A configuration file loading method, electronic device, and storage medium

By introducing loading containers in Grafana, and utilizing the namespace of container cloud tenants to obtain and store configuration files from the cloud platform, the problem of resource invisibility between multiple container cloud tenants is solved, resource isolation and association with the cloud platform are achieved, and the security and efficiency between tenants are improved.

CN122219987APending Publication Date: 2026-06-16ZHEJIANG DAHUA TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
ZHEJIANG DAHUA TECH CO LTD
Filing Date
2026-01-22
Publication Date
2026-06-16

AI Technical Summary

Technical Problem

In multi-container cloud tenant scenarios, the Grafana platform and the cloud platform have significantly different permission systems, resulting in resources being invisible and operations by a single container cloud tenant affecting other tenants, thus failing to meet the requirements for resource isolation.

Method used

By introducing a loading container in Grafana, the target configuration file is obtained from the cloud platform using the namespace of the container cloud tenant and stored in the target storage directory. The loading container is then used for maintenance and parsing, thereby achieving resource isolation and association with the cloud platform.

Benefits of technology

It achieves resource isolation between different container cloud tenants, ensuring that the resources of each tenant are not visible, avoiding the impact of a single tenant's operation on other tenants, and improving the efficiency of resource isolation and access control.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122219987A_ABST
    Figure CN122219987A_ABST
Patent Text Reader

Abstract

The application discloses a configuration file loading method and electronic equipment and a storage medium, and the method comprises the following steps: in response to a starting instruction of a target application of a container cloud tenant, a target configuration file corresponding to the target application is acquired from a cloud platform by using a loading container corresponding to the container cloud tenant; and the target configuration file is stored in a target storage directory corresponding to the target application. According to the above scheme, the resources among the container cloud tenants can be isolated.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of container cloud technology, and in particular to a configuration file loading method, electronic device, and storage medium. Background Technology

[0002] In multi-container cloud tenant scenarios, Grafana (an open-source data visualization and monitoring platform) requires synchronization between the cloud platform and its own permission system. If the role definitions differ significantly, the integration cost is high. Furthermore, its default Viewer (view only), Editor (create, delete, and modify dashboards), and Admin (manage data sources and users) permissions are not applicable and cannot meet the resource isolation requirements between container cloud tenants. Therefore, there is an urgent need to solve the technical isolation challenges of ensuring resource visibility between container cloud tenants and preventing improper operations by a single container cloud tenant from affecting other container cloud tenants. Summary of the Invention

[0003] This application provides at least one configuration file loading method, electronic device, and storage medium that can isolate resources between container cloud tenants.

[0004] The first aspect of this application provides a configuration file loading method, which includes: in response to a container cloud tenant’s startup command for a target application, obtaining a target configuration file corresponding to the target application from a cloud platform using the loading container corresponding to the container cloud tenant; and storing the target configuration file in a target storage directory corresponding to the target application.

[0005] The process of obtaining the target configuration file corresponding to the target application from the cloud platform by loading the container includes: obtaining the permission configuration file corresponding to the container cloud tenant from the cloud platform based on the namespace corresponding to the container cloud tenant; and selecting the configuration file required for the target application to run from the permission configuration file as the target configuration file.

[0006] Before obtaining the target configuration file corresponding to the target application from the cloud platform using the loading container, the process includes: generating a container used by the target application based on the startup command; and setting the container used by the target application and the loading container in the same container group.

[0007] After storing the target configuration file in the target storage directory of the target application, the process includes: maintaining the target configuration file using a loading container; and / or, prompting the target application container in response to the loading container detecting a change in the target configuration file in the target storage directory.

[0008] The target configuration file is stored in the cloud platform as a ConfigMap file; the target configuration file is stored in the target storage directory as a JSON file.

[0009] The process of storing the target configuration file in the target storage directory corresponding to the target application includes: converting the target configuration file in ConfigMap format into a target configuration file in JSON format; and storing the target configuration file in JSON format in the target storage directory of the target application.

[0010] The process includes, after storing the target configuration file in the target storage directory corresponding to the target application, parsing the target configuration file in response to the detection that the target configuration file exists in the target storage directory, and performing visualization based on the parsed target configuration file.

[0011] This includes running based on the parsed target configuration file, which includes hot updating based on the parsed target configuration file.

[0012] The second aspect of this application provides an electronic device including a memory and a processor coupled to each other, the processor being used to execute program instructions stored in the memory to implement the configuration file loading method in the first aspect described above.

[0013] A third aspect of this application provides a computer-readable storage medium having program instructions stored thereon, which, when executed by a processor, implement the configuration file loading method described in the first aspect above.

