Build full link grayscale capability based on Ingress
Background
With the continuous popularization of cloud native technology, more and more business applications begin to transform to cloud native architecture. With the help of the container management platform Kubernetes' immutable infrastructure, elastic expansion and high scalability, it helps businesses to rapidly complete digital transformation. Among them, the cluster entrance traffic management method is gradually generalized and standardized during the evolution of cloud native technology. Users manage the external access to the cluster's internal services through the Ingress resources defined by Kubernetes.
Under the microservice architecture, there are some requirements development, involving the simultaneous changes of multiple microservices on the microservice call link. Usually, each microservice will have a grayscale environment or grouping to receive grayscale traffic. We hope that the traffic entering the upstream grayscale environment can also enter the downstream grayscale environment, ensuring that a request is always transmitted in the grayscale environment, Even if some microservices on the call link do not have a grayscale environment, these applications can still return to the grayscale environment when requesting downstream. With the full link grayscale capability provided by MSE, you can easily achieve the above capabilities without modifying any of your business codes.
Overview of Kubernetes Gateway
The Kubernetes cluster exposes traffic in three ways: Node Port, LoadBalancer, and Ingress.
For the Node Port, the simple one-to-one correspondence between the port and the back-end pod is realized. There is not only a single point problem, but also the limitation of the port range. Once the number of back-end services increases, there will be no port available; For LoadBalancer, it solves the single point problem of Node Port and the problem of the number of ports. However, it is a pure traffic forwarding resource, with no routing configuration capability, nor can it manage numerous back-end service applications. Therefore, the birth of Ingress is an inevitable result. Ingress not only has the ability to define the natural route, but also plays the role of numerous service managers on the back end. However, it should be mentioned here that the well-known Ingress resource is just a simple definition of a routing resource. The real implementer and executor are actually specific Ingress standard implementations, including the well-known Nginx Ingress Controller.
On the Alibaba Cloud ACK platform, there are many ways to implement Ingress, including Nginx Ingress, ALB Ingress, and the recently launched MSE Ingress. This article will describe a more general unified solution based on MSE microservice governance to achieve full link traffic grayscale on the Ingress gateway.
How to realize full link traffic grayscale on Ingress
First of all, we need to know the necessary elements to achieve the full link grayscale. Then, we can implement these elements in the Ingress environment to achieve the full link traffic grayscale under the Ingress gateway. From historical experience, we mainly rely on three elements: label routing, node marking and traffic coloring.
By grouping all nodes under the service according to the different tag names and tag values, label routing enables service consumers who subscribe to the information of the service node to access a packet of the service on demand, that is, a subset of all nodes. The service consumer can use any label information on the service provider node. According to the actual meaning of the selected label, the consumer can apply label routing to more business scenarios.
The node is marked. If the Kubernetes Service is used as the service discovery business system, the service provider completes the service exposure by submitting the service resource to ApiServer. The service consumer listens to the Endpoint resource associated with the service resource, gets the associated business pod resource from the Endpoint resource, reads the above Labels data and uses it as the metadata information of the node. Therefore, we only need to add a label to the node in the Pod template in the Deployment of the business application description resource.
Traffic staining means that we can dye the traffic at the source of the request. When the front end initiates the request, it marks the traffic according to the user information or platform information. If the front end is unable to do so, we can also dynamically add traffic identifiers to requests matching specific routing rules on the microservice gateway. In addition, when traffic flows through gray nodes in the link, if the request information does not contain gray identification, it needs to be colored automatically, and then the traffic can first access the gray version of the service in the subsequent flow process.
In order to realize the above three elements of full link grayscale, MSE microservice governance proposes the concepts of swimlanes and swimlane groups. For example, let's assume that the application architecture is composed of Nginx Ingress and the back-end microservice architecture (Spring Cloud). The back-end call link has three hops. The transaction center, commodity center, and inventory center. The client accesses the back-end service through the client or H5 page, and they do service discovery through the Nacos registry.
1) Dye the required traffic by setting traffic rules, and the traffic will be routed to the grayscale machine.
2) The grayscale flow carries the grayscale scale to the downstream to form a grayscale exclusive environment flow lane. The application without grayscale environment will default to the unmarked baseline environment.
Entering the definition interface of the swimming lane on the MSE console, we can also find that it corresponds to the three elements of full link grayscale implementation:
Quickly play Ingress full link grayscale
Taking ACK Nginx Ingress full link as an example, we can quickly experience how to use MSE microservice governance to achieve the full link traffic grayscale of Ingress. The overall steps are as follows:
We mainly describe how to connect the ACK Ingress Controller to MSE microservices. Just add the following two configurations to the ConfigMap of the Nginx Ingress Controller:
• use-mse: true
• mse-app-name: ingress-canary-test
Mse app name is a user-defined name. At this time, we can see the Alibaba Cloud Ingress portal named ingress management test on the MSE console:
The remaining steps are consistent with the full link grayscale steps of Java applications. Please refer to the following article for details:
https://help.aliyun.com/document_detail/460275.html
After we configure the swim lane rules, the traffic with the corresponding features will flow into the corresponding swim lane. We can observe the grayscale on the MSE console to verify whether the full link grayscale function is effective:
MSE Ingress is an Ingress implementation independently developed by MSE team. It replaces Nginx for traffic hosting based on MSE cloud native gateway (compatible with Ingress and Istio at the same time). It not only has more powerful performance, but also has a natural traffic governance and control gene. Its full link grayscale play is basically the same as ACK Nginx Ingress. Please refer to the following article for specific steps.
