Design And Implementation Of Operations System For Microservice Architecture Application On Cloud Platform

Most enterprises deploy their microservice applications on cloud platforms,but as the scale of microservice applications in cloud platforms increases,ensuring their reliable and secure operation has become an urgent problem.This article analyzes the following shortcomings in the deployment,operation,and maintenance of microservice applications on cloud platforms for most enterprises: in terms of deployment,using public image hosting platforms lacks permission management and image security checks,which poses security risks to microservice applications and cloud platforms.in terms of operation,using the traditional proxy gateway HAProxy as the traffic proxy for the multi-master and multi-slave architecture of the cloud platform’s Kube-apiserver,such gateways are not specifically designed for cloud platforms,resulting in uneven load distribution,ineffective traffic governance,and even the inability to pass on proxy user identities,all of which pose risks to the cloud platform’s proxy incidents and affect the reliable operation of microservice.in terms of maintenance,cloud platforms use Docker and Kubernetes as underlying infrastructure,but do not provide corresponding observation schemes,making the internal state of the cloud platform unknown during maintenance,which makes it difficult to maintain microservice applications.To address the above issues,this thesis designs an operation and maintenance system for microservice architecture applications on cloud platforms to ensure their reliable and secure operation.The specific research includes the following modules: 1)Container image resource management module.A container image management module is designed to provide secure image distribution and storage services for microservice application deployment.This module implements fine-grained user permission control through the cloud platform’s RBAC authentication mechanism and implements image security checks through Clair.2)Kube-apiserver layer 7 proxy gateway.A customized layer 7 proxy gateway is designed for Kube-apiserver to provide a reliable and secure cloud platform environment for microservice application operation.This gateway obtains user identity information at the gateway level,combines with Kubernetes user impersonation mechanism to realize user identity information transmission,excludes requests that may cause risks to the cloud platform through governance module,and uses the coefficient of variation method to eliminate the differences in metrics among nodes and obtain the realtime load capacity of nodes,achieving dynamic load balancing for the node where Kubeapiserver is located.3)Observable module.An observable module is designed,including a cloud platform log solution,cloud platform metric monitoring,cloud platform service chain tracing,to solve the problems of internal service calls and unknown states of the cloud platform.Finally,this thesis’ s designed operation and maintenance system was deployed on the laboratory cloud platform,and functional and performance tests were conducted on the container image management,Kube-apiserver layer 7 proxy gateway,and observable module.The experimental results show that this operation and maintenance system solves the problems that arise in the deployment,operation,and maintenance of microservices applications,and also meets the expected performance requirements.