request information is sent to the service component, and the service component is generated inside the cluster, and no additional manual application for the service component is required; based on the pre-stored service component the second configuration file, determine the target container group corresponding to the service request information, send the service request information to the target container group, and access the internal services in the target container group. The automated services are exposed to the outside world, and the internal services within the cluster can be easily and directly accessed.

基于上述任一实施例,所述服务组件包括:控制器和服务单元。Based on any of the foregoing embodiments, the service component includes: a controller and a service unit.

所述控制器指Ingress-controller。Ingress-controller就是一个Nginx容器,起到转发作用,真实网络中的流量先导入到安装了Ingress-controller所在的Node上,然后Ingress-controller根据Ingress规则,引流到后端Pod上。The controller refers to Ingress-controller. Ingress-controller is an Nginx container, which plays a forwarding role. The traffic in the real network is first imported to the Node where the Ingress-controller is installed, and then the Ingress-controller diverts the traffic to the back-end Pod according to the Ingress rules.

Ingress-controller可以由任何具有反向代理功能的服务程序实现,如Nginx、Envoy和Traefik等。Ingress-controller自身也是运行于集群中的Pod资源对象,它与被代理的运行为Pod资源的应用运行于同一网络中。Ingress-controller can be implemented by any service program with reverse proxy function, such as Nginx, Envoy and Traefik, etc. Ingress-controller itself is also a Pod resource object running in the cluster, and it runs on the same network as the proxied application running as a Pod resource.

所述服务单元指Service,具体为NodePort类型的Service,NodePort是引导外部流量到集群内,访问内部服务的一种类型。The service unit refers to a Service, specifically a Service of a NodePort type, and a NodePort is a type that guides external traffic into the cluster and accesses internal services.

通过Service就能访问到后面的Pod服务。需要注意的是,其实Service并不是直接连接到Pod对象,Service和Pod之间还有一个中间层—Endpoints资源对象,它是一个由IP和端口组成的列表。默认情况下,创建Service资源对象时,其关联的Endpoints对象会自动被创建。The Pod service behind can be accessed through the Service. It should be noted that, in fact, the Service is not directly connected to the Pod object. There is also an intermediate layer between the Service and the Pod - the Endpoints resource object, which is a list composed of IP and ports. By default, when a Service resource object is created, its associated Endpoints object is automatically created.

参照图2所示,为本公开实施例提供的将服务请求信息发送至所述服务组件的流程示意图之一,包括:Referring to FIG. 2, one of the schematic flowcharts of sending service request information to the service component provided by an embodiment of the present disclosure includes:

210,基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的控制器。210. Determine a controller corresponding to the service request information based on the first configuration file pre-stored in the load balancer.

该步骤中,第一配置文件中存储着服务组件的关键信息,因此,基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的Ingress-controller。In this step, the key information of the service component is stored in the first configuration file. Therefore, the Ingress-controller corresponding to the service request information is determined based on the first configuration file pre-stored in the load balancer.

220,基于所述控制器获取所述服务单元,其中,所述控制器与服务单元一一对应。220. Acquire the service unit based on the controller, where the controller corresponds to the service unit one-to-one.

该步骤中,Ingress-controller与Service一一对应生成,在获取Ingress-controller也就相应获取Service。In this step, the Ingress-controller and the Service are generated in a one-to-one correspondence, and when the Ingress-controller is obtained, the Service is obtained accordingly.

230,将所述服务请求信息发送至所述控制器,通过所述控制器将所述服务请求信息发送至所述服务单元。230. Send the service request information to the controller, and send the service request information to the service unit through the controller.

该步骤中,将服务请求信息发送至Ingress-controller,再由Ingress-controller发送至对应的Service。In this step, the service request information is sent to the Ingress-controller, which is then sent to the corresponding Service by the Ingress-controller.

参照图3所示,为本公开实施例提供的获取第一配置文件的流程示意图,包括:Referring to FIG. 3, a schematic flowchart of obtaining a first configuration file provided by an embodiment of the present disclosure includes:

310,通过所述控制器与所述负载均衡器进行信息交互,获取所述控制器的信息。310. Obtain information of the controller by performing information interaction between the controller and the load balancer.

该步骤中,集群中所有的Ingress-controller会自动与外置的负载均衡器进行交互,外置的负载均衡器会记录这些Ingress-controller的关键信息。In this step, all Ingress-controllers in the cluster will automatically interact with the external load balancer, and the external load balancer will record the key information of these Ingress-controllers.

