[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114598484B - Certificate updating method, device, cluster and storage medium - Google Patents

Certificate updating method, device, cluster and storage medium Download PDF

Info

Publication number
CN114598484B
CN114598484B CN202011399522.5A CN202011399522A CN114598484B CN 114598484 B CN114598484 B CN 114598484B CN 202011399522 A CN202011399522 A CN 202011399522A CN 114598484 B CN114598484 B CN 114598484B
Authority
CN
China
Prior art keywords
certificate
service cluster
cluster
updating
resource pool
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011399522.5A
Other languages
Chinese (zh)
Other versions
CN114598484A (en
Inventor
杨巍巍
龙翼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Suzhou Software Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202011399522.5A priority Critical patent/CN114598484B/en
Publication of CN114598484A publication Critical patent/CN114598484A/en
Application granted granted Critical
Publication of CN114598484B publication Critical patent/CN114598484B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application discloses a certificate updating method, a device, a cluster and a storage medium, wherein the method comprises the following steps: acquiring the validity period of the certificate of each service cluster in the sub-resource pool; determining the service clusters with the validity periods which do not meet the preset conditions as target service clusters; sending an access request to the target service cluster; and triggering the target service cluster to complete certificate updating through the job type resource after the target service cluster receives the access request. According to the technical scheme provided by the embodiment of the application, the management performance of the management control and system for the expiration of the service cluster certificate is improved, the purpose of service cluster management is achieved, the operation and maintenance cost is greatly reduced, and the satisfaction degree of users is improved.