[0014] In the above scheme, when a container cloud tenant triggers a startup command for a target application, Grafana uses the loading container corresponding to the container cloud tenant to obtain the target configuration file corresponding to the target application from the cloud platform, and then stores the target configuration file in the target storage directory corresponding to the target application. The target application obtains the target configuration file from the target storage directory to run in Grafana. By loading the container, the target application and the cloud platform are isolated, and different container cloud tenants deploy different target applications and different loading containers, so that the current container cloud tenant cannot obtain the resources of other container cloud tenants, thereby realizing the resource isolation of the visualization operation and maintenance platform of different container cloud tenants and the resource association with the cloud platform.

[0015] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this application. Attached Figure Description

[0016] The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with this application and, together with the specification, serve to explain the technical solutions of this application.

[0017] Figure 1 This is a flowchart illustrating an embodiment of the configuration file loading method of this application; Figure 2This is a flowchart illustrating another embodiment of the configuration file loading method of this application; Figure 3 This is a schematic diagram of a framework of an embodiment of the configuration file loading device of this application; Figure 4 This is a schematic diagram of the framework of an embodiment of the electronic device of this application; Figure 5 This is a schematic diagram of a framework of an embodiment of the computer-readable storage medium of this application. Detailed Implementation

[0018] The embodiments of this application will now be described in detail with reference to the accompanying drawings.

[0019] In the following description, specific details such as particular system architectures, interfaces, and technologies are presented for illustrative purposes rather than for limiting purposes, in order to provide a thorough understanding of this application.

[0020] In this document, the term "and / or" is merely a description of the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A existing alone, A and B existing simultaneously, and B existing alone. Additionally, the character " / " generally indicates that the preceding and following related objects have an "or" relationship. Furthermore, "many" in this document means two or more. Moreover, the term "at least one" in this document means any combination of at least two of any one or more of a plurality of objects. For example, including at least one of A, B, and C can mean including any one or more elements selected from the set consisting of A, B, and C.

[0021] Please see Figure 1 , Figure 1 This is a flowchart illustrating an embodiment of the configuration file loading method of this application. Specifically, it may include the following steps: Step S110: In response to the container cloud tenant's startup command for the target application, obtain the target configuration file corresponding to the target application from the cloud platform using the container loaded by the container cloud tenant.

[0022] This application relates to the fields of cloud computing and container cloud technology, particularly platform operation and maintenance monitoring technology. By providing an additional loading container (i.e., a sidecar container) within Grafana, this container retrieves the target configuration file corresponding to the target application from the cloud platform and stores it in the target storage directory corresponding to the target application. This isolates Grafana and the cloud platform, allowing Grafana to focus on retrieving configuration files from the corresponding target storage directory, while the cloud platform focuses on managing the configuration files corresponding to container cloud tenants. These two platform systems are not directly connected. In this embodiment, there is a one-to-one correspondence between container cloud tenants and loading containers; different container cloud tenants use different loading containers, thereby isolating resources between tenants.

[0023] Grafana is an open-source data visualization and inspection platform. It is compatible with over 50 data sources, offers various chart types and dynamic panel plugins, and allows users to customize visualizations to their needs. It provides fine-grained user access control (such as administrators, editors, and viewers) and supports multiple authentication methods to ensure data security. Team members can collaboratively edit dashboards and share views, improving work efficiency. In Grafana, a "tenant" typically refers to a logically isolated unit in a multi-tenant architecture. It is a virtual organizational unit with clearly defined boundaries that can independently use Grafana resources and functions; essentially, it is a logically isolated set of resources and users. It is designed to provide independent and isolated working environments for different users or teams within a single Grafana instance.

[0024] In one implementation, after a container cloud tenant enables Grafana through a designated entry point (cloud platform / tenant page), the system will deploy a dedicated Grafana application (i.e., the target application) for that tenant. For example, if the container cloud tenant is a tenant administrator, the system will deploy a dedicated Grafana application for them after the administrator triggers the startup command on the cloud platform. Alternatively, if the container cloud tenant is a regular tenant, the system will automatically deploy a separate Grafana application for them after they trigger the startup command on the tenant page (usually a dedicated management subpage for that tenant within the cloud platform, focusing more on the tenant's own feature configuration).

[0025] Based on the startup command, a container for the target application is generated. To achieve efficient resource collaboration, the container used by the target application and the loading container can be set up in the same Kubernetes Pod (container group) – because the containers in the Pod naturally share the same storage volume and network namespace, they can directly access the same target storage directory without the need for additional data transfer mechanisms.

