Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for implementing network isolation of multiple tenants of Kubernetes cluster

A network isolation and multi-tenant technology, applied in the field of cloud computing, can solve problems such as network isolation requirements that cannot meet Pod intercommunication

Inactive Publication Date: 2018-03-30
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF6 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In some application environments, such as public cloud, it cannot meet the network isolation requirements that Pods of different tenants should not communicate with each other.
NetworkPolicy provides policy-based network control, uses label selectors to simulate traditional segmented networks, and controls the traffic between them through policies. The implementation of NetworkPolicy requires a specific network solution; otherwise, even if NetworkPolicy is configured, it will not help

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for implementing network isolation of multiple tenants of Kubernetes cluster
  • Method and system for implementing network isolation of multiple tenants of Kubernetes cluster

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the following will briefly introduce the accompanying drawings that need to be used in the embodiments. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.

[0033] The present invention configures the Kubernetes cluster to use an open-source Calico network plug-in, configures a Namespace that refuses to communicate with any Pod when creating a tenant and adds a label, then establishes a NetworkPolicy that the Pod (specified label) of the Namespace can communicate with, and finally establishes a Pod under the Namespace (specified Label) implements the user's application or service. In a multi-tenant production environment, the network isolation between Namespaces can be flexibl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a system for implementing network isolation of multiple tenants of a Kubernetes cluster. A Kubernetes foreground interfaces receives configuration built by a tenant, a Namespace name is used as a label, after receiving a parameter, a background automatically builds a Namespace refusing to communicate with any Pod, a NetworkPolicy that can communicate with the Pod of the Namespace is built, and thus setting of network isolation of the Namespace corresponding to the tenant is completed. When a user builds an application or a service, the label is automaticallytransferred as the label of the Pod, for marking the NetworkPolicy that the pod uses the Namespace; when the user deletes the Pod of the application or the service, the Kubernetes cluster will also automatically clear the related NetworkPolicies without influencing the other Pod accesses of the existing environment. The network isolation of the multiple tenants of the Kubernetes cluster is configured through combining the Calico network plug-in with the NetworkPolicy network strategy, so that the defect that the different Namespaces of the Kubernetes do not have network isolation can be overcome, and the method and the system help the user use the Kubernetes cluster network safer, and meanwhile help operation and maintenance personnel manage the Kubernetes cluster network with multiple tenants better.

Description

technical field [0001] The present invention relates to the technical field of cloud computing, in particular to a method and a system for implementing Kubernetes cluster multi-tenant network isolation. Background technique [0002] Namespace (namespace) is an abstract collection of a set of resources and objects in a Kubernetes cluster. For example, it can be used to divide objects within the system into different project groups or user groups. Common ones include Pod, Service, and Deployment, etc., which are generally used Isolate different tenants. Currently, the resource quota management of Kubernetes can limit the resources occupied by different tenants, such as CPU and memory, but it does not achieve network isolation. In some application environments, such as public cloud, it cannot meet the network isolation requirement that Pods of different tenants should not communicate with each other. NetworkPolicy provides policy-based network control, uses label selectors to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/02H04L67/10
Inventor 李珂
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com