320,基于所述控制器的信息,通过所述负载均衡器对所述控制器配置相应的服务单元。320. Based on the information of the controller, configure a corresponding service unit for the controller through the load balancer.

该步骤中,负载均衡器会根据关键信息,为集群内的Ingress-controller申请NodePort类型的Service,即配置相应的服务单元。In this step, the load balancer will apply for a NodePort-type Service for the Ingress-controller in the cluster according to the key information, that is, configure the corresponding service unit.

330,通过所述负载均衡器将所述控制器的服务单元记录为第一配置文件。330. Use the load balancer to record the service unit of the controller as a first configuration file.

该步骤中,在外置的负载均衡器中,将配置的Service记录为第一配置文件,其中包含Ingress-controller所在Node的IP地址,以及Service中port的端口,并且可以在外置负载均衡器中配置负载均衡算法。In this step, in the external load balancer, the configured Service is recorded as the first configuration file, which contains the IP address of the Node where the Ingress-controller is located, and the port in the Service, which can be configured in the external load balancer Load balancing algorithm.

基于上述任一实施例,在所述步骤130之前包括下述步骤130~132:Based on any of the foregoing embodiments, the following steps 130 to 132 are included before the step 130:

步骤131,添加访问所述目标容器组内的内部服务的入口资源。Step 131, adding an entry resource for accessing the internal service in the target container group.

该步骤中,入口资源指的是Ingress资源。Ingress是k8s的标准资源类型之一,它其实就是一组基于DNS名称或URL路径把请求转发至指定的Service资源的规则,用于将集群外部的请求流量转发至集群内部完成服务发布。然而,Ingress资源自身并不能进行流量穿透,它仅是规则的集合,这些规则要想真正发挥作用还需要其他功能的辅助,需要配置对应的Ingress-controller。In this step, the ingress resource refers to the Ingress resource. Ingress is one of the standard resource types of k8s. It is actually a set of rules that forward requests to specified Service resources based on DNS names or URL paths, which are used to forward request traffic from outside the cluster to the inside of the cluster to complete service publishing. However, the Ingress resource itself cannot perform traffic penetration. It is only a collection of rules. In order for these rules to work, they need the assistance of other functions, and the corresponding Ingress-controller needs to be configured.

步骤132,通过所述服务组件同步获取所述入口资源,并将所述入口资源转换成对应的第二配置文件。Step 132: Synchronously acquire the entry resource through the service component, and convert the entry resource into a corresponding second configuration file.

该步骤中,所述服务组件同步获取Ingress资源,并将Ingress资源转换成自身能够加载的第二配置文件。In this step, the service component acquires the Ingress resource synchronously, and converts the Ingress resource into a second configuration file that can be loaded by itself.

参照图4所示,为本公开实施例提供的将服务请求信息发送至所述服务组件的流程示意图之二,包括:Referring to FIG. 4 , the second schematic flowchart of sending service request information to the service component provided by an embodiment of the present disclosure includes:

410,基于接收服务请求信息的第一入口地址,在第一配置文件中确定与所述第一入口地址对应的第一配置信息,其中,所述第一配置信息包括:第一入口地址、第一传输路径和服务组件标识。410. Determine, in a first configuration file, first configuration information corresponding to the first entry address based on the first entry address receiving the service request information, where the first configuration information includes: the first entry address, the first entry address, the first entry address, and the first entry address. A transport path and service component identification.

该步骤中,第一入口地址指的是Ingress资源中指定的IP地址,即负载均衡器的IP地址,若Ingress资源中没有特别指定,则自动分配的访问IP地址。In this step, the first entry address refers to the IP address specified in the Ingress resource, that is, the IP address of the load balancer. If there is no special designation in the Ingress resource, the access IP address is automatically allocated.

420,基于所述第一配置信息确定所述服务请求信息对应的服务组件。420. Determine a service component corresponding to the service request information based on the first configuration information.

该步骤中,第一配置信息中包括集群内服务组件的相关信息,因此,根据服务请求信息确定对应的服务组件。In this step, the first configuration information includes related information of the service components in the cluster, therefore, the corresponding service components are determined according to the service request information.

430,基于第一传输路径,将所述服务请求信息发送至所述服务组件标识对应的服务组件。430. Based on the first transmission path, send the service request information to a service component corresponding to the service component identifier.

该步骤中,第一传输路径path为Ingress资源中指定的第一传输路径,基于第一传输路径,将服务请求信息发送至服务组件标识对应的服务组件中。In this step, the first transmission path path is the first transmission path specified in the Ingress resource, and based on the first transmission path, the service request information is sent to the service component corresponding to the service component identifier.