[0026] In Grafana multi-tenant deployment scenarios, the loading container is responsible for pulling tenant-specific configuration files and data source connection information to the shared storage directory. The target Grafana container directly reads the configuration from this directory and starts, without needing to repeatedly mount resources. This design relies on the storage sharing feature of Pods, simplifying the data interaction process between containers while ensuring the consistency of configuration and data, and avoiding the performance loss caused by cross-container data copying.

[0027] In one implementation, within a container cloud architecture, each tenant corresponds to an independent namespace (for implementing tenant-level resource isolation). The system retrieves the corresponding permission configuration file from the cloud platform based on the namespace of the container cloud tenant. This file contains full information such as the tenant's resource access permissions, role-based permission mappings, and application configuration rules. To avoid redundant configurations consuming resources or causing permission issues, the configuration file required for the target application to run needs to be further filtered from the permission configuration file and used as the target configuration file.

[0028] For example, if tenant B's namespace is "tenant-B", after obtaining the permission configuration file from the "tenant-B" namespace on the cloud platform, the core configurations required by Grafana, such as the tenant-specific data source permissions and dashboard operation permissions, are filtered out and used as the target configuration file to ensure that Grafana only obtains the permissions and configurations necessary for its operation.

[0029] Step S120: Store the target configuration file in the target storage directory corresponding to the target application.

[0030] In one implementation, the cloud platform assigns a tag to each tenant's configuration file to distinguish the file type. For example, if the configuration file type is a data source, its tag is app.grafana.com / configmap-type:“datasource”. As another example, if the configuration file type is a dashboard, its tag is app.grafana.com / configmap-type:“dashboards”.

[0031] Therefore, when loading a container, it queries which namespaces the tenant has, and then filters the ConfigMap (a resource object in Kubernetes used to store non-sensitive configuration data) from these namespaces based on tags. The JSON (JavaScript Object Notation, a lightweight data exchange format) file datasource in the data is placed in the local target storage directory of Grafana, / etc / grafana / provisioning / datasource, and the configuration file tagged with dashboard is placed in the local target storage directory, / etc / grafana / provisioning / dashboard.

[0032] In one implementation, the target configuration file is stored as a ConfigMap file in the cloud platform and within the Kubernetes cluster. However, the target configuration file itself is stored as a JSON file in the target storage directory. Therefore, a loading container is needed to convert the ConfigMap-format target configuration file into a JSON-format target configuration file, and then store the JSON-format target configuration file in the target application's target storage directory.

[0033] In addition, the target configuration file in the target application's target storage directory can also be in YAML (YAML Ain't a Markup Language, a format used to express data serialization) format, without any specific restrictions here.

[0034] In one implementation, upon receiving a startup command from a container cloud tenant for the target application, the target application scans the target storage directory. Upon detecting the presence of a target configuration file in the target storage directory, it parses the target configuration file. Subsequently, it performs visual operation based on the parsed target configuration file.

[0035] Specifically, Grafana searches for configuration files in the target storage directory ` / etc / grafana / provisioning`, scans subdirectories such as `datasources`, `dashboards`, and `notifiers` under the `provisioning` directory, and parses the YAML / JSON files within them. Based on the configuration file content, it automatically creates / updates / deletes resources such as data sources and dashboards.

[0036] In one implementation, Grafana is configured with provisioning = / etc / grafana / provisioning to indicate that hot reloading is supported in this directory. Therefore, after running based on the parsed target configuration file, hot updates are performed based on the parsed target configuration file.

[0037] In one implementation, the loading container assumes full lifecycle maintenance responsibility for the target configuration file. Therefore, the loading container can be used to maintain the target configuration file, including configuration validation (ensuring legal format and compliant permissions), standardized formatting (adapting to the container parsing rules used by the target application), and synchronizing the latest configuration from the cloud platform to the target storage directory, ensuring the accuracy and availability of the configuration file. Simultaneously, the loading container monitors the target storage directory in real time. In response to changes detected in the target configuration file in the target storage directory (such as tenant permission adjustments or application parameter updates), the loading container sends a notification to the container used by the target application through a preset mechanism (such as signal notification or API call), triggering the application container to reload the configuration or gracefully restart, ensuring that changes take effect immediately. This design ensures both professional configuration maintenance and rapid response to configuration changes, avoiding invalid configurations or delayed updates that could affect application operation.

[0038] In this application, different tenants deploy different Grafana applications and use sidecar containers to obtain configurations from the cloud platform to achieve resource isolation of the visualization operation and maintenance platform for different tenants and resource association with the cloud platform.

[0039] Furthermore, utilizing the ConfigMap resources of the Kubernetes cluster to store Grafana configurations, combined with Grafana's hot updates, eliminates the need for other storage components. Specifically, the Grafana configuration is persisted as a ConfigMap within the Kubernetes cluster and transformed into a local configuration file via a sidecar container.

