阅读说明：本技术 基于k8s云容器平台的集群通信方法及装置 (Cluster communication method and device based on k8s cloud container platform ) 是由 石闪闪 陈飞 张学青 彭景强 于 2021-07-30 设计创作，主要内容包括：本发明提供了一种基于k8s云容器平台的集群通信方法及装置,该k8s云容器平台的集群外部主机和集群内部pod属于同一局域网,该方法包括以下步骤：在集群外部主机上添加需要访问的集群内部pod的IP段对应的静态路由；设置集群外部主机可以访问集群内部的端口范围；结合iptables和iptables-services软件配置端口规则；根据端口范围创建端口池并将端口放入端口池中；当集群外部主机作为服务端,集群内部pod作为客户端,进行TCP通信时,在集群内部pod建立socket之前,从端口池中获取未占用的端口,集群内部pod绑定该端口建立socket连接和集群外部主机进行socket通讯。本发明实现了k8s集群外的主机作为TCP服务端,集群内的pod作为TCP客户端的TCP正常通信。(The invention provides a cluster communication method and a device based on a k8s cloud container platform, wherein a cluster external host of the k8s cloud container platform and a cluster internal pod belong to the same local area network, and the method comprises the following steps: adding a static route corresponding to an IP section of a pod inside the cluster to be accessed on a host outside the cluster; setting a port range within which a host outside the cluster can access the cluster; configuring a port rule by combining iptables and iptables-services software; creating a port pool according to the port range and putting the port into the port pool; when a cluster external host serves as a server side and a cluster internal pod serves as a client side to perform TCP communication, before a socket is established by the cluster internal pod, an unoccupied port is obtained from a port pool, and the cluster internal pod binds the port to establish socket connection and performs socket communication with the cluster external host. The invention realizes that the host outside the k8s cluster is used as a TCP server side, and the pod in the cluster is used as the TCP normal communication of the TCP client side.)

1. A cluster communication method based on a k8s cloud container platform is characterized in that a cluster external host and a cluster internal pod of the k8s cloud container platform belong to the same local area network, and the method comprises the following steps:

adding a static route corresponding to an IP section of a pod inside the cluster to be accessed on a host outside the cluster;

setting a port range within which a host outside the cluster can access the cluster;

configuring a port range in which a host outside the cluster can access the cluster and a port in which a pod inside the cluster accesses the host outside the cluster by combining iptables and iptables-services software configuration port rules;

creating a port pool according to the port range and putting a corresponding port into the port pool;

when a cluster external host serves as a server side and a cluster internal pod serves as a client side, during TCP communication, before a socket is established by the cluster internal pod, a port is randomly obtained from a port pool, whether the port is occupied or not is checked, if the port is occupied, the port is obtained again, and if the port is not occupied, the cluster internal pod binds the port to establish socket connection and starts socket communication with the cluster external host.

2. The cluster communication method based on the k8s cloud container platform of claim 1, wherein the adding, on a host outside the cluster, a static route corresponding to an IP segment of a pod inside the cluster that needs to be accessed specifically includes:

and acquiring an exit IP address when each internal pod of the cluster needing to be accessed accesses the external host of the cluster, and adding a corresponding static route on the external host of the cluster according to the acquired exit IP address.

3. The k8s cloud container platform-based cluster communication method of claim 1, wherein: and adding static routes corresponding to the IP sections of all the pods in the cluster on the host outside the cluster.

4. The k8s cloud container platform-based cluster communication method of claim 1, wherein configuring port rules in conjunction with iptables and iptables-services software specifically comprises:

firstly, adding a default rule for refusing access;

and then adding a request message and a response message rule for releasing access to the corresponding port.

5. The k8s cloud container platform-based cluster communication method of claim 1, wherein the configuration of the port range inside the cluster that can be accessed by the host outside the cluster by setting iptables port rules is as follows:

firstly, adding a default rule for refusing access;

then adding rules for releasing the request message of the access port and rules for releasing all response messages.

