All Products
Search

This Product

    Microservices Engine:Get started with Cloud-native Gateway

    Document Center

    Microservices Engine:Get started with Cloud-native Gateway

    Last Updated:Apr 29, 2024

    You can enable a microservice application to provide services for external systems by using cloud-native gateways. To achieve this purpose, you can create a cloud-native gateway for the microservice application, add the Microservices Engine (MSE) Nacos instance in which the microservice application is deployed as a service source or associate the microservice application with a Container Service for Kubernetes (ACK) cluster, and then create a routing rule in the cloud-native gateway for the microservice application. This topic describes how to get started with cloud-native gateways.

    Procedure

    If a microservice application is deployed in an ACK cluster or registered with an MSE Nacos instance, you can use a cloud-native gateway to directly associate the microservice application with the ACK cluster or add the MSE Nacos instance as a service source of the cloud-native gateway.

    Ingress网关体验流程

    1. Create a cloud-native gateway.

      Create a cloud-native gateway based on the existing environment in which microservice applications run.

    2. Add a Nacos service source

      Add a service source to the cloud-native gateway. Service sources include fixed IP addresses, ACK clusters, MSE Nacos instances, and Domain Name System (DNS) domain names.

      Note

      If you select fixed IP addresses as service sources, you can select a service that you want to add from the service list without the need to add a service source.

    3. Create a service

      The cloud-native gateway can obtain the namespace of a service from a service source, such as an ACK cluster or an MSE Nacos instance. This way, you can add an existing service to the cloud-native gateway as a backup service.

    4. Create a route

      Configure a routing rule for the service and publish the routing rule.

    Step 1: Create a cloud-native gateway

    Procedure

    1. Log on to the MSE console. In the top navigation bar, select a region.

    2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways.

    3. In the upper-left corner of the Gateways page, click Create Gateway.

    4. On the buy page, configure the parameters and click Buy Now.

      Parameter

      Description

      Product Type

      Select Subscription or Pay-as-you-go.

      Region

      Select the region in which you want to deploy the gateway.

      Gateway Name

      Enter a name for the gateway. The name must be 1 to 64 characters in length. We recommend that you configure the gateway name based on the environment or the type of your business, such as test or order-prod.

      Gateway Engine Specifications

      Select the specifications of the gateway engine. You can select one of the following specifications: 2 Cores, 4 GB, 4 Cores, 8 GB, 8 Cores, 16 GB, and 16 Cores, 32 GB.

      Gateway Nodes

      Specify the number of gateway nodes. If your gateway is deployed in a production environment, we recommend that you specify at least two nodes.

      Note

      A single-node gateway may result in business interruptions. We recommend that you do not configure a single-node gateway.

      Resource Group

      Select a resource group from the Resource Group drop-down list.

      VPC

      Select the virtual private cloud (VPC) in which the backend services are deployed.

      vSwitch Location

      Select the vSwitch location.

      Zone

      If you set vSwitch Location to Fixed Zone, you must configure Zone. Cloud-native gateways use the vSwitches in VPCs to communicate with backend services. We recommend that you select a vSwitch that is deployed in the same zone as the backend services.

      vSwitch

      If you set vSwitch Location to Custom Zone, you must select a vSwitch.

      Internet-facing SLB Specifications

      Select the specifications of an Internet-facing Server Load Balancer (SLB) instance, which can be accessed over the Internet.

      Internal-facing SLB Specifications

      Select the specifications of an internal-facing SLB instance.

      Security Group Type

      Select the security group type of your gateway. The default type is Advanced Security Group. We recommend that you select the same security group type as the Elastic Compute Service (ECS) instance on which backend services are deployed. For more information, see Overview.

      Hardware Acceleration

      Select Enable TLS Hardware Acceleration. If you enable Transport Layer Security (TLS) hardware acceleration, the handshake performance of TLS is doubled.

      Note

      TLS hardware acceleration is available only in the China (Beijing), China (Shanghai), China (Hangzhou), China (Shenzhen), and Singapore regions due to the limits on underlying hardware.

