If you want to enable public access to a microservice, you can create a cloud-native gateway for the microservice, import the microservice from Microservices Engine (MSE) Nacos or a Container Service for Kubernetes (ACK) cluster by using the cloud-native gateway, and then create a routing policy in the cloud-native gateway for the microservice. This topic describes how to get started with Cloud-native Gateway.

Procedure

If a microservice is deployed in an ACK cluster or registered in a Nacos registry, you can use Cloud-native Gateway to import the microservice from the ACK cluster or the Nacos registry.

Get started with Ingress gateways
  1. Create a cloud-native gateway.

    Create a cloud-native gateway based on the existing environment in which microservices run.

  2. Add a service source.

    Add a service source to the cloud-native gateway. Service sources include fixed IP addresses, ACK clusters, Nacos registries, and DNS domain names.

    Note If you select fixed IP addresses as service sources, you can select a service that you want to add from the service list without the need to add a service source.
  3. Add a service.

    The cloud-native gateway can obtain the namespace of a service from a service source, such as an ACK cluster or a Nacos registry. This way, you can add an existing service to the cloud-native gateway as a backup service.

  4. Configure a routing policy for the service.

    Configure a routing policy for the service and publish the routing policy.

You can send testing requests, check monitoring rules, configure alerts, debug routing policies, and configure authentication methods by using Cloud-native Gateway. For more information, see Dive deeper into cloud-native gateways.

Step 1: Create a cloud-native gateway

  1. Log on to the MSE console.
  2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
  3. In the top navigation bar, select the region in which you want to create the gateway.
  4. On the Gateways page, click Create Gateway.
  5. On the buy page, configure the parameters and click Buy Now.
    Table 1. Parameters
    Parameter Description
    Billing Method Select Subscription or Pay-As-You-Go.
    Region Select the region in which you want to create the gateway.
    Gateway Name Enter the name of the gateway. The name cannot exceed 64 characters in length. We recommend that you name the gateway based on the environment or the type of your business, such as test or order-prod.
    Gateway Engine Specifications Select the specification of the gateway engine. You can select one of the following specifications: 2 Cores, 4 GB, 4 Cores, 8 GB, 8 Cores, 16 GB, and 16 Cores, 32 GB.
    Gateway Nodes Specify the number of gateway nodes. If your gateway is deployed in a production environment, we recommend that you specify at least two nodes.
    Note A single-node gateway may result in business interruptions. Proceed with caution.
    VPC Specify the virtual private cloud (VPC) in which the backend services are deployed.
    vSwitch (Primary) Cloud-native gateways use the vSwitches in VPCs to communicate with the backend services. We recommend that you specify a primary vSwitch that is deployed in the zone where the backend services are deployed.
    vSwitch (Secondary) Select a secondary vSwitch that is deployed in a zone that is different from the zone where the primary vSwitch is deployed for cross-zone deployments.
    Internet-facing SLB Specifications Select the specifications of an Internet-facing Server Load Balancer (SLB) instance, which can be accessed over the Internet.
    Internal-facing SLB Specifications Select the specifications of an internal-facing SLB instance.
    Security Group Type Select the security group type of your gateway. The default type is advanced security group. We recommend that you select the same security group type as the Elastic Compute Service (ECS) instance in which backend services are deployed. For more information, see Overview.
    Hardware Acceleration Select Enable TLS Hardware Acceleration. If you enable Transport Layer Security (TLS) hardware acceleration, the handshake performance of TLS is doubled.
    Note TLS Hardware Acceleration is available only in the China (Beijing), China (Shanghai), China (Hangzhou), China (Shenzhen), and Singapore (Singapore) regions due to the limits on the underlying hardware.
    Monitoring and Alerting By default, Application Real-Time Monitoring Service (ARMS) Prometheus is activated to collect the metrics and logs of gateways, display data on dashboards, and manage alerts. You can use ARMS Prometheus free of charge.
    Log Service Select Use Log Service to activate Log Service and enable log shipping to help you analyze logs and visualize data on dashboards. For more information, see Enable log shipping for a cloud-native gateway.
    Tracing Analysis Select Use Tracing Analysis to activate Alibaba Cloud Tracing Analysis and enable the gateway tracing analysis feature. For more information, see Enable Tracing Analysis for a cloud-native gateway.
    Duration If you select Subscription, you must specify a subscription duration. You can select Auto-renewal to continue to use the gateway after the gateway expires.
    Terms of Service Read the terms of service, select the check box, and then complete the payment.
    Note The system may require 2 to 3 minutes to create the cloud-native gateway.