[0040] Please see Figure 2 , Figure 2 This is a flowchart illustrating another embodiment of the configuration file loading method of this application. Specifically, it may include the following steps: Step S210: In response to the container cloud tenant's startup command for the target application, obtain the target configuration file corresponding to the target application from the cloud platform using the container loaded by the container cloud tenant.

[0041] This step is the same as step S110 above, and will not be repeated here.

[0042] Step S220: Store the target configuration file in the target storage directory corresponding to the target application.

[0043] This step is the same as step S120 above, and will not be repeated here.

[0044] Step S230: Set tenant-specific access permissions for the target storage directory and target configuration file.

[0045] In one implementation, a unique system user ID (UID - User Identification) and group ID (GID - Group Identification) can be assigned to each tenant. After the loading container stores the target configuration file in the tenant's exclusive storage directory, the permission configuration operation is immediately performed - the storage directory permission is set to 700 (only the owner can read, write, and execute), the configuration file permission is set to 600 (only the owner can read and write), and the owner of the directory and file is bound to the tenant's exclusive UID / GID.

[0046] Meanwhile, leveraging the PID (Process Identifier) ​​namespace isolation feature of containers, the containers used by the target application can only run with their own bound tenant UID / GID and cannot obtain permission identifiers from other tenants. This means that even if containers from other tenants attempt to access the directory or file without authorization, they will be rejected by the file system due to the UID / GID mismatch, thus blocking unauthorized cross-tenant access at the underlying level.

[0047] This design strictly adheres to the principle of least privilege, which not only achieves physical isolation of configuration files, but also links with the tenant permission system of container cloud to ensure that permission control runs through the entire process of "configuration storage-application access", thus ensuring the secure isolation of resources in multi-tenant scenarios from the root.

[0048] In this application, when a container cloud tenant triggers a startup command for a target application, Grafana uses a loaded container to obtain the target configuration file corresponding to the target application from the cloud platform, and then stores the target configuration file in the target storage directory corresponding to the target application. The target application runs in Grafana according to the target configuration file in the corresponding target storage directory. Different container cloud tenants deploy different target applications and combine the loading of containers to obtain the target configuration file in the cloud platform, thereby realizing resource isolation of the visualization operation and maintenance platform of different container cloud tenants and resource association with the cloud platform.

[0049] Those skilled in the art will understand that, in the above-described method of the specific implementation, the order in which each step is written does not imply a strict execution order and does not constitute any limitation on the implementation process. The specific execution order of each step should be determined by its function and possible internal logic.

[0050] Please see Figure 3 , Figure 3This is a schematic diagram of a framework of an embodiment of the configuration file loading device 300 of this application. The configuration file loading device 300 includes an acquisition module 310 and a filtering module 320. The acquisition module 310 executes a startup command for the target application from the cloud platform in response to the container cloud tenant's command, using the loading container corresponding to the container cloud tenant. The filtering module 320 executes the storage of the target configuration file in the target storage directory corresponding to the target application.

[0051] In one embodiment, the acquisition module 310 performs the following steps: using the loaded container to obtain the target configuration file corresponding to the target application from the cloud platform, including: obtaining the permission configuration file corresponding to the container cloud tenant from the cloud platform based on the namespace corresponding to the container cloud tenant; and filtering out the configuration file required for the target application to run from the permission configuration file as the target configuration file.

[0052] In one embodiment, before the acquisition module 310 acquires the target configuration file corresponding to the target application from the cloud platform using the loading container, it includes: generating a container used by the target application based on the startup command; and setting the container used by the target application and the loading container in the same container group.

[0053] In one embodiment, after storing the target configuration file in the target storage directory of the target application, the filtering module 320 performs the following steps: maintaining the target configuration file using a loading container; and / or, prompting the target application container in response to the loading container detecting a change in the target configuration file in the target storage directory.

[0054] In one embodiment, the filtering module 320 executes the storage of the target configuration file in the cloud platform as a ConfigMap file; the target configuration file is stored in the target storage directory as a JSON file.

[0055] In one embodiment, the filtering module 320 performs the action of storing the target configuration file in the target storage directory corresponding to the target application, including: converting the target configuration file in ConfigMap format into a target configuration file in JSON format; and storing the target configuration file in JSON format in the target storage directory of the target application.

[0056] In one embodiment, after storing the target configuration file in the target storage directory corresponding to the target application, the filtering module 320 performs the following steps: in response to detecting that a target configuration file exists in the target storage directory, it parses the target configuration file; and performs a visual operation based on the parsed target configuration file.

