Design And Implementation Of Resource Scheduling And Monitoring System Based On Kubernetes

With the rapid development of cloud computing technology,the emerging virtualization technology Docker container is quickly accepted by major enterprises due to its fast startup and low resource consumption.More and more companies are deploying container clouds and applying them to practical applications in production.In a container cloud environment,there are a large number of containers,which requires an efficient and convenient cluster management solution.Among the many container orchestration systems,Kubernetes has become the first choice for maj or companies to deploy and develop container clouds because of its low deployment difficulty,advanced design concept and strong scalability.However,Kubermetes has shortcomings in resource scheduling and security monitoring and auditing,and it cannot meet the needs of users well in practical application scenarios.In view of the above problems,this thesis presents a set of solutions for resource scheduling and security monitoring.The main research work is as follows:In terms of resource scheduling,this thesis designs a preemptive scheduling strategy based on production application scenarios.The policy allows the user to customize the Pod priority.In the scheduling process,the Pod is scheduled in the order of priority.When the cluster resources are insufficient,the high-priority Pod is also allowed to preempt the low-priority Pod.At the same time,this thesis designs and implements a new resource elastic scaling module,which makes the Kubernetes cluster need no additional configuration when scaling the application.By considering the multi-faceted indicators such as memory and network,according to the pluggable scaling strategy,The application performs capacity expansion or shrinkage operations.The experiment proves that the modified Kubermetes cloud platform can flexibly schedule in the face of scenarios such as insufficient resources and application load status changes,so that cluster resources can be efficiently utilized to meet demand goals.In terms of security monitoring,this thesis divides cluster security monitoring audit into three aspects:platform level,system level and container level.It designs and implements Agent-based security monitoring and auditing module for Kubermetes cluster,which is used for cluster itself and cluster nodes.And running the container on the node for security verification and scoring.Experiments show that the module can periodically perform security monitoring audits on the cluster from multiple angles,and give verification conclusions and security scores,so that Kubernetes managers can intuitively understand the security status of the cluster.