Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and tool for realizing password dynamic loading based on sidecar mode

A dynamic loading and password technology, applied in the field of kubernetes clusters, can solve problems such as increasing the workload of operation and maintenance personnel, manually managing password keys, and leaking password keys, so as to reduce the probability of manual configuration errors, improve security and ease of use. Usability and the effect of avoiding configuration redundancy

Active Publication Date: 2021-05-28
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Moreover, with the continuous expansion of applications and the deployment of new environments, operation and maintenance personnel need to manually manage password keys, which greatly increases the workload of operation and maintenance personnel
[0003] In addition, in the process of managing the encryption key, the configuration of the plain text leads to an increasing risk of the encryption key leaking, which poses a great security risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and tool for realizing password dynamic loading based on sidecar mode
  • Method and tool for realizing password dynamic loading based on sidecar mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] This embodiment proposes a method for implementing dynamic loading of passwords based on the sidecar mode, and the implementation process includes:

[0035] Step S1. Pre-configure the content that needs to generate the password key in Secret-manager. When deploying the kubernetes cluster, generate all the passwords required by the kubernetes cluster through the pre-configured content in Secret-manager, and store them in the pre-specified password storage after encryption Under contents.

[0036] In this step, when deploying a kubernetes cluster, all passwords generated by Secret-manager are stored in a structure similar to a file directory.

[0037] Secret-manager generates all the passwords required by the kubernetes cluster according to the pre-configured content, and provides the generated passwords to corresponding password usage services, such as mysql.

[0038] A series of policies are defined in Secret-manager. Each policy can pre-specify multiple password stora...

Embodiment 2

[0045] combined with figure 1 , 2, this embodiment proposes a tool for dynamically loading passwords based on the sidecar mode, based on a kubernetes cluster, and its implementation framework includes secret-manager and secret-inject, wherein the Secret-manager is pre-configured with content that needs to generate a password key,

[0046] secret-inject is used to inject Secret-manager into the application pod in sidecar mode, and mount it to the pre-specified directory of the application pod.

[0047] When deploying a kubernetes cluster:

[0048] (1) First, generate all passwords required by the kubernetes cluster based on the pre-configured content in Secret-manager, and store them in the pre-specified password storage directory after encryption.

[0049] At this point, Secret-manager generates all the passwords required by the kubernetes cluster according to the pre-configured content, and provides the generated passwords to the corresponding password usage services, such ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a tool for realizing dynamic loading of a password based on a sidecar mode, and relates to the technical field of kubernetes clusters, and the realization content comprises the following steps: pre-configuring a content needing to generate a password key in a Secret-Manager, when the kubernetes cluster is deployed, generating all passwords required by the kubernetes cluster through the pre-configured content in the Secret-Manager, loading the passwords in the Kubernetes cluster according to the passwords required by the Kubernetes cluster, after being encrypted, storing the passwords in a pre-specified password storage directory; deploying a uniform Sect-manager at an application side and a service side, deploying an application pod by the Sect-manager, and automatically generating a preset password management strategy and role; injecting Secret-manager into an application pod by using a secret-inject service in a sidecar mode, and mounting the Sect-manager into a directory which is appointed by the application pod in advance; when the application pod is started, reading the password information of the password file in the mounting path, and carrying the password to access the password use service. According to the method, the configuration workload of operation and maintenance personnel can be reduced, the probability of manual configuration errors is reduced, the safety index in the password use process can be improved, and the password leakage risk is reduced.

Description

technical field [0001] The invention relates to the technical field of kubernetes clusters, in particular to a method and a tool for realizing dynamic loading of passwords based on a sidecar mode. Background technique [0002] As the complexity of the system continues to increase, the number of applications within the kubernetes cluster continues to increase, and the cryptographic key information that needs to be managed also increases. Moreover, with the continuous expansion of applications and the deployment of new environments, operation and maintenance personnel are required to manually manage password keys, which greatly increases the workload of operation and maintenance personnel. [0003] In addition, in the process of managing cryptographic keys, the configuration of plain text will lead to an increasing risk of cryptographic key leakage, which poses a great security risk. Contents of the invention [0004] Aiming at the problem of password configuration during k...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/46G06F9/455
CPCG06F21/46G06F9/45558G06F2009/45587
Inventor 刘可新唐晓东蔡卫卫
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com