Co-author:
Peng Shan (former Mendix Product Director)
Xiao Yunong (General Manager of Tencent Cloud Middleware)
Jiang Biao (Mendix Technical Manager)
Han Xin (Technical Manager of Tencent Microservice Platform)
Liu Yan (Tencent Cloud Middleware Product Manager)
01. Overview
This document introduces the best solution for Siemens enterprise application development platform Mendix application to implement service governance using Tencent Cloud Microservice Platform (TSF). This solution is only used for the management of Mendix application services in a non-production environment. If you need the best solution for the production environment, you can contact the Siemens Mendix team and Tencent Cloud TSF team for consultation.
-
Business background
When companies have large applications that need to be split into multiple microservices, Mendix cannot meet all the functions of service governance without relying on any cloud platform, such as Mendix Cloud, Openshift, K8S, etc., for the operation of the Private Cloud environment Even more so. Even open source platforms such as K8S, Openshift, Mesos, Rancher, Docker-swarm container platform, etc. do not have strong service governance capabilities. For service governance frameworks with high code intrusions, SpringCloud, Dubbo, etc. are more difficult to develop for Mendix applications (for Mendix applications, you can currently customize the code through javaAction, and for Springcloud, the authority of custom code is far from enough), solid Not applicable; For professional non-code intrusive Service Mesh service governance frameworks, such as Istio, Linkerd, Nginmesh, Maistra, etc., a professional team is required to maintain it. The time cost and operation and maintenance cost greatly increase the project budget, so in Private A set of solutions to quickly implement service governance is required in the Cloud environment.
Possess a low-code way to create a large-scale enterprise-level application based on microservice clusters, help enterprises quickly apply the latest Internet technology, accelerate enterprise innovation, better support agile rapid iterative development, and improve overall IT management capabilities.
-
Scope of application
Use Tencent Cloud microservice platform TSF to implement service governance between Mendix applications.
Such as service routing, service current limit, service authentication rules. Users can perform fine-grained flow control in the form of configuration and weight labels to achieve functions such as gray-scale release, nearest routing, flow restriction, and access authority control.
TSF product link: https://cloud.tencent.com/document/product/649
-
TSF service governance capabilities
The Mesh microservice platform (Tencent Service Mesh Framework, TSF Mesh for short), based on the concept of Service Mesh, provides applications with service management capabilities such as automatic service registration and discovery, service routing, authentication, current limiting, and fusing, and the application does not need to be sourced Intrusive transformation of the code can be integrated with the service framework. For more information about TSF Mesh, click here to view: "Tencent Cloud Middleware Team's Practice and Exploration in Service Mesh" .
Through Tencent Cloud's TSF microservice platform, it provides solutions for governance between microservices developed by Mendix.
• Service online management to realize service visualization and full life cycle management
• Business custom labels, applied to user-defined service authentication and service routing rules
• API list and debugging, convenient for users to view API interface information and remote debugging
• Service statistics, providing service operation monitoring data, used to quickly locate service exceptions and discover system bottlenecks
• Service authentication to prevent illegal invocation of services
• Service current limit, protect one's own service, prevent traffic breakdown and cause system abnormality
• Service routing, gray release, canary release, blue-green release
• Service fuse. When a downstream service is unavailable or responds too slowly for some reason, the upstream service will not continue to call the target service and return directly in order to ensure the availability of its overall service. When the downstream service is restored, the upstream service will resume invocation.
• Log alarms to quickly discover system abnormalities.
• Real-time log, detection service startup log.
• Log retrieval to quickly find system abnormalities.
• The service relies on the topology and displays the panoramic view of the application service, which can be used to quickly locate service exceptions and discover system bottlenecks.
• Call chain query and details, quickly locate service exceptions in the interface dimension, and discover system bottlenecks.
• Flexible scaling, ensuring high service availability, reducing manual operations, and saving system resources.
• Full link grayscale release
• Distributed task scheduling, timing, periodic task execution, workflow orchestration
• Distributed transactions, data consistency guarantee across multiple databases.
• Microservice gateway, global service authentication, service routing, service management.
02. Preparation
TSF related preparations
In order to successfully complete this practice, you need to make the following preparations in advance:
-
Log in to the Tencent Cloud console, after registering and real-name authentication, log in to your Tencent Cloud account (go to the link: https://cloud.tencent.com).
-
Confirm that the Tencent Cloud account balance is greater than 100 yuan.
-
If you log in with the main account, you already have access permissions for all resources by default; if you log in with a sub-account, you need to grant relevant permissions in advance, you can go to (https://cloud.tencent.com/document/product/598/ 10600) See how to use the CAM strategy for authorization.
-
A machine that can access the public network (can be purchased on the Tencent Cloud CVM page), used to upload the Mendix application image.
-
Container service TKE.
03. Mendix image construction
-
Multiple microservices developed through Mendix Studio Pro
For example, ilink.mpk and native.mpk project packages, the two call each other's services.
Traditional Rest API call: http://ip:port.
The restored Rest API call, http://service-name/, uses the service name to implement mutual calls between services.
-
Build image
Download related script files
git clone https://github.com/mendix/docker-mendix-buildpack.git
File directory structure
├── Dockerfile
├── Dockerfile.rootfs.bionic
├── Dockerfile.rootfs.trusty
├── LICENSE
├── Makefile
├── README.md
├── scripts
│ ├── cleanupjdk
│ ├── compilation
│ ├── git
│ ├── startup
│ └── vcap_application.json
└── tests
├── docker-compose-azuresql.yml
├── docker-compose-k8s.yml
├── docker-compose-mysql.yml
├── docker-compose-postgres.yml
├── docker-compose-sqlserver.yml
├── stop.sh
└── test-generic.sh
Put the developed MPK package in the same directory as docker-mendix-buildpack
ilink.mpk and native.mpk are two microservices developed by Mendix. docker-mendix-buildpack-ilink and docker-mendix-buildpack-native are scripts related to these two app image building and container deployment. The main files include Dockerfile, Makefile, and startup files.
