CN112398936A - Kubernetes-based multi-network card container implementation method and system - Google Patents

Abstract

The invention discloses a Kubernetes-based multi-network-card container implementation method and a Kubernetes-based multi-network-card container implementation system, and belongs to the technical field of container multi-network cards; the method comprises the following specific steps: s1, reading all container network plug-ins in the container network interface configuration catalog and sequencing by using the network plug-ins; s2 loading container network configuration file and checking, using CNI standard format definition and using expanded network plug-in as container manager default network plug-in; s3, acquiring the information of the default network plug-in, and calling the default network plug-in to complete the IP distribution function; s4 making a network plug-in supporting multiple networks to proxy based on the container network interface machine; by using the method, the cloud multi-network-card function of the wave container is realized, the network is ensured to be special, and the network security of multiple tenants is improved.

Description

Kubernetes-based multi-network card container implementation method and system

Technical Field

The invention discloses a Kubernetes-based multi-network-card container implementation method and system, and relates to the technical field of container multi-network cards.

Background

Kubernets is a brand-new container technology-based distributed architecture leading scheme, provides a series of functions such as deployment and operation, resource scheduling, service discovery and dynamic scaling for containerized applications, and improves convenience and high availability of large-scale container cluster management.

When the tenant application runs in the container cloud in the form of a container, the tenant access to the container can be realized through a service, such as access to a node IP and a service port of the container cloud, but the access is realized by using the node IP as a proxy. Inside the container cloud, the access between containers is not blocked, and the implementation mode is low in safety for the tenants. For tenants, a network similar to a VPC needs to be used, and even inside a container cloud, the containers cannot be accessed mutually, so that the safety of tenant containers is improved. However, actions like state collection of containers also require a network that requires all containers to be accessible inside the container cloud. For the container cloud, the container operation of multiple network cards needs to be supported at the same time, so that the normal operation of the container is ensured, and the availability of a special service network is also ensured;

therefore, the invention provides a Kubernetes-based multi-network card container implementation method and a Kubernetes-based multi-network card container implementation system to solve the problems.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides a Kubernetes-based multi-network card container implementation method and a Kubernetes-based multi-network card container implementation system, and the adopted technical scheme is as follows: a multi-network card container implementation method based on Kubernetes comprises the following specific steps:

s1, reading all container network plug-ins in the container network interface configuration catalog and sequencing by using the network plug-ins;

s2 loading container network configuration file and checking, using CNI standard format definition and using expanded network plug-in as container manager default network plug-in;

s3, acquiring the information of the default network plug-in, and calling the default network plug-in to complete the IP distribution function;

s4 creates a network plug-in supporting multiple networks to proxy based on the container network interface machine.

The specific steps of obtaining the information of the default network plug-in and calling the default network plug-in to complete the IP distribution function of the S3 are as follows;

s301, acquiring default network plug-ins and additional network plug-in information by reading comments of the container group;

s302, caching network plug-in information on the tape node;

s303, recursively calling an adding command of the proxy plug-in to complete network card generation and IP distribution functions of the network plug-in;

s304 returns the execution result to the network plug-in.

S303, recursively calling a deleting command of the proxy plug-in by reading the cached container proxy network plug-in information to complete the network card deleting and IP recycling functions of the corresponding network plug-in

The S4 prepares a Multus plug-in supporting multiple networks for proxy based on a container network interface machine, and the specific steps are as follows;

s401, generating a Multus configuration file by using an initialization script;

s402, reading the existing network plug-ins of the current container cloud cluster;

s403 uses the read first network plug-in as a default proxy plug-in.

A multi-network card container implementation system based on Kubernetes specifically comprises a plug-in reading module, a plug-in definition module, a plug-in distribution module and a plug-in manufacturing module:

a plug-in reading module: reading and sequencing all container network plug-ins under a container network interface configuration catalog by utilizing the network plug-ins;

a plug-in definition module: loading and checking a container network configuration file, defining by using a CNI standard format and using an expanded network plug-in as a container manager default network plug-in;

a plug-in distribution module: acquiring information of a default network plug-in, and calling the default network plug-in to complete an IP distribution function;

a plug-in manufacturing module: a network plug-in supporting multiple networks is manufactured to be used for proxy based on a container network interface machine.

The plug-in distribution module specifically comprises an information reading module, an information caching module, a function setting module and an execution returning module:

an information reading module: acquiring default network plug-ins and additional network plug-in information by reading comments of the container group;

the information caching module: caching network plug-in information on the tape node;

a function setting module: recursively calling an adding command of the proxy plug-in to realize network card generation and IP distribution functions of the network plug-in;

an execution return module: and returning the execution result to the network plug-in.

