I. Introduction
II Selection quasi-side
three micro-services infrastructure core concern
Fourth, service selection framework
V. support service selection runs
six service monitoring selection of
seven service fault-tolerant selection of
eight back-office services Selection
nine, service security selection
ten, service deployment platform selection
XI, written in the last
I. Introduction
2014 can be considered the first year of 1.0 micro-services, then there are several landmark event
First, Martin Fowler published a "Microservices" an article on his blog, the official presentation of micro-services architecture style;
Second, Netflix micro Services Architecture After years of large-scale production-proven, eventually landing abstract form the basis of a set of open-source micro-services components, collectively NetflixOSS, Netflix's success began to be recognized and respected industry;
Third, Pivotal will NetflixOSS open source micro-service components into its Spring system, the introduction of micro-Spring Cloud services development technology stack.
Fast forward three years in the past, micro-ecological technology service great changes took place, container, PaaS, Cloud Native, gRPC, ServiceMesh, Serverless and other new technologies and new ideas you Changba me play, we knew we came to the micro-service 2.0 times .
In recent years, usually based on practical experience and learning accumulated in the micro aspects of the services infrastructure, I would like to summarize and present some ideas to build micro-Selection Service 2.0 technology stack for you in front-line combat architects, engineers refer to reference.
For some have not yet mature open source products and services to support micro-module, I will give some custom design ideas from the research.
Second, the selection of the quasi-side
For technology selection, I personally have a lot of criteria, the following three are the most important:
1. Production level
We chose technology stack is to solve real business problems and the production of anti-traffic (select inadvertently can cause accidents production level), rather than simply be a POC or Demo show, so the production level (Production Ready), can be operation and maintenance ( Ops Ready), governability, mature and stable technology is our first choice;
2. floor product line of Internet companies
We will maximize the use of open source in the ground and line Internet companies, and create a good product reputation in the community, they have been through traffic impact, the pit has basically been filled in these companies, and accepted community to form a good community ecology ( Appendix section of this article will give all recommended github link or reference to open-source projects.).
3. The open source community activity
The number of stars on Github is an important indicator, and it will refer its code and documentation update frequency (especially in recent years), these indicators of community open source products direct response activity or vitality.
In addition, body mass for different business and corporate, team size technical selection criteria are often different, and start-up companies in the technology selection level BAT's technology selection criteria may be completely different.
In this paper, for the daily flow of more than 10 million R & D team size less than 50-person company, if less than the size of this I recommend a careful assessment of whether you really need micro-services architecture.
Considering the background experience of Java language in the country and my personal popularity, this article is targeted at enterprise Java technology stack.
This article also assumes that self-built micro-services infrastructure, in fact, there are some products corresponding cloud services can be used directly, and the use of self-built cloud services have advantages and disadvantages, architects need a comprehensive trade-offs based on the context of the scene.
Third, micro-services infrastructure, the core concern
Mind map below mango color marked seven modules, I think it is to build a micro-service technology stack 2.0 core module selection later in this article will expand on these modules respectively.
For each module I have listed some of the core concerns architecture, the choice of a specific product, you need to cover these concerns as possible.
Below is the expert made reference to Huawei Technologies Wang Lei of "Design and micro ecosystem services" [Appendix 12.46] is based on the combination of their own practice to adjust from, at the same time I want to share the first-line architects or engineers reference, pink module is marked and micro service most closely module, when we do the technical selection, this system can be controlled at the same time.
Fourth, service selection framework
Services Framework is a relatively mature field, there are too many options. Spring Boot / Cloud [Appendix 12.1] due to the endorsement of influential community of Spring and Netflix, the current can be considered a standard for building Java Micro community services, Spring Boot Star currently has over 20k on github.
Spring-based frame can be considered essentially a RESTful frame (frame not RPC), protocol sequences of the JSON mainly text-based, based on the general protocol HTTP.
RESTful framework of natural support cross-language, any language as long as the HTTP client can access the call, but the client usually requires its own analytical payload.
Spring framework also supports various presently Swagger contract programming model can be generated based on various contracts strongly typed languages client, greatly facilitate the application of the access stacks in different languages, but because the weak properties RESTful frame contract specifications and Swagger generated language client interoperability is still a lot of the pit.
Dubbo [Appendix 12.2] Ali for many years to build production-level distributed micro-crystal technology services, service management capability is very rich, the technical community in the country has great influence, there are more than 16k star on github.
On Dubbo is essentially a set of Java-based RPC framework, Dangdang Dubbox extended exposure to Dubbo support RESTful interface capability.
