Search

CN-122001880-A - Cross-cluster application access method, gateway device and related products

CN122001880ACN 122001880 ACN122001880 ACN 122001880ACN-122001880-A

Abstract

The application provides a cross-cluster application access method, a gateway device and related products, which can realize the communication among the cross-cluster applications and reduce the resource occupation of network proxy components in clusters. The method is applied to a multi-cluster system, the multi-cluster system comprises an application layer gateway, a first K8s cluster and a second K8s cluster, the first K8s cluster comprises a network proxy component and a first application, and the second K8s cluster comprises a second application. Specifically, the network proxy component intercepts an access request sent by a first application and forwards the access request according to a routing rule matched with the request. When the routing rule indicates that the application layer processing is executed on the access request, the access request is sent to the application layer gateway, so that the application layer gateway executes the application layer processing on the access request, and the processed access request is forwarded to the second application. When the routing rule indicates that transport layer processing is performed on the access request, the access request is sent to the second application.

Inventors

  • LI CHUNHAN
  • YANG YI

Assignees

  • 华为云计算技术有限公司

Dates

Publication Date
20260508
Application Date
20241108

Claims (16)

  1. 1. The utility model provides a cross-cluster application access method, which is characterized in that a multi-cluster system comprises an application layer gateway, a first Kubernetes cluster and a second Kubernetes cluster, wherein the first Kubernetes cluster is operated with a first application, the second Kubernetes cluster is operated with a second application, the first Kubernetes cluster also comprises a network proxy component, and the method comprises the following steps: the network proxy component intercepts an access request sent by the first application; The network proxy component forwards the access request according to a target routing rule matching the access request, wherein, When the target routing rule indicates that application layer processing is performed on the access request, the network proxy component sends the access request to the application layer gateway, so that the application layer gateway performs application layer processing on the access request and forwards the processed access request to the second application; The network proxy component sends the access request to the second application when the target routing rule indicates that transport layer processing is performed on the access request.
  2. 2. The method according to claim 1, wherein the method further comprises: the network proxy component intercepts an access request sent by a third application and forwards the access request sent by the third application, wherein the third application runs on the first Kubernetes cluster.
  3. 3. The method of claim 2, wherein the multi-cluster system comprises a control component, and the first Kubernetes cluster comprises a control proxy component; Before the network proxy component forwards the access request according to the target routing rule matched with the access request, the method further comprises: the control agent component receives at least one routing rule pushed by the control component, wherein the at least one routing rule comprises the target routing rule; The control agent component sending the at least one routing rule to the network agent component; the network proxy component forwards the access request according to a target routing rule matched with the access request, and the network proxy component comprises: The network proxy component determines the target routing rule from the at least one routing rule according to a destination internet protocol, IP, address of the access request, wherein the target routing rule includes the destination IP address.
  4. 4. A method according to claim 3, wherein before the network proxy component sends the access request to the second application, the method further comprises: the control agent component receives service information of the second application pushed by the control component; the control agent component sends service information of the second application to the network agent component, wherein the service information of the second application comprises an IP address and port information of a Pod where the second application is located; The network proxy component sending the access request to the second application, comprising: and the network proxy component sends the access request to the second application according to the IP address and port information of the Pod where the second application is located.
  5. 5. The method of claim 4, wherein when the target routing rule indicates that application layer processing is performed on the access request, the method further comprises: The application layer gateway receives the target routing rule pushed by the control component; The application layer gateway executing application layer processing on the access request, including: And the application layer gateway executes application layer processing on the access request according to the target routing rule.
  6. 6. The method of claim 5, wherein when the target routing rule indicates that application layer processing is performed on the access request, the method further comprises: the application layer gateway receives service information of the second application pushed by the control component; the application layer gateway forwarding the processed access request to the second application, comprising: And the application layer gateway sends the access request to the second application according to the IP address and port information of the Pod where the second application is located.
  7. 7. A gateway device, characterized by being applied to a multi-cluster system, the multi-cluster system including an application layer gateway, a first Kubernetes cluster and a second Kubernetes cluster, the first Kubernetes cluster having a first application running thereon, the second Kubernetes cluster having a second application running thereon, the first Kubernetes cluster further including a network proxy component, the device comprising: The network proxy component is used for intercepting an access request sent by the first application, forwarding the access request according to a target routing rule matched with the access request, and sending the access request to the application layer gateway when the target routing rule indicates that application layer processing is performed on the access request; the application layer gateway is configured to receive the access request sent by the network proxy component, perform application layer processing on the access request, and forward the processed access request to the second application.
  8. 8. The apparatus of claim 7, wherein the device comprises a plurality of sensors, The network proxy component is further configured to intercept an access request sent by a third application, and forward the access request sent by the third application, where the third application runs on the first Kubernetes cluster.
  9. 9. The apparatus of claim 8, wherein the multi-cluster system further comprises a control component, the gateway apparatus further comprising a control proxy component deployed on the first Kubernetes cluster; the control agent component is used for receiving at least one routing rule pushed by the control component, wherein the at least one routing rule comprises the target routing rule; The network proxy component is configured to determine, according to a destination IP address of the access request, the target routing rule from the at least one routing rule, where the target routing rule includes the destination IP address.
  10. 10. The apparatus of claim 9, wherein the device comprises a plurality of sensors, The control agent component is further used for receiving the service information of the second application pushed by the control component, wherein the service information of the second application comprises the IP address and the port information of the Pod where the second application is located; the network proxy component is configured to send the access request to the second application according to the IP address and port information of the Pod where the second application is located.
  11. 11. The apparatus of claim 10, wherein when the target routing rule indicates that application layer processing is performed on the access request, the application layer gateway is configured to receive the target routing rule pushed by the control component, and perform application layer processing on the access request according to the target routing rule.
  12. 12. The apparatus of claim 11, wherein when the target routing rule indicates that application layer processing is performed on the access request, the application layer gateway is configured to receive service information of the second application pushed by the control component, and send the access request to the second application according to an IP address and port information of a Pod where the second application is located.
  13. 13. The multi-cluster system is characterized by comprising an application layer gateway, a first Kubernetes cluster and a second Kubernetes cluster, wherein the first Kubernetes cluster is provided with a first application, the second Kubernetes cluster is provided with a second application, the first Kubernetes cluster further comprises a network proxy component, The network proxy component intercepts an access request sent by the first application; The network proxy component forwards the access request according to a target routing rule matching the access request, wherein, When the target routing rule indicates that application layer processing is performed on the access request, the network proxy component sends the access request to the application layer gateway, so that the application layer gateway performs application layer processing on the access request and forwards the processed access request to the second application; The network proxy component sends the access request to the second application when the target routing rule indicates that transport layer processing is performed on the access request.
  14. 14. A cluster of computing devices, comprising at least one computing device, each computing device comprising a processor and a memory; The processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the cluster of computing devices to perform the method of any one of claims 1 to 6.
  15. 15. A computer program product containing instructions that, when executed by a cluster of computing devices, cause the cluster of computing devices to perform the method of any of claims 1 to 6.
  16. 16. A computer readable storage medium comprising computer program instructions which, when executed by a cluster of computing devices, perform the method of any of claims 1 to 6.

