How traditional microservice frameworks seamlessly transition to service mesh ASM

Author: Yu Zeng

background

The development history of software technology has gradually evolved from monolithic applications to distributed applications, especially the rise of the concept of microservices, making large-scale, high-concurrency, and low-latency distributed applications possible. In the cloud-native era, the microservice framework itself is constantly evolving and iteratively evolving.

The microservice framework generally involves the following knowledge points:

In this article, we focus on the following three microservice frameworks:

• SpringCloud
• Dubbo
• ServiceMesh (new generation)

These three different frameworks have different coverage of function points in the field of service governance. This article does not focus on the advantages and disadvantages of these frameworks, but mainly discusses how to seamlessly transition from the traditional microservice frameworks Dubbo and SpringCloud to the ServiceMesh architecture. The hottest project in the current ServiceMesh field is Istio.

Alibaba Cloud Service Grid ASM is based on Istio. It hosts and adapts Istio on the cloud, and adds related functions, as well as performance optimization in large-scale service grid scenarios. As the industry's first fully managed Istio-compatible Alibaba Cloud service mesh product, ASM has maintained consistency with the community and industry trends in its architecture from the very beginning. Cluster independent. ASM products are customized and implemented based on community Istio, and provide component capabilities to support refined traffic management and security management on the managed control plane side. Through the managed mode, the lifecycle management of the Istio components and the managed K8s cluster is decoupled, making the architecture more flexible and improving the scalability of the system. From April 1, 2022, Alibaba Cloud Service Grid ASM will officially launch a commercial version, providing richer capabilities, larger scale support and better technical support to better meet customers' different needs and scenarios. Details can be found in the product introduction:

https://www.aliyun.com/product/servicemesh

Let's take a look at the known problems in the migration of traditional microservices to the service mesh technology stack, and how Alibaba Cloud Service Mesh ASM seamlessly supports services such as SpringCloud and Dubbo.

Pay attention to the official account of [Alibaba Cloud Cloud Native], and reply to the keyword [0621] to get the download address of the code compression package in the text!

Some known issues and scenarios for migrating traditional microservices to service mesh

Frequently asked questions

• After the service is containerized, the service deployment is updated rollingly, and the IP of the service instance changes frequently. There will be a delay in the synchronization of the IP of the corresponding service instance to the registry. This process will cause 503 to appear in some business requests.
• The Istio community version has limited support for other RPC protocols other than HTTP and gRPC, and cannot provide unified routing management and related governance capabilities.
• Because the service routing model designed by Istio itself relies on ServiceName or ClusterIp for inter-service requests, SpringCloud services cannot be meshed directly. Due to the interface-based service invocation design of Dubbo services, the interface is passed in the context of the Dubbo protocol request, although it is not affected by this mode However, the Istio community version does not have corresponding RDS support for Dubbo routing, so the community version of VirtualService cannot be directly used to configure Dubbo routing.

In addition to the above common problems, there are also some specific business scenarios that are often encountered in the process of business cloud nativeization.

Scenario 1: How do services inside and outside the container cluster communicate with each other

• Containerized some businesses and migrated to Kubernetes clusters
• There are still some legacy services that need to be deployed on ECS cloud hosts

Through ASM docking with the registry, services inside and outside the container cluster can be communicated, and the service governance capability can be retained. In addition, containerized business services are managed through ASM service grid, and the service governance capabilities are lowered to Sidecar, which facilitates the business to quickly obtain the declarative configuration brought by Istio, and perform service governance and orchestration capabilities such as traffic management and grayscale publishing. It has three major observable capabilities for docking Trace, Log, and Metrics.

Scenario 2: Multilingual business interworking

With the advent of the cloud-native wave, business is generally more complex and diverse. Many customers have adopted multiple languages or even multiple development frameworks due to business development needs. How to interconnect services in different languages, or whether there is a unified service framework to manage these multilingual services?

ASM service mesh is based on the Istio community version for the relevant scenarios of the above customers and the common problems encountered, which can support the seamless migration of SpringCloud and Dubbo services to the service mesh, that is, the business does not need any code modification, that is You can naturally enjoy the capabilities provided by the service grid. Below, we will explain the specific analysis of SpringCloud and Dubbo respectively.

Manage SpringCloud services

SpringCloud service communication adopts HTTP protocol. Istio supports HTTP protocol very friendly. We only need to solve how Istio manages SpringCloud services, that is, how to solve the problem of how SpringCloud service requests adapt to the Servicename or ClusterIp that Istio depends on.

Simply put, because the service mesh adopts the Sidecar mode, it needs to know who the target service of the traffic sent by the request is, and this information needs to be declared under the Host field of the Http request.

