Connect ACK microservice applications to the MSE governance center - Microservices Engine

You can connect microservice applications, such as Spring Cloud and Dubbo applications, deployed in Container Service for Kubernetes and Container Compute Service to the Microservices Engine (MSE) governance center. You can use the service governance features provided by MSE to greatly improve the stability and development efficiency of your online microservices. This topic describes how to connect ACK and ACS microservice applications to the MSE governance center.

Prerequisites

Create an ACK managed cluster or Create an ACK Serverless cluster.
MSE microservice governance is enabled.
The ACK/ACS cluster and the MSE governance center are in the same region.

Important

If your project uses the open source Sentinel component and com.alibaba.cloud.sentinel.feign.SentinelFeignAutoConfiguration at the same time, the connection to the MSE governance center fails.
When you mount the MSE Java agent, the JVM heap memory must be greater than 256 MB.
Make sure that the ACK cluster has permissions to access MSE resources.
If the cluster has an ARMS add-on token, MSE grants password-free authorization. By default, ACK managed clusters have an ARMS add-on token. However, some early ACK managed clusters may not have this token. For these clusters, check if the ARMS add-on token exists.
Follow these steps to check for an ARMS add-on token in an ACK managed cluster:
1. Log on to the Container Service for Kubernetes console. On the Clusters page, click the name of the target cluster to open its details page.
2. In the navigation pane on the left, choose Configuration Management > Secrets. At the top of the page, set Namespace to kube-system and check whether addon.arms.token exists. If it does not exist, you must manually grant the required permissions.
If you use a RAM user to complete the quick integration, see Permissions for a RAM user to perform quick integration.

Procedure

Note

Recommendations for selecting a connection type:

If all or most applications in a namespace need to connect to the MSE governance center, use Scenario 1: Enable MSE microservice governance for applications in an ACK or ACS namespace. For applications in the namespace that do not need to be connected, set the label: spec.template.labels.msePilotAutoEnable: "off".
If only a few applications in a namespace need to connect to the MSE governance center, use Scenario 2: Enable MSE microservice governance for a single application.

Scenario 1: Enable MSE microservice governance for applications in an ACK or ACS namespace

After you enable MSE microservice governance for a namespace, all pods for new applications and redeployed existing applications in that namespace are automatically connected to MSE microservice governance. You do not need to connect them one by one. For more information about how to create an application, see Create a stateless workload (Deployment).

Log on to the MSE console, and select a region in the top navigation bar.
In the left-side navigation pane, choose Microservices Governance > Application Governance.
On the Application list page, click ACK Application Access.

In the ACK Application Access dialog box, configure the parameters and click OK.

Parameter	Description
Cluster type	Select ACK Cluster, ACK Serverless Cluster, or ACS Cluster. Note If you have not granted Container Service for Kubernetes permissions to call Microservices Engine, click Please Authorize to grant the permissions.
Cluster Name/ID	Select the name or ID of the Cluster Name/ID that you want to connect to MSE microservice governance. You can search for the cluster by keyword.
ack-onepilot	The status of the ack-onepilot component. For more information about the ack-onepilot component and how to upgrade it, see ack-onepilot component and Install and upgrade the MSE microservice governance component. If ack-onepilot is not installed, the system automatically installs it after you select the cluster. If you use a RAM user and do not have the required permissions, log on to the Container Service for Kubernetes console. Go to the details page of the target cluster. Click Add-ons, find ack-onepilot, and then click Install. If ack-onepilot is installed, the console displays "Installed" followed by the version number, for example, Installed 4.2.0. Note After ack-onepilot is installed, it automatically injects an agent. This may increase the application startup time by up to 10 seconds. If you connect by namespace and the target cluster is not in one of the following regions, make sure that the cluster can access the Internet and connect to acm.aliyun.com:8080: Qingdao, Hangzhou, Beijing, Shanghai, Shanghai-Finance Cloud, Shenzhen, Hong Kong (China), Singapore, Frankfurt, Sydney, Silicon Valley, and Virginia.
Access Type	Select Namespace Access.
Cluster Namespace	Select a Cluster Namespace.
Microservices Governance Namespace	Select a Microservices Governance Namespace.

Additional information:

By default, after you connect an application in an ACK/ACS cluster to the MSE governance center, the console uses the application's deployment name as its display name. To customize the application name, you can modify the YAML configuration of the deployed application.

spec:
  template:
    metadata:
      labels:
        # The MSE microservices namespace where your application resides. The default value is default.
        mseNamespace: default 
        # Replace this with the actual name of your application.
        msePilotCreateAppName: "your-deployment-name"

If you want to disable microservice governance for a specific application, add the msePilotAutoEnable label to the YAML configuration of the deployed application and set it to off.
```
spec:
  template:
    metadata:
      labels:
        # The value "off" for this field must be enclosed in double or single quotation marks.
        msePilotAutoEnable: "off" 
```

Scenario 2: Enable MSE microservice governance for a single application

If only a few applications in your namespace need to be connected to MSE microservice governance, you can connect them one by one.

Log on to the MSE console, and select a region in the top navigation bar.
In the left-side navigation pane, choose Microservices Governance > Application Governance.
On the Application list page, click ACK Application Access.

In the ACK Application Access dialog box, you can configure the parameters and click OK.

Parameter	Description
Cluster type	Select ACK Cluster, ACK Serverless Cluster, or ACS Cluster. Note If you have not granted Container Service for Kubernetes permissions to call Microservices Engine, click Please Authorize to grant the permissions.
Cluster Name/ID	Select the name or ID of the Cluster Name/ID that you want to connect to MSE microservice governance. You can search for the cluster by keyword.
ack-onepilot	The status of the ack-onepilot component. For more information about the ack-onepilot component and how to upgrade it, see ack-onepilot component and Install and upgrade the MSE microservice governance component. If ack-onepilot is not installed, the system automatically installs it after you select the cluster. If you use a RAM user and do not have the required permissions, log on to the Container Service for Kubernetes console. Go to the details page of the target cluster. Click Add-ons, find ack-onepilot, and then click Install. If ack-onepilot is installed, the console displays "Installed" followed by the version number, for example, Installed 4.2.0. Note After ack-onepilot is installed, it automatically injects an agent. This may increase the application startup time by up to 10 seconds. If you connect by namespace and the target cluster is not in one of the following regions, make sure that the cluster can access the Internet and connect to acm.aliyun.com:8080: Qingdao, Hangzhou, Beijing, Shanghai, Shanghai-Finance Cloud, Shenzhen, Hong Kong (China), Singapore, Frankfurt, Sydney, Silicon Valley, and Virginia.
Access Type	Select Single Application Access.
Access Procedure	Follow the steps. Step 1: Go to the Workloads > Deployments page of the cluster and switch to the Namespace of the application. Step 2: Find the application that you want to connect and click View In YAML. Step 3: Edit the labels in the following format and click Update. `spec: template: metadata: labels: # Set the value to "on" to enable the connection. The value must be enclosed in double quotation marks. msePilotAutoEnable: "on" # Specify the governance namespace to connect to. If the namespace does not exist, it is automatically created. mseNamespace: default # Specify the actual name of the application to be connected to MSE. The name must be enclosed in double quotation marks. msePilotCreateAppName: "your-deployment-name"`

Verify the result

After you complete the preceding steps and restart the application, MSE microservice governance is enabled for the application deployed in Container Service for Kubernetes and Container Compute Service.

Log on to the MSE console, and select a region in the top navigation bar.
In the left-side navigation pane, choose Microservices Governance > Application Governance.
Select the corresponding microservices namespace. You can see the application that has been successfully connected.

What to do next

After your application is connected to the MSE governance center, you can use features such as end-to-end canary release, graceful startup and shutdown, and traffic throttling. For more information, see Quickly experience service governance features in 15 minutes (Java).