6. The k8s cloud container platform-based cluster communication method of claim 1, wherein:

and executing a save command on the set port rule.

7. A cluster communication method based on a k8s cloud container platform is characterized in that a cluster external host and a cluster internal pod of the k8s cloud container platform belong to the same local area network, and the method comprises the following steps:

adding a static route corresponding to an IP section of a pod inside the cluster to be accessed on a host outside the cluster;

configuring a port range of a pod access cluster external host inside the cluster and a port of the cluster external host access cluster by combining iptables and iptables-services software configuration port rules;

creating a port pool according to the port range and putting a corresponding port into the port pool;

when a cluster external host serves as a client and a cluster internal pod serves as a server, during TCP communication, before a socket is established on the cluster external host, a port is randomly obtained from a port pool, whether the port is occupied or not is checked, if the port is occupied, the port is obtained again, if the port is not occupied, the cluster external host binds the port to establish socket connection, and normal communication with the cluster internal pod is started.

8. A cluster communication device based on a k8s cloud container platform, wherein a cluster external host and a cluster internal pod of the k8s cloud container platform belong to the same local area network, and the device comprises:

the static route adding module is used for adding a static route corresponding to the IP section of the pod inside the cluster to be accessed on the host outside the cluster;

the port range setting module is used for setting the range of ports which can be accessed by a host outside the cluster to the inside of the cluster;

the port rule configuration module is used for configuring a port rule by combining iptables and iptables-services software and configuring a port range of a host outside the cluster, which can access the cluster, and a port of a pod inside the cluster, which can access the host outside the cluster;

the port pool creating module is used for creating a port pool according to the port range and putting the corresponding port into the port pool;

and the socket communication establishing module is used for randomly obtaining a port from the port pool before the cluster internal pod establishes the socket when the cluster external host is used as a server side and the cluster internal pod is used as a client side for carrying out TCP communication, checking whether the port is occupied or not, obtaining the port again if the port is occupied, binding the port by the cluster internal pod to establish socket connection if the port is not occupied, and starting socket communication with the cluster external host.

9. A cluster communication device based on a k8s cloud container platform, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1-7 when executing the computer program.

10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.

Technical Field

The invention relates to the field of communication, in particular to a cluster communication method and device based on a k8s cloud container platform.

Background

Kubernets is a Goole open source container cluster management system, which is an open source application for managing containerization on multiple hosts in a cloud platform. The system is an industrial-level arrangement platform, mainly provides deployment, elasticity and management of services, and has multiple functions of deploying application, expanding mechanism, maintaining and the like, so that cross-machine operation containerized application can be managed more conveniently, and core functions of Kubernets include: service discovery and load balancing, automatic service boxing, container storage arrangement, container fault recovery, automatic release and rollback, configuration and key storage, service level expansion and contraction, batch execution, daemon tasks and probes.

After the k8s cluster is deployed, if an external host and an internal pod (container) belong to the same local area network, when a container cloud platform and an external network need to realize TCP communication through Socket, a problem arises in that the external host cannot access an address of the internal pod, and the external host and the internal pod cannot communicate with each other. When the container cloud platform and an external network need to realize TCP communication through Socket, and a server side responds data to a client side, a port of the client side for receiving the data is random. However, when the server sends data to the pod, because the ports are random, the randomly allocated ports may be limited and cannot access the clients inside the cluster, which may result in abnormal communication.

Disclosure of Invention

The invention aims to provide a cluster communication method and a cluster communication device based on a k8s cloud container platform, which are used for ensuring that the k8s cloud container platform and an external network carry out normal TCP communication, ensuring the security and avoiding external attacks.

