Management and control method for Docker container creation and destruction

Abstract

The invention provides a management and control method for creating and destroying a Docker container, which comprises the following steps that: a management end initiates a strategy request for acquiring the state of the Docker container to a terminal, and the terminal receives the strategy request, and after the terminal processes the strategy request, information for analyzing the strategy request is analyzed and sent to the management end; when the management end configures whether the docker container can be started or not, the management end sets and issues a starting management and control strategy to the terminal, after the terminal receives the starting management and control strategy, corresponding object information is found out according to subject information of the docker container, and a corresponding access control permission strategy is configured for an object; and when the management end closes the management and control of the docker container, the management end triggers and sends a closing management and control strategy for closing the docker container to the terminal, and after the terminal receives the closing management and control strategy, all docker strategies including the starting management and control strategy are eliminated, and a security mechanism is notified to update the strategy. According to the method and the system, the business service can be effectively prevented from being interfered and damaged, and the safety management and control of Docker container creation and recovery are solved.

Description

A control method for the creation and destruction of Docker containers technical field The present invention relates to information technology field, relate in particular to a kind of management and control for Docker container creation and destruction method. Background technique [0002] With the wide application of cloud computing technology, various virtualization technologies emerge in an endless stream. Docker container technology Due to the characteristics of lightweight virtualization based on LXC, the most obvious features compared to KVM are fast startup and small resource occupation. Therefore, it is beneficial to build an isolated and standardized operating environment, lightweight PaaS (such as dokku), build automated tests and support A continuous integration environment, and everything that scales horizontally. The creation and recovery process of existing Docker container is operated by container manager, and this process only has application It pe...

AI Technical Summary

Problems solved by technology

Therefore, currently, during the process of creating and recycling Docker containers, there is no system-level security control method, which allows attackers to create container resources in violation of regulations and use container resources to perform malicious operations; at the same time, attackers can also use operating system Administrator rights, modify or destroy the created container resources, causing business services to be disrupted and destroyed

Images