参照图5所示,为本公开实施例提供的服务请求信息发送至目标容器组的流程示意图,包括:Referring to FIG. 5 , a schematic flowchart of sending service request information to a target container group provided by an embodiment of the present disclosure includes:

510,基于接收服务请求信息的第二入口地址,在第二配置文件中确定与所述第二入口地址对应的第二配置信息,其中,所述第二配置信息包括:第二入口地址、端口地址、第二传输路径和目标容器组标识。510. Determine second configuration information corresponding to the second entry address in the second configuration file based on the second entry address of the received service request information, where the second configuration information includes: the second entry address, the port address, second transmission path, and target container group identification.

该步骤中,第二入口地址指的是进入所述集群的入口地址。In this step, the second entry address refers to the entry address for entering the cluster.

520,基于所述第二配置信息确定所述服务请求信息对应的目标容器组。520. Determine a target container group corresponding to the service request information based on the second configuration information.

530,通过所述服务组件基于所述端口地址接收所述服务请求信息。530. Receive, by the service component, the service request information based on the port address.

该步骤中,端口地址与Ingress资源中指定的端口地址一致,即进入集群内服务组件的端口地址。In this step, the port address is the same as the port address specified in the Ingress resource, that is, the port address of the service component entering the cluster.

540,基于第二传输路径,将所述服务组件中的服务请求信息发送至所述目标容器组标识对应的目标容器组。540. Based on the second transmission path, send the service request information in the service component to a target container group corresponding to the target container group identifier.

该步骤中,Path为Ingress资源中指定的第二传输路径,后端为Ingress资源中指定的Service。In this step, Path is the second transmission path specified in the Ingress resource, and the backend is the Service specified in the Ingress resource.

基于Ingress资源中指定的第二传输路径将服务组件中的服务请求信息发送至目标容器组标识对应的目标容器组中。Based on the second transmission path specified in the Ingress resource, the service request information in the service component is sent to the target container group corresponding to the target container group identifier.

基于上述任一实施例,所述方法还包括:Based on any of the above embodiments, the method further includes:

在所述控制器增加/减少的情况下,通过所述负载均衡器更新所述第一配置文件。The first configuration file is updated by the load balancer in the event of an increase/decrease of the controller.

该步骤中,在Ingress-controller发生扩缩容时,即控制器增加/减少时,外置的负载均衡器会自动更新第一配置文件。导致Ingress-controller发生扩缩容的事件可以包括:服务淘汰事件,服务创建事件等。In this step, when the Ingress-controller expands or shrinks, that is, when the controller increases/decreases, the external load balancer will automatically update the first configuration file. The events that cause the Ingress-controller to expand or shrink include: service elimination events, service creation events, etc.

进一步地,对本公开的实施做进一步补充说明,参照图6所示,为本公开实施例提供的访问集群内部服务的框图,包括外置的负载均衡器,集群内部包括Ingress-controller、Service和Pod。集群内服务组件的数量可以根据具体的场景进行设置,在图6中的一个集群内包括两个Ingress-controller,分别对应两个Service。Further, to further explain the implementation of the present disclosure, referring to FIG. 6 , a block diagram of accessing services within a cluster provided by an embodiment of the present disclosure includes an external load balancer, and the cluster includes an Ingress-controller, a Service, and a Pod. . The number of service components in a cluster can be set according to specific scenarios. A cluster in Figure 6 includes two Ingress-controllers, corresponding to two Services respectively.

参照图7所示,为本公开实施例提供的访问集群内部服务的整体流程示意图,包括下述步骤710~750:Referring to FIG. 7 , a schematic diagram of an overall flow of accessing services within a cluster provided by an embodiment of the present disclosure includes the following steps 710 to 750 :

在执行步骤710~750之前,需要提前设置第一配置文件和第二配置文件,具体为:Before performing steps 710 to 750, the first configuration file and the second configuration file need to be set in advance, specifically:

设置第一配置文件的过程:The process of setting up the first configuration file:

通过Ingress-controller与负载均衡器进行信息交互,获取Ingress-controller的信息,根据Ingress-controller的信息,通过负载均衡器对Ingress-controller配置NodePort类型的Service。The Ingress-controller interacts with the load balancer to obtain the information of the Ingress-controller. According to the information of the Ingress-controller, the load balancer configures the NodePort type Service for the Ingress-controller.

设置第二配置文件的过程:The process of setting up the second configuration file:

添加访问目标容器组内的内部服务的Ingress资源,并使Ingress-controller和Service同步获取Ingress资源。Add Ingress resources to access internal services in the target container group, and make Ingress-controller and Service obtain Ingress resources synchronously.

