You can use canary release of frontend applications with monitoring and rollback policies to create a powerful mechanism that ensures system stability. The coordination of the three policies can help maintain high performance and high stability of frontend applications along with continuous iterations and updates of the applications. This topic describes how to configure a Microservices Engine (MSE) cloud-native gateway to implement a canary release on frontend applications.
Implement an end-to-end canary release
In microservices scenarios, calls among applications are random. If a new version is available for the Spring Cloud application or Dubbo application that you deploy, traffic that has specified characteristics may not be routed to the new version of the application. To implement an end-to-end canary release, you can use the canary release of frontend applications together with the end-to-end canary release based on cloud-native gateways provided by MSE.
Every request from a front-end user passes through the Cloud-native Gateway, where it is authenticated by the permission system, which then adds a unique user identifier, such as userid: 001, to the request's cookie.
The gateway is configured with a frontend-gray plug-in that maps and forwards grayscale traffic based on its configured rules.
Prerequisites
A Container Service for Kubernetes (ACK) managed cluster is created. For more information, see Create an ACK managed cluster.
An MSE cloud-native gateway is created. For more information, see Create an MSE cloud-native gateway.
Implement a canary release on frontend applications by using MSE Ingress gateways
Install MSE Ingress Controller, and use an MSE Ingress gateway to access the ACK cluster. For more information, see Use MSE Ingress gateways to access services in ACK clusters and ACS clusters.
Step 1: Deploy applications in the ACK cluster
For more information about how to deploy an application, see Create a stateless application by using a Deployment.
Step 2: Configure the frontend-gray plug-in in the MSE console
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Plug-in Marketplace.
On the Plug-in Marketplace page, search for
frontend-grayand click thefrontend-grayplug-in card.On the page that appears, click the Plug-in Configuration tab, select Domain-level plug-in rules in the Rule Levels section, and then click Add Rule. In the Add Rule panel, configure the following rule. For configuration details, see Configure rules.
grayKey: userid rules: - name: beta-user grayKeyValue: - "00000002" - "00000003" baseDeployment: version: base grayDeployments: - name: beta-user version: gray enabled: trueTurn on the Enable switch. In the Target drop-down list, select
*(all domains). Click OK.
Step 3: Verify the result
Log in to the Container Service for Kubernetes (ACK) console. In the left-side navigation pane, click Clusters. On the Clusters page, click your cluster. On the cluster details page, go to Network > Routes to find the public endpoint.
In the route list, you can see two MSE gateway-based Ingresses: frontend-base-ingress (rule:
/→ frontend-base-svc) and frontend-gray-ingress (rule:/→ frontend-gray-svc). Copy the endpoint address from the Endpoint column of frontend-base-ingress for later verification.Access the public endpoint
nlb-qv04p*******cn-hangzhou.nlb.aliyuncsslb.com. Log in with theadmin/iceaccount to access the base version. The user ID is 00000001.Access the public endpoint
nlb-qv04p*******cn-hangzhou.nlb.aliyuncsslb.com. Log in with the standard user accountuser/iceto access the canary version. The user ID is 00000002.
Implement a canary release on frontend applications by using ACK clusters
Step 1: Deploy applications in the ACK cluster
For more information about how to deploy an application, see Create a stateless application by using a Deployment.
Step 2: Configure the frontend-gray plug-in in the MSE console
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Plug-in Marketplace.
On the Plug-in Marketplace page, search for
frontend-grayand click thefrontend-grayplug-in card.On the page that appears, click the Plug-in Configuration tab, select Domain-level plug-in rules in the Rule Levels section, and then click Add Rule. In the Add Rule panel, configure the following rule. For configuration details, see Configure rules.
grayKey: userid rules: - name: beta-user grayKeyValue: - "00000002" - "00000003" baseDeployment: version: base grayDeployments: - name: beta-user version: gray enabled: trueTurn on the Enable switch. In the Target drop-down list, select
*(all domains). Click OK.
Step 3: Add a service source for the gateway
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Routes. Then, click the Source tab.
Click Add Source. In the Add Source panel, set Source Type to Container Service. For ACK/ASK/ACS Cluster, select the ACK cluster that you created, and then click OK.
Turn on the Listen to K8s Ingress switch. By default, the gateway listens for Ingress resources in all namespaces. To change this, click Custom. In the Security Group Authorization section, confirm the security group and port range, which defaults to
1/65535.
Step 4: Add a service
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Routes. Then, click the Services tab.
Click Add Service. In the Add Service panel, configure the service parameters, and then click OK.
Set Service Source to Container Service. For Namespace, select default. In the service list, select the checkboxes for frontend-base-svc and frontend-gray-svc.
Step 5: Add a base route
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
-
In the navigation pane on the left, click Routes. On the Routes tab, click Add Route.
On the Add Route page, configure the parameters, and click Save and Advertise.