Description

Certificate updating method, device, cluster and storage medium
Technical Field
Embodiments of the present application relate to the field of software, and relate to, but are not limited to, a method, an apparatus, a cluster, and a storage medium for certificate updating.
Background
In the kubernetes cloud platform, the validity period of the default certificate is 1 year for safety, so that depending on products deployed by kubernetes clusters or service clusters, the problem that the service is affected due to the fact that the certificate is out of date and not available exists.
Based on the problems, community authorities have issued corresponding methods for manually updating certificates, mainly relying on a specific tool kubuead, manually completing updating of the certificates and updating of corresponding configuration files, and restarting services of all nodes in the cluster, thereby ensuring the availability of the cluster. This approach requires a special operation and maintenance flow, an operation flow for managing cluster certificates and updating certificates for expired clusters, and the flow steps are complex and error-prone. In case of a relatively large number of cluster nodes, the flow of updating certificates will become more uncontrollable and inefficient.
Disclosure of Invention
In view of this, the embodiments of the present application provide a method, an apparatus, a cluster, and a storage medium for updating a certificate to solve at least one problem existing in the prior art, at least solving the uncontrollable problem caused by manually completing updating and updating of the certificate in the prior art, and the problem that the flow of updating the certificate is uncontrollable and has low efficiency in the case of a relatively large number of cluster nodes.
The technical scheme of the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a certificate updating method, including: acquiring the validity period of the certificate of each service cluster in the sub-resource pool; determining the service clusters with the validity periods not meeting the preset conditions as target service clusters; sending an access request to the target service cluster; and triggering the target service cluster to complete certificate updating through the job type resource after the target service cluster receives the access request.
In a second aspect, an embodiment of the present application provides a certificate updating method, including: receiving an access request sent by a management cluster; responding to the access request, and receiving the job type resource sent by the management cluster; acquiring a certificate updating package by utilizing a job type resource; and running the certificate updating package to finish certificate updating.
In a third aspect, an embodiment of the present application provides a certificate updating apparatus, including: the access caching module is used for acquiring the validity period of the certificate of each service cluster in the sub-resource pool; the certificate management module is used for determining the service cluster with the validity period which does not meet the condition as a target service cluster; the access cache module is further used for sending an access request to the target service cluster; and the certificate management module is further used for triggering the target service cluster to complete certificate updating through the job type resource after the target service cluster receives the access request.
In a fourth aspect, an embodiment of the present application provides a certificate updating apparatus, including: the first receiving module is used for receiving the access request sent by the management cluster by the service cluster; the second receiving module is used for responding to the access request, and the service cluster receives the job type resource sent by the management cluster; the acquisition module is used for acquiring a certificate update package by the service cluster by utilizing the job type resource; and the operation module is used for the service cluster to operate the certificate updating package to finish certificate updating.
In a fifth aspect, an embodiment of the present application provides a computer cluster, including a memory and a processor, where the memory stores a computer program that can be run on the processor, and the processor executes the program to implement a certificate updating method of the above method.
In a sixth aspect, embodiments of the present application provide a computer storage medium storing executable instructions for causing a processor to execute a certificate updating method for implementing the above method.
The embodiment of the application provides a certificate updating method, a device, a cluster and a storage medium, wherein the method comprises the steps that firstly, a management cluster obtains the validity period of a certificate of each service cluster in a corresponding sub-resource pool, then the service cluster with the validity period which does not meet the condition is determined to be a target service cluster, and finally, a job type resource is created in the target service cluster to finish certificate updating. Therefore, the management cluster can effectively determine the expired service cluster, and timely establish job type resources in the target service cluster to complete certificate updating, thereby improving management performance of the management system and management control of the expired service cluster certificate, achieving the purpose of service cluster management, greatly reducing operation and maintenance cost and improving user satisfaction.
Drawings
Fig. 1 is a schematic implementation flow chart of a certificate updating method provided in an embodiment of the present application;
FIG. 2A is a schematic diagram of a certificate updating architecture according to an embodiment of the present application;
fig. 2B is a schematic implementation flow chart of a certificate updating method according to an embodiment of the present application;
fig. 3 is a schematic implementation flow chart of a certificate updating method provided in an embodiment of the present application;
fig. 4A is a schematic implementation flow diagram of a certificate updating method according to an embodiment of the present application;
fig. 4B is a schematic implementation flow diagram of a method for updating a node certificate according to an embodiment of the present application;
fig. 5A is a schematic diagram of a composition structure of a certificate updating apparatus according to an embodiment of the present application;
fig. 5B is a schematic structural diagram of a certificate updating apparatus according to an embodiment of the present application;
fig. 6 is a schematic diagram of a hardware entity of a computer cluster according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be understood that some embodiments described herein are merely used to explain the technical solutions of the present application, and are not used to limit the technical scope of the present application.
The embodiment of the application provides a certificate updating method, as shown in fig. 1, which includes:
step S101, obtaining the validity period of the certificate of each service cluster in the sub-resource pool;
service clusters refer to clusters created by users, which are all users. One sub-resource pool may contain at least one service cluster. Different management clusters are deployed corresponding to different sub-resource pools, and each set of management clusters manages service clusters in the corresponding management sub-resource pool. The certificates of the service clusters here include certificates of certificate authorities (Certificate Authority, CA), electronic certificates (CA keys), client certificates (clients), etc. Here, the validity period of the certificate refers to that the certificate can be normally used in the validity period without influencing the service of the service cluster, and if the use time of the certificate exceeds the validity period, the service cluster cannot be used for developing the service. The management cluster may be used to manage the validity period of the certificates of the corresponding service cluster. The management cluster needs to acquire the validity period of the certificate of each service cluster in the corresponding sub-resource pool.
Step S102, determining the service clusters with the validity periods not meeting the preset conditions as target service clusters;
the validity period of the certificate does not meet the condition, which may refer to the validity period, that is, in the case that the validity period does not meet the validity period, that is, in the case that the certificate distance expiration time has a certain period, the management cluster determines the service cluster that does not meet the condition as the target service cluster, that is, the management cluster determines the service cluster that has the certificate distance expiration time has a certain period as the target service cluster. For example: and timely notifying the user of service cluster information with the expiration date of the certificate in about 3 months. If the user side does not initiate the automatic updating flow on the platform within a specific time, initiating the updating flow of the service cluster certificate 1 day before the expiration of the service cluster certificate validity period. The management cluster requests the service cluster to update the service cluster certificate by sending an access request to the service cluster.
Step S103, sending an access request to the target service cluster;
step S104, after the target service cluster receives the access request, triggering the target service cluster to complete certificate updating through the job type resource.
Here, the job type resource refers to a disposable task. By running a container through job, after its tasks are performed, it automatically exits, and the cluster does not wake it up again. Certificate updating may be accomplished by creating a job-type resource in the target business cluster and running a corresponding script.