710,外置的负载均衡器接收访问集群内容器组的内部服务的服务请求信息。710. The external load balancer receives service request information for accessing the internal service of the container group in the cluster.

720,入口地址为负载均衡器的IP地址,基于Ingress资源中指定的第一传输路径,将服务请求信息传输至负载均衡器中,后端是服务组件。720. The ingress address is the IP address of the load balancer, and based on the first transmission path specified in the Ingress resource, the service request information is transmitted to the load balancer, and the back end is the service component.

730,基于负载均衡器中的第一配置文件,确定服务请求信息对应的Ingress-controller,根据Ingress-controller确定NodePort类型的Service。730. Determine an Ingress-controller corresponding to the service request information based on the first configuration file in the load balancer, and determine a Service of NodePort type according to the Ingress-controller.

740,入口地址为进入集群的地址,端口地址为进入服务组件的地址,将服务请求信息发送至Ingress-controller,通过Ingress-controller将服务请求信息发送至后端Service中。740, the entry address is the address of entering the cluster, the port address is the address of entering the service component, the service request information is sent to the Ingress-controller, and the service request information is sent to the back-end Service through the Ingress-controller.

750,基于Ingress资源中指定的第二传输路径,将Service服务请求信息发送至目标容器组标识对应的目标容器组中,并对目标容器组内的内部服务进行访问。750. Based on the second transmission path specified in the Ingress resource, send the Service service request information to the target container group corresponding to the target container group identifier, and access the internal services in the target container group.

下面对本公开实施例提供的一种访问集群内部服务的装置进行描述,下文描述的一种访问集群内部服务的装置与上文描述的一种访问集群内部服务的方法可相互对应参照。The following describes an apparatus for accessing a service within a cluster provided by an embodiment of the present disclosure. The apparatus for accessing a service within a cluster described below and the method for accessing a service within a cluster described above may refer to each other correspondingly.

具体参照图8所示,为本公开实施例提供的一种访问集群内部服务的装置的结构示意图,所述集群包括至少一个服务组件,每个服务组件对应有至少一个容器组,每个容器组加载对应的内部服务;所述集群连接有负载均衡器。Referring specifically to FIG. 8 , which is a schematic structural diagram of an apparatus for accessing services within a cluster according to an embodiment of the present disclosure, the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group Load the corresponding internal service; the cluster is connected with a load balancer.

所述装置包括:The device includes:

810接收模块,用于通过外置的负载均衡器接收服务请求信息,其中,所述服务请求信息用于请求访问所述集群的内部服务。810 A receiving module, configured to receive service request information through an external load balancer, where the service request information is used to request access to an internal service of the cluster.

820确定模块,用于基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件。820. A determining module, configured to determine a service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, and send the service request information to the service component.

830发送模块,用于基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,将所述服务请求信息发送至所述目标容器组,并对所述目标容器组内的内部服务进行访问。830 A sending module, configured to determine a target container group corresponding to the service request information based on the second configuration file pre-stored in the service component, send the service request information to the target container group, and send the target container group to the target container group. Internal services within the container group to access.

本公开提供的一种访问集群内部服务的装置,首先在集群外部设置负载均衡器,通过负载均衡器接收访问集群的内部服务的请求信息,基于负载均衡器中预存的第一配置文件,确定集群内与服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件,所述服务组件是集群内部生成的,不需要额外人工申请服务组件;再基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,并将所述服务请求信息发送给目标容器组,且对目标容器组内的内部服务进行访问。实现自动化的服务对外暴露,能够便捷地直接访问集群内部的内部服务。A device for accessing services within a cluster provided by the present disclosure firstly sets a load balancer outside the cluster, receives request information for accessing the internal services of the cluster through the load balancer, and determines the cluster based on a first configuration file pre-stored in the load balancer The service component corresponding to the service request information is sent to the service component, and the service component is generated inside the cluster, and no additional manual application for the service component is required; based on the pre-stored service component the second configuration file, determine the target container group corresponding to the service request information, send the service request information to the target container group, and access the internal services in the target container group. The automated services are exposed to the outside world, and the internal services within the cluster can be easily and directly accessed.

基于上述任一实施例,所述服务组件包括:控制器和服务单元。Based on any of the foregoing embodiments, the service component includes: a controller and a service unit.

所述820确定模块具体用于:The 820 determination module is specifically used for:

基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的控制器。The controller corresponding to the service request information is determined based on the first configuration file pre-stored in the load balancer.

基于所述控制器获取所述服务单元,其中,所述控制器与服务单元一一对应。The service unit is acquired based on the controller, wherein the controller and the service unit are in one-to-one correspondence.

将所述服务请求信息发送至所述控制器,通过所述控制器将所述服务请求信息发送至所述服务单元。The service request information is sent to the controller, and the service request information is sent to the service unit through the controller.

基于上述任一实施例,在所述820确定模块之前,包括:Based on any of the foregoing embodiments, before the 820 determination module, the method includes:

获取模块,用于通过所述控制器与所述负载均衡器进行信息交互,获取所述控制器的信息。an obtaining module, configured to exchange information with the load balancer through the controller to obtain the information of the controller.

配置模块,用于基于所述控制器的信息,通过所述负载均衡器对所述控制器配置相应的服务单元。A configuration module, configured to configure a corresponding service unit for the controller through the load balancer based on the information of the controller.

记录模块,用于通过所述负载均衡器将所述控制器的服务单元记录为第一配置文件。A recording module, configured to record the service unit of the controller as a first configuration file through the load balancer.

基于上述任一实施例,在830发送模块之前,包括:Based on any of the above embodiments, before 830 the sending module, include:

添加模块,用于添加访问所述目标容器组内的内部服务的入口资源。The adding module is used to add the entry resource for accessing the internal service in the target container group.

转换模块,用于通过所述服务组件同步获取所述入口资源,并将所述入口资源转换成对应的第二配置文件。A conversion module, configured to obtain the entry resource synchronously through the service component, and convert the entry resource into a corresponding second configuration file.

基于上述任一实施例,所述820确定模块,还用于:Based on any of the foregoing embodiments, the 820 determination module is further configured to:

基于接收服务请求信息的第一入口地址,在第一配置文件中确定与所述第一入口地址对应的第一配置信息,其中,所述第一配置信息包括:第一入口地址、第一传输路径和服务组件标识。Based on the first entry address of the received service request information, first configuration information corresponding to the first entry address is determined in the first configuration file, wherein the first configuration information includes: the first entry address, the first transmission Path and service component ID.

基于所述第一配置信息确定所述服务请求信息对应的服务组件。A service component corresponding to the service request information is determined based on the first configuration information.

基于第一传输路径,将所述服务请求信息发送至所述服务组件标识对应的服务组件。Based on the first transmission path, the service request information is sent to the service component corresponding to the service component identifier.

基于上述任一实施例,所述830发送模块,用于:Based on any of the foregoing embodiments, the 830 sending module is configured to:

基于接收服务请求信息的第二入口地址,在第二配置文件中确定与所述第二入口地址对应的第二配置信息,其中,所述第二配置信息包括:第二入口地址、端口地址、第二传输路径和目标容器组标识。Based on the second entry address of the received service request information, second configuration information corresponding to the second entry address is determined in the second configuration file, wherein the second configuration information includes: the second entry address, the port address, The second transmission path and target container group identifier.

基于所述第二配置信息确定所述服务请求信息对应的目标容器组。A target container group corresponding to the service request information is determined based on the second configuration information.

通过所述服务组件基于所述端口地址接收所述服务请求信息。The service request information is received by the service component based on the port address.

基于第二传输路径,将所述服务组件中的服务请求信息发送至所述目标容器组标识对应的目标容器组。Based on the second transmission path, the service request information in the service component is sent to the target container group corresponding to the target container group identifier.

基于上述任一实施例,所述装置还包括:Based on any of the foregoing embodiments, the apparatus further includes:

更新模块,用于在所述控制器增加/减少的情况下,通过所述负载均衡器更新所述第一配置文件。An update module, configured to update the first configuration file through the load balancer when the controller increases/decreases.

图9示例了一种电子设备的实体结构示意图,如图9所示,该电子设备可以包括:处理器(processor)910、通信接口(Communications Interface)920、存储器(memory)930和通信总线940,其中,处理器910,通信接口920,存储器930通过通信总线940完成相互间的通信。处理器910可以调用存储器930中的逻辑指令,以执行一种访问集群内部服务的方法,所述集群包括至少一个服务组件,每个服务组件对应有至少一个容器组,每个容器组加载对应的内部服务;所述集群连接有负载均衡器;该方法包括:通过外置的负载均衡器接收服务请求信息,其中,所述服务请求信息用于请求访问所述集群的内部服务;基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件;基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,将所述服务请求信息发送至所述目标容器组,并对所述目标容器组内的内部服务进行访问。FIG. 9 illustrates a schematic diagram of the physical structure of an electronic device. As shown in FIG. 9 , the electronic device may include: a processor (processor) 910, a communication interface (Communications Interface) 920, a memory (memory) 930, and a communication bus 940, The processor 910 , the communication interface 920 , and the memory 930 communicate with each other through the communication bus 940 . The processor 910 may invoke the logic instructions in the memory 930 to execute a method for accessing services within a cluster, where the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads corresponding internal services; the cluster is connected with a load balancer; the method includes: receiving service request information through an external load balancer, wherein the service request information is used to request access to internal services of the cluster; based on the load The first configuration file pre-stored in the balancer determines the service component corresponding to the service request information, and sends the service request information to the service component; based on the second configuration file pre-stored in the service component, determines the service component. the target container group corresponding to the service request information, send the service request information to the target container group, and access the internal services in the target container group.