Step 2: Add a service source

  1. On the Gateways page, click the name of your gateway. You can also find your gateway, and click Manage in the Actions column.
  2. In the left-side navigation pane of the gateway details page, choose Services > Sources.
  3. In the upper-left corner of the Gateway Sources page, click Create Source.
  4. In the Create Source panel, configure the parameters and click OK.
    Parameter Description
    Source Type Select ACK Container or MSE Nacos.
    If you select ACK Container, you must configure the following parameters. You can edit only the information about the ACK clusters that contain Ingress listening configurations.
    ACK Cluster Select the cluster in which your backend services are deployed.
    Monitor k8s Ingress
    • If you select this check box, the cloud-native gateway automatically listens to the changes of Ingress resources and makes the configurations of domain names and routes of the Ingress resources take effect.
    • If you clear this check box, the cloud-native gateway stops listening to the changes of Ingress resources and makes the configurations of domain names and routes of the Ingress resources become invalid. Proceed with caution.
    Notice The priorities of the domain names and routes that are manually configured in the MSE Management Console are higher than the priorities of the domain names and routes of the Ingress resources that the cloud-native gateway listens to.
    IngressClass

    The Ingress class with which Ingress resources are associated.

    • If you do not specify this parameter, the cloud-native gateway listens to all the Ingress resources in the ACK cluster.
    • If you specify a single value for this parameter, the cloud-native gateway listens to the Ingress resources that have the class annotation or whose Spec.IngressClassName value is the same as the configured value. You cannot specify multiple values for this parameter at a time. If you set this parameter to nginx, the cloud-native gateway listens to the Ingress resources whose IngressClass is nginx or the Ingress resources that are not associated with any Ingress class.
    Listener namespace

    The namespace to which Ingress resources belong.

    • If you do not specify this parameter, the cloud-native gateway listens to the Ingress resources in all the namespaces of the ACK cluster.
    • If you specify a value for this parameter, the cloud-native gateway listens to the Ingress resources in the specified namespace of the ACK cluster. You cannot specify multiple values for this parameter at a time.
    If you select MSE Nacos for Source Type, you must configure the following parameters:
    Cluster Name Select a cluster.
    Registration Type After you select a cluster from the Cluster Name drop-down list, this parameter is automatically specified.
    Registration Endpoint After you select a cluster from the Cluster Name drop-down list, this parameter is automatically specified.

Step 3: Add a service

Note We recommend that you add a service from the service source that you specify. This way, the cloud-native gateway can dynamically obtain the list of backend services.
  1. In the left-side navigation pane of the gateway details page, choose Services > Services.
  2. In the upper-left corner of the Services page, click Create Service.
  3. In the Create Service panel, configure the parameters and click OK.
    Create a service for the cloud-native gateway
    • When you set Service Source to ACK Container, you must configure the following parameters.
      Parameter Description
      Namespace Select a namespace of the cluster.
      Services Select one or more services from the Select Service section.
    • When you set Service Source to MSE Nacos, you must configure the following parameters.
      Parameter Description
      Namespace Select a namespace of the cluster.
      Services Select one or more services from the Select Service section.
    • When you set Service Source to Fixed Address, you must configure the following parameters.
      Parameter Description
      Service Name Specify a name for the service that you want to add. The service name must start with a letter and contain only lowercase letters, digits, and hyphens (-).
      Endpoint The service endpoint varies with service sources. But the endpoint must be in the format of <IP addresses>:<Service port>. You can separate endpoints with line feeds.
    • When you set Service Source to DNS Domain Name, you must configure the following parameters.
      Parameter Description
      Service Name Specify a name for the service. The service name must start with a letter and contain only lowercase letters, digits, and hyphens (-).
      Service Port Specify the port number of the service. The value ranges from 1 to 65535.
      Domain Names Specify the domain names, such as www.aliyun.com. You can separate domain names with line feeds.
      Note When the cloud-native gateway forwards a request to the backend service, the gateway does not modify the Host parameter value of the request into the domain name that you specified.