The invention is realized by the following steps:

in a first aspect, the present invention provides a cluster communication method based on a k8s cloud container platform, where a cluster external host and a cluster internal pod of the k8s cloud container platform belong to the same local area network, and the method includes the following steps:

adding a static route corresponding to an IP section of a pod inside the cluster to be accessed on a host outside the cluster;

setting a port range within which a host outside the cluster can access the cluster;

configuring a port range in which a host outside the cluster can access the cluster and a port in which a pod inside the cluster accesses the host outside the cluster by combining iptables and iptables-services software configuration port rules;

creating a port pool according to the port range and putting a corresponding port into the port pool;

when a cluster external host serves as a server side and a cluster internal pod serves as a client side, during TCP communication, before a socket is established by the cluster internal pod, a port is randomly obtained from a port pool, whether the port is occupied or not is checked, if the port is occupied, the port is obtained again, and if the port is not occupied, the cluster internal pod binds the port to establish socket connection and starts socket communication with the cluster external host.

Further, the adding of the static route corresponding to the IP segment of the cluster internal pod to be accessed on the host outside the cluster specifically includes:

and acquiring an exit IP address when each internal pod of the cluster needing to be accessed accesses the external host of the cluster, and adding a corresponding static route on the external host of the cluster according to the acquired exit IP address.

Further, static routes corresponding to the IP segments of all the pods in the cluster are added on the hosts outside the cluster.

Further, the configuring the port rule by combining iptables and iptables-services software specifically includes:

firstly, adding a default rule for refusing access;

and then adding a request message and a response message rule for releasing access to the corresponding port.

Further, configuring the range of ports inside the cluster that can be accessed by the host outside the cluster by setting the iptables port rule specifically includes:

firstly, adding a default rule for refusing access;

then adding rules for releasing the request message of the access port and rules for releasing all response messages.

Further, a save command is executed on the set port rule.

In a second aspect, the present invention provides a cluster communication method based on a k8s cloud container platform, where a cluster external host and a cluster internal pod of the k8s cloud container platform belong to the same local area network, and the method includes the following steps:

adding a static route corresponding to an IP section of a pod inside the cluster to be accessed on a host outside the cluster;

configuring a port range of a pod access cluster external host inside the cluster and a port of the cluster external host access cluster by combining iptables and iptables-services software configuration port rules;

creating a port pool according to the port range and putting a corresponding port into the port pool;

when a cluster external host serves as a client and a cluster internal pod serves as a server, during TCP communication, before a socket is established on the cluster external host, a port is randomly obtained from a port pool, whether the port is occupied or not is checked, if the port is occupied, the port is obtained again, if the port is not occupied, the cluster external host binds the port to establish socket connection, and normal communication with the cluster internal pod is started.

In a third aspect, the present invention provides a group communication apparatus based on a k8s cloud container platform, where a group external host and a group internal pod of the k8s cloud container platform belong to the same local area network, the apparatus including:

the static route adding module is used for adding a static route corresponding to the IP section of the pod inside the cluster to be accessed on the host outside the cluster;

the port range setting module is used for setting the range of ports which can be accessed by a host outside the cluster to the inside of the cluster;

the port rule configuration module is used for configuring a port rule by combining iptables and iptables-services software and configuring a port range of a host outside the cluster, which can access the cluster, and a port of a pod inside the cluster, which can access the host outside the cluster;

the port pool creating module is used for creating a port pool according to the port range and putting the corresponding port into the port pool;

and the socket communication establishing module is used for randomly obtaining a port from the port pool before the cluster internal pod establishes the socket when the cluster external host is used as a server side and the cluster internal pod is used as a client side for carrying out TCP communication, checking whether the port is occupied or not, obtaining the port again if the port is occupied, binding the port by the cluster internal pod to establish socket connection if the port is not occupied, and starting socket communication with the cluster external host.

In a fourth aspect, the present invention provides a cluster communication apparatus based on a k8s cloud container platform, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of any one of the methods described above when executing the computer program.

In a fifth aspect, the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the method according to any one of the above.