此外,上述的存储器930中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本公开实施例的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本公开各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above-mentioned logic instructions in the memory 930 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the technical solutions of the embodiments of the present disclosure are essentially or contribute to the prior art or parts of the technical solutions may be embodied in the form of software products, and the computer software products are stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present disclosure. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

另一方面,本公开还提供一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,计算机能够执行上述各方法所提供的一种访问集群内部服务的方法,所述集群包括至少一个服务组件,每个服务组件对应有至少一个容器组,每个容器组加载对应的内部服务;所述集群连接有负载均衡器;该方法包括:通过外置的负载均衡器接收服务请求信息,其中,所述服务请求信息用于请求访问所述集群的内部服务;基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件;基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,将所述服务请求信息发送至所述目标容器组,并对所述目标容器组内的内部服务进行访问。In another aspect, the present disclosure also provides a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions, when the program instructions are executed by a computer When executing, the computer can execute a method for accessing the internal services of the cluster provided by the above methods, the cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads the corresponding internal service. ; the cluster is connected with a load balancer; the method includes: receiving service request information through an external load balancer, wherein the service request information is used to request access to internal services of the cluster; based on the load balancer The first configuration file pre-stored in the service component is determined, and the service component corresponding to the service request information is determined, and the service request information is sent to the service component; based on the second configuration file pre-stored in the service component, the service component is determined. The target container group corresponding to the request information sends the service request information to the target container group, and accesses the internal services in the target container group.

又一方面,本公开还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各提供的一种访问集群内部服务的方法,所述集群包括至少一个服务组件,每个服务组件对应有至少一个容器组,每个容器组加载对应的内部服务;所述集群连接有负载均衡器;该方法包括:通过外置的负载均衡器接收服务请求信息,其中,所述服务请求信息用于请求访问所述集群的内部服务;基于所述负载均衡器中预存的第一配置文件,确定所述服务请求信息对应的服务组件,并将所述服务请求信息发送至所述服务组件;基于所述服务组件中预存的第二配置文件,确定所述服务请求信息对应的目标容器组,将所述服务请求信息发送至所述目标容器组,并对所述目标容器组内的内部服务进行访问。In yet another aspect, the present disclosure also provides a non-transitory computer-readable storage medium on which a computer program is stored, and the computer program is implemented when executed by a processor to execute a method for accessing a service within a cluster provided by each of the above, The cluster includes at least one service component, each service component corresponds to at least one container group, and each container group loads corresponding internal services; the cluster is connected with a load balancer; the method includes: using an external load balancer Receive service request information, where the service request information is used to request access to internal services of the cluster; determine the service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, and assign The service request information is sent to the service component; based on the second configuration file pre-stored in the service component, a target container group corresponding to the service request information is determined, and the service request information is sent to the target container group , and access the internal services in the target container group.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic A disc, an optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments or some parts of the embodiments.

最后应说明的是:以上实施例仅用以说明本公开的技术方案,而非对其限制;尽管参照前述实施例对本公开进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本公开各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present disclosure, but not to limit them; although the present disclosure has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions depart from the spirit and scope of the technical solutions of the embodiments of the present disclosure.