[0057] In one embodiment, the filtering module 320 performs the following after running based on the parsed target configuration file: hot update based on the parsed target configuration file.

[0058] Please see Figure 4 , Figure 4 This is a schematic diagram of a framework of an embodiment of the electronic device 40 of this application. The electronic device 40 includes a memory 41 and a processor 42 coupled to each other. The processor 42 is used to execute program instructions stored in the memory 41 to implement the steps in any of the above-described configuration file loading method embodiments. In a specific implementation scenario, the electronic device 40 may include, but is not limited to, a microcomputer or a server. In addition, the electronic device 40 may also include mobile devices such as laptops and tablets, which are not limited here.

[0059] Specifically, processor 42 controls itself and memory 41 to implement the steps in any of the above-described configuration file loading method embodiments. Processor 42 can also be referred to as a CPU (Central Processing Unit). Processor 42 may be an integrated circuit chip with signal processing capabilities. Processor 42 can also be a general-purpose processor, digital signal processor (DSP), application-specific integrated circuit (ASIC), field-programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components. A general-purpose processor can be a microprocessor or any conventional processor. Furthermore, processor 42 can be implemented using integrated circuit chips.

[0060] Please see Figure 5 , Figure 5 This is a schematic diagram of a framework of an embodiment of the computer-readable storage medium 50 of this application. The computer-readable storage medium 50 stores program instructions 501 that can be executed by a processor. The program instructions 501 are used to implement the steps in any of the above-described embodiments of the configuration file loading method.

[0061] In some embodiments, the functions or modules of the apparatus provided in this disclosure can be used to perform the methods described in the above method embodiments. The specific implementation can be referred to the description of the above method embodiments, and for the sake of brevity, it will not be repeated here.

[0062] The description of the various embodiments above tends to emphasize the differences between the various embodiments. The similarities or similarities between them can be referred to, and for the sake of brevity, they will not be repeated here.

[0063] In the several embodiments provided in this application, it should be understood that the disclosed methods and apparatus can be implemented in other ways. For example, the apparatus implementations described above are merely illustrative. For instance, the division of modules or units is only a logical functional division, and in actual implementation, there may be other division methods. For example, units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection of devices or units may be electrical, mechanical, or other forms.

[0064] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0065] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) or processor to execute all or part of the steps of the methods of various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

Claims

1. A configuration file loading method, characterized in that, include: In response to the container cloud tenant's startup command for the target application, the target configuration file corresponding to the target application is obtained from the cloud platform using the loading container corresponding to the container cloud tenant; The target configuration file is stored in the target storage directory corresponding to the target application.

2. The method according to claim 1, characterized in that, The step of obtaining the target configuration file corresponding to the target application from the cloud platform using a loading container includes: Based on the namespace corresponding to the container cloud tenant, obtain the permission configuration file corresponding to the container cloud tenant from the cloud platform; The configuration file required for the target application to run is selected from the permission configuration file and used as the target configuration file.

3. The method according to claim 1, characterized in that, Before obtaining the target configuration file corresponding to the target application from the cloud platform using the loading container, the process includes: Based on the startup command, a container for the target application is generated; The container used by the target application is placed in the same container group as the loading container.

4. The method according to claim 3, characterized in that, After storing the target configuration file in the target application's target storage directory, the process includes: The target configuration file is maintained using the loading container. And / or, in response to the loading container detecting a change in the target configuration file in the target storage directory, prompt the target application container.

5. The method according to claim 1, characterized in that, The target configuration file is stored in the cloud platform as a ConfigMap file; the target configuration file is stored in the target storage directory as a JSON file.

6. The method according to claim 5, characterized in that, The step of storing the target configuration file in the target storage directory corresponding to the target application includes: Convert the target configuration file in ConfigMap format to the target configuration file in JSON format; Store the target configuration file in JSON format in the target storage directory of the target application.

7. The method according to claim 1, characterized in that, After storing the target configuration file in the target storage directory corresponding to the target application, the process includes: In response to the detection that a target configuration file exists in the target storage directory, the target configuration file is parsed; Visual operation based on the parsed target configuration file.

8. The method according to claim 7, characterized in that, After running based on the parsed target configuration file, the following is included: Hot updates are performed based on the parsed target configuration file.

9. An electronic device, characterized in that, The system includes a memory and a processor coupled to each other, the processor being configured to execute program instructions stored in the memory to implement the configuration file loading method according to any one of claims 1 to 8.

10. A computer-readable storage medium having program instructions stored thereon, characterized in that, When the program instructions are executed by the processor, they implement the configuration file loading method according to any one of claims 1 to 8.