Option 1: Using EnvoyFilter + Lua

The core implementation is to modify the return of the service subscription request by configuring a piece of Lua logic under the EnvoyFilter, and modify the target IP address returned by the service subscription to the corresponding service name. For specific Demo examples, please refer to the ASM Help document:

https://help.aliyun.com/document_detail/383257.html

However, because this solution needs to understand the specific service subscription agreement, it currently only supports Nacos, and does not support other non-Nacos registration centers. Although we provide some service registration center migration solutions, users may not want to modify the code due to various reasons. Adaptation registry. Based on this, we provide scheme 2 that can be adapted to support any registry.

Option 2: Reverse lookup through Reverse DNS Filter to get ServiceName

Solution 1 can only support Nacos at present. Many users have reported whether they can support service registration centers such as Eureka and ZooKeeper. Based on this, we have launched the following general solutions:

btw, because Istio naturally supports gRPC protocol, and Dubbo3's new protocol triple is based on gRPC, Dubbo3 service can be Mesh more elegantly,

The above scheme also applies to Dubbo3 service.

Summary: Through the above two solutions (recommended solution 2), we solved the problem of SpringCloud service adapting to the Istio routing model. From now on, SpringCloud can enjoy the full capabilities of Istio without any code modification.

Of course, if the user is willing to modify the code, we recommend that the customer remove the related concerns such as load balancing, circuit breaker, and current limiting under the original Spring Cloud, because in the Mesh scenario, the original capabilities are no longer necessary.

Scheme 2 ReverseDNS Filter scheme has been built in ASM 1.13 version and is expected to be released online at the end of June

Manage Dubbo Services

Here we say that the Dubbo service refers to Dubbo2, and Dubbo3 can use a similar solution as above. We are also connecting with the Dubbo3 community and supporting Dubbo3's Proxyless Mesh mode. At present, Dubbo2 still has a large number of users, so Alibaba Cloud Service Grid also provides in-depth support for Dubbo2. The Dubbo mentioned below is only the Dubbo2 version.

Most Dubbo users use the Nacos or ZooKeeper registry, and the ASM product level currently supports the MSE Nacos registry.

Simply associate the MSE Nacos instance under the ASM settings menu to find the service information under the corresponding Nacos.

Support Dubbo + Nacos service migration to ASM

The overall architecture diagram is as follows:

Related documents:

• Managed Dubbo Service
• Manage Dubbo service traffic
• Dubbo service virtual service parameter description
• Integrate self-built Prometheus to achieve Dubbo service observability

ASM extends Dubbo routing based on the Istio community version of VirtualService. A more complex configuration example is as follows:

 apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: demoservice0
spec:
  hosts:
  - providers:com.alibaba.edas.DemoService0
  dubbo:
  - routes:
    - match:
      - method:
          nameMatch:
            exact: "sayHello"
          argc: 1
          args:
          - index: 1
            strValue:
              patterns:
              - exact: "jack"
            type: java.lang.String
      route:
      - destination:
          subset: v1
        weight: 100
    - match:
      - method:
          nameMatch:
           exact: "sayHello"
          argc: 1
          args:
          - index: 1
            strValue:
              patterns:
              - exact: "lily"
            type: java.lang.String
        headers:
         app:
          patterns:
            - exact: "consumer1"
      route:
      - destination:
          subset: v2
        weight: 100
    services:
    - prefix: providers:com.alibaba.edas.DemoService0

For the specific Spec definition and example description of Dubbo routing, please refer to the above Dubbo service governance series of documents

Support Dubbo + ZooKeeper

For Dubbo open source users, in addition to Nacos, there are also many users who use the ZooKeeper registry, but ZooKeeper currently does not officially provide the Istio service discovery capability, that is, the support of the MCP over XDS protocol that Istio relies on.

The MCPBridge component solves this problem. In the Alibaba Cloud Service Grid ASM scenario, the specific implementation is as follows:

Due to the diversity of registries, the follow-up MCPBridge will be submitted to the open source community, and everyone is welcome to maintain it together.

Users can manually install MCPBridge to the ACK cluster where the service is deployed by downloading the MCPBridge Helm installation package.

The installation method is very simple. After the download is complete, extract the Helm installation package and execute it in the directory:

 helm install -f values.yaml mcp-bridge .

After the installation is complete, mcp-bridge will provide a VPC intranet address through SLB, which needs to be associated with the ConfigSource corresponding to Istiod. ASM This function is currently open to the whitelist. You need to submit a work order or add a group at the end of the article to contact the product operation and maintenance personnel.

After the installation is complete, we can then configure the upstream registration center address as ZooKeeper. If there is no ZooKeeper server available in the environment, you can quickly create one through Alibaba Cloud mse ZooKeeper, as follows:

It is very simple to configure the associated registry for the MCPBridge component, just create an MCPBridge CR. The specific configuration format is as follows:

File: zk-mcpbridge.yaml

 apiVersion: istio.aliyun.cloud.com/v1
kind: McpBridge
metadata:
  name: default
  namespace: istio-system
spec:
  registries:
  - domain: mse-7e74ff00-zk.mse.aliyuncs.com   ### zookeeper 地址
    name: zookeeper
    port: 2181
    type: zookeeper

After kubectl apply -f zk-mcpbridge.yaml takes effect, the MCPBridge component will automatically synchronize the service information under the dubbo node under ZooKeeper to istiod.