Claims (11)

1. A method for accessing cluster internal services, wherein the cluster comprises at least one service component, each service component corresponds to at least one container group, and each container group loads corresponding internal services; the cluster is connected with a load balancer;
the method comprises the following steps:
receiving service request information through an external load balancer, wherein the service request information is used for requesting access to internal services of the cluster;
determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component;
and determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group, and accessing the internal service in the target container group.
2. The method of accessing intra-cluster services of claim 1, wherein the service component comprises: a controller and a service unit;
the determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer, and sending the service request information to the service component includes:
determining a controller corresponding to the service request information based on a first configuration file prestored in the load balancer;
acquiring the service units based on the controller, wherein the controller corresponds to the service units one by one;
and sending the service request information to the controller, and sending the service request information to the service unit through the controller.
3. The method according to claim 2, wherein before determining the service component corresponding to the service request information based on the first configuration file pre-stored in the load balancer, the method comprises:
performing information interaction with the load balancer through the controller to acquire information of the controller;
configuring a corresponding service unit for the controller through the load balancer based on the information of the controller;
recording, by the load balancer, a service unit of the controller as a first configuration file.
4. The method according to claim 1, wherein before determining the target container group corresponding to the service request information based on the second configuration file pre-stored in the service component, the method comprises:
adding an entry resource that accesses an internal service within the target container group;
and synchronously acquiring the entry resources through the service assembly, and converting the entry resources into corresponding second configuration files.
5. The method according to claim 1, wherein the determining a service component corresponding to the service request information and sending the service request information to the service component comprises:
determining first configuration information corresponding to a first entry address in a first configuration file based on the first entry address for receiving service request information, wherein the first configuration information comprises: a first entry address, a first transmission path and a service component identification;
determining a service component corresponding to the service request information based on the first configuration information;
and sending the service request information to a service component corresponding to the service component identification based on the first transmission path.
6. The method according to claim 1, wherein the determining a target group of containers to which the service request information corresponds, and the sending the service request information to the target group of containers comprises:
determining second configuration information corresponding to a second entry address in a second configuration file based on the second entry address for receiving the service request information, wherein the second configuration information comprises: a second ingress address, a port address, a second transmission path, and a target container group identification;
determining a target container group corresponding to the service request information based on the second configuration information;
receiving, by the service component, the service request information based on the port address;
and sending the service request information in the service assembly to a target container group corresponding to the target container group identification based on a second transmission path.
7. The method of accessing intra-cluster services of claim 2, further comprising:
updating, by the load balancer, the first profile in the event the controller is increased/decreased.
8. An apparatus for accessing internal services of a cluster, wherein the cluster comprises at least one service component, each service component corresponds to at least one container group, and each container group loads the corresponding internal service; the cluster is connected with a load balancer;
the device comprises:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving service request information through an external load balancer, and the service request information is used for requesting to access internal services of the cluster;
the determining module is used for determining a service component corresponding to the service request information based on a first configuration file prestored in the load balancer and sending the service request information to the service component;
and the sending module is used for determining a target container group corresponding to the service request information based on a second configuration file prestored in the service component, sending the service request information to the target container group and accessing the internal service in the target container group.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of accessing intra-cluster services according to any of claims 1 to 7 when executing the program.
10. A non-transitory computer readable storage medium, having stored thereon a computer program, characterized in that the computer program, when being executed by a processor, is adapted to carry out the steps of the method of accessing intra-cluster services according to any of the claims 1 to 7.
11. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method for accessing a cluster internal service according to any one of claims 1 to 7 when executed by a processor.
CN202210126123.4A 2022-02-10 2022-02-10 A method and apparatus for accessing services within a cluster Pending CN114461303A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210126123.4A CN114461303A (en) 2022-02-10 2022-02-10 A method and apparatus for accessing services within a cluster

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210126123.4A CN114461303A (en) 2022-02-10 2022-02-10 A method and apparatus for accessing services within a cluster

Publications (1)

Publication Number Publication Date
CN114461303A true CN114461303A (en) 2022-05-10

Family

ID=81413080

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210126123.4A Pending CN114461303A (en) 2022-02-10 2022-02-10 A method and apparatus for accessing services within a cluster

Country Status (1)

Country Link
CN (1) CN114461303A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114938375A (en) * 2022-05-16 2022-08-23 聚好看科技股份有限公司 Container group updating equipment and container group updating method
CN115190007A (en) * 2022-06-22 2022-10-14 来未来科技(浙江)有限公司 A multi-cluster multi-policy traffic scheduling system
CN116232687A (en) * 2023-01-06 2023-06-06 智己汽车科技有限公司 A Kubernetes-based automated pre-admission management method and system
CN117453380A (en) * 2023-12-25 2024-01-26 阿里云计算有限公司 Cluster container group scheduling method, system and computer equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302771A (en) * 2016-08-23 2017-01-04 浪潮电子信息产业股份有限公司 Domain name configuration method of application created based on Docker container
CN107508795A (en) * 2017-07-26 2017-12-22 中国联合网络通信集团有限公司 Across the access process device and method of container cluster
US20190173840A1 (en) * 2017-12-01 2019-06-06 Kohl's Department Stores, Inc. Cloud services management system and method
CN110837418A (en) * 2019-11-06 2020-02-25 浪潮云信息技术有限公司 High-concurrency web system based on container and implementation method
CN110868465A (en) * 2019-11-13 2020-03-06 北京浪潮数据技术有限公司 Load balancing system and method for container cloud
WO2020253347A1 (en) * 2019-06-17 2020-12-24 深圳前海微众银行股份有限公司 Container cluster management method, device and system
US20210089415A1 (en) * 2019-09-25 2021-03-25 Sap Se High availability for a relational database management system as a service in a cloud platform
US11126483B1 (en) * 2020-04-17 2021-09-21 Oracle International Corporation Direct message retrieval in distributed messaging systems