Step 4: Configure a routing policy for the service

  1. On the Gateway Overview page, click Routes in the left-side navigation pane.
  2. In the upper-left corner of the Routes page, click Create Route.
  3. On the Create Route panel, configure the parameters and click Save and Online.
    Configure a route for a cloud-native gateway
    Notice
    • A route is matched when all conditions in its routing rule are met. The more conditions you specify, the fewer requests a route can match.
    • A request matches routes in their display order on the Routes page.
    Table 2. Configure a routing rule
    Parameter Description
    Route Name The name of the route that you want to create.
    Associate Domain Name The domain name that you created on the Domain Names page in the MSE Management Console. You can select multiple domain names.
    Match Rule
    Path The Path parameter in the HTTP requests that you want to forward in the route. When multiple routes have the same matching condition for the Path parameter, the longer the Path value in the rule, the higher priority a route has. The matching conditions for the Path parameter include Prefix Match, Exact Match, and RegEx Match.
    • Prefix Match: The prefix of the Path parameter is specified to match requests and a route. For example, you can specify the prefix as /user.
    • Exact Match: The entire Path parameter value is specified to match requests and a route. For example, you can specify the Path value as /user.
    • RegEx Match: A regular expression is used to match requests and a route.
    Method The Method parameter in the HTTP requests that you want to forward in the route. If you do not specify this parameter, requests with any Method parameter value can match the route. You can specify multiple Method values in the matching condition to match more requests with a route.
    Header The Header parameter in the HTTP requests that you want to forward in the route. When multiple routes have the same matching conditions aside from the number of specified Header parameters, the more Header parameters in the rule, the higher priority a route has. Click Add Request Header to add a Header parameter in the routing rule.
    Request Parameter (Query) The Query parameter in the HTTP requests that you want to forward in the route. When multiple routes have the same conditions aside from the number of Query parameters, the more Query parameters in the rule, the higher priority a route has. Click Add Request Parameter to add a Query parameter in the routing rule.
    Destination Service The routing mode. Valid values: Single Service, Multiple Services, Label Routing, Mock, and Redirection. For more information about the routing modes, see Routing modes.
    Note When you select a routing mode in which you must configure weights for distributing traffic to different services, the traffic distribution proportions must add up to 100%.
    • Single Service: indicates that the route is used to forward requests to a specific backend service.

      Select the destination service.

    • Multiple Services: indicates that the route is used to forward requests to multiple backend services.

      Click Add Destination Service to select services one by one, and set the weight to determine the proportion of traffic distributed to each service.

    • Label Routing: indicates that the route is used to forward requests to different service versions.

      Click Add Destination Service to select services and set corresponding versions one by one. Set the weight to determine the proportion of traffic distributed to each service version.

    • Mock: indicates that the route is used to check whether the gateway can return a response after it forwards a request.

      Set the Response Code and Response Content parameters.

    • Redirection: indicates that the route is used to redirect requests to another domain name or path.
      Set the Response Code, Host domain, and Path parameters.
      • Response Code: the response code of the redirection, which can be 301, 302, 303, 307, or 308.
      • Host domain: the domain name to which requests are redirected. If you do not specify this parameter, the original Host parameter value in a request is used.
      • Path: the path to which requests are redirected. If you do not specify this parameter, the original Path parameter value in a request is used.
  4. On the Routes page, find the routing rule that you want to publish and click Edit in the Actions column.
  5. In the Edit Route panel, click Save and Online.

What to do next

After you perform the preceding steps, you can manage the microservices that are deployed in your ACK cluster by using the cloud-native gateway. You can log on to the MSE console and perform service management for your applications by using the cloud-native gateway.