In the embodiment of the application, firstly, a management cluster acquires the validity period of a certificate of each service cluster in a corresponding sub-resource pool, then, the service cluster with the validity period not meeting the condition is determined to be a target service cluster, and finally, a job type resource is created in the target service cluster to finish certificate updating. Therefore, the management cluster can effectively determine the expired service cluster, and timely establish job type resources in the target service cluster to complete certificate updating, thereby improving management performance of the management system and management control of the expired service cluster certificate, achieving the purpose of service cluster management, greatly reducing operation and maintenance cost and improving user satisfaction.
The certificate updating method provided by the embodiment of the application comprises the following steps:
step S111, determining the position of each service cluster in a resource pool;
the location may refer to an address location, such as a geographic location of south China, north China, middle China, etc., or may refer to a virtual location divided by the first 3 bits of the public network IP. Each service cluster is deployed at a different location, and the management cluster can determine the location of each service cluster in the resource pool.
Step S112, dividing the resource pool according to the position of each service cluster to obtain at least one sub-resource pool;
here, it refers to dividing a service cluster in a resource pool, where the service clusters belong to the same location, into a sub-resource pool. And the management cluster divides the resource pool into at least one sub-resource pool according to the position of each service cluster.
Step S113, determining a corresponding management cluster for each sub-resource pool in the at least one sub-resource pool;
the corresponding management clusters are determined for each sub-resource pool in at least one sub-resource pool, so that the problem of large-scale user clusters can be solved, the service resources and the capacities of each sub-resource pool have theoretical upper limit values, and the purposes of resource division and efficient processing are achieved by deploying the corresponding management clusters in different sub-resource pools.
Step S114, obtaining the validity period of the certificate of each service cluster in the corresponding sub-resource pool;
step S115, determining the service clusters with the validity periods not meeting the preset conditions as target service clusters;
step S116, sending an access request to the target service cluster;
step 117, triggering the target service cluster to complete certificate updating through the job type resource after the target service cluster receives the access request.
In the embodiment of the application, the management cluster is divided into at least one sub-resource pool according to the position of the service cluster in the resource pool, so that the problem of large-scale user clusters can be solved, the service resource and the capacity of each sub-resource pool have theoretical upper limit values, and the purpose of resource division and efficient processing is achieved by deploying the service of the management cluster in different sub-resource pools.
Fig. 2A is a schematic diagram of a certificate updating overall architecture according to an embodiment of the present application, as shown in fig. 2A, where the certificate updating overall architecture includes: management cluster 201 service cluster 202. The management cluster 201 is configured to divide according to service cluster locations, mainly to solve the problem of large-scale user clusters, and the service resources and capabilities of each sub-resource pool have theoretical upper limit values, so that the purpose of efficient processing by resource division is achieved by deploying the services of the management cluster in different sub-resource pools; the management cluster 201 comprises a certificate management module 2011 and an access cache module 2012, wherein the certificate management module 2011 is used for processing the creation and update processes of the service cluster certificates, namely, the management of the expiration time of the cluster certificates can be realized through the module; the access cache module 2012 is configured to monitor a certificate expiration time of a service cluster, collect access information of a high-availability cluster after the service cluster is in a normal state, and synchronize the collected access information to the access cache module 2012 for accessing the service cluster, so as to implement a routing function of real-time update. The service clusters 202 refer to clusters created by users, which are all users. The operation and maintenance side cannot access the operation and maintenance side in a password mode, namely the service cluster 202 shields operation and maintenance users, and the security of the user clusters is guaranteed.
The embodiment of the application provides a certificate updating method, wherein the management cluster includes an access cache module and a certificate management module, as shown in fig. 2B, the method includes:
step S201, the access cache module acquires the validity period of the certificate of each service cluster in the corresponding sub-resource pool;
as shown in fig. 2A, the management cluster 201 includes a certificate management module 2011 and an access cache module 2012, where the access cache module 2012 is configured to obtain a certificate of each corresponding service cluster 202, and the access cache module 2012 may store the obtained certificate of the service cluster 202 in the certificate management module 2011 and update the certificate in real time, so that the certificate in the certificate management module 2011 is consistent with the certificate of the service cluster 202. For example: in the process of creating the service cluster 202, certificates such as a CA, a CA key, a Client and the like which are depended on by the service cluster are generated in advance, are consistent with the CA and CA key certificates in the process of deploying the service cluster, the validity period of the certificate is obtained through the access cache module 2012, and the validity period is stored in the certificate management module.
Step S202, when the certificate management module determines that the validity period does not meet the condition, the certificate management module determines the service cluster with the validity period which does not meet the condition as a target service cluster;
The certificate management module periodically inquires the certificate validity period of the service cluster in the certificate management module, and determines the service cluster with the validity period which does not meet the condition as a target service cluster.
Step 203, the access buffer module sends an access request to the target service cluster;
step S204, after the target service cluster receives the access request, the certificate management module creates a job type resource in the target service cluster to complete certificate updating.
Here, the access buffer module stores the access information of the target service cluster, that is, the access buffer module stores the access route of the target service cluster, and the access buffer module is equivalent to realizing the routing function capable of being updated in real time. The certificate management module creates a job type resource in the target service cluster by accessing the cache module to complete certificate updating.
In the embodiment of the application, the management cluster comprises an access caching module and a certificate management module, and the functions of the access caching module and the certificate management module are described when monitoring and updating the certificate. Therefore, the management clusters are divided into the access cache module and the certificate management module according to different functions, so that reasonable division of work of the two modules can be realized, reasonable management and control of the service cluster certificates can be efficiently realized, and the expired management and control of the service clusters by users can be improved.
The embodiment of the application provides a certificate updating method, wherein the management cluster comprises an access cache module and a certificate management module, and the method comprises the following steps:
step S211, the access cache module acquires the validity period of the certificate of each service cluster and stores the validity period in the certificate management module;
step S212, the access caching module obtains the valid period of the certificate of the service cluster by accessing the certificate management module;
here, since the validity period of the certificate of the service cluster is saved in the certificate management module, the access cache module may acquire the validity period of the certificate of the service cluster by accessing the certificate management module.
Step S213, the certificate management module determines the remaining valid duration of each certificate;
here, the remaining validity period of the certificate refers to a period of time that the certificate remains after the validity period expires, and the access module needs to determine the remaining validity period of each certificate according to the validity period of the certificate.
Step S214, determining a service cluster corresponding to a certificate with the residual effective duration within a specific duration as a target service cluster when the certificate management module determines that the residual effective duration is within the specific duration;
The specific time period may be set by the user according to the actual situation. For example, a specific duration may be set to be 1 day, and then the access buffering module determines that the service cluster with the remaining valid duration of the certificate being 1 day is the target service cluster.