Set Route Name to
base-route. For Path, select Prefix is and enter/. For Destination, select Single Service. For Service Name, selectfrontend-base-svc. Set Service Protocol toHTTP, Service Port to80, and Timeout to60seconds.
Step 6: Add a canary route
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
-
In the navigation pane on the left, click Routes. On the Routes tab, click Add Route.
On the Add Route page, configure the parameters, and click Save and Advertise.
Set Route Name to
gray-routeand Domain to*. For Path, select prefix match and enter/. In the Request Header section, add a new entry: set Header Name tox-higress-tag, Condition to Prefix is, and Value togray. For Destination, select Single Service and selectfrontend-gray-svcas the Service Name. Set the service protocol to HTTP and the port to 80.NoteThe value
grayrepresents the canary version and corresponds to thegrayDeployments.versionsetting in thefrontend-grayplug-in configuration.
Step 7: Verify the result
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
On the Overview page, click the Endpoint tab to view the public endpoint.
Confirm that an endpoint address has been generated for the NLB instance and that the Association Status is Associated.
Access the public endpoint
nlb-qv04p*******cn-hangzhou.nlb.aliyuncsslb.com. Log in with theadmin/iceaccount to access the base version. The user ID is 00000001.Access the public endpoint
nlb-qv04p*******cn-hangzhou.nlb.aliyuncsslb.com. Log in with the standard user accountuser/iceto access the canary version. The user ID is 00000002.
Implement a canary release on frontend applications by using ECS instances
Step 1: Deploy two frontend application versions on an ECS instance
Base application endpoint:
120.***.137.243:80Canary application endpoint:
120.***.137.243:8081
Step 2: Add a service
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Routes. Then, click the Services tab.
Click Add Service. In the Add Service panel, set Fixed Address to Fixed Address, configure the service parameters, and then click OK.
Set Service Name to
frontend-base-svc. For Service Address, enter the IP address and port of the server inip:portformat. Use a new line for each address. If you use a public IP address, you must configure a NAT gateway in the VPC. Set TLS Mode to Disable, and then click OK.
Step 3: Add a base route
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the navigation pane on the left, click Routes. On the Routes tab, click Add Route.
On the Add Route page, configure the parameters, and click Save and Advertise.
Set Route Name to
base-route. For Path, select Prefix is and enter/. For Destination, select Single Service. For Service Name, selectfrontend-base-svc. Set Service Protocol toHTTP, Service Port to80, and Timeout to60seconds.
This section describes the parameters for the canary service. Set Service Name to frontend-gray-svc. For Service Address, enter the IP address and port of the target service in ip:port format. Use a new line for each address. If you use a public IP address, you must configure a NAT gateway in the VPC. Set TLS Mode to Disable.
Step 4: Add a canary route
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the navigation pane on the left, click Routes. On the Routes tab, click Add Route.
On the Add Route page, configure the parameters, and then click Save and Advertise.
NoteThe value
grayrepresents the canary version and corresponds to thegrayDeployments.versionsetting in thefrontend-grayplug-in configuration.Set Route Name to
gray-routeand Domain to*. For Path, select prefix match and enter/. In the Request Header section, add a new entry: set Header Name tox-higress-tag, Condition to Prefix is, and Value togray. For Destination, select Single Service and selectfrontend-gray-svcas the Service Name. Set the service protocol to HTTP and the port to 80.
Step 5: Configure the frontend-gray plug-in in the MSE console
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Plug-in Marketplace.
On the Plug-in Marketplace page, search for
frontend-grayand click thefrontend-grayplug-in card.On the page that appears, click the Plug-in Configuration tab, select Domain-level plug-in rules in the Rule Levels section, and then click Add Rule. In the Add Rule panel, configure the following rule. For configuration details, see Configure rules.
grayKey: userid rules: - name: beta-user grayKeyValue: - "00000002" - "00000003" baseDeployment: version: base grayDeployments: - name: beta-user version: gray enabled: trueTurn on the Enable switch. In the Target drop-down list, select
*(all domains). Click OK.
Step 6: Verify the result
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
On the Overview page, click the Endpoint tab to view the public endpoint.
Confirm that an endpoint address has been generated for the NLB instance and that the Association Status is Associated.
Access the public endpoint
nlb-qv04p*******cn-hangzhou.nlb.aliyuncsslb.com. Log in with theadmin/iceaccount to access the base version. The user ID is 00000001.Access the public endpoint
nlb-qv04p*******cn-hangzhou.nlb.aliyuncsslb.com. Log in with the standard user accountuser/iceto access the canary version. The user ID is 00000002.
Implement a canary release on frontend applications by using CDN or OSS
Step 1: Prepare an OSS file
Step 2: Add a service
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Routes. Then, click the Services tab.
Click Add Service. In the Add Service panel, set DNS Domain Name to DNS Domain Name, enter the OSS address in the domain list, and then click OK.
