Managing microservices well has become a new challenge in the cloud-native era.
From building microservices to managing microservices, the difference is one word, but connecting the two sides requires a lot of experience in microservice landing. Because the core challenge of software architecture is to solve the system complexity problem caused by rapid business growth, and in the process of decoupling applications with microservices, the calls and dependencies between services and services become more complex, and the more complex the relationship is. , Small technical problems are more likely to be magnified, causing large online failures. The cloud-native era, represented by containers and Kubernetes, adds to the complexity.
Recently, Alibaba Cloud's microservice engine MSE (hereinafter referred to as MSE) has upgraded three core capabilities, providing more efficient practices and more comprehensive guarantees for managing microservice applications.
Review of the live broadcast conference: https://developer.aliyun.com/topic/microservice
Released Microservice Governance Enterprise Edition
On top of the original basic version and professional version, MSE has launched the Microservice Governance Enterprise Edition, which provides microservice applications and the traffic control and fault tolerance capabilities of common gateways, from traffic control, concurrency control, circuit breaker downgrade, adaptive protection, and hotspot prevention and control. and other dimensions to ensure business stability and help users cope with traffic surges or unstable service dependencies.
At the microservice gateway layer, such as Zuul and Spring CloudGateway, users can set rules for ingress traffic protection. At the application layer, interface-level granularity protection can be implemented, and multiple current limiting methods such as single-machine current limiting, cluster current limiting, and minute-hour current limiting are supported. In addition to the impact of large traffic, when third-party services have problems, sometimes the response time of the interface becomes longer, and the thread resources cannot be released. Users can configure fuse rules for weakly dependent interfaces, which will automatically fuse when unstable conditions are reached. Non-critical interfaces can be proactively downgraded in advance to avoid single-point service exceptions that cause overall unavailability. In addition, traffic protection supports adaptive system protection, which can set system protection rules based on system resource indicators such as CPU and LOAD to prevent avalanches. At the same time, it is also possible to configure isolation rules for automatically identified slow SQL statements to limit the number of concurrent executions to prevent the database connection pool from being full and affecting normal calls.
The enterprise version also supports second-level monitoring capabilities for indicators such as QPS, response time, anomalies, and CPU/load, and provides analysis functions for second-level traffic and water level distribution in machine dimension, interface dimension, and cluster dimension for these indicators, which is convenient for users to monitor. Protection effect and guide rule configuration.
In addition, the service management center also adds application configuration capabilities to help users dynamically manage configuration items in the code, which can be used in a variety of business scenarios. One is to embed function switches in the business logic, such as dynamically enabling a promotion, downgrading some time-consuming operations, etc.; the other is to adjust the application operation level without restarting the application, such as modifying the log level online and specifying A/B Test path, thread pool configuration, etc.; the third is the push of complex types of structured content such as List and Map, such as regularly pushing the list of big promotion products, and sending the list of customers with coupons in a unified manner.
Prices for Basic, Professional, and Enterprise editions are as follows:
For more information about the differences between the three versions, please visit: https://help.aliyun.com/document_detail/333528.html
Open Source Service Governance Specification and Implementation OpenSergo
Microservice governance is an inevitable problem to be solved in the process of managing microservices, but the following pain points are common in the industry:
• High cost of understanding and communication: The industry does not have a clear understanding of the capabilities and boundaries of microservice governance, and the concept of service governance defined by each enterprise is inconsistent, resulting in high understanding and communication costs.
• Lack of standardized conventions: There are many open source microservice frameworks. For example, the microservice interface defined in Spring Cloud and the interface defined in Dubbo cannot communicate with each other. Go and Java have different systems and perceptions.
• Lack of business-oriented abstractions and standards: For business development, it is not only necessary to understand the deployment architecture of different microservice frameworks, but also to understand the concepts and differences of different service governance methods.
OpenSergo is jointly initiated by bilibili, ByteDance, and the Spring Cloud Alibaba, Nacos, Apache Dubbo/dubbo go communities. It is a set of specifications and implementations for microservice governance. It needs to solve the problem of microservice governance in different frameworks and languages. The concept of fragmentation and inability to communicate with each other. For example, how to standardize service registration and discovery, how to unify the format of service meta information, and so on.
OpenSergo @GithHub: github.com/opensergo/opensergo-specification
The capabilities provided by OpenSergo can be viewed from three dimensions: control plane, data plane, and Spec:
• Control plane: Users can view and modify service governance configurations through CRD or Dashboard, and deliver these control information to the data plane.
• Data plane: JavaAgent, Servcie Mesh, and various microservice frameworks that access OpenSergo can receive service governance configuration and apply it to current business traffic.
• OpenSergo Spec: Spec specifies the communication conventions between the control plane and the data plane, ensuring that users can use one Spec to describe the microservice architecture of different frameworks, different protocols, and different languages, so that developers no longer need to pay attention to the underlying differences.
Next Generation Gateway - Cloud Native Gateway Upgrade
Gateways are divided into traffic gateways and business gateways. Traffic gateways mainly provide global policy configurations that have nothing to do with back-end services. For example, Alibaba's internal unified access gateway Tengine is a typical traffic gateway; business gateways, as the name suggests, mainly provide independent business domains. Level, tightly coupled with the back-end business strategy configuration, with the evolution of the application architecture model from the monolith to the current distributed microservices, the business gateway also has a new name - microservice gateway.
However, in the cloud-native era dominated by containers and Kubernetes, Ingress has become the gateway standard of the Kubernetes ecosystem, combining traffic gateway + microservice gateway into one. Converting a two-tier gateway into a one-tier gateway can not only save 50% of resource costs, but also reduce operation, maintenance and usage costs.
The cloud native gateway provided by MSE upgrades its core capabilities again, including seamless support for Nginx Ingress annotation conversion, support for Waf local protection, support for plug-in market, and support for HTTP to Dubbo. Taking the seamless support of Nginx Ingress annotation conversion as an example, the MSE Ingress Controller obtains the changes of the Ingress resources in the associated ACK cluster through the List-Watch mechanism, and then dynamically updates the routing rules of the MSE cloud native gateway in a hot update manner. When the MSE cloud native gateway receives the request, it matches the Ingress forwarding rules to forward the request to the Pod corresponding to the backend Service.
Compared with the Nginx Ingress Controller, the MSE Ingress Controller takes effect of the monitored Ingress resources in seconds by means of hot update. This method of taking effect configuration without restarting the data plane greatly improves the stability of the cluster ingress gateway and effectively guarantees the business. Traffic is lossless. More importantly, MSE Ingress Controller can perform multi-cluster management, that is, it acts as the ingress gateway of multiple clusters at the same time, which means that it can monitor the Ingress resources in multiple clusters at the same time, and solve the problems of users' cross-Kubernetes cluster traffic scheduling and traffic governance.
In addition to the micro-service semi-hosted products such as MSE, this upgrade conference also shared the advantages and characteristics of the fully managed solution of MSE+SAE, combined with Serverless technology, further improved the utilization of computing resources, low threshold Containerization transforms and transforms Kubernetes.
MSE provides commercialization enhancements for open source projects such as ZooKeeper, Nacos, Consul, Envoy, etc. It serves companies such as Skechers, Caller Technology, Play Xinjie, Helian Health, Master Wan, Yunhuoyou, Shanghai Mitsubishi, Salesforce China, etc. One of the preferred microservice platforms for domestic cloud customers.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。