Step S215, the access buffer module sends an access request to the target service cluster;
step S216, after the target service cluster receives the access request, the certificate management module creates a job type resource in the target service cluster to complete certificate updating.
In the embodiment of the application, the access cache module determines the target service cluster by determining the remaining effective duration of each certificate, and the user sets the specific duration according to the actual situation, so that the effect of updating the to-be-expired certificate in time can be achieved, and the actual requirements of the user are met.
The method for updating the certificate provided by the embodiment of the application, wherein the management cluster comprises an access cache module and a certificate management module, and the specific time length comprises a first time length, and the method comprises the following steps:
step S221, the access cache module acquires the validity period of the certificate of each service cluster and stores the validity period in the certificate management module;
Step S222, the access caching module obtains the certificate validity period of the service cluster by accessing the certificate management module;
step S223, the certificate management module determines the remaining valid duration of each certificate;
step S224, the certificate management module acquires the preset first time length, and determines the service cluster corresponding to the certificate with the residual effective time length in the first time length as a target service cluster;
here, the first duration may be set according to an actual requirement of the user. For example, the first duration may be set to be 1 day, and then the service cluster corresponding to the certificate with the remaining valid duration of 1 day is determined to be the target service cluster.
Step S225, the access cache module sends an access request to the target service cluster;
in step S226, after the target service cluster receives the access request, the certificate management module creates a job type resource in the target service cluster to complete certificate updating.
In the embodiment of the application, it is described how to automatically update the certificate when the remaining valid duration of the certificate is determined under the condition of the first time, so that the update of the certificate can be automatically completed under the condition that the certificate is about to expire without manual intervention.
The method for updating the certificate provided by the embodiment of the application, wherein the management cluster comprises an access cache module and a certificate management module, the specific time length comprises a second time length, and the second time length is longer than the first time length, and the method comprises the following steps:
step S231, the access cache module acquires the validity period of the certificate of each service cluster and stores the validity period in the certificate management module;
step S232, the access caching module acquires the valid period of the certificate of the service cluster by accessing the certificate management module;
step S233, the certificate management module determines the remaining valid duration of each certificate;
step S234, the certificate management module acquires the preset second time length, sends a notification message to a service cluster corresponding to the certificate with the remaining effective time length within the second time length, and the notification message is used for notifying a user of the service cluster that the certificate needs to be updated;
here, the second time period is longer than the first time period. For example, in the case where the first time period is determined to be 1 day, the second time period may be determined to be 3 months. In this way, when the access cache module determines that the remaining effective duration is 3 months, a notification message is sent to notify the service cluster that the user certificate needs to be updated, and at this time, the user can select to manually update the certificate or automatically update the certificate by using the method provided by the application.
Step S235, the access cache module sends an access request to the target service cluster;
step S236, after the target service cluster receives the access request, the certificate management module creates a job type resource in the target service cluster to complete certificate updating.
In the embodiment of the application, it is described how to send a notification message to notify a service cluster that a user certificate needs to be updated when determining that the remaining valid duration of the certificate is in the first time. Therefore, after receiving the notification message, the user can select a proper certificate updating mode according to actual conditions, which is a more reasonable service cluster certificate management and control mode, and improves the management and control of the user on the expiration of the service cluster certificate. The bottleneck problem of cluster updating does not occur. For updating each cluster certificate, a separate thread is started to finish updating, and the updating is not mutually interfered. By means of the strategy, certificate updating of the service cluster can achieve shunting and efficient processing. For large-scale users, the requests are firstly shunted by the resource pool, and then are scattered by the time points of different users through updating the resource pool.
The embodiment of the application provides a certificate updating method, wherein the management cluster comprises an access cache module and a certificate management module, and the method comprises the following steps:
Step S241, the access cache module acquires the validity period of the certificate of each service cluster in the corresponding sub-resource pool;
step S242, in the case that the certificate management module determines that the validity period does not meet the condition, the certificate management module determines a service cluster whose validity period does not meet the condition as a target service cluster;
step S243, the access buffer module sends an access request to the target service cluster;
step S244, the certificate management module sends the job type resource to the target service cluster, so that the service cluster completes certificate updating according to the job type resource; wherein the job-type resource is generated by the certificate management module.
In the embodiment of the application, the certificate management module sends the job type resource to the target service cluster through the query buffer module, so that the service cluster completes the certificate updating according to the job type resource, and the task of updating the certificate can be efficiently realized, thereby greatly reducing the influence on the user service.
The embodiment of the application provides a certificate updating method, wherein the management cluster comprises an access cache module and a certificate management module, and the target service cluster comprises at least one master node and at least one working node, and the method comprises the following steps:
Step S251, the access cache module obtains the validity period of the certificate of each service cluster in the corresponding sub-resource pool;
step S252, when the certificate management module determines that the validity period does not meet the condition, the certificate management module determines the service cluster with the validity period not meeting the condition as a target service cluster;
step 253, the access buffer module sends an access request to the target service cluster;
step S254, the certificate management module determines that a master node is a target master node from the at least one master node;
step S255, the certificate management module obtains a first job type resource corresponding to the target host node, and sends the corresponding job type resource to the target host node, so that the target host node completes certificate updating according to the first job type resource;
step S256, the access cache module determines other master nodes except the target master node under the condition that the certificate corresponding to the target master node is updated; the access cache module obtains resources of a second job type corresponding to the other main nodes, and sends the resources of the second job type to the other main nodes so that the other main nodes can complete certificate updating according to the resources of the second job type;
In step S257, when the certificates corresponding to the remaining master nodes are updated, the certificate access management module acquires a resource of a third job type corresponding to the at least one working node, and sends the resource of the third job type to the at least one working node, so that the at least one working node completes the certificate updating according to the resource of the third job type.
In the embodiment of the application, the updating process is to select one master node to update the certificates, update the certificates of all the remaining master nodes, and update the certificates of the working nodes. In this way, the updating process is uniformly dispersed on each node, and the task of each node for updating the certificate is ensured. Therefore, the scheduling strategy of the platform is fully utilized, and the aim of rapidly running the script is fulfilled. Thereby having a significantly lower impact on the user traffic.
The certificate updating method provided by the embodiment of the application is applied to a service cluster, as shown in fig. 3, and includes:
step S301, receiving an access request sent by a management cluster;
step S302, responding to the access request, and receiving the job type resource sent by the management cluster;
step S303, acquiring a certificate updating packet by utilizing a job type resource;
Step S304, the certificate updating package is operated to finish certificate updating.