The function setting module recursively calls a deleting command of the proxy plug-in by reading cached container proxy network plug-in information to complete network card deletion and IP recovery functions of the corresponding network plug-in

The plug-in manufacturing module manufactures Multus plug-ins supporting multiple networks for proxy based on a container network interface machine, and specifically comprises a configuration generating module, a plug-in reading module and a plug-in application module:

a configuration generation module: generating a Multus configuration file by utilizing the initialization script;

a plug-in reading module: reading an existing network plug-in of a current container cloud cluster;

a plug-in application module: and using the read first network plug-in as a default proxy plug-in.

The invention has the beneficial effects that: when the method is used in the wave container manager, the wave container manager only uses one container network plug-in, when the container manager is started, the network plug-ins are loaded according to S1, all the container network plug-ins under the container network interface configuration directory are read, and the container network plug-ins are arranged in an ascending order according to file names; then loading a first container network configuration file according to S2, using CNI standard format definition after verification is passed, and using the first container network configuration file as a container manager default network plug-in; when the container manager creates a container group, acquiring the information of the default network plug-in according to S3, and calling the default network plug-in to complete the functions of IP allocation and the like; finally, a network plug-in supporting multiple networks is manufactured to carry out proxy according to S4 based on the container network interface machine; by using the method, the cloud multi-network-card function of the wave container is realized, the network is ensured to be special, and the network security of multiple tenants is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

FIG. 1 is a flow chart of the method of the present invention; FIG. 2 is a schematic diagram of the system of the present invention; FIG. 3 is a schematic diagram of the application connections of the present invention; FIG. 4 is a schematic diagram of a technical architecture of a network proxy plugin; fig. 5 is a schematic diagram of the operation of the application of the present invention.

Detailed Description

The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.

The container technology is a relatively popular PaaS technology for providing micro services, Kubernets are the most popular container arrangement management technology in recent times, a cloud platform for providing containers based on Kubernets is the first choice of various cloud manufacturers, when an application of a tenant runs in a container cloud in a container form, the tenant can access the container through services, such as access to a container cloud node IP and a service port, and the like, but the access is realized by taking a node IP as an agent. Inside the container cloud, the access between containers is not blocked, and the implementation mode is low in safety for the tenants. For tenants, a network similar to a VPC needs to be used, and even inside a container cloud, the containers cannot be accessed mutually, so that the safety of tenant containers is improved. However, actions like state collection of containers also require a network that requires all containers to be accessible inside the container cloud. For the container cloud, the container operation of multiple network cards needs to be supported at the same time, so that the normal operation of the container is ensured, and the availability of a special service network is also ensured;

first, the term involved is annotated:

PaaS, namely a platform as a service;

kubernetes: a container orchestration management component;

VPC: a virtual private cloud;

macvlan: virtualizing a plurality of network plug-ins of the virtual network cards from a certain physical network card;

and (4) Calico: a three-tier based container network plug-in;

multus: a container network proxy plug-in;

the first embodiment is as follows:

a multi-network card container implementation method based on Kubernetes comprises the following specific steps:

s1, reading all container network plug-ins in the container network interface configuration catalog and sequencing by using the network plug-ins;

s2 loading container network configuration file and checking, using CNI standard format definition and using expanded network plug-in as container manager default network plug-in;

s3, acquiring the information of the default network plug-in, and calling the default network plug-in to complete the IP distribution function;

s4 making a network plug-in supporting multiple networks to proxy based on the container network interface machine;

when the method is used in the wave container manager, the wave container manager only uses one container network plug-in, when the container manager is started, the network plug-ins are loaded according to S1, all the container network plug-ins under the container network interface configuration directory are read, and the container network plug-ins are arranged in an ascending order according to file names; then loading a first container network configuration file according to S2, using CNI standard format definition after verification is passed, and using the first container network configuration file as a container manager default network plug-in; when the container manager creates a container group, acquiring the information of the default network plug-in according to S3, and calling the default network plug-in to complete the functions of IP allocation and the like; finally, a network plug-in supporting multiple networks is manufactured to carry out proxy according to S4 based on the container network interface machine; by using the method, the cloud multi-network-card function of the wave container is realized, the network is ensured to be special, and the network security of multiple tenants is improved;

further, the step of obtaining the information of the default network plug-in and calling the default network plug-in to complete the IP distribution function in S3 is as follows;

s301, acquiring default network plug-ins and additional network plug-in information by reading comments of the container group;

s302, caching network plug-in information on the tape node;

s303, recursively calling an adding command of the proxy plug-in to complete network card generation and IP distribution functions of the network plug-in;