With the continuous popularization of cloud native technology, more and more business applications begin to transform to cloud native architecture. With the help of the container management platform Kubernetes' immutable infrastructure, elastic expansion and high scalability, it helps businesses to rapidly complete digital transformation. Among them, the cluster entrance traffic management method is gradually generalized and standardized during the evolution of cloud native technology. Users manage the external access to the cluster's internal services through the Ingress resources defined by Kubernetes.
Under the microservice architecture, there are some requirements development, involving the simultaneous changes of multiple microservices on the microservice call link. Usually, each microservice will have a grayscale environment or grouping to receive grayscale traffic. We hope that the traffic entering the upstream grayscale environment can also enter the downstream grayscale environment, ensuring that a request is always transmitted in the grayscale environment, Even if some microservices on the call link do not have a grayscale environment, these applications can still return to the grayscale environment when requesting downstream. With the full link grayscale capability provided by MSE, you can easily achieve the above capabilities without modifying any of your business codes.
Overview of Kubernetes Gateway
The Kubernetes cluster exposes traffic in three ways: Node Port, LoadBalancer, and Ingress.
For the Node Port, the simple one-to-one correspondence between the port and the back-end pod is realized. There is not only a single point problem, but also the limitation of the port range. Once the number of back-end services increases, there will be no port available; For LoadBalancer, it solves the single point problem of Node Port and the problem of the number of ports. However, it is a pure traffic forwarding resource, with no routing configuration capability, nor can it manage numerous back-end service applications. Therefore, the birth of Ingress is an inevitable result. Ingress not only has the ability to define the natural route, but also plays the role of numerous service managers on the back end. However, it should be mentioned here that the well-known Ingress resource is just a simple definition of a routing resource. The real implementer and executor are actually specific Ingress standard implementations, including the well-known Nginx Ingress Controller.
On the Alibaba Cloud ACK platform, there are many ways to implement Ingress, including Nginx Ingress, ALB Ingress, and the recently launched MSE Ingress. This article will describe a more general unified solution based on MSE microservice governance to achieve full link traffic grayscale on the Ingress gateway.
How to realize full link traffic grayscale on Ingress
First of all, we need to know the necessary elements to achieve the full link grayscale. Then, we can implement these elements in the Ingress environment to achieve the full link traffic grayscale under the Ingress gateway. From historical experience, we mainly rely on three elements: label routing, node marking and traffic coloring.
By grouping all nodes under the service according to the different tag names and tag values, label routing enables service consumers who subscribe to the information of the service node to access a packet of the service on demand, that is, a subset of all nodes. The service consumer can use any label information on the service provider node. According to the actual meaning of the selected label, the consumer can apply label routing to more business scenarios.
The node is marked. If the Kubernetes Service is used as the service discovery business system, the service provider completes the service exposure by submitting the service resource to ApiServer. The service consumer listens to the Endpoint resource associated with the service resource, gets the associated business pod resource from the Endpoint resource, reads the above Labels data and uses it as the metadata information of the node. Therefore, we only need to add a label to the node in the Pod template in the Deployment of the business application description resource.
Traffic staining means that we can dye the traffic at the source of the request. When the front end initiates the request, it marks the traffic according to the user information or platform information. If the front end is unable to do so, we can also dynamically add traffic identifiers to requests matching specific routing rules on the microservice gateway. In addition, when traffic flows through gray nodes in the link, if the request information does not contain gray identification, it needs to be colored automatically, and then the traffic can first access the gray version of the service in the subsequent flow process.
In order to realize the above three elements of full link grayscale, MSE microservice governance proposes the concepts of swimlanes and swimlane groups. For example, let's assume that the application architecture is composed of Nginx Ingress and the back-end microservice architecture (Spring Cloud). The back-end call link has three hops. The transaction center, commodity center, and inventory center. The client accesses the back-end service through the client or H5 page, and they do service discovery through the Nacos registry.
1) Dye the required traffic by setting traffic rules, and the traffic will be routed to the grayscale machine.
2) The grayscale flow carries the grayscale scale to the downstream to form a grayscale exclusive environment flow lane. The application without grayscale environment will default to the unmarked baseline environment.
Entering the definition interface of the swimming lane on the MSE console, we can also find that it corresponds to the three elements of full link grayscale implementation:
Quickly play Ingress full link grayscale
Taking ACK Nginx Ingress full link as an example, we can quickly experience how to use MSE microservice governance to achieve the full link traffic grayscale of Ingress. The overall steps are as follows:
We mainly describe how to connect the ACK Ingress Controller to MSE microservices. Just add the following two configurations to the ConfigMap of the Nginx Ingress Controller:
• use-mse: true
• mse-app-name: ingress-canary-test
Mse app name is a user-defined name. At this time, we can see the Alibaba Cloud Ingress portal named ingress management test on the MSE console:
The remaining steps are consistent with the full link grayscale steps of Java applications. Please refer to the following article for details:
https://help.aliyun.com/document_detail/460275.html
After we configure the swim lane rules, the traffic with the corresponding features will flow into the corresponding swim lane. We can observe the grayscale on the MSE console to verify whether the full link grayscale function is effective:
MSE Ingress is an Ingress implementation independently developed by MSE team. It replaces Nginx for traffic hosting based on MSE cloud native gateway (compatible with Ingress and Istio at the same time). It not only has more powerful performance, but also has a natural traffic governance and control gene. Its full link grayscale play is basically the same as ACK Nginx Ingress. Please refer to the following article for specific steps.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