In the embodiment of the application, the service cluster completes the certificate updating according to the job type resource, and can efficiently realize the task of updating the certificate, thereby greatly reducing the influence on the user service.
The certificate updating method provided by the embodiment of the application, wherein the certificate updating package comprises a script file, and the method comprises the following steps:
step S311, the service cluster receives the access request sent by the management cluster;
step S312, responding to the access request, the service cluster receives the job type resource sent by the management cluster;
step S313, the service cluster acquires a certificate update package by utilizing a job type resource;
step S314, the service cluster executes the script file to complete the following operations: the service cluster removes certificate information of the service cluster and backs up node information of the service cluster; the service cluster configures kubelet to obtain kubelet for updating the certificate; the service cluster runs kubelet of the updated certificate to complete the certificate updating of the node.
On each node (node) a worker is running to manage the life cycle of the container, which is kubelet.
In this embodiment of the present application, when the management cluster initiates a job update to a certificate of one of the master nodes, then a corresponding deployment package is pulled on the node of the service cluster, where the deployment package is an update package, and then the update package includes a script and an executable program. The execution process of each script includes the execution process of step S314, namely, the corresponding backup and removal work are done, the corresponding configuration file is automatically configured, then the update is executed, finally the service is restarted, and finally the accessed configuration file is updated. Therefore, the detailed flow of the automatic update of the service cluster certificate can finish the certificate update of the service cluster by clicking the update button without the need of a user to have relative expertise on the cloud platform.
Currently existing kubernetes-based cluster certificate updates, there is also a solution to upgrade the clusters periodically, which is equivalent to replacing the currently outdated cluster solution with a newly deployed high-version cluster, which is at a high risk and can disconnect the user's service for a long time. If the upgrade is unsuccessful, the resulting business problem is relatively difficult to handle and the management of this solution is very extensive.
In the prior art, the expiration time of the certificate can be modified, for example, the expiration time is modified to 100 years, so that the security risk is huge, and the initialization is complicated. This solution is less secure and therefore no vendor has chosen it for deployment, nor is it an open source community recommended solution.
Existing kubernetes are deployed by adopting a default deployment mode, namely, the expiration time of the certificate is a validity period of 1 year. The management of the expired cluster certificate is mainly the flow management of the operation and maintenance enhanced certificate, and when the cluster certificate is found to be expired, the service flow of cluster certificate update needs to be submitted, and then the change can be carried out.
In private cloud scenarios, it is generally required that after agreement of a service side user, a party can perform manual operation at a proper time, and the operation needs to be performed strictly according to a certificate updating flow. After the update is completed, it is necessary to ensure that the user's traffic is not affected. This solution requires a long time to disconnect the subscriber's service. When the number of nodes is relatively large, careful inspection is also required to prevent misoperations or missing an operating node.
Under the public cloud scene, a user needs to manually execute an updating process according to the operation and maintenance document, so that the normal operation of the cluster is ensured. The scheme is similar to the process of operation and maintenance personnel, and needs to be carefully operated, if the problem caused by strict execution according to the document does not exist, the scheme needs to be responsible by a user, and the user experience and the trust feeling brought by the scheme are greatly reduced. Therefore, in public cloud scenarios, an automatic certificate updating scheme is more urgent.
Furthermore, when the number of users becomes large, especially in public cloud scenarios, facing tens of thousands to millions of users, if the cluster certificates are updated, it is also necessary to rely on regular checks by operation and maintenance associates, and this management effort is certainly very huge. However, if the operation of updating the certificate is collated into a general document, and the user is required to update according to the operation of the document. Firstly, the document needs a certain platform expertise of the user, otherwise, the situation that reading is not understood and even misoperation can occur, so that a lot of anomalies and even work order processing flows are caused. Secondly, the operation sequence of the document needs to be strictly adhered to, the user executes the document by himself, and the uncertainty is relatively large, so that the error probability can be greatly improved. In addition, the user may have no way to control the time at which the certificate update is performed. If the expiration time of the certificate is still far, it is not significant to do so in advance, which would lead to a service outage if the certificate has expired.
The utility model provides an automatic certificate updating scheme based on kubernetes clusters, which is designed to be in line with the large-scale multi-user cluster automatic cluster certificate updating scheme under a cloud platform.
An embodiment of the present application provides a certificate updating method, referring to a certificate updating schematic diagram shown in fig. 4A, including:
step S401, updating a first master node certificate;
firstly, a service cluster updates one of the master nodes and guarantees that normal execution of the master node is completed, so that the master nodes in the cluster appear stably. Here, the first master node may refer to a first created master node, that is, a first master node determined according to the chronological order of creation.
Step S402, synchronously updating all other master nodes;
then, the service cluster synchronously updates all other master nodes, and the master nodes mainly run core services such as databases, so that the stability of all the master nodes in the cluster is very important.
Step S403, under the condition that updating of all the master nodes is completed, updating all the working nodes in the cluster;
after the updating of all the master nodes is completed, the service cluster executes the next step of updating all the working nodes in the cluster.
Step S404, when the update of the working node is completed, the certificate of the service cluster is updated in the management cluster.
Each step in the embodiment of the present application is mainline control in the management cluster 201 as shown in fig. 2A. And access to the service cluster 202 is initiated through a cache module 2012 that manages cache service cluster access in the cluster 201, through a job-type resource created at the service cluster 202. The implementing process of the job is to execute different processes on the corresponding node according to the role of the node (master node or worker working node), and the specific process is to pull the script for updating on the appointed node in the service cluster, automatically judge the role of the node in the script and then execute the corresponding operation.
In the embodiment of the application, an automatic updating scheme based on kubernetes cluster certificates is designed, and the long-term stable development of a user service cluster is promoted; the management scheme of the service cluster certificate is provided and designed, the reasonable management and control of the service cluster certificate is designed, and the management and control of the user on the expiration of the service cluster certificate is improved; the management performance of the system is improved, the purpose of managing the service clusters is achieved, the operation and maintenance cost is greatly reduced, and the satisfaction degree of users is improved.
The embodiment of the application provides a method for updating a node certificate, referring to a node certificate updating schematic diagram shown in fig. 4B, including:
step S411, creating a rotation job;
the management cluster sends an instruction to the service cluster to create a rotation job, namely the management cluster initiates a certificate update job to one of the master nodes.
Step S412, acquiring a script for updating the service cluster certificate;
and pulling a corresponding deployment package according to the rotation job by the service cluster, wherein the deployment package is an update package, and the update package comprises a script and an executable program.
Step S413, the script executes a backup and update process;
the execution process is exemplified by: 1. backing up information of the master node according to a container set (pod) of each master node, and backing up information of the master node according to the container set of each master node; 2. the master node adds parameters of rotation to the kubelet configuration file for supporting rotation certificates; 3. removing/var/lib/kubelet/pki/-under the current node, and backing up to a new directory; 4. creating cluster roles (cr) on which self-built certificates must depend for updating and authority procedures of application program interface (Application Programming Interface, API) communication; 5. adding start-up parameters supporting rotation to a pod controller (kube-controller-manager); 6. restarting kubelet service; 7. updating a certificate of a client (client), an application program interface server, kubelet-client; 8. updating the certificate configuration files of the api server, the main controller, the scheduler (scheduler) and kubelet; 9. restarting the api server, the controller and the dispatcher service by using a dock command; 10. the certificate of the file (kubeconfig) configuring the cluster access information is updated.