Description

Cross-cluster application access method, gateway device and related products Technical Field The present application relates to the field of cloud computing technologies, and in particular, to a cross-cluster application access method, a gateway device, and related products. Background In a cloud computing scenario, an enterprise typically deploys applications using Kubernetes (K8 s) clusters, and when different applications are deployed to different clusters, respectively, there may be a need for cross-cluster access of the applications. Currently, cross-cluster access of applications can be achieved through the eastern hundred million ohms (Istio). Taking an example of an application a in a cluster a desiring to access an application B in a cluster B, an existing solution is described that, when the application a desires to access the application B, an access request issued by the application a may reach the application B via a network proxy component (envoy) of the application a and forwarding of envoy of the application B. Since one envoy is dedicated to the communication of one application, using the above scheme requires configuring one envoy for each application running on the cluster. It will be appreciated that the more applications that run on the cluster, the more envoy that need to be configured, which can result in a significant amount of resources in the cluster being occupied by envoy. Disclosure of Invention The application provides a cross-cluster application access method, a gateway device and related products, which can realize the communication among the cross-cluster applications and reduce the resource occupation of a network proxy component in a K8s cluster. In a first aspect, the present application provides a cross-cluster application access method. The method can be applied to a multi-cluster system, the multi-cluster system comprises an application layer gateway, a first K8s cluster and a second K8s cluster, a first application is operated on the first K8s cluster, a second application is operated on the second K8s cluster, and the first K8s cluster further comprises a network proxy component. In a specific implementation, the network proxy component intercepts an access request sent by a first application and forwards the access request according to a target routing rule matched with the access request. When the target routing rule indicates that application layer processing is performed on the access request, the network proxy component sends the access request to the application layer gateway, so that the application layer gateway performs application layer processing on the access request and forwards the processed access request to the second application. When the target routing rule indicates that transport layer processing is performed on the access request, the network proxy component sends the access request to the second application. The application layer processing refers to processing performed on the access request at the application layer, and the transport layer processing refers to forwarding the access request to the second application based on a transport layer protocol. In the technical scheme provided by the application, the network proxy component can intercept the access request sent by the local first application and forward the access request. In the forwarding process, the network proxy component may determine a forwarding manner of the access request according to a target routing rule matched with the access request. Wherein if application layer processing is required to be performed on the access request, the network proxy component is required to send the access request to the application layer gateway, after which the application layer gateway performs application layer processing on the access request and forwards to the second application. If only the access request needs to be transmitted to the second application, the network proxy component may send the access request directly to the second application. It can be seen that the network proxy component in the above scheme can implement proxy of four-layer traffic, and the application layer gateway can implement proxy of seven-layer traffic, that is, the resources occupied by the network proxy component in the K8s cluster can be reduced. In one possible implementation, the network proxy component further intercepts an access request issued by a third application and forwards the access request issued by the third application, wherein the third application is running on the first K8s cluster. By the implementation manner, the network proxy component can realize four-layer flow proxy of a plurality of applications (including the first application and the third application) on the first K8s cluster, that is, one network proxy component is not required to be deployed for each application running on the first K8s cluster by using the scheme, so that the resource occupation of the network proxy component i