All Products
Search

This Product

    Microservices Engine:Create an MSE cloud-native gateway

    Document Center

    Microservices Engine:Create an MSE cloud-native gateway

    Last Updated:Apr 15, 2024

    Cloud-native gateways of Microservices Engine (MSE) are compatible with Kubernetes Ingresses. Cloud-native gateways can discover services from different sources such as Container Service for Kubernetes (ACK) and Nacos. Cloud-native gateways provide various security and O&M capabilities. This topic describes how to create an MSE cloud-native gateway.

    Procedure

    1. Create a cloud-native gateway by using one of the following methods:

      • Use the MSE product page:

        1. Go to the MSE product page.

        2. On the MSE product page, click Buy Now. On the page that appears, click the Cloud-native Gateway tab.

      • Use the MSE console:

        1. Log on to the MSE console.

        2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways.

        3. In the top navigation bar, select a region.

        4. In the upper-left corner of the Gateways page, click Create Gateway.

    2. On the buy page, configure the parameters and click Buy Now.

      Parameter

      Description

      Billing Method

      Select Subscription or Pay-as-you-go.

      Region

      Select the region in which you want to buy the gateway.

      Gateway Name

      Enter a name for the gateway. The name must be 1 to 64 characters in length. We recommend that you configure the gateway name based on the environment or the type of your business, such as test or order-prod.

      Gateway Engine Specifications

      Select the specifications of the gateway engine. You can select one of the following specifications: 2 Cores, 4 GB, 4 Cores, 8 GB, 8 Cores, 16 GB, and 16 Cores, 32 GB.

      Gateway Nodes

      Specify the number of gateway nodes. If your gateway is deployed in a production environment, we recommend that you configure at least two nodes.

      Note

      A single-node gateway may result in business interruptions. We recommend that you do not configure a single-node gateway.

      Resource Group

      Select a resource group from the Resource Group drop-down list.

      VPC

      Select the virtual private cloud (VPC) in which the backend services are deployed.

      vSwitch Location

      The zone in which the vSwitch resides. Valid values:

      • Fixed Zone: The vSwitch resides in the same zone as the gateway node. You can select the zone for deploying the gateway node.

      • Optional Zone: You can select a vSwitch in any zone of the VPC. The system automatically deploys gateway nodes in two zones. A single-node gateway is deployed in only one zone.

      vSwitch Selection

      This parameter is required if you select Optional Zone for vSwitch Location. If you want to create a vSwitch, click VPC console.

      Zone

      Select multiple zones for high-availability deployment. Cloud-native gateways use the vSwitches in VPCs to communicate with backend services. We recommend that you select a vSwitch that is deployed in the same zone as the backend services.

      Internet SLB Specifications

      Select the specifications of an Internet-facing Server Load Balancer (SLB) instance, which can be accessed over the Internet.

      Intranet SLB Specifications

      Select the specifications of an internal-facing SLB instance, which can be accessed over the internal network.

      Security Group Type

      Select the security group type of your gateway. The default type is Advanced Security Group. We recommend that you select the same security group type as the Elastic Compute Service (ECS) instance on which backend services are deployed. For more information, see Overview.

      Hardware Acceleration

      Select Enable TLS Hardware Accelerator. If you enable Transport Layer Security (TLS) hardware acceleration, the handshake performance of TLS is doubled.

      Note

      TLS hardware acceleration is available only in specific regions due to the limits on underlying hardware. For more information about the supported regions, see Limits.

      Gateway Monitoring

      By default, Managed Service for Prometheus is activated. This service collects metrics and logs of gateways, displays data on dashboards, and allows you to manage alerts. You can use Managed Service for Prometheus free of charge.

      Log Service

      Select Use Log Service to activate Simple Log Service and enable log shipping to help you analyze logs and visualize data on dashboards. For more information, see Enable log shipping for a cloud-native gateway.

      Tracing Analysis

      Select Use Managed Service for OpenTelemetry to activate Alibaba Cloud Managed Service for OpenTelemetry and enable the gateway tracing analysis feature. For more information, see Enable Tracing Analysis for a cloud-native gateway.

      Service-linked Role

      The service-linked role that is automatically created. You can use the service-linked role to authorize MSE cloud-native gateways to access other Alibaba Cloud services.

      Duration

      If you select the subscription billing method, you must select a duration. You can select Auto-renewal to continue to use the gateway after the gateway expires.

      Note

      The system may require 2 minutes to 3 minutes to create the cloud-native gateway.