The execution process of each script comprises 10 steps of respectively making corresponding backup and removing work, automatically configuring corresponding configuration files, then executing updating, finally restarting the service, and finally updating the accessed configuration files. When the management cluster initiates a certificate update job for a working (worker) node, and then the certificate update process of the master node is carried out, only the update of the processes such as apiserver and the like is excluded, that is, the service which is not provided on the worker node is not needed to be updated. Through this automated process, the updating of cluster certificates is completed.
Step S414, acquiring a job execution result;
the management cluster acquires a job execution result.
Step S415, if the updating is successful, the CA time is recorded, otherwise, the updating failure is returned.
And managing the cluster to synchronously update the certificates of the node and eliminating the process of the apiserver certificate.
According to the embodiment of the application, the corresponding jobs are created in the service cluster through the management cluster, and the jobs are designed with a certain strategy, so that the method has the advantages of being evenly distributed on each node and guaranteeing each node to run the task of updating the certificate. Therefore, the scheduling strategy of kubernetes is fully utilized, and the aim of rapidly running the script is fulfilled. Thereby greatly reducing the influence on the user service. The method provides and designs a detailed step process for automatically updating the cluster certificate, does not need a user to have relative expertise on a cloud platform, and can complete certificate updating of the cluster only by clicking an updating button.
Based on the foregoing embodiments, the embodiments of the present application provide a certificate updating apparatus, where the apparatus includes each module included, and may be implemented by a processor in a computer cluster; of course, the method can also be realized by a specific logic circuit; in an implementation, the processor may be a Central Processing Unit (CPU), a Microprocessor (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
Fig. 5A is a schematic structural diagram of a certificate updating apparatus provided in an embodiment of the present application, as shown in fig. 5A, the apparatus 500 includes an access caching module 501 and a certificate management module 502, where:
an access cache module 501, configured to obtain a validity period of a certificate of each service cluster in the sub-resource pool;
a certificate management module 502, configured to determine, as a target service cluster, a service cluster whose validity period does not meet a preset condition;
an access cache module 501, configured to send an access request to the target service cluster;
and the certificate management module 502 is configured to trigger the target service cluster to complete certificate update through a job type resource after the target service cluster receives the access request.
Based on the foregoing embodiment, the certificate management module is further configured to determine a location to which each service cluster in the resource pool belongs; the resource pool is divided according to the position of each service cluster, so as to obtain at least one sub-resource pool; for determining a corresponding management cluster for each of the at least one sub-resource pool.
Based on the foregoing embodiment, the access caching module is further configured to obtain a validity period of a certificate of each service cluster, and store the validity period in the certificate management module; and the service cluster is used for acquiring the certificate validity period of the service cluster by accessing the certificate management module.
Based on the foregoing embodiment, the certificate management module is further configured to determine a remaining validity duration of each of the certificates; and the method is used for determining the service cluster corresponding to the certificate with the residual effective duration within the specific duration as the target service cluster.
Based on the foregoing embodiment, the specific time period includes a preset first time period and a preset second time period, where the second time period is longer than the first time period, and the certificate management module is further configured to send a notification message, where the notification message is used to instruct a user of the service cluster to update the certificate if it is determined that the remaining valid time period is within the second time period; and under the condition that the residual effective duration is determined to be within the first duration, sending an access request to the target service cluster.
Based on the foregoing embodiment, the certificate management module is further configured to send the job type resource to the target service cluster, so that the service cluster completes certificate update according to the job type resource; wherein the job-type resource is generated by the certificate management module.
Based on the foregoing embodiment, the target service cluster includes at least one master node and at least one working node, and correspondingly, the certificate management module is further configured to:
determining one master node from the at least one master node as a target master node; acquiring a first job type resource corresponding to the target master node, and giving the corresponding job type resource to the target master node so that the target master node completes certificate updating according to the first job type resource; under the condition that the certificate corresponding to the target master node is updated, determining the rest master nodes except the target master node; acquiring resources of a second job type corresponding to the other main nodes, and giving the resources of the second job type to the other main nodes so that the other main nodes finish certificate updating according to the resources of the second job type; and under the condition that the certificates corresponding to the rest main nodes are updated, acquiring resources of a third job type corresponding to the at least one working node, and giving the resources of the third job type to the at least one working node so that the at least one working node completes certificate updating according to the resources of the third job type.
Fig. 5B is a schematic structural diagram of a certificate updating apparatus provided in the embodiment of the present application, as shown in fig. 5B, where, the apparatus 510 includes a first receiving module 511, a second receiving module 512, an obtaining module 513, and an operating module 514, where:
a first receiving module 511, configured to receive an access request sent by the management cluster;
a second receiving module 512, configured to receive, in response to the access request, a job type resource sent by the management cluster;
an obtaining module 513, configured to obtain a certificate update package using a job type resource;
an operation module 514, configured to operate the certificate update package to complete certificate update.
Based on the foregoing embodiment, the certificate update package includes a script file, the service cluster runs the certificate update package to complete certificate update, and the running module 514 includes an executing sub-module, a removing sub-module, a configuring sub-module, and a running sub-module, where the executing sub-module is configured to execute the script file to complete the following operations: the removing sub-module is used for removing the certificate information of the service cluster and backing up the node information of the service cluster; a configuration sub-module, configured to group-configure kubelet to obtain kubelet for updating the certificate; and the operation sub-module is used for operating the kubelet of the updated certificate to finish the certificate updating of the node.
The description of the apparatus embodiments above is similar to that of the method embodiments above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the device embodiments of the present application, please refer to the description of the method embodiments of the present application for understanding.
It should be noted that, in the embodiment of the present application, if the above-mentioned certificate updating method is implemented in the form of a software function module, and is sold or used as a separate product, the certificate updating method may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or part of what contributes to the related art may be embodied in the form of a software product stored in a storage medium, including several instructions for causing a computer cluster to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, an optical disk, or other various media capable of storing program codes. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.
Correspondingly, the present embodiment provides a computer cluster readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the steps of the certificate updating method provided in the above embodiment.
Correspondingly, the embodiment of the present application provides a computer cluster, fig. 6 is a schematic diagram of a hardware entity of the computer cluster of the embodiment of the present application, as shown in fig. 6, the hardware entity of the computer cluster 600 includes: comprising a memory 601 and a processor 602, said memory 601 storing a computer program executable on the processor 602, said processor 602 implementing the steps of the certificate updating method provided in the above-mentioned embodiments when said program is executed.