      Gateway Monitoring

      By default, Managed Service for Prometheus is activated. This service collects the metric data of gateways, displays data on dashboards, and manages alerts. You can use Managed Service for Prometheus free of charge.

      Log Service

      Select Use Log Service to activate Simple Log Service and enable log shipping to help you analyze logs and visualize data on dashboards. For more information, see Enable log shipping for a cloud-native gateway.

      Tracing Analysis

      Select Use Managed Service for OpenTelemetry to activate Alibaba Cloud Managed Service for OpenTelemetry and enable the gateway tracing analysis feature. For more information, see Enable Tracing Analysis for a cloud-native gateway.

      Subscription Duration

      If you select Subscription for Product Type, you must select a duration. You can select Auto-renewal to continue to use the gateway after the gateway expires.

      Note

      The system may require 2 minutes to 3 minutes to create the cloud-native gateway.

    Step 2: Add a service source

    1. Log on to the MSE console. In the top navigation bar, select a region.

    2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway.

    3. In the left-side navigation pane, click Routes. On the page that appears, click the Sources tab.

    4. On the Source tab, click Add Source. In the Add Source panel, configure the parameters and click OK.

      You can set Source Type to Container Service, MSE Nacos, MSE ZooKeeper, SAE Built-in Registry, or EDAS Built-in Registry.

      If you set Source Type to Container Service, you must configure the parameters that are described in the following table.

      Parameter

      Description

      ACK/ACK Serverless Cluster

      Select the cluster in which your backend service is deployed.

      Note

      When you create a gateway, you need to select the VPC in which the cluster is deployed. This way, when you add a service source, the cluster in this VPC is automatically obtained.

      Listen to Kubernetes Ingress

      • If you turn on the Listen to Kubernetes Ingress switch, the cloud-native gateway automatically monitors the changes of Ingress resources, and the monitored configurations of domain names and routes of the Ingress resources take effect.

      • If you turn off the Listen to Kubernetes Ingress switch, the cloud-native gateway no longer monitors the changes of Ingress resources, and the previously monitored configurations of domain names and routes of the Ingress resources become invalid. Exercise caution when you perform this operation.

      Important

      The priorities of the domain names and routes that are manually configured in the MSE console are higher than the priorities of the domain names and routes of the Ingress resources monitored by the cloud-native gateway.

      Ingress Class

      The Ingress class with which Ingress resources are associated.

      • If you do not specify this parameter, the cloud-native gateway monitors all the Ingress resources in the cluster.

      • If you specify an Ingress class for this parameter, the cloud-native gateway monitors the Ingress resources that have the class annotation or whose Spec.IngressClassName value is the same as the configured value. You cannot specify multiple Ingress classes for this parameter. For example, if you set this parameter to nginx, the cloud-native gateway monitors the Ingress resources whose IngressClass is nginx or the Ingress resources that are not associated with any Ingress class.

      Namespace

      The namespace to which Ingress resources belong.

      • If you do not specify this parameter, the cloud-native gateway monitors all the Ingress resources in all the namespaces of the cluster.

      • If you specify a single namespace for this parameter, the cloud-native gateway monitors the Ingress resources in the specified namespace of the cluster. You cannot specify multiple namespaces for this parameter at a time.

      Update Ingress Status

      If you set this parameter to Open, the IP address of the monitored Ingress is changed to the IP address of the Server Load Balancer (SLB) instance associated with the cloud-native gateway.

      Note

      This parameter is displayed when the gateway version is V1.2.9 or later.

      Security Group Rules

      Security groups are configured in the node pool of the container cluster. In most cases, if an external component wants to access a service in the cluster, you must open all ports required by the service in the security groups.

      You can modify security groups. For more information, see Configure security group rules.

      If you set Source Type to MSE Nacos, you must configure the parameter that are described in the following table.

      Parameter

      Description

      Nacos Instance

      Select an instance.

      Note

      Only MSE Nacos instances whose MCPEnabled is set to true are displayed. You can change the parameter settings on the Parameter Settings page for the MSE Nacos instances.

      If you set Source Type to MSE ZooKeeper, you must configure the parameter that are described in the following table.