Compared with the prior art, the invention has the following beneficial effects:

aiming at the problem that a host outside a k8s cluster and an internal pod cannot carry out TCP communication when the host and the internal pod belong to the same local area network, firstly, adjustment is carried out on the host outside the cluster, a static route corresponding to an IP section of the internal pod of the cluster needing to be accessed is added on the host outside the cluster, and communication between the external host and a plurality of pods in the cluster is realized; secondly, the invention manages the ports by combining iptables and iptables-services software, configures the port rules, creates a port pool according to the port range and puts the corresponding port into the port pool; and finally, when the cluster external host serves as a client and the cluster internal pod serves as a server, during TCP communication, before the cluster external host establishes a socket, a port is randomly acquired from the port pool, whether the port is occupied or not is checked, if the port is occupied, the port is acquired again, if the port is not occupied, the cluster external host binds the port to establish socket connection, and normal communication with the cluster internal pod is started. The host outside the k8s cluster is used as a TCP server, and the pod inside the cluster is used as the TCP normal communication of the TCP client, so that the security of the host can be ensured and the host is not attacked by the outside.

Drawings

Fig. 1 is a flowchart of a cluster communication method based on a k8s cloud container platform according to an embodiment of the present invention;

fig. 2 is an architecture diagram of a k8s cloud container platform according to an embodiment of the present invention;

fig. 3 is a schematic diagram of a network structure of a k8s cloud container platform according to an embodiment of the present invention;

fig. 4 is a block diagram of a cluster communication device based on a k8s cloud container platform according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

As shown in fig. 1, an embodiment of the present invention provides a cluster communication method based on a k8s cloud container platform, and fig. 2 is an architecture diagram of a k8s cloud container platform, where an assumption is that a cluster external host and a cluster internal pod of the k8s cloud container platform belong to the same local area network, that is, the cluster internal pod can access a cluster external host, but the cluster external host cannot access the cluster internal pod.

The method comprises the following steps:

s101, adding a static route corresponding to an IP section of a pod inside to be accessed on a host outside the cluster;

the method specifically comprises the following steps: and acquiring an exit IP address when each internal pod of the cluster needing to be accessed accesses the external host of the cluster, and adding a corresponding static route on the external host of the cluster according to the acquired exit IP address.

The specific implementation steps are as follows:

get the egress IP address of the pod accessing the cluster external host through tcpdump.

First go to telnet external host address in a Pod, then grab packet on external host:

# into pod

kubectl exec–it user-api-764d68b678-54kt2 bash

The # telnet is a set port and is not occupied, so as to prevent the packet from being interfered by other information during packet capturing

telnet 192.168.31.6712345

Packet capturing on external host

# external host computer, designating port 12345

tcpdump–nni any port 12345

Telnet results

#telnet 192.168.31.6712345

Trying 192.168.31.67…

telnet:connect to address 192.168.31.67:Connection refused

tcpdump bale grab result

#tcpdump-nni any port 12345

tcpdump:verbose output suppressed,use-v or-vv for full protocol decode

listening on any,link-type LINUX_SLL(Linux cooked),capture size 262144bytes

12:52:28.644112IP 192.168.31.17.35066>192.168.31.67.12345:Flags[S],seq 3592146803,win 28000,options[mss 1400,sackOK,TS val 780676435ecr0,nop,wscale 7],length 0

12:52:28.644169IP 192.168.0.31.67>192.168.31.17.35066:Flags[R.],seq 0,ack 3592146804,win 0,length 0

It can be seen that when telnet is performed in pod, the source address of the access external host is the IP address of the node, i.e., 192.168.31.17

② adding static route on external host

The IP address of the pod is viewed with the following commands:

kubectl get pod–o wide|grep user-api

user-api-764d68b678-54kt21/1Running 03d17h 10.200.1.91alpha-node-01<none><none>

it can be seen that the IP address of the pod is: 10.200.1.91

When the IP address of the pod is acquired, the following commands can be used for adding a route on the external host

route add–host 10.200.1.91gw 192.168.31.17

After the addition is complete, the following can be verified:

whether or not to go under # ping

#ping 10.200.1.91

PING 10.200.1.91(10.200.1.91)56(84)bytes of data.