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302771A (en) * 2016-08-23 2017-01-04 浪潮电子信息产业股份有限公司 Domain name configuration method of application created based on Docker container
CN107508795A (en) * 2017-07-26 2017-12-22 中国联合网络通信集团有限公司 Across the access process device and method of container cluster
US20190173840A1 (en) * 2017-12-01 2019-06-06 Kohl's Department Stores, Inc. Cloud services management system and method
WO2020253347A1 (en) * 2019-06-17 2020-12-24 深圳前海微众银行股份有限公司 Container cluster management method, device and system
US20210089415A1 (en) * 2019-09-25 2021-03-25 Sap Se High availability for a relational database management system as a service in a cloud platform
CN110837418A (en) * 2019-11-06 2020-02-25 浪潮云信息技术有限公司 High-concurrency web system based on container and implementation method
CN110868465A (en) * 2019-11-13 2020-03-06 北京浪潮数据技术有限公司 Load balancing system and method for container cloud
US11126483B1 (en) * 2020-04-17 2021-09-21 Oracle International Corporation Direct message retrieval in distributed messaging systems

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114938375A (en) * 2022-05-16 2022-08-23 聚好看科技股份有限公司 Container group updating equipment and container group updating method
CN114938375B (en) * 2022-05-16 2023-06-02 聚好看科技股份有限公司 Container group updating equipment and container group updating method
CN115190007A (en) * 2022-06-22 2022-10-14 来未来科技(浙江)有限公司 A multi-cluster multi-policy traffic scheduling system
CN116232687A (en) * 2023-01-06 2023-06-06 智己汽车科技有限公司 A Kubernetes-based automated pre-admission management method and system
CN117453380A (en) * 2023-12-25 2024-01-26 阿里云计算有限公司 Cluster container group scheduling method, system and computer equipment
CN117453380B (en) * 2023-12-25 2024-02-23 阿里云计算有限公司 Cluster container group scheduling method, system and computer equipment
WO2025139208A1 (en) * 2023-12-25 2025-07-03 阿里云计算有限公司 Container group scheduling method and system for cluster, and computer device

Similar Documents

Publication Publication Date Title
US11368385B1 (en) System and method for deploying, scaling and managing network endpoint groups in cloud computing environments
CN110290189B (en) Container cluster management method, device and system
US11924068B2 (en) Provisioning a service
CN114461303A (en) A method and apparatus for accessing services within a cluster
US10411947B2 (en) Hot swapping and hot scaling containers
US11265288B2 (en) Using network configuration analysis to improve server grouping in migration
US9935829B1 (en) Scalable packet processing service
AU2015256010B2 (en) Migration of applications between an enterprise-based network and a multi-tenant network
CN106850324B (en) virtual network interface object
US10333901B1 (en) Policy based data aggregation
US10608990B2 (en) Accessing nodes deployed on an isolated network
CN107210924B (en) Method and apparatus for configuring a communication system
US20250088388A1 (en) Systems and methods for automated network configurations with a network as a service (naas) system
US10237235B1 (en) System for network address translation
CN110661707B (en) Virtual router platform based on Docker
CN111245634A (en) Virtualization management method and device
CN112087311B (en) Virtual network function VNF deployment method and device
CN115185637A (en) Communication method and device for PaaS component management end and virtual machine agent
CN117792985A (en) Data communication method, device, data processor and computer storage medium
CN115242791B (en) Service platform access method, device, equipment and storage medium
CN114327866A (en) A resource scheduling method, system and related device of a distributed mirror library
US12363189B2 (en) Computing cluster load balancer
US11888943B1 (en) Use of production traffic to load test a service
GORDIN et al. Web portal development with different cloud containers: Docker vs. Kubernetes.
CN119011386A (en) Communication method, device, equipment, system and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20220510