Real-time debugging instances in a deployed container platform
US-2019102280-A1 · Apr 4, 2019 · US
Kubernetes as a distributed operating system for multitenancy/multiuser
US11212366B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11212366-B2 |
| Application number | US-201816216602-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 11, 2018 |
| Priority date | Dec 11, 2018 |
| Publication date | Dec 28, 2021 |
| Grant date | Dec 28, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A client device sends a connection request to a virtual system in a Kubernetes cluster. The connection request identifies the client device and the application to which the request pertains. Based on a tenant associated with the client device, the virtual system connects the client device to an instance of the application. The instance of the application has access to data for the tenant but not for other tenants. Another client device of the tenant sends another connection request to the virtual system for a connection to another application. Because the tenant is the same, the instance of the other application may access the same data as the instance of the first application. In this way, applications for a single tenant may share data while maintaining the security of the data from other tenants.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: accessing, by a containerized control application executing on one or more processors, a first identifier for a first client; accessing, by the containerized control application, a second identifier for a second client; receiving, by the containerized control application, a first connection request from the first client, the first connection request comprising a first application identifier; receiving, by the containerized control application, a second connection request from the second client, the second connection request comprising a second application identifier; determining based on a first hash of the first identifier, that the first connection request is associated with a tenant; determining, based on a second hash of the second identifier, that the second connection request is associated with the tenant; based on the first application identifier and the tenant, routing, by the containerized control application, the first connection request to a containerized application instance of a first application that accesses data from a tenant-specific data store associated with the tenant; and based on the second application identifier and the tenant, routing, by the containerized control application, the second connection request to a containerized application instance of a second application that accesses the data from the tenant-specific data store associated with the tenant. 2. The method of claim 1 , wherein the first application identifier comprises a uniform resource locator (URL). 3. The method of claim 1 , wherein the containerized control application is a Kubernetes containerized application. 4. The method of claim 1 , further comprising: accessing, by the containerized control application, a third identifier for a third client; receiving a third connection request from the third client, the third connection request comprising the first application identifier; determining, based on a third hash of the third identifier, that the third connection request is associated with a second tenant; and based on the first application identifier and the second tenant, routing, by the containerized control application, the third connection request to a second containerized application instance of the first application that accesses data from a second tenant-specific data store associated with the second tenant. 5. The method of claim 1 , wherein the determining that the first connection request is associated with the tenant comprises accessing a database that maps the hash of the first identifier to an identifier of the tenant. 6. The method of claim 1 , wherein the accessing of the first identifier from the first client comprises accessing a cookie stored on the first client. 7. The method of claim 1 , wherein the accessing of the first identifier from the first client comprises accessing an internet protocol (IP) address of the first client. 8. A system comprising: a memory that stores instructions; and one or more processors configured by the instructions to perform operations comprising: accessing, by a containerized control application, a first identifier for a first client; accessing, by the containerized control application, a second identifier for a second client; receiving, by the containerized control application, a first connection request from the first client, the first connection request comprising a first application identifier; receiving, by the containerized control application, a second connection request from the second client, the second connection request comprising a second application identifier; determining, based on a first hash of the first identifier, that the first connection request is associated with a tenant; determining, based on a second hash of the second identifier, that the second connection request is associated with the tenant; based on the first application identifier and the tenant, routing, by the containerized control application, the first connection request to a containerized application instance of a first application that accesses data from a tenant-specific data store associated with the tenant; and based on the second application identifier and the tenant, routing, by the containerized control application, the second connection request to a containerized application instance of a second application that accesses the data from the tenant-specific data store associated with the tenant. 9. The system of claim 8 , wherein the first application identifier comprises a uniform resource locator (URL). 10. The system of claim 8 , wherein the containerized control application is a Kubernetes containerized application. 11. The system of claim 8 , wherein the operations further comprise: accessing, by the containerized control application, a third identifier for a third client; receiving a third connection request from the third client, the third connection request comprising the first application identifier; determining, based on a third hash of the third identifier, that the third connection request is associated with a second tenant; and based on the first application identifier and the second tenant, routing, by the containerized control application, the third connection request to a second containerized application instance of the first application that accesses data from a second tenant-specific data store associated with the second tenant. 12. The system of claim 8 , wherein the determining that the first connection request is associated with the tenant comprises accessing a database that maps the hash of the first identifier to an identifier of the tenant. 13. The system of claim 8 , wherein the accessing of the first identifier from the first client comprises accessing a cookie stored on the first client. 14. The system of claim 8 , wherein the accessing of the first identifier from the first client comprises accessing an internet protocol (IP) address of the first client. 15. A non-transitory computer-readable medium that stores instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising: accessing, by a containerized control application, a first identifier for a first client; accessing, by the containerized control application, a second identifier for a second client; receiving, by the containerized control application, a first connection request from the first client, the first connection request comprising a first application identifier; receiving, by the containerized control application, a second connection request from the second client, the second connection request comprising a second application identifier; determining, based on a first hash of the first identifier, that the first connection request is associated with a tenant; determining, based on a second hash of the second identifier, that the second connection request is associated with the tenant; based on the first application identifier and the tenant, routing, by the containerized control application, the first connection request to a containerized application instance of a first application that accesses data from a tenant-specific data store associated with the tenant; and based on the second application identifier and the tenant, routing, by the containerized control application, the second connection request to a containerized application instance of a second application that accesses the data from the tenant-specific data store associated with the tenant. 16. The computer-readable medium of claim 15 , wherein the first application
Assignees
Inventors
Classifications
- H04L67/63Primary
Routing a service request depending on the request content or context · CPC title
Entity profiles · CPC title
hash tables · CPC title
Hypervisor-specific management and integration aspects · CPC title
Grid computing · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11212366B2 cover?
- A client device sends a connection request to a virtual system in a Kubernetes cluster. The connection request identifies the client device and the application to which the request pertains. Based on a tenant associated with the client device, the virtual system connects the client device to an instance of the application. The instance of the application has access to data for the tenant but no…
- Who is the assignee on this patent?
- Sap Se
- What technology area does this patent fall under?
- Primary CPC classification H04L67/63. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).