Makefile modification
before fixing:
After modification:
Create a nativeService.tar.gz file with the following content:
.
├── apis
└── └── native.yaml
├── logs
└── spec.yaml
##Spec.yaml文件主要是定义服务及健康检查相关的内容:
apiVersion: v1
kind: Application
spec:
services:
- name: native
ports:
- targetPort: 8080
protocol: http
healthCheck:
path: /
##native.yaml主要定义相关的api,不做强求,内容如下:
openapi: 3.0.0
info:
version: "1.0.0"
title: native service
paths:
/api/v6/user/create:
get:
responses:
'200':
description: OK
'401':
description: Unauthorized
'402':
description: Forbidden
'403':
description: Not Found
/api/v6/user/account/query:
get:
responses:
'200':
description: OK
'401':
description: Unauthorized
'402':
description: Forbidden
'403':
description: Not Found
/health:
get:
responses:
'200':
description: OK
'401':
description: Unauthorized
'402':
description: Forbidden
'403':
description: Not Found
The location of the nativeService.tar.gz file is as follows:
In the same way, create the ilinkService.tar.gz file with the following content:
.
├── apis
└── └── native.yaml
├── logs
└── spec.yaml
##Spec.yaml文件主要是定义服务及健康检查相关的内容:
apiVersion: v1
kind: Application
spec:
services:
- name: ilink
ports:
- targetPort: 8080
protocol: http
healthCheck:
path: /
Modify the Dockerfile file
The revised content is as follows:
Modify the startup file in the script directory
Add content at the end:
os.system('mkdir -p /opt/tsf/app_config/apis')
os.system('cp /opt/app/nativeService/spec.yaml /opt/tsf/app_config/')
os.system('cp -r /opt/app/nativeService/apis /opt/tsf/app_config/')
Image build
##make get-sample 相当于解压文件到build文件夹
##make build-image 构建镜像并指定相应的镜像的tag
Need to pay attention to the file content modified by dockerfile
When the following content appears, the build is successful
Tencent Cloud's image warehouse function stores the built image
Instructions for use:
https://cloud.tencent.com/document/product/457/9118
Upload the locally built image package to the mirror warehouse
04. Tencent Microservice Platform
Create 2 cloud servers
For the specific creation process, please refer to: https://cloud.tencent.com/document/product/213/2936
Set up a security group:
Add the corresponding security rules:
reference:
https://cloud.tencent.com/document/product/213/12452
Log in to the microservice platform
Open the control panel and search for TSF:
Enter Tencent microservice platform TSF:
New cluster
This container cluster utilizes Tencent Cloud's container service TKE platform.
Import the cloud host, the following are already bound, just choose 2 cloud servers created between them.
Cluster information:
Including two cloud hosts.
New application
The same goes for:
New log configuration item
Configuration:
Add publishing rule:
New deployment group
New deployment
Need to check if there are enough resources before saving the next step
Similarly, create another mendix-ilink
Created:
Create a back-end database service
Open the container service platform
You can see the cluster created on the microservice platform just now and click on the cluster id:
New Deployment:
MYSQL_USER=mendix
MYSQL_PASSWORD=mendix
MYSQL_DATABASE=mendix
MYSQL_ROOT_PASSWORD=root
Created mysql database service:
Pod management:
Create another database instance for mysql:
create database mxIlink;
GRANT ALL ON *.* TO 'mendix'@'%';
flush privileges ;
Add environment variables for microservice applications
Edit the yaml file:
Add content to one of them:
- name: ADMIN_PASSWORD
value: Password1!
- name: DATABASE_URL
value: mysql://mendix:mendix@ilink-mysql:3306/mendix
##另外一个添加内容:
- name: ADMIN_PASSWORD
value: Password1!
- name: DATABASE_URL
value: mysql://mendix:mendix@ilink-mysql:3306/mxIlink
##两者数据库实例不同即可
When the number of pods is consistent with expectations, the application deployment is complete:
05 . Service Verification
Since we set up the host port to access the application before, the ports of the two applications are 30080 and 30089 respectively, which can be accessed through any cloud server.
New -> POST
POST the newly created Task to another microservice in the form of Rest, and GET will obtain the sent data from the other microservice, as shown below:
Task data received by another microservice platform:
When building the image, the Rest API was mentioned. The traditional way is ip+port, and now it can be called directly using service-name.
Traditional way:
The way now:
Call each other in the same way
Service management related functions such as service registration and service discovery are provided by TSF.
06. Microservice governance
Service governance query
Currently, the services we deploy are all instances, which can be elastically scaled through the container service platform.
Service dependent topology
The dependency relationship between the two services is shown in the figure above.
Call overview:
Call chain query:
TraceId tracking:
Service monitoring
Service health status:
Delay status code statistics:
Log service
Since the log configuration item has been created before, the log can be retrieved through the TSF log service.
Through a variety of query methods such as basic query, Lucene syntax, regular expressions. As follows:
For more information, please visit the following link:
Mendix official website: https://www.mendix.com/zh/
Mendix industry solutions: https://solutions.mendix.com/
Mendix platform guide: https://www.mendix.com/evaluation-guide/
Mendix animation display: https://www.mendix.com/demos/