s304, returning an execution result to the network plug-in;

the adding command is used for generating a network card and distributing IP (Internet protocol) for the designated container group, firstly reading notes of the container group according to S301, acquiring information of a default network plug-in and an additional network plug-in, including information such as bandwidth limitation and port mapping, caching the information on the nodes according to S302 after reading the information, then recursively calling the adding command of the proxy plug-in according to S303, completing functions such as generating the network card corresponding to the network plug-in, distributing the IP and the like, and returning an execution result of the main network plug-in;

further, in S303, the network card deletion and IP recovery functions of the corresponding network card are completed by reading cached container proxy network card information and recursively invoking a deletion command of the proxy card;

the deleting command is used for deleting the network card and recovering the IP for the specified container group, and the deleting command of the proxy plug-in is recursively called by reading the cached container proxy network plug-in information according to the S303 so as to complete the functions of deleting the network card and recovering the IP and the like of the corresponding network plug-in;

still further, the S4 makes a Multus plugin supporting multiple networks for proxy based on the container network interface machine, and the specific steps are as follows;

s401, generating a Multus configuration file by using an initialization script;

s402, reading the existing network plug-ins of the current container cloud cluster;

s403 uses the read first network plug-in as a default proxy plug-in.

Initializing a script according to S401 to generate a configuration file of Multus, wherein the file name is 00-Multus. conf, ensuring that a container manager uses Multus as a default network plug-in, reading the existing network plug-in of the current container cloud cluster according to S402, and using the read first network plug-in as a default proxy plug-in according to S403.

A network plug-in agent is manufactured based on a container network interface machine, the multi-network is supported, and the network plug-in agent is realized through a network plug-in agent mechanism, for example, Multus is a network agent plug-in; multus is a network plug-in written based on a container network interface standard, and can realize the cyclic calling of other network plug-ins, thereby generating a plurality of network cards for a container group.

Example two:

a multi-network card container implementation system based on Kubernetes specifically comprises a plug-in reading module, a plug-in definition module, a plug-in distribution module and a plug-in manufacturing module:

a plug-in reading module: reading and sequencing all container network plug-ins under a container network interface configuration catalog by utilizing the network plug-ins;

a plug-in definition module: loading and checking a container network configuration file, defining by using a CNI standard format and using an expanded network plug-in as a container manager default network plug-in;

a plug-in distribution module: acquiring information of a default network plug-in, and calling the default network plug-in to complete an IP distribution function;

a plug-in manufacturing module: a network plug-in supporting multiple networks is manufactured to carry out proxy based on the container network interface machine;

when the system is used in the wave container manager, the wave container manager only uses one container network plug-in, when the container manager is started, the plug-in reading module is used for loading the network plug-ins, reading all the container network plug-ins under the container network interface configuration directory, and arranging the container network plug-ins in an ascending order according to file names; then, loading a first container network configuration file through a plug-in definition module, using CNI standard format definition after verification is passed, and using the CNI standard format definition as a container manager default network plug-in; when the container manager creates a container group, acquiring default network plug-in information through a plug-in allocation module, and calling the default network plug-in to complete functions such as IP allocation; finally, a network plug-in supporting multiple networks is manufactured by using a plug-in manufacturing module based on a container network interface machine for proxy; by using the method, the cloud multi-network-card function of the wave container is realized, the network is ensured to be special, and the network security of multiple tenants is improved;

further, the plug-in distribution module specifically includes an information reading module, an information caching module, a function setting module, and an execution return module:

an information reading module: acquiring default network plug-ins and additional network plug-in information by reading comments of the container group;

the information caching module: caching network plug-in information on the tape node;

a function setting module: recursively calling an adding command of the proxy plug-in to realize network card generation and IP distribution functions of the network plug-in;

an execution return module: returning an execution result to the network plug-in;

the adding command is used for generating a network card and distributing IP (Internet protocol) for a specified container group, firstly, notes of the container group are read through an information reading module, information of a default network plug-in and an additional network plug-in, including information such as bandwidth limitation and port mapping, is obtained, is cached on a node by using an information caching module after being read, then, a function setting module is used for recursively calling the adding command of the proxy plug-in to complete functions such as generating the network card corresponding to the network plug-in and distributing IP (Internet protocol), and finally, an execution returning module is used for returning an execution result of the main network plug-in;

further, the function setting module recursively calls a deleting command of the proxy plug-in by reading cached container proxy network plug-in information to complete network card deletion and IP recovery functions of the corresponding network plug-in;

the deleting command is used for deleting the network card and recovering the IP for the specified container group, and the function setting module recursively calls the deleting command of the proxy plug-in by reading the cached container proxy network plug-in information to complete the functions of deleting the network card and recovering the IP and the like of the corresponding network plug-in;

still further, the plug-in making module makes a Multus plug-in supporting multiple networks for acting based on the container network interface machine, and the plug-in making module specifically comprises a configuration generating module, a plug-in reading module and a plug-in application module:

a configuration generation module: generating a Multus configuration file by utilizing the initialization script;

a plug-in reading module: reading an existing network plug-in of a current container cloud cluster;

a plug-in application module: using the read first network plug-in as a default proxy plug-in;

and initializing a script by using a configuration generation module to generate a configuration file of Multus, wherein the file name is 00-Multus. conf, ensuring that a container manager uses Multus as a default network plug-in, reading the existing network plug-in of the current container cloud cluster by using a plug-in reading module, and using the read first network plug-in as a default proxy plug-in by using a plug-in application module.

A network plug-in agent is manufactured based on a container network interface machine, the multi-network is supported, and the network plug-in agent is realized through a network plug-in agent mechanism, for example, Multus is a network agent plug-in; multus is a network plug-in written based on a container network interface standard, and can realize the cyclic calling of other network plug-ins, thereby generating a plurality of network cards for a container group.

Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (8)

1. A Kubernetes-based multi-network card container implementation method is characterized by comprising the following specific steps:

s1, reading all container network plug-ins in the container network interface configuration catalog and sequencing by using the network plug-ins;

s2 loading container network configuration file and checking, using CNI standard format definition and using expanded network plug-in as container manager default network plug-in;

s3, acquiring the information of the default network plug-in, and calling the default network plug-in to complete the IP distribution function;

s4 creates a network plug-in supporting multiple networks to proxy based on the container network interface machine.

2. The method as claimed in claim 1, wherein the step of S3 obtaining the default network plug-in information and calling the default network plug-in to complete the IP distribution function comprises the following steps;

s301, acquiring default network plug-ins and additional network plug-in information by reading comments of the container group;

s302, caching network plug-in information on the tape node;

s303, recursively calling an adding command of the proxy plug-in to complete network card generation and IP distribution functions of the network plug-in;

s304 returns the execution result to the network plug-in.

3. The method as claimed in claim 2, wherein said S303 performs the network card deletion and IP recovery functions of the corresponding network card by reading the cached container proxy network card information and recursively invoking a delete command of the proxy card.

4. The method of claim 3, wherein the S4 makes a Multus plug-in supporting multiple networks to proxy based on the container network interface machine, and the specific steps are as follows;

s401, generating a Multus configuration file by using an initialization script;

s402, reading the existing network plug-ins of the current container cloud cluster;

s403 uses the read first network plug-in as a default proxy plug-in.

5. A multi-network card container implementation system based on Kubernetes is characterized by specifically comprising a plug-in reading module, a plug-in definition module, a plug-in distribution module and a plug-in manufacturing module:

a plug-in reading module: reading and sequencing all container network plug-ins under a container network interface configuration catalog by utilizing the network plug-ins;

a plug-in definition module: loading and checking a container network configuration file, defining by using a CNI standard format and using an expanded network plug-in as a container manager default network plug-in;

a plug-in distribution module: acquiring information of a default network plug-in, and calling the default network plug-in to complete an IP distribution function;

a plug-in manufacturing module: a network plug-in supporting multiple networks is manufactured to be used for proxy based on a container network interface machine.

6. The system of claim 5, wherein the plug-in distribution module specifically comprises an information reading module, an information caching module, a function setting module, and an execution return module:

an information reading module: acquiring default network plug-ins and additional network plug-in information by reading comments of the container group;

the information caching module: caching network plug-in information on the tape node;

a function setting module: recursively calling an adding command of the proxy plug-in to realize network card generation and IP distribution functions of the network plug-in;

an execution return module: and returning the execution result to the network plug-in.

7. The system as claimed in claim 6, wherein the function setting module recursively calls a delete command of the proxy plug-in by reading the cached container proxy network plug-in information to complete the network card deletion and IP recovery functions of the corresponding network plug-in.

8. The system of claim 7, wherein the plug-in making module makes Multus plug-ins supporting multiple networks to act on the basis of the container network interface machine, and the plug-in making module specifically comprises a configuration generating module, a plug-in reading module and a plug-in application module:

a configuration generation module: generating a Multus configuration file by utilizing the initialization script;

a plug-in reading module: reading an existing network plug-in of a current container cloud cluster;

a plug-in application module: and using the read first network plug-in as a default proxy plug-in.

Images