Dubbo mainly for Java technology stack, insufficient cross-language support is one of its weaknesses, the other because the capacity to govern too rich, that this framework is relatively heavy, totally good use of this framework threshold is relatively high
But if your business is essentially investment in Java technology stack, choose Dubbo allows you to stand on a higher starting point in the service framework, whether it is performance and service management capabilities enterprise-class, Dubbo are doing very well.
Sina microblogging open source Motan (github 4k stars) is also good, Dubbo similar function and can be considered a lightweight cropped version of Dubbo.
GRPC [Appendix 12.3] Google is a push in recent years, a new RPC frame, strong protobuf contract based programming model can automatically generate a variety of client language, and to ensure interoperability.
Support HTTP2 is a major highlight gRPC, the HTTP communication layer performance ratio has improved significantly.
Protobuf high-performance serialization protocol has a long history and good reputation in the community, coupled with Google's endorsement and community influence, is now gRPC also more fire, more than 13.4k stars on github.
The moment gRPC more suitable for internal service calls each scenario, external exposure HTTP RESTful interfaces can be achieved, but more trouble (with the need gRPC Gateway), so for the external API exposure scenarios may also need to introduce a second set of HTTP RESTful framework as a supplement.
Overall gRPC this thing is still relatively new, the community benefits HTTP2 to bring consensus has not yet formed, it is recommended cautious investment, we can do some pilot.
Fifth, the run-time support service selection
Run-time support services include service registry, service routing gateways and centralized distribution center three products.
Service registry , if Spring Cloud system, select Eureka [Appendix 12.4] is the best match, Eureka at Netflix through mass production verification, support across data centers, client Ribbon can be achieved with flexible load client software
Eureka currently has more than 4.7k stars on github; Consul [Appendix 12.5] is also a good choice, natural support across data centers, also supports the storage and flexible model KV health inspection capabilities, there are more than 11k star on github.
Services Gateway is a relatively mature field, there are many options. If Spring Cloud system, select Zuul [Appendix 12.6] is the best match, Zuul in Netflix through large-scale production-proven, flexible support for dynamic scripting filter mechanism, asynchronous inadequate performance (based on asynchronous delay in the launch of Zuul Netty formal edition). Zuul Gateway currently has more than 3.7k stars on github.
Based on Nginx / OpenResty the API Gateway Kong [Appendix 12.7] currently more fire on github, there are more than 14.1k stars. Because the use of Nginx core, strong performance asynchronous Kong, in addition to lua-based plug-in mechanism more flexible, plug-ins community is relatively abundant, from security to have a current-limiting fuse, there are many open source management interface to centrally manage the cluster Kong .
Configuration Center , Spring Cloud comes with Spring Cloud Config [Appendix 12.8] (github 0.75k stars), personally think that is not really production-level, many governance deficit, small-scale scenes can try.
Ctrip personally recommend the Apollo [Appendix 12.9] distribution center in Ctrip production-level verification, with a high availability configuration with immediate effect (push - pull), configuration auditing and versioning, multi-environment multi-cluster support and other production-level features, the proposed the need for large-scale centralized configuration management of enterprises to adopt. Apollo currently has more than 3.4k stars on github.
Sixth, service monitoring Selection
Including log monitoring, call chain monitoring, Metrics monitoring, health checks and alarm notification products.
ELK log can now be considered standard monitored, fully functional out of the box, Elasticsearch [Appendix 12.10] There are currently more than 28.4k stars on github. Elastalert [Appendix 12.11] (github 4k stars) is open for ELK Yelp alarm notification module.
Call chain monitoring is currently the mainstream community Comments CAT [Appendix 12.12] (github 4.3k stars), is now maintained by the open source community before OpenZipkin Twitter Zipkin [Appendix 12.13] (github 7.5k stars) and Naver open source Pinpoint [Appendix 12.14] ( github 5.3k stars).
Comments personally recommend open source CAT, have landed in case reviews and a number of domestic Internet companies, production-level features and a better ability to govern, while CAT comes with an alarm module. Here is my evaluation form before for three products, for reference.
Metrics to monitor mainly depends on the time-series database (TSDB), currently more mature products are based on open-source HBase StumbleUpon company's OpenTSDB [Appendix 12.15] (based on Cassandra's KariosDB [Appendix 12.16] is also an option, github 1.1k stars, it is essential on OpenTSDB is a modified version for Cassandra's), OpenTSDB has the ability to be distributed scale, but relatively heavy, suitable for medium and large-scale enterprises, OpenTSDB there are nearly 2.9k star on github.
OpenTSDB itself does not provide an alarm module, Argus [Appendix 12.17] (github 0.29k Star) Salesforce is open source based unified monitoring platform OpenTSDB alarm, the alarm function support rich and flexible alarm configuration, alarms can be used as a supplement OpenTSDB. In recent years, there have a number of lightweight TSDB, such as InfluxDB [Appendix 12.18] (github 12.4k stars) and Prometheus [Appendix 12.19] (github 14.3k stars), these products are rich in functions reporting capabilities, comes with an alarm module, but distributed lack of capacity for small and medium scale enterprises. Grafana [Appendix 12.20] (github 19.9k stars) is Metrics reports show the community standard.