64bytes from 10.200.1.91:icmp_seq＝1ttl＝63time＝0.296ms

64bytes from 10.200.1.91:icmp_seq＝2ttl＝63time＝0.258ms

# service available under revisit

#curl 10.200.1.91:8088/api/healthy/check

{"code":0,"message":"success"}

After the above verification, it can be found to be feasible. Therefore, the embodiment of the invention solves the communication problem of the external host and the internal pod of the same local area network by adding a static route. However, in an actual k8s cluster environment, there are hundreds of similar pods, and a static route corresponding to the IP segment of the cluster internal pod that needs to be accessed can be added on the host outside the cluster. Preferably, static routes corresponding to the IP segments of all the pods within the cluster are added on hosts outside the cluster.

Aiming at multi-pod added static routing, the invention adopts the following method:

when a cluster uses a calico network plug-in, each node allocates different subnets, for example, an IP network segment allocated by node1 is 10.200.1.0/24, and an IP segment of node2 is 10.200.36.0/24, so that the embodiment of the present invention adds the whole IP segment to a routing table of an external host, as shown below:

route add–net 10.200.1.0/24gw 192.168.31.17

route add–net 10.200.36.0/24gw 192.168.31.45

s102, setting a port range within which a host outside the cluster can access the cluster;

when the host outside the cluster and the pod inside the cluster in the same local area network can communicate, the port problem outside and inside the cluster begins to be designed. The design premise of the invention is that the number of externally accessible ports in the container cloud platform is in a certain range, which can be modified in a configuration file/etc/kubernets/requirements/kube-api.

S103, configuring a port rule by combining iptables and iptables-services software, and configuring a port range of a cluster external host which can access the cluster internal host and a port of a cluster internal pod which can access the cluster external host;

iptables refers to a built-in firewall in Linux under Linux. If the range of the port is not specified, the iptables is difficult to open to any port, and if the iptables allows any port to access, no difference is made between that and no firewall is set, so that a range of the data transmission port needs to be specified. The invention combines iptables and iptables-services software to manage the port rules, configure the ports in the range,

the configuration of the port rule by combining the iptables and iptables-services software specifically comprises the following steps:

firstly, adding a default rule for refusing access;

and then adding a request message and a response message rule for releasing access to the corresponding port.

The specific port management rules are as follows:

as shown in FIG. 3, assuming that the network represented by the circle is a cluster internal network, assuming that the network segment of the internal network is 10.200.1.0/24, a pod host C exists in the internal network, and the IP address of the host C is 10.200.1.1.

In fig. 3, host B also belongs to the intra-cluster network as the role of the network firewall, host a serves as the external network host of the cluster, host a has IP address 192.168.31.67, and we have set up static routing in step S101, so at this time, host a can access the service of host C inside the cluster. Next, we set ports through iptables rules, and ensure that the outside and the inside of the cluster can normally communicate within the set port range.

Since iptables acts as a "network firewall," rules need to be set in the FORWARD chain in the filter table. A "white list mechanism" may be used to add a default reject rule first, and then set rules for the message that needs to be released. The "direction problem" needs to be considered when configuring the rules, and the source address and the destination address, the source port and the destination port, etc. of the message are considered for the request message and the response message.

On host B, we start setting the iptables port rule. First, add the rule of default rejection:

iptables-A FORWARD-j REJECT

secondly, rules are added to the released messages:

if we set the port of the TCP client (outside the cluster) to 60001, in host B, the following command is executed:

request to pass Cluster internal host Access 60001 Port on host B

iptables-I FORWARD-s 10.200.1.0/24-p tcp--dport 60001-j ACCEPT

Release of response message of external host of cluster on host B

iptables-I FORWARD-d 10.200.1.0/24-p tcp--sport 60001-j ACCEPT

Similarly, if the port of the TCP server (inside the cluster) is set to 40002, the following command is executed on the host B:

release request on host B for cluster external host access to 40002 port

iptables-I FORWARD-s 192.168.31.67-p tcp--dport 40002-j ACCEPT

Releasing response message of host inside cluster on host B

iptables-I FORWARD-d 192.168.31.67-p tcp--sport 40002–j ACCEPT

In order to optimize the above rules, no matter from inside to outside or from outside to inside, as long as "response message", we can pass through all the rules, that is, the configuration of the internal port range of the cluster that can be accessed by the host outside the cluster by setting the iptables port rule is specifically as follows:

firstly, adding a default rule for refusing access;

and then adding a request message and a response message rule for releasing access to the corresponding port.

The specific settings are as follows:

firstly, two rules of the configured response message on the B host are deleted, and then the following commands are executed:

iptables-I FORWARD-m state-state ESTABLISGED,RELATED,-j ACCEPT

the method has the advantages that most response messages can be released only by adding the rule in a FORWARD chain of a network firewall host, the rule can be set up no matter inside an external response or outside the internal response, when iptables serves as the network firewall, the problem of 'two-way' is considered when the rule is configured every time, after the rule is configured, the rule can be set up only by considering the direction of the request message and responding to the message, and the rule can be set up.

If the port inside the cluster that we want to release is a range, for example, the port range of the host outside the cluster is 60001 ~ 80001, the following commands can be used:

iptables-I FORWARD-s 10.200.1.0/24-p tcp--dport 60001:80001-j ACCEPT

similarly, port ranges outside the cluster may be configured.

The firewall rules configured by the iptables command fail when the system is restarted next time, and if the configured firewall policy is required to be permanently effective, the set port rules need to be executed with a storage command; service iptables save. Therefore, the phenomenon that the configured port rule is lost due to server restart can be avoided.

S104, creating a port pool according to the port range and putting a corresponding port into the port pool;

after the port range is well defined and rules are configured, before a socket is established, the port range used by the container cloud platform service communication is firstly obtained, then a port pool is established, then a port is placed into the port pool, and after the port pool is placed, a certain number of random port numbers in the set range are stored in the port pool.

S105, when a cluster external host serves as a server side and a cluster internal pod serves as a client side, during TCP communication, before a socket is established in the cluster internal pod, a port is randomly obtained from a port pool, whether the port is occupied or not is checked, if the port is occupied, the port is obtained again, and if the port is not occupied, the cluster internal pod binds the port to establish socket connection and starts socket communication with the cluster external host.

In the invention, the pod in the k8S cluster is used as the TCP client, and if the data of the external host server is to be received normally, the port of the external TCP communication client needs to be fixed, and the port is the unoccupied port taken out from the port pool in step S104. The concrete implementation is as follows: when a client of the cloud container platform binds a fixed port, one port is randomly acquired from a port pool, whether the port is occupied or not is checked, if the port is occupied, another port is continuously taken out of the port pool, and if the port is not occupied, the port can be used for binding and starts normal communication with an external server.

Under normal conditions, the client flow is as follows:

a socket is created, then the server connect is connected, then read/write is started, and finally close is started.

The server process is as follows:

newly building a socket, then binding a port number bind, then monitoring a port list, then receiving a connection accept of a client, starting read/write after success, and finally closing close.

If a port of a client is randomly generated according to the above-mentioned flow, and then the client is connected to a server, the problem that communication cannot be normally performed if the random port is not opened can be encountered.

However, in the invention, the port of the client is not random any more, but is a security port which is set in a mode of being managed by iptables and iptablse-services together. In order to specify the port number of the client, the flow of the client needs to be improved, and the specific improvement method is as follows:

and (3) newly building a socket, then binding a port number bind, then connecting with a server connect, then removing read/write, and finally closing.

Specifically, in the code, compared with the original random port code, a part of code needs to be added on the basis, as shown below:

after the codes are upgraded, when the client is connected with the server, the server displays that the connected client port number is the port number set by the client, but not a random port number.

