Method and system for multi-tenant container resource management

Abstract

The invention discloses a multi-tenant container resource management method and system, and relates to the field of cloud computing. The method comprises the steps that a resource interface agent module receives resource access requests sent by tenants; the resource interface agent module extracts tenant identifiers and container resource identifiers from the resource access requests; the resource interface agent module performs authentication according to the tenant identifiers and the container resource identifiers, and sends authentication results and the resource access requests to a resource interface module; and the resource interface module performs corresponding operations on container resources of the tenants according to the resource access requests. By adding the resource interface agent module, operation requests of the tenants are authenticated, so that system security is improved; the resource interface module is open to the tenants, so that the tenants can configure resources such as mirror images, data volumes, ports, sub-networks and the like more flexibly in authorized and quota ranges; and resources of an IPC mechanism are included in a same naming space, so that the communication efficiency of containers is improved.

Description

technical field [0001] The present invention relates to the field of cloud computing, in particular to a method and system for multi-tenant container resource management. Background technique [0002] In the field of cloud computing, Docker, LXC and other container technologies are emerging this year as a lightweight virtualization technology that shares the Linux kernel. Multiple containers share computing, storage, network and other resources on the host machine. (Namespace) and other mechanisms use containers as the granularity to isolate resources. Compared with traditional virtual machine management, the management granularity of container resources is finer and more difficult to manage. [0003] However, in a multi-tenant environment, both the container engine itself and the existing multi-tenant virtual resource management solutions have the following deficiencies: [0004] Mainstream container engines such as Docker, Rocket, and LXC do not support multi-tenancy and ...

AI Technical Summary

Problems solved by technology

In existing multi-tenant resource management solutions, containers are usually regarded as a computing resource. For example, the OpenStack cloud computing management platform uses the multi-tenant model of virtual machines to treat containers as a virtual machine rental resource. This solution shields tenants from The container engine API (Application Programming Interface, application programming interface) prevents tenants from dynamically configuring container images, storage, ports, and service resources, and the flexibility of container resource management is poor.

[0005] The container engine usually allocates an independent namespace for each container on the host, and each namespace has an independent resource view (process, IPC, user, etc.), and the resources of each namespace are transparent to other namespaces Therefore, containers cannot directly use the IPC (Inter-Process Communication, inter-process communication) mechanism (inter-process communication, such as shared memory, semaphore, pipeline, etc.) for efficient communication

The system architecture of container resource management in the prior art is as follows: figure 1 As shown, it includes a virtual machine resource manager 101, a virtual machine tenant manager 102 and a container host 100, wherein the container host 100 includes a container engine 103, and the container engine 103 includes a container resource API service and a container resource configurator 105, container configuration 1051, Storage configuration 1052 and network configuration 1053 configure container resources respectively. Even if the containers of the same tenant are on the same host, for example, when containers 1 and 2 belong to the same tenant, efficient IPC cannot be used between them. Mechanism communication, can only use the relatively inefficient RPC (Remote Procedure Call, remote procedure call) mechanism (remote communication, file, Socket socket) communication, the communication efficiency between containers of the same tenant is low, lack of effective multi-tenant management mechanism

Images