The memory 601 is configured to store instructions and applications executable by the processor 602, and may also cache data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or processed by the processor 602 and the modules in the computer cluster 600, which may be implemented by a FLASH memory (FLASH) or a random access memory (Random Access Memory, RAM).
It should be noted here that: the above description of the storage medium and cluster embodiments (which may be understood as device embodiments) is similar to that of the method embodiments described above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and the apparatus of the present application, please refer to the description of the method embodiments of the present application for understanding.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application. The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units; can be located in one place or distributed to a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read Only Memory (ROM), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the integrated units described above may be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or part of what contributes to the related art may be embodied in the form of a software product stored in a storage medium, including several instructions for causing a computer cluster to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a removable storage device, a ROM, a magnetic disk, or an optical disk.
The methods disclosed in the several method embodiments provided in the present application may be arbitrarily combined without collision to obtain a new method embodiment.
The features disclosed in the several product embodiments provided in the present application may be combined arbitrarily without conflict to obtain new product embodiments.
The features disclosed in the several method or apparatus embodiments provided in the present application may be arbitrarily combined without conflict to obtain new method embodiments or apparatus embodiments.
The foregoing is merely an embodiment of the present application, but the protection scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A method of certificate updating, the method comprising:
determining the position of each service cluster in the resource pool;
dividing the resource pool according to the position of each service cluster to obtain at least one sub-resource pool; each sub-resource pool in the at least one sub-resource pool is deployed with a corresponding management cluster;
Acquiring the validity period of the certificate of each service cluster in the corresponding sub-resource pool;
determining the service clusters with the validity periods not meeting the preset conditions as target service clusters;
sending an access request to the target service cluster;
and triggering the target service cluster to complete certificate updating through the job type resource after the target service cluster receives the access request.
2. The method of claim 1, wherein the obtaining the validity period of the certificate of each service cluster in the corresponding sub-resource pool comprises:
acquiring the validity period of the certificate of each service cluster;
and storing the validity period of the certificate of each service cluster to a certificate management module.
3. The method of claim 1, wherein the determining the service cluster whose validity period does not meet the preset condition as the target service cluster comprises:
determining the remaining valid duration of each certificate;
and determining the service cluster corresponding to the certificate with the residual effective duration within the specific duration as a target service cluster.
4. The method of claim 3, wherein the specific duration includes a preset first duration and a preset second duration, the second duration is longer than the first duration, and after determining the service cluster corresponding to the certificate of the remaining valid duration within the specific duration as the target service cluster, the method further includes:
Sending a notification message when the remaining effective duration is determined to be within the second duration, wherein the notification message is used for indicating a user of the service cluster to update the certificate;
correspondingly, the sending the access request to the target service cluster includes:
and under the condition that the residual effective duration is determined to be within the first duration, sending an access request to the target service cluster.
5. The method of claim 1, wherein triggering the target service cluster to complete the certificate update via a job-type resource after the target service cluster receives the access request comprises:
and sending the job type resource to the target service cluster so that the target service cluster completes certificate updating according to the job type resource.
6. The method of claim 5, wherein the target traffic cluster includes at least one master node and at least one worker node, the sending the job-type resource to the target traffic cluster to cause the target traffic cluster to complete a certificate update based on the job-type resource, comprising:
determining one master node from the at least one master node as a target master node;
Acquiring a first job type resource corresponding to the target master node, and transmitting the corresponding job type resource to the target master node so that the target master node completes certificate updating according to the first job type resource;
under the condition that the certificate corresponding to the target master node is updated, determining the rest master nodes except the target master node; acquiring resources of a second job type corresponding to the other main nodes, and giving the resources of the second job type to the other main nodes so that the other main nodes finish certificate updating according to the resources of the second job type;
and under the condition that the certificates corresponding to the rest main nodes are updated, acquiring resources of a third job type corresponding to the at least one working node, and giving the resources of the third job type to the at least one working node so that the at least one working node completes certificate updating according to the resources of the third job type.
7. A method of certificate updating, the method comprising:
receiving an access request sent by a management cluster; the management clusters are correspondingly deployed in each sub-resource pool in at least one sub-resource pool; the at least one sub-resource pool is obtained by dividing the resource pool according to the position of each service cluster in the resource pool;
Responding to the access request, and receiving the job type resource sent by the management cluster;
acquiring a certificate updating package by utilizing a job type resource;
and running the certificate updating package to finish certificate updating.
8. The method of claim 7, wherein the certificate update package includes a script file, and the running the certificate update package to complete a certificate update includes:
the following operations are performed by running the script file in the certificate update package to complete the certificate update:
removing the certificate information of the service cluster and backing up the node information of the service cluster;
configuring kubelet to obtain kubelet for updating the certificate;
and running kubelet of the updated certificate to complete certificate updating of the node.
9. A certificate updating apparatus, characterized by comprising:
the certificate management module is used for determining the position of each service cluster in the resource pool; dividing the resource pool according to the position of each service cluster to obtain at least one sub-resource pool; each sub-resource pool in the at least one sub-resource pool is deployed with a corresponding management cluster;
the access caching module is used for acquiring the validity period of the certificate of each service cluster in the sub-resource pool;
The certificate management module is further used for determining the service cluster with the validity period not meeting the condition as a target service cluster;
the access cache module is further used for sending an access request to the target service cluster;
and the certificate management module is further used for triggering the target service cluster to complete certificate updating through the job type resource after the target service cluster receives the access request.
10. A certificate updating apparatus, characterized by comprising:
the first receiving module is used for receiving an access request sent by the management cluster; the management clusters are correspondingly deployed in each sub-resource pool in at least one sub-resource pool; the at least one sub-resource pool is obtained by dividing the resource pool according to the position of each service cluster in the resource pool;
the second receiving module is used for responding to the access request and receiving the job type resource sent by the management cluster;
the acquisition module is used for acquiring a certificate update package by utilizing the job type resource;
and the operation module is used for operating the certificate updating package to finish certificate updating.
11. A computer cluster comprising a memory and a processor, the memory storing a computer program executable on the processor, characterized in that the processor implements the steps of the method of any of claims 1 to 8 when the program is executed.
12. A storage medium storing executable instructions for causing a processor to perform the steps of the method of any one of claims 1 to 8.
CN202011399522.5A 2020-12-01 2020-12-01 Certificate updating method, device, cluster and storage medium Active CN114598484B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011399522.5A CN114598484B (en) 2020-12-01 2020-12-01 Certificate updating method, device, cluster and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011399522.5A CN114598484B (en) 2020-12-01 2020-12-01 Certificate updating method, device, cluster and storage medium

