Co-author:

Peng Shan (former Mendix Product Director)

Xiao Yunong (General Manager of Tencent Cloud Middleware)

Jiang Biao (Mendix Technical Manager)

Han Xin (Technical Manager of Tencent Microservice Platform)

Liu Yan (Tencent Cloud Middleware Product Manager)

01. Overview

This document introduces the best solution for Siemens enterprise application development platform Mendix application to implement service governance using Tencent Cloud Microservice Platform (TSF). This solution is only used for the management of Mendix application services in a non-production environment. If you need the best solution for the production environment, you can contact the Siemens Mendix team and Tencent Cloud TSF team for consultation.

Business background

When companies have large applications that need to be split into multiple microservices, Mendix cannot meet all the functions of service governance without relying on any cloud platform, such as Mendix Cloud, Openshift, K8S, etc., for the operation of the Private Cloud environment Even more so. Even open source platforms such as K8S, Openshift, Mesos, Rancher, Docker-swarm container platform, etc. do not have strong service governance capabilities. For service governance frameworks with high code intrusions, SpringCloud, Dubbo, etc. are more difficult to develop for Mendix applications (for Mendix applications, you can currently customize the code through javaAction, and for Springcloud, the authority of custom code is far from enough), solid Not applicable; For professional non-code intrusive Service Mesh service governance frameworks, such as Istio, Linkerd, Nginmesh, Maistra, etc., a professional team is required to maintain it. The time cost and operation and maintenance cost greatly increase the project budget, so in Private A set of solutions to quickly implement service governance is required in the Cloud environment.

Possess a low-code way to create a large-scale enterprise-level application based on microservice clusters, help enterprises quickly apply the latest Internet technology, accelerate enterprise innovation, better support agile rapid iterative development, and improve overall IT management capabilities.

Scope of application

Use Tencent Cloud microservice platform TSF to implement service governance between Mendix applications.

Such as service routing, service current limit, service authentication rules. Users can perform fine-grained flow control in the form of configuration and weight labels to achieve functions such as gray-scale release, nearest routing, flow restriction, and access authority control.

TSF product link: https://cloud.tencent.com/document/product/649

TSF service governance capabilities

The Mesh microservice platform (Tencent Service Mesh Framework, TSF Mesh for short), based on the concept of Service Mesh, provides applications with service management capabilities such as automatic service registration and discovery, service routing, authentication, current limiting, and fusing, and the application does not need to be sourced Intrusive transformation of the code can be integrated with the service framework. For more information about TSF Mesh, click here to view: "Tencent Cloud Middleware Team's Practice and Exploration in Service Mesh" .

Through Tencent Cloud's TSF microservice platform, it provides solutions for governance between microservices developed by Mendix.

• Service online management to realize service visualization and full life cycle management

• Business custom labels, applied to user-defined service authentication and service routing rules

• API list and debugging, convenient for users to view API interface information and remote debugging

• Service statistics, providing service operation monitoring data, used to quickly locate service exceptions and discover system bottlenecks

• Service authentication to prevent illegal invocation of services

• Service current limit, protect one's own service, prevent traffic breakdown and cause system abnormality

• Service routing, gray release, canary release, blue-green release

• Service fuse. When a downstream service is unavailable or responds too slowly for some reason, the upstream service will not continue to call the target service and return directly in order to ensure the availability of its overall service. When the downstream service is restored, the upstream service will resume invocation.

• Log alarms to quickly discover system abnormalities.

• Real-time log, detection service startup log.

• Log retrieval to quickly find system abnormalities.

• The service relies on the topology and displays the panoramic view of the application service, which can be used to quickly locate service exceptions and discover system bottlenecks.

• Call chain query and details, quickly locate service exceptions in the interface dimension, and discover system bottlenecks.

• Flexible scaling, ensuring high service availability, reducing manual operations, and saving system resources.

• Full link grayscale release

• Distributed task scheduling, timing, periodic task execution, workflow orchestration

• Distributed transactions, data consistency guarantee across multiple databases.

• Microservice gateway, global service authentication, service routing, service management.

02. Preparation

TSF related preparations

In order to successfully complete this practice, you need to make the following preparations in advance:

Log in to the Tencent Cloud console, after registering and real-name authentication, log in to your Tencent Cloud account (go to the link: https://cloud.tencent.com).
Confirm that the Tencent Cloud account balance is greater than 100 yuan.
If you log in with the main account, you already have access permissions for all resources by default; if you log in with a sub-account, you need to grant relevant permissions in advance, you can go to (https://cloud.tencent.com/document/product/598/ 10600) See how to use the CAM strategy for authorization.
A machine that can access the public network (can be purchased on the Tencent Cloud CVM page), used to upload the Mendix application image.
Container service TKE.

03. Mendix image construction

Multiple microservices developed through Mendix Studio Pro

For example, ilink.mpk and native.mpk project packages, the two call each other's services.

Traditional Rest API call: http://ip:port.

The restored Rest API call, http://service-name/, uses the service name to implement mutual calls between services.