Set Service Name to
static-oss, Service Port to80, and TLS Mode to Disable.ImportantIf OSS and the gateway are deployed in the same region, we recommend that you enter the internal endpoints of OSS. If OSS and the gateway are not deployed in the same region, enter the public endpoints.
Step 3: Add a route
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the navigation pane on the left, click Routes. On the Routes tab, click Add Route.
On the Add Route page, configure the parameters, and click Save and Advertise.
Example parameters: Set Route Name to
project-a-app-1. Set Domain to *. For Path, select Prefix is, enter/app1, and select the Case-sensitive checkbox. For Destination, select Single Service. In the backend service section, select static-oss as the Service Name, HTTP as the Service Protocol, and 80 as the Service Port. Set Timeout to 60 seconds.
Step 4: Configure the frontend-gray plug-in in the MSE console
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways.
-
On the Gateways page, click the ID of the gateway.
-
In the left-side navigation pane, click Plug-in Marketplace.
On the Plug-in Marketplace page, search for
frontend-grayand click thefrontend-grayplug-in card.On the page that appears, click the Plug-in Configuration tab, select Domain-level plug-in rules in the Rule Levels section, and then click Add Rule. In the Add Rule panel, configure the following rule. For configuration details, see Configure rules.
grayKey: userid rules: - name: beta-user grayKeyValue: - "00000002" - "00000003" rewrite: host: xx.oss-cn-shanghai.aliyuncs.com ## OSS endpoint indexRouting: "/app1": "/project-a/app1/{version}/index.html" # Path rewrite of the HTML home page fileRouting: "/app1": "/project-a/app1/{version}" # Path rewrite of resources such as CSS properties, JavaScript scripts, and images baseDeployment: version: dev grayDeployments: - name: beta-user version: 0.0.1 enabled: true
Step 5: Verify the result
-
Log on to the MSE console. In the top navigation bar, select a region.
-
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
On the Overview page, click the Endpoint tab to view the public endpoint.
Confirm that an endpoint address has been generated for the NLB instance and that the Association Status is Associated.
Access the public endpoint
nlb-qv04p*******cn-hangzhou.nlb.aliyuncsslb.com. Log in with theadmin/iceaccount to access the base version. The user ID is 00000001.Access the public endpoint
nlb-qv04p*******cn-hangzhou.nlb.aliyuncsslb.com. Log in with the standard user accountuser/iceto access the canary version. The user ID is 00000002.
FAQ
Can I configure rewrite policies and canary releases on frontend applications at the same time?
If the service source is not CDN or OSS, you can configure canary releases of frontend applications and rewrite policies at the same time and make them take effect.
If the service source is CDN or OSS, you cannot configure canary releases of frontend applications and rewrite policies at the same time. This is because the relevant rewrite policies are already implemented in the frontend-gray plug-in. If you configure a rewrite policy, conflicts may occur. As a result, errors such as the status code 403 are returned.
Can I inject some global variables into the HTML home page?
Inject some global JavaScript scripts into the <head> tag (usually properties such as CSS styles) of the HTML page, or into the first and last positions of the <body> tag of the HTML page.
Use injection to inject code into the HTML home page. You can inject code into the <head> tag, or into the first and last positions of the <body> tag.
grayKey: userid
rules:
- name: inner-user
grayKeyValue:
- '00000001'
- '00000005'
baseDeployment:
version: base
grayDeployments:
- name: beta-user
version: gray
enabled: true
weight: 80
injection:
head:
- <script>console.log('Header')</script>
body:
first:
- <script>console.log('hello world before')</script>
- <script>console.log('hello world before1')</script>
last:
- <script>console.log('hello world after')</script>
- <script>console.log('hello world after2')</script>When does a canary version take effect?
Assume a user is on version 0.0.1 of a frontend application. If you release version 0.0.2 and the user matches the canary rule, does the new version take effect immediately?
This is due to the following reasons:
If the canary version needs to take effect in real time, the backend needs to dynamically control the version. Frontend release cannot decouple from backend release. CDN acceleration cannot be performed because page stability strongly depends on the interface.
If the canary version takes effect in real time, when customers use a specific feature, a button in use may become unavailable at any time. This results in poor user experience.
When can I refresh a page?
In most cases, you need to re-log on to a website after a session times out.
You can log on to the application on the logon page.
Therefore, the page should be refreshed during the login process to fetch the latest canary release information. The following example shows the frontend login code:
async function handleLogin(values: LoginParams) {
try {
const result = await login(values);
if (result.success) {
message.success ('Logon succeeded. ');
await updateUserInfo();
const urlParams = new URL(window.location.href).searchParams;
window.location.href = `${urlParams.get('redirect') || '/'}`;
return;
}
console.log(result);
// Configure an error message that is returned for logon failures. The following code shows a sample error message.
setLoginResult(result);
} catch (error) {
message.error('Logon failed. Try again. ');
console.log(error);
}
}