      Parameter

      Description

      Cluster Name

      Select an instance.

      If you set Source Type to SAE Built-in Registry, you must configure the parameters that are described in the following table.

      Parameter

      Description

      Namespace

      Select the namespace of the SAE registry where the service is deployed.

      Service Group

      If a special service group is specified for your service, click Add Service Group to add the service group.

      If you set Source Type to EDAS Built-in Registry, you must configure the parameters that are described in the following table.

      Parameter

      Description

      Microservices Space

      Select the microservice space of the EDAS registry where the service is deployed.

      Service Group

      If a special service group is specified for your service, click Add Service Group to add the service group.

    Step 3: Add a service

    Note

    We recommend that you add a service from the service source that you specify. This way, a cloud-native gateway can dynamically obtain the list of backend services.

    1. Log on to the MSE console. In the top navigation bar, select a region.

    2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways.

    3. On the Gateways page, click the name of the gateway.

    4. In the left-side navigation pane, click Routes. On the page that appears, click the Services tab.

    5. On the Services tab, click Add Service. In the Add Service panel, configure the parameters and click OK.

      Note

      • Add a service from an ACK cluster: If you select Container Service from the Service Source drop-down list, the cloud-native gateway obtains the service list from an ACK cluster or ACK Serverless cluster and allows you to add the services in the list and their backend node endpoints to the gateway.

      • Add a service from a fixed endpoint: If the service discovery mechanism is not provided for the service that you want to add, you must manually add the backend node endpoints of the service to the gateway.

      • Add a service from a DNS domain name: If you select DNS Domain Name from the Service Source drop-down list, the cloud-native gateway allows you to use the resolution result of the DNS as the backend service endpoint.

      • If you select Container Service for Service Source, you must configure the parameters that are described in the following table.

        Parameter

        Description

        Namespace

        Select a namespace to which the cluster belongs.

        By default, services in the arms-prom, kube-system, and mse-pilot namespaces are not displayed.

        Services

        Select one or more services in the Services section.

      • If you select MSE Nacos for Service Source, you must configure the parameters that are described in the following table.

        Parameter

        Description

        Namespace

        Select a namespace to which the MSE Nacos instance belongs.

        Services

        Select one or more services in the Services section.

        By default, services whose names start with consumer are not displayed.

      • If you select MSE ZooKeeper for Service Source, you must configure the parameters that are described in the following table.

        Parameter

        Description

        Services

        Select one or more services in the Services section.

      • If you select EDAS Built-in Registry for Service Source, you must configure the parameters that are described in the following table.

        Parameter

        Description

        Microservice Space

        Select the microservices namespace to which the service belongs.

        Services

        Select one or more services in the Services section.

      • If you select SAE Registry for Service Source, you must configure the parameters that are described in the following table.

        Parameter

        Description

        Namespace

        Select the namespace to which the service belongs.

        Services

        Select one or more services in the Services section.

      • If you select Function Compute for Service Source, you must configure the parameters that are described in the following table.

        Parameter

        Description

        Service Name

        Select the name of the service to which the function belongs.

        Version or Alias

        Select the version or alias of the service to which the function belongs.

        Functions

        Select one or more functions.

      • If you select Fixed Address for Service Source, you must configure the parameters that are described in the following table.

        Parameter

        Description

        Service Name

        Enter a name of the service.

        Service Address

        The backend node endpoint of the service. The endpoint varies with service sources. The endpoint must be in the format of <IP address of the backend node>:<Service port number>. Separate endpoints with line feeds.

        TLS Mode

        Select a TLS mode from the drop-down list. Default value: Disabled. Valid values:

        • Disabled: TLS is disabled for service access.

        • TLS: One-way TLS is enabled for HTTPS-based service access.

        • mTLS: mTLS is enabled for mutual authentication.

      • If you select DNS Domain Name for Service Source, you must configure the parameters that are described in the following table.

        Parameter

        Description

        Service Name

        Enter a name of the service.

        Service Port

        Enter a port on which the domain name provides services. Valid values: 1 to 65535.

        Domain Names

        Enter one or more domain names, such as www.aliyun.com. Separate multiple domain names with line feeds.