The cluster communication method based on the k8s cloud container platform provided by the embodiment of the invention aims at the problem that when an external host and an internal pod of a k8s cluster belong to the same local area network, the two parties cannot perform TCP communication, firstly, adjustment is performed on the host outside the cluster, a static route corresponding to an IP section of the internal pod of the cluster to be accessed is added on the host outside the cluster, and communication between the external host and a plurality of pods in the cluster is realized; secondly, the invention manages the ports by combining iptables and iptables-services software, configures the port rules, creates a port pool according to the port range and puts the corresponding port into the port pool; and finally, when the cluster external host serves as a client and the cluster internal pod serves as a server, during TCP communication, before the cluster external host establishes a socket, a port is randomly acquired from the port pool, whether the port is occupied or not is checked, if the port is occupied, the port is acquired again, if the port is not occupied, the cluster external host binds the port to establish socket connection, and normal communication with the cluster internal pod is started. The host outside the k8s cluster is used as a TCP server, and the pod inside the cluster is used as the TCP normal communication of the TCP client, so that the security of the host can be ensured and the host is not attacked by the outside.

Based on the same inventive concept, the embodiment of the present invention further provides a cluster communication apparatus based on a k8s cloud container platform, and since the principle of the problem solved by the apparatus is similar to that of the method of the foregoing embodiment, reference may be made to the implementation of the foregoing method for the implementation of the apparatus, and repeated details are not described here.

As shown in fig. 4, a cluster communication apparatus based on a k8s cloud container platform provided for the embodiment of the present invention may be configured to perform the above method embodiment, where the apparatus includes:

a static route adding module 401, configured to add, on a host outside the cluster, a static route corresponding to an IP segment of a pod inside the cluster that needs to be accessed;

a port range setting module 402, configured to set a port range within which a host outside the cluster can access the cluster;

a port rule configuration module 403, configured to configure a port rule by combining iptables and iptables-services software, and configure a port range in which a host outside the cluster can access the cluster and a port in which a pod inside the cluster accesses the host outside the cluster;

a port pool creating module 404, configured to create a port pool according to the port range and place a corresponding port into the port pool;

a socket communication establishing module 405, configured to, when a cluster external host is used as a server and a cluster internal pod is used as a client, perform TCP communication, before establishing a socket by the cluster internal pod, randomly obtain a port from a port pool, check whether the port is occupied, if the port is occupied, obtain the port again, and if the port is not occupied, bind the port to establish a socket connection by the cluster internal pod, and start socket communication with the cluster external host.

An embodiment of the present invention further provides an adaptive VMD detection apparatus for improving harmonic detection accuracy, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of any one of the above methods when executing the computer program.

An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps of any one of the above methods.

For a case that a cluster external host serves as a client and a cluster internal pod serves as a server, an embodiment of the present invention further provides a cluster communication method based on a k8s cloud container platform, where the cluster external host and the cluster internal pod of the k8s cloud container platform belong to the same local area network, and the method includes the following steps:

adding a static route corresponding to an IP section of a pod inside the cluster to be accessed on a host outside the cluster;

configuring a port range of a pod access cluster external host inside the cluster and a port of the cluster external host access cluster by combining iptables and iptables-services software configuration port rules;

creating a port pool according to the port range and putting a corresponding port into the port pool;

when a cluster external host serves as a client and a cluster internal pod serves as a server, during TCP communication, before a socket is established on the cluster external host, a port is randomly obtained from a port pool, whether the port is occupied or not is checked, if the port is occupied, the port is obtained again, if the port is not occupied, the cluster external host binds the port to establish socket connection, and normal communication with the cluster internal pod is started.

In this embodiment, since the cluster external host does not need to set the port range, this step is omitted in the embodiment of the cluster communication method based on the k8s cloud container platform in the case where the cluster external host is used as a server and the cluster internal pod is used as a client, and other steps are similar, which may specifically refer to the above method embodiment and are not described herein again.

Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.