Build image

Download related script files

git clone https://github.com/mendix/docker-mendix-buildpack.git

File directory structure

├── Dockerfile

├── Dockerfile.rootfs.bionic

├── Dockerfile.rootfs.trusty

├── LICENSE

├── Makefile

├── README.md

├── scripts

│ ├── cleanupjdk

│ ├── compilation

│ ├── git

│ ├── startup

│ └── vcap_application.json

└── tests

├── docker-compose-azuresql.yml

├── docker-compose-k8s.yml

├── docker-compose-mysql.yml

├── docker-compose-postgres.yml

├── docker-compose-sqlserver.yml

├── stop.sh

└── test-generic.sh

Put the developed MPK package in the same directory as docker-mendix-buildpack

ilink.mpk and native.mpk are two microservices developed by Mendix. docker-mendix-buildpack-ilink and docker-mendix-buildpack-native are scripts related to these two app image building and container deployment. The main files include Dockerfile, Makefile, and startup files.

Makefile modification

before fixing:

After modification:

Create a nativeService.tar.gz file with the following content:

├── apis

└── └── native.yaml

├── logs

└── spec.yaml

##Spec.yaml文件主要是定义服务及健康检查相关的内容：apiVersion: v1kind: Applicationspec:  services:    - name: native      ports:        - targetPort: 8080          protocol: http      healthCheck:        path: /##native.yaml主要定义相关的api，不做强求，内容如下：openapi: 3.0.0info:  version: "1.0.0"  title: native servicepaths:  /api/v6/user/create:    get:      responses:        '200':           description: OK        '401':           description: Unauthorized        '402':           description: Forbidden        '403':           description: Not Found  /api/v6/user/account/query:    get:      responses:        '200':           description: OK        '401':           description: Unauthorized        '402':           description: Forbidden        '403':           description: Not Found  /health:    get:      responses:        '200':           description: OK        '401':           description: Unauthorized        '402':           description: Forbidden        '403':           description: Not Found

The location of the nativeService.tar.gz file is as follows:

In the same way, create the ilinkService.tar.gz file with the following content:

├── apis

└── └── native.yaml

├── logs

└── spec.yaml

##Spec.yaml文件主要是定义服务及健康检查相关的内容：apiVersion: v1kind: Applicationspec:  services:    - name: ilink      ports:        - targetPort: 8080          protocol: http      healthCheck:        path: /

Modify the Dockerfile file

The revised content is as follows:

Modify the startup file in the script directory

Add content at the end:

os.system('mkdir -p /opt/tsf/app_config/apis')os.system('cp /opt/app/nativeService/spec.yaml /opt/tsf/app_config/')os.system('cp -r /opt/app/nativeService/apis /opt/tsf/app_config/')

Image build

##make  get-sample     相当于解压文件到build文件夹##make  build-image    构建镜像并指定相应的镜像的tag

Need to pay attention to the file content modified by dockerfile

When the following content appears, the build is successful

Tencent Cloud's image warehouse function stores the built image

Instructions for use:

https://cloud.tencent.com/document/product/457/9118

Upload the locally built image package to the mirror warehouse

04. Tencent Microservice Platform

Create 2 cloud servers

For the specific creation process, please refer to: https://cloud.tencent.com/document/product/213/2936

Set up a security group:

Add the corresponding security rules:

reference:

https://cloud.tencent.com/document/product/213/12452

Log in to the microservice platform

Open the control panel and search for TSF:

Enter Tencent microservice platform TSF:

New cluster

This container cluster utilizes Tencent Cloud's container service TKE platform.

Import the cloud host, the following are already bound, just choose 2 cloud servers created between them.

Cluster information:

Including two cloud hosts.

New application

The same goes for:

New log configuration item

Configuration:

Add publishing rule:

New deployment group

New deployment

Need to check if there are enough resources before saving the next step

Similarly, create another mendix-ilink

Created:

Create a back-end database service

Open the container service platform

You can see the cluster created on the microservice platform just now and click on the cluster id:

New Deployment:

MYSQL_USER=mendixMYSQL_PASSWORD=mendixMYSQL_DATABASE=mendixMYSQL_ROOT_PASSWORD=root

Created mysql database service:

Pod management:

Create another database instance for mysql:

create  database  mxIlink;GRANT ALL ON *.* TO 'mendix'@'%';flush privileges ;

Add environment variables for microservice applications

Edit the yaml file:

Add content to one of them:

- name: ADMIN_PASSWORD   value: Password1! - name: DATABASE_URL    value: mysql://mendix:mendix@ilink-mysql:3306/mendix##另外一个添加内容：- name: ADMIN_PASSWORD   value: Password1! - name: DATABASE_URL    value: mysql://mendix:mendix@ilink-mysql:3306/mxIlink##两者数据库实例不同即可

When the number of pods is consistent with expectations, the application deployment is complete:

05 . Service Verification

Since we set up the host port to access the application before, the ports of the two applications are 30080 and 30089 respectively, which can be accessed through any cloud server.

New -> POST

POST the newly created Task to another microservice in the form of Rest, and GET will obtain the sent data from the other microservice, as shown below: