Cloud-native gateways for Microservices Engine (MSE) are next-generation gateways that are compatible with Kubernetes Ingress. Cloud-native gateways can serve as traditional network gateways and microservice gateways, which reduces the resource cost by 50%. MSE cloud-native gateways support service discovery based on multiple sources such as Container Service for Kubernetes (ACK) and Nacos instances. MSE cloud-native gateways also support multiple logon authentication methods to provide security protection.
Features
Feature | Description | References |
Security authentication | Integrates with a logon authentication system to ensure the security of your applications. Cloud-native gateways support SSL and TLS certificates, IP address whitelists and blacklists, authentication, and traffic scrubbing. The authentication methods include JSON Web Token (JWT) authentication, OpenID Connect (OIDC) authentication, and Alibaba Cloud Identity as a Service (IDaaS) authentication. | |
Observability | Supports global dashboards, gateway monitoring, log retrieval, top workload ranking, log shipping, tracing analysis, and alert management. | |
Traffic governance | Provides multiple service governance features, such as traffic throttling, service degradation, service discovery, service routing, traffic tagging, and timeout settings. Cloud-native gateways also provide support for multiple service registries. | |
High availability | Uses the Envoy proxy and can serve as Kubernetes Ingresses and microservice gateways. Cloud-native gateways support overload protection, graceful start and shutdown, multi-zone disaster recovery, auto scaling, and fault self-healing. A service-level agreement (SLA) of up to 99.95% is provided. |
Benefits
Cloud-native gateways provide the following benefits:
Cost savings
Cloud-native gateways for MSE can serve as network gateways, such as Kubernetes Ingresses and NGINX Ingresses. Cloud-native gateways can also serve as microservice gateways, such as Spring Cloud Gateway and Zuul. This reduces the resource cost by 50%. Cloud-native gateways also reduce the round-trip time (RTT) and simplify O&M.
Security
Supports JWT authentication.
Supports OIDC authentication based on OAuth 2.0.
Seamless integration
Seamlessly integrates with container service and microservice systems, and supports service discovery based on Nacos, Eureka, or Kubernetes.
Supports Dubbo 3.0 and graceful shutdown.
Seamlessly integrates with logging and monitoring systems. You can view key metrics that indicate the performance of a cloud-native gateway and metrics that show potential risks. This way, you can easily troubleshoot issues.
Seamlessly integrates with a certificate system, which simplifies certificate management.
High availability
Cloud-native gateways for MSE are developed based on the internal services of Alibaba Group and can handle hundreds of thousands of requests per second during the Double 11 event of 2020. Cloud-native gateways are used in a wide array of business systems within Alibaba Group, such as Alipay, DingTalk, Taobao, Tmall, Youku, Fliggy, and Koubei.