There are some general community health checks and alarm products, such as Sensu [Appendix 12.21] (github 2.7k stars), is capable of a variety of services (such as spring boot exposure endpoint health checks, time-series database metrics, ELK in error logs, etc.) customized flexible health check (check), then the user can set flexible alarm notification policy for check results.
Sensu Yelp and other companies have landed in the case. Other similar products are open source Esty 411 [Appendix 12.22] (github 0.74k stars) and Zalando is ZMon [Appendix 12.23] (github 0.15k Star), which are respectively Esty and landing Zalando product, but custom check and alarm configuration using the threshold is relatively high, the community is not hot, it is recommended to customize self-development ability of the trial team. ZMon background using KairosDB storage, if companies have adopted KariosDB as time-series database, you can consider ZMon as alarm notification module.
Seven, fault-tolerant service selection
For Java technology stack, Netflix the MAMMALIA, [Appendix 12.24] (github 12.4k stars) to fuse, isolation, limiting the ability to package and demotion into components, any dependency call (database, service, buffer) can be encapsulated in the Hystrix Command within, the fault tolerant automatic packaging. Hystrix originated from Netflix resilient projects through Netflix mass production verification, the current community standard of fault-tolerant components, on github 12k super star. Other languages have simplified version of the stack components of similar Hystrix.
Hystrix generally require the application or end point embedded within the frame, use of a certain threshold. For centralized reverse proxy (the boundary and internal) routes do service company can focus on limiting fuse reverse proxy to do, for example, using Nginx [Appendix 12.25] (github 5.1k stars) or Kong [Appendix 12.7] (github 11.4k stars) this type of reverse proxy, they have a flexible plug-in support limiting fault-tolerant configuration.
Zuul gateway may be integrated Hystrix centralized fault tolerance gateway limiting layer. Centralized reverse proxy need a certain amount of research and development and operation and maintenance capabilities, but can be centrally managed for limiting fault-tolerant, can simplify client.
Eight, background service selection
Background services including messaging systems, distributed cache, distributed data access layer and task scheduling system. Background services is a relatively mature field, a lot of open source products can be basically out of the box.
Messaging system , the reliability of less demanding scenes logs, the top-level Apache project Kafka [Appendix 12.26] (github 7.2k stars) is a community standard.
For high reliability requirements of business scenarios, kafka actually competent, but companies need for the scene, monitoring and management of Kafka's ability to customize them perfect, Allegro company's open source hermes [Appendix 12.27] (github 0.3k stars) it is a reference project, which encapsulates the enterprise-class management capabilities for business scenarios in Kafka basis.
Ali open source RocketMQ [Appendix 12.28] (github 3.5k star) is also a good choice, with more features applicable to business scenario, currently the top-level Apache project. RabbitMQ [Appendix 12.29] (github 3.6k star) is a veteran of the classic MQ, the queue is very rich features and documentation, performance and ability weaker distributed, small-scale alternative scene.
For cache management , if a client preference for direct mode (direct personal opinion cache simpler lightweight), the SohuTv open source cachecloud [Appendix 12.30] (github 2.5k stars) is a good Redis cache management platform, provide services such as monitoring statistics, a key to open, automatic failover, online scalable, automated operation and maintenance and other production-level governance capacity, while its documentation is also rich
If the use of the intermediate layer tends Proxy mode, the open source Twitter twemproxy [Appendix 12.31] (github 7.5k stars) and open source CodisLab CODIS [Appendix 12.32] (github 6.9k stars) is relatively hot community options.
For distributed data access layer , if using Java technology stack, then Dangdang open source shardingjdbc [Appendix 12.33] (github 3.5k stars) is a good option to do sub-library sub-table logic in the client jdbc driver, the client straight even the database is relatively simple and lightweight, it is recommended the use of small and medium-scale scene.
If the tendency database access using an intermediate layer proxy mode, Ali Cobar evolved from the open source community sub-library sub-table middleware MyCAT [Appendix 12.34] (github 3.6k stars) is a good choice. proxy mode higher operation and maintenance costs, the proposed large-scale scenes, there is a certain framework of self-development and operation and maintenance capabilities of the team used.
Task scheduling system , personal recommendation Xu snow open source xxl-job [Appendix 12.35] (github 3.4k stars), simple to deploy lightweight enough for most scenes. Dangdang revenue of elastic-job [Appendix 12.36] (github 3.2k stars) is also a good choice, compared to xxl-job function stronger and more complex.
