Microservices Engine (MSE) is a managed platform for service registry, microservices governance, and API gateway management. MSE consists of three sub-products:
Microservices Registry -- Managed instances of Nacos, ZooKeeper, or Eureka for service registration and configuration management.
Microservices Governance -- Traffic management, release control, and testing for microservice applications.
Cloud-native Gateway -- An API gateway with built-in routing, security, and traffic control.
The following sections define the terms used across MSE.
Microservices Registry
Microservices Registry provides managed instances of mainstream open-source registry engines. The following terms apply to service registration and configuration management.
MSE instance
An MSE instance is a managed registry engine that contains N nodes. MSE supports three instance types:
Nacos instance -- Based on Apache Nacos, for service discovery and configuration management.
ZooKeeper instance -- Based on Apache ZooKeeper, for distributed coordination.
Eureka instance -- Based on Netflix Eureka, for service discovery.
Namespace
A namespace isolates resources and services within an MSE instance. Use namespaces to separate environments such as development, test, and production. Service calls and configuration pushes in one namespace do not affect other namespaces.
For more information, see Manage a namespace.
Engine specifications
Engine specifications define the compute resources allocated to a Microservices Registry instance.
| Cores | Memory |
|---|---|
| 1 | 2 GiB |
| 2 | 4 GiB |
| 4 | 8 GiB |
| 8 | 16 GiB |
| 16 | 32 GiB |
Select a specification based on the number of services and configuration items the instance handles. For more information, see Estimate instance capabilities.
IP address whitelist
An IP address whitelist restricts which public IP addresses or Classless Inter-Domain Routing (CIDR) blocks can access an MSE instance. Only whitelisted addresses can reach the instance.
For more information, see Configure a public IP address whitelist.
Access authentication
Access authentication protects MSE Nacos instances from unauthorized access. When enabled, all requests to the instance must include valid credentials. This prevents unauthorized users from reading or modifying instance data.
For more information, see Configure access authentication for Nacos.
Canary release for Microservices Registry
Canary release allows you to release and verify a configuration based on a specified configuration percentage before it is officially released. This reduces configuration push risks by validating changes incrementally.
For more information, see Configure canary release.
Microservices Governance
Microservices Governance provides traffic management and release control for microservice applications. The following terms apply to service-level policies and testing.
Service authentication
Service authentication controls which applications can call a specific microservice. Define authentication rules to allow only authorized callers. The microservice rejects requests from applications that do not match the rules.
For more information, see Configure service authentication.
Graceful shutdown
Graceful shutdown makes an application restart or shutdown invisible to its consumers. In-flight requests complete before the instance goes offline, which prevents request failures and maintains business continuity.
For more information, see Configure graceful shutdown.
Tag-based routing
Tag-based routing groups service providers by tags and routes traffic to specific groups. Assign tags to one or more service providers to create a group, then configure routing rules to direct traffic to that group. For example, use tag-based routing to isolate test traffic or route requests to specific versions.
For more information, see Configure tag-based routing.
Automated regression
Automated regression orchestrates test services based on service contract information and manages test cases for regression testing. Use automated regression to run service-level tests and verify service behavior before delivery.
Canary release for Microservices Governance
Canary release for Microservices Governance targets non-Java microservice applications deployed in Container Service for Kubernetes (ACK) clusters, ACK Serverless clusters, or self-managed non-Java applications registered with ACK. Route a specified percentage of traffic to the new version, verify stability, and then complete the upgrade or roll back.
For more information, see Configure a canary release.
Service contract
A service contract describes microservice interfaces based on the OpenAPI Specification (OAS). After deploying an application, view its API information -- including interface definitions and paths -- through service contracts, without creating additional dependencies.
For more information, see View service contracts.
Cloud-native Gateway
Cloud-native Gateway is a managed API gateway that handles routing, security, and traffic control at the network edge. The following terms apply to gateway configuration and policies.
Domain name
A domain name maps incoming requests to gateway routes. Each domain name manages its own protocol settings, TLS certificates, and route configurations. Wildcard domain names are supported. For example, *.hello.com matches subdomains such as 1.hello.com and 2.hello.com.
For more information, see Associate domain names with a Cloud-native Gateway.
Service source
A service source connects the gateway to your backend services. Cloud-native Gateway supports two service source types:
ACK cluster -- A Container Service for Kubernetes cluster where backend services are deployed.
MSE Nacos instance -- A Nacos registry where backend services are registered.
After you add a service source, the gateway dynamically discovers your backend services and keeps the service list up to date.
For more information, see Add a service source.
Throttling
Throttling limits the rate of incoming requests to prevent backend services from being overwhelmed. Without throttling, a sudden traffic spike can overload services and trigger cascading failures across your architecture.
For more information, see Configure a throttling policy.
IP address blacklist
An IP address blacklist rejects API requests from specific IP addresses or CIDR blocks. Use blacklists alongside whitelists to build layered access control at the gateway level.
For more information, see Configure IP address blacklists and whitelists for gateways.
CORS
Cross-origin resource sharing (CORS) controls whether a browser allows web pages from one origin to access resources on a different origin. Configure CORS policies on the gateway to enable secure cross-origin API calls from frontend applications.
For more information, see Configure a CORS policy.
JWT authentication
JSON Web Token (JWT) authentication verifies the identity of API callers by using token-based credentials. When a request arrives at the gateway, JWT authentication validates the token and determines whether to grant access to the requested resource.
For more information, see Configure JWT authentication.
Billing
MSE offers two billing methods and multiple editions.
Subscription
Subscription is a prepaid billing method. Purchase an MSE resource for a specified period of time before use.
Pay-as-you-go
Pay-as-you-go is a postpaid billing method. Provision and release resources on demand, and pay only for actual resource consumption.
Basic Edition
The Basic Edition provides managed instances of three engine types: Nacos, ZooKeeper, and Eureka. For more information, see Select an edition.
Professional Edition
The Professional Edition extends the Basic Edition with authentication and encryption capabilities. It supports up to nine times the number of instances available in the Basic Edition.
For more information, see Select an edition.
VPC
A virtual private cloud (VPC) is a logically isolated private network on Alibaba Cloud. VPCs are separated from each other through tunnel technology. Within a VPC, you can configure custom IP address ranges, route tables, and gateways to control network topology.