If you want to experience the specific example of MCPBridge supporting Dubbo + ZK, you can download the test example: dubbo-zk-demo.tar.gz

The file package contains the above yaml configuration of McpBridge and the example of the dubbo demo service for testing.

 root@service-mesh-test011122063081:~/test/mcpbridge/dubbo-zk-demo# tree .
.
├── dubbo-services.yaml                    ## dubbo + zk注册中心测试服务例子
├── zk-mcpbridge.yaml                      ## mcpbridge zk 配置，需要对应修改zk地址
└── zk-registry-service-alias.yaml         ## zk地址的服务别名，需要对应修改zk地址

Next we briefly explain how to use this Demo example.

When the dubbo-zk-demo.tar.gz is downloaded and decompressed, we first need to change the zk address "mse-7e74ff00-zk.mse.aliyuncs.com" under the yaml to the actual corresponding zk service address (this address requires Make sure that the MCPBridge component can be accessed), after the address modification is completed, execute the following command in the dubbo-zk-demo file directory:

 kubectl create ns dubbo 
kubectl label ns dubbo istio-injection=enabled
kubectl apply -f .

Then run the command kubectl get pods -n dubbo to check whether the corresponding dubbo service consumer and provider are successfully started.

 root@service-mesh-test011122063081:~/test/mcpbridge# kubectl get pods -n dubbo
NAME                                    READY   STATUS    RESTARTS   AGE
dubbo-consumer-zk-5cd8f6c6bf-bscd2      2/2     Running   0          83m
dubbo-provider-zk-v1-54cd888957-k7bg4   2/2     Running   0          83m
dubbo-provider-zk-v2-cf58ccc79-sg94l    2/2     Running   0          83m

After the startup is successful, we go back to Zookeeper, and we can see that the service registration information has been reported: (under the dubbo node)

Next, we map the consumer service to the ASM gateway for test access. We can quickly create an ASM gateway through the ASM console. If we use CICD or GitOps, we can also create it directly by creating IstioGateway Yaml.

After the gateway entity is successfully created (gateway deployment, svc, etc.), we also need to configure the logical gateway, which only takes two steps;

• Create a gateway rule (gateway CRD under istio), declare a logical gateway, and the specific domain name and declared port and protocol type bound to this logical gateway (test-gateway)
• Configure gateway routing to forward /sayHello request to dubbo-consumer-zk.dubbo.svc.cluster.local target service

The gateway rules and gateway routing can refer to the following Yaml, we only need to save this Yaml as a local file, and then kubectl apply under the asm cluster.

 ---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: test-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: consumerhttp
spec:
  hosts:
  - "*"
  gateways:
  - test-gateway
  http:
  - match:
    - uri:
        prefix: /sayHello
    route:
    - destination:
        host: dubbo-consumer-zk.dubbo.svc.cluster.local ##对应consumer服务的k8s service name
        port:
          number: 17080

After the gateway rules and routing configuration take effect, we can use the browser or terminal command method:

curl http://$INGRESS_GATEWAY_IP/sayHello/world to access the previously deployed Dubbo demo service, execute the following command, and you can see the relevant results after execution: the two requests before and after are load balanced to the v1 and v2 versions of the Provider.

 #export INGRESS_GATEWAY_IP=YOUR_GATEWAY_IP
 
 #curl http://$INGRESS_GATEWAY_IP/sayHello/world
 
 V2 Gray1: hello world - 172.22.32.143:20880
 
 #curl http://$INGRESS_GATEWAY_IP/sayHello/world
 
 V1 Gray1: hello world - 172.22.32.39:20880

More traffic management, grayscale publishing, and observable examples can be configured by referring to Istio and related documents of Dubbo service governance under ASM.

Summarize

Aiming at the traditional microservice frameworks SpringCloud and Dubbo, Alibaba Cloud Service Mesh ASM provides extended support based on Istio for common scenarios and problems encountered by customers. It can seamlessly manage SpringCloud and Dubbo services, and provide Istio native service governance. ability.

As a pioneer of managed service grid, Alibaba Cloud Service Grid ASM has gained a large number of users, and these users have strengthened our confidence in this product. Service mesh is no longer a pile of buzzwords, but is actually applied to the production environment to deal with one technical problem after another in the field of service governance. Returning to the essence, service mesh still has to solve real business problems.

The service mesh community is booming, and ASM products still need to be improved, but it has gained momentum in market validation. The epic story of service mesh has just begun, welcome to join the DingTalk group for discussion~