        TLS Mode

        Select a TLS mode from the drop-down list. Default value: Disabled. Valid values:

        • Disabled: TLS is disabled for service access.

        • TLS: One-way TLS is enabled for HTTPS-based service access.

        • mTLS: mTLS is enabled for mutual authentication.

    Step 4: Configure a routing rule for the service

    1. Log on to the MSE console. In the top navigation bar, select a region.

    2. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway.

    3. In the left-side navigation pane, click the Routes tab. On the Routes tab, click Add Route.

    4. On the Add Route page, configure the parameters and click Save.

      Note

      • A route is matched when all conditions in the routing rule are met. If you specify more conditions, fewer requests can be matched.

      • A request matches routes based on the order that is displayed on the Routes page.

      Parameter

      Description

      Route Name

      The name of the route that you want to create. You can click Add Description and enter a description for the route in the Route Description field.

      Domain name

      Select one or more domain names that you want to match for the route.

      If you want to create a domain name, click Add Domain Name below the Domain name drop-down list, and configure the parameters to create a domain name in the Add Domain Name panel.

      Match Rule

      Path

      The Path parameter in the HTTP requests that you want to forward in the route.

      • If the path matching rules of multiple routes are the same, the longer the Path value of a route, the higher the priority of the route.

      • If the path matching rules of multiple routes are different, the priorities of the routes are sorted based on the following conditions from the highest to the lowest: Equal To > Prefix > Regular Expression Match.

        • Equal To: A complete path is used to match requests with a route. For example, you can set the Path parameter to /user.

        • Prefix: A path prefix is used to match requests with a route. For example, you can specify the prefix as /user.

        • Regular Expression Match: A regular expression is used to match requests with a route.

      Method

      The Method parameter that is used to match HTTP requests with a route. You can specify multiple values for the Method parameter to match more requests with a route. By default, ANY is selected.

      Header

      The Header parameter that is used to match HTTP requests with a route. If multiple routes have the same matching conditions aside from the number of specified Header parameters, a route that has a larger number of the Header parameters in the rule has a higher priority.

      Query Parameters

      The Query parameter that is used to match HTTP requests with a route. If multiple routes have the same matching conditions aside from the number of specified Query parameters, a route that has a larger number of the Query parameters in the rule has a higher priority.

      Scenario

      Select the type of the destination service for the route.

      • Basic Scenario: Single Service

      • Canary Release Scenario: Multiple Services and Tag-based Routing

      • Other Scenarios: Mock and Redirect

      For more information about the types of destination services, see Routing modes.

      Note

      The sum of the traffic percentages of the destination services for which you configure the weight must be 100%.

      Backend Service

      Select the associated backend service and port.

      Note

      • You can select Associate Service from the Service Name drop-down list and select a source and a service in the Associate Service panel.

      • The number of sources that can be added varies based on the source type.

        • If Source Type is set to Container Service, a maximum of five sources can be added.

        • If Source Type is set to MSE Nacos or MSE Zookeeper, only one source can be added.

        • If Source Type is set to EDAS Built-in Registry or SAE Built-in Registry, an unlimited number of sources can be added.

      Fallback

      Specify a fallback service based on your business requirements. If no node is available for the backend service to which the route points, the original request accesses the fallback service that you specified.

      Note

      Only the fallback capability between HTTP services is supported.

      Timeout Period (s)

      Enter a timeout period. The default value is 60. If you set the value to 0, no timeout occurs.

      Number of Retries (times)

      Enter the number of retries. The default value is 2. If you set this value to 0, retry is not allowed.

      Retry Condition

      Select a retry condition.

      Retry Status Code

      Add one or more retry status codes.

    What to do next

    After you perform the preceding steps, you can manage the microservice applications that are deployed in your ACK cluster by using the cloud-native gateway. You can log on to the MSE console and perform service management for your applications by using the cloud-native gateway. You can also use the cloud-native gateway to perform operations such as testing requests, checking monitoring, configuring alerting, debugging policies, and integrating authentication. For more information, see Dive deeper into cloud-native gateways.