Publications (2)

Publication Number Publication Date
CN114598484A CN114598484A (en) 2022-06-07
CN114598484B true CN114598484B (en) 2024-03-19

Family

ID=81802475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011399522.5A Active CN114598484B (en) 2020-12-01 2020-12-01 Certificate updating method, device, cluster and storage medium

Country Status (1)

Country Link
CN (1) CN114598484B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116882636B (en) * 2023-09-05 2024-01-16 苏州浪潮智能科技有限公司 Certificate life cycle management method, device, equipment and storage medium
CN117348975B (en) * 2023-12-05 2024-03-15 中电云计算技术有限公司 Cluster deployment method, device, equipment and storage medium

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104735087A (en) * 2015-04-16 2015-06-24 国家电网公司 Public key algorithm and SSL (security socket layer) protocol based method of optimizing security of multi-cluster Hadoop system
CN105516207A (en) * 2016-01-28 2016-04-20 浪潮电子信息产业股份有限公司 Certificate management method in remote authentication
WO2017012008A1 (en) * 2015-07-21 2017-01-26 深圳市银信网银科技有限公司 Method, server, terminal, and system for changing period of validity of electronic certificate
CN107203890A (en) * 2016-03-17 2017-09-26 阿里巴巴集团控股有限公司 Credential data distribution method, apparatus and system
CN107229877A (en) * 2017-06-05 2017-10-03 北京凤凰理理它信息技术有限公司 Certificate management, acquisition methods, device, computer program and electronic equipment
CN107925659A (en) * 2015-08-15 2018-04-17 微软技术许可有限责任公司 Domain on no domain server adds virtual name
CN108881257A (en) * 2018-06-29 2018-11-23 北京奇虎科技有限公司 Distributed search cluster encrypted transmission method and encrypted transmission distributed search cluster
CN109150616A (en) * 2018-09-03 2019-01-04 成都嗨翻屋科技有限公司 A kind of Intelligent gateway and its working method that can increase https entrance automatically
WO2019011179A1 (en) * 2017-07-10 2019-01-17 腾讯科技(深圳)有限公司 Certificate management method, system, network device and computer readable storage medium
CN109327528A (en) * 2018-10-31 2019-02-12 阿里巴巴集团控股有限公司 A kind of node administration method and device based on block chain
CN110311887A (en) * 2019-05-07 2019-10-08 重庆天蓬网络有限公司 System based on the more Kubernetes clusters of enterprise's multi-user management
CN110784347A (en) * 2019-10-18 2020-02-11 北京浪潮数据技术有限公司 Node management method, system, equipment and storage medium for container cluster
CN111082926A (en) * 2019-11-06 2020-04-28 深圳市东进技术股份有限公司 Key synchronization method and system
CN111092727A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Method and device for sharing cluster key
CN111865601A (en) * 2020-06-04 2020-10-30 江苏理工学院 Vehicle networking trust management method and system based on block chain
CN111988150A (en) * 2020-09-03 2020-11-24 深圳壹账通智能科技有限公司 Block chain certificate updating method and device, computer equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030037234A1 (en) * 2001-08-17 2003-02-20 Christina Fu Method and apparatus for centralizing a certificate revocation list in a certificate authority cluster
CN109144994B (en) * 2017-06-19 2022-04-29 华为技术有限公司 Index updating method, system and related device

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104735087A (en) * 2015-04-16 2015-06-24 国家电网公司 Public key algorithm and SSL (security socket layer) protocol based method of optimizing security of multi-cluster Hadoop system
WO2017012008A1 (en) * 2015-07-21 2017-01-26 深圳市银信网银科技有限公司 Method, server, terminal, and system for changing period of validity of electronic certificate
CN107925659A (en) * 2015-08-15 2018-04-17 微软技术许可有限责任公司 Domain on no domain server adds virtual name
CN105516207A (en) * 2016-01-28 2016-04-20 浪潮电子信息产业股份有限公司 Certificate management method in remote authentication
CN107203890A (en) * 2016-03-17 2017-09-26 阿里巴巴集团控股有限公司 Credential data distribution method, apparatus and system
CN107229877A (en) * 2017-06-05 2017-10-03 北京凤凰理理它信息技术有限公司 Certificate management, acquisition methods, device, computer program and electronic equipment
WO2019011179A1 (en) * 2017-07-10 2019-01-17 腾讯科技(深圳)有限公司 Certificate management method, system, network device and computer readable storage medium
CN108881257A (en) * 2018-06-29 2018-11-23 北京奇虎科技有限公司 Distributed search cluster encrypted transmission method and encrypted transmission distributed search cluster
CN109150616A (en) * 2018-09-03 2019-01-04 成都嗨翻屋科技有限公司 A kind of Intelligent gateway and its working method that can increase https entrance automatically
CN109327528A (en) * 2018-10-31 2019-02-12 阿里巴巴集团控股有限公司 A kind of node administration method and device based on block chain
CN110311887A (en) * 2019-05-07 2019-10-08 重庆天蓬网络有限公司 System based on the more Kubernetes clusters of enterprise's multi-user management
CN110784347A (en) * 2019-10-18 2020-02-11 北京浪潮数据技术有限公司 Node management method, system, equipment and storage medium for container cluster
CN111082926A (en) * 2019-11-06 2020-04-28 深圳市东进技术股份有限公司 Key synchronization method and system
CN111092727A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Method and device for sharing cluster key
CN111865601A (en) * 2020-06-04 2020-10-30 江苏理工学院 Vehicle networking trust management method and system based on block chain
CN111988150A (en) * 2020-09-03 2020-11-24 深圳壹账通智能科技有限公司 Block chain certificate updating method and device, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于公钥基础设施的Hadoop安全机制设计;陈卓;王有春;平佳伟;;计算机测量与控制(04);全文 *

Also Published As

Publication number Publication date
CN114598484A (en) 2022-06-07

Similar Documents

Publication Publication Date Title
CN110737442B (en) Edge application management method and system
US11057471B2 (en) Edge application management method and system
CN111800282B (en) Network system, instance management and control method, device and storage medium
US10713280B2 (en) Systems and methods for managing distributed database deployments
US10740353B2 (en) Systems and methods for managing distributed database deployments
US20170286518A1 (en) Systems and methods for managing distributed database deployments
US20170286516A1 (en) Systems and methods for managing distributed database deployments
RU2683630C2 (en) Method for update of nsd network service descriptor and device
CN102984012B (en) Management method and system for service resources
WO2014113337A2 (en) Healing cloud services during upgrades
CN114598484B (en) Certificate updating method, device, cluster and storage medium
CN105025084A (en) A cloud storage system based on synchronization agents and mixed storage
CN1894930A (en) Apparatus, system, and method for grid based data storage
CN103530193A (en) Method and device used for adjusting application process
CN113595782A (en) Network equipment management method based on SDN
CN101742254B (en) Backup method for video monitoring system information and central platform server
CN113297031B (en) Container group protection method and device in container cluster
CN113535391A (en) Distributed cluster state information management method and system of cross-domain large data platform
CN112069154A (en) Automatic operation and maintenance method and related device for etcd distributed database
CN110196749B (en) Virtual machine recovery method and device, storage medium and electronic device
CN109302324A (en) A kind of private clound monitoring and early warning method and system
CN112153126A (en) Deployment and node management method and system for K8S cluster
CN108924096B (en) Information synchronization method and device
CN111736961B (en) Virtual machine release method and device, storage medium and electronic equipment
US20240054054A1 (en) Data Backup Method and System, and Related Device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant