Network management method and system of container cloud platform

Abstract

The invention discloses a network management method of a container cloud platform, and relates to the technical field of cloud computing. The method comprises the following steps: firstly, creating acontainer management plane, and configuring VLAN mutual communication between the container management plane and a cloud platform management plane; creating a container cluster virtual machine in a computing node, setting two network cards in the container cluster virtual machine, and allocating a container management plane network to one of the network cards, so that the container cluster virtualmachine communicates with the cloud platform management plane through the network card; configuring the other network card for container service communication; and calling cloud platform infrastructure to create a container cluster in the container cluster virtual machine. According to the network management method disclosed by the invention, the container cluster virtual machine can communicatewith the cloud platform management plane through the container management plane, and can simultaneously use the resources of the cloud platform infrastructure normally. The cloud platform management plane and a service plane do not need to be penetrated, and thus no influence is generated on other normal services of a cloud platform. The invention further discloses a network management system of the container cloud platform.

Description

technical field [0001] The invention relates to the technical field of cloud computing, in particular to a network management method and system for a container cloud platform. Background technique [0002] In a converged cloud platform environment based on container and cloud platform technologies, in order to realize the integration of container clusters and infrastructure resources from multiple dimensions such as storage, orchestration, security, and operation and maintenance, it is necessary for cloud hosts to be able to access the management plane of the cloud platform and connect to external network plane. [0003] Generally, when deploying a cloud computing IAAS (Infrastructure as a Service, infrastructure as a service) platform, the network should be divided into three planes: management plane, service plane, and storage plane, and the three planes must be isolated from each other. In a converged cloud platform environment based on container and cloud platform techn...

AI Technical Summary

Problems solved by technology

[0004] (1) The container cluster virtual machines can only communicate with the outside world through the service plane, especially in the traditional cloud platform environment, the business plane and the management plane cannot communicate with each other, resulting in the container cluster virtual machines in the converged cloud platform not being able to use the cloud platform infrastructure normally resources such as public mirror warehouse, orchestration, and storage

[0005] (2) If you want the system to work normally, you must get through the management plane and the business plane, which will leave a security risk

[0006] (3) If the management plane and the business plane are kept isolated from each other, and the management plane and the external network plane are connected at the same time, and then the corresponding floating IP is bound to the virtual machine of the container cluster in the converged cloud platform, this will not only solve the security risk mentioned in (2). , and will also expose the management plane to the external network, further exacerbating the security risk, and cannot meet the needs of only accessing the business in the internal production environment

[0007] (4) The default management and business planes in the container cluster are not isolated from each other, which increases the reliability risk of the system

Images