Nine, Security Selection Service
One, although currently there are OAuth and OpenID connect industry standard protocols such as, but the specific implementation of various practices are not the same for micro-services security authentication and authorization mechanisms, companies generally have a lot of special custom needs, the entire community has not formed a common production level out of the box product.
There are some open-source license server products, more well known as Apereo CAS [Appendix 12.37] (github 3.6k stars), JBoss open source keycloak [Appendix 12.38] (github 1.9 stars), spring cloud security [Appendix 12.39] and so on, mostly opinionated (a point of view and practice) products, and for supporting too many agreements resulting product complexity, lack of adequate flexibility.
Personal recommendation is based on OAuth and OpenID connect standard, in reference to some of the open source products (such as Mitre open source OpenID-Connect-Java-Spring-Server [Appendix 12.40], github 0.62k stars), since the inquiry lightweight custom authorization server .
Wso2 proposed security services reference a micro-program [Appendix 12.45], the proposed reference, a key step in the program are as follows:
Supports OAuth 2.0 and OpenID Connect protocol standard authorization server (personal recommendations from customized research);
Using the API Gateway as a single point of access, to achieve a unified security management;
Customer service before accessing the micro, log obtain access token authorized by the server and then sent to the gateway with the access token and request;
Gateway acquired access token, the authorization server by checking token, token while doing the conversion get JWT token.
Gateway will be forwarded to the background micro and services with JWT Token request;
JWT may store user session information, the information may be transmitted back to the micro-service, it may be passed between micro-services, and the like as authentication and authorization purposes;
Each serving contains micro JWT clients, JWT can decrypt and obtain user session information therein.
Throughout the program, access token is a by reference token, does not include user information may be directly exposed to the public Internet; JWT token is a by value token, the user information may include, but are not exposed to the public internet.
Ten, service deployment platform selection
Container has been accepted by the community as an ideal means to deliver micro-services can be achieved immutable (immutable) release mode. A lightweight container-based service deployment platform includes a container resource scheduling, publishing system, image management, resource management and IAM modules.
Cluster resource scheduling system: shielding container details, the entire cluster abstract resource pool into a container, the container support on-demand application and release of resources, the automatic failover (fail over) physical machine failure. Currently Google open source kubernetes [Appendix 12.41], driven by strong endorsement Google and communities, has basically been a market leader, has 31.8k star on github, activity community has far exceeded mesos [Appendix 12.42] ( github 3.5k stars) and swarm and other competitive products, the container resource scheduling suggesting the preferred k8s. Of course, if your team has enough ability to customize self-development, want to control the depth of the underlying scheduling algorithms can also be customized based on mesos do self-study.
Mirror Governance: Based docker registry, several lightweight package management functions. vmware open source harbor [Appendix 12.43] (github 3.5k stars) community is more mature enterprise-class products, the docker registry based on extended access control, auditing, mirror synchronization, governance capacity management interface, could be considered.
Resource Governance: similar CMDB ideas in the container cloud environment, companies still need to use app, organization org, container quota and the number of other related information lightweight governance. At present this has not produced the level of open source products, companies generally need to customize according to their self-development scene.
Publishing platform: user-oriented release management console, support publishing process orchestration. It and other subsystems docking interaction, to achieve the basic application publishing capabilities, such as advanced release mechanism also achieve blue-green, canary and gray and so on. At present this production level of open source products rarely, Netflix open source spinnaker [Appendix 12.44] (github 4.2k stars) is, but this product is more complicated weight (because it has to support a variety of CI adapter docking system, but also to fit a variety of docking public cloud and cloud container, making the whole system very complex), general corporate customized recommendations from the research lightweight solution according to their own scenes.
IAM: is identity & access management for short, the individual components distribution platform for authentication and security access control. The community has a lot of open source IAM product, more well-known Apereo CAS (github 3.6k stars), JBoss open source keycloak (github 1.9 stars) and so on. But these products are generally more complex weight, many companies take into account the various internal flexible docking system needs, from customized research will consider lightweight solution.
Considering the service deployment platform is currently no end-to-production level solutions, businesses generally require custom integration, the following can be given a reference has released a lightweight system can control efforts:
Simplify the publishing process as follows:
CI generated by the application after the integrated image, the user pushes the mirror to the mirror management center;
User applications published in the asset management center, completing applications, publishing and quota-related information, and then wait for approval by;
Approval issued by the developer console released by publishing the application;
Distribution system to obtain specification information released by querying the asset management center;
Publishing system issues to the vessel container instances cloud start instruction;
Cloud container from the image control center and start pulling vessel image;
After starting the container service from registration to the service registry, and maintain a regular heartbeat;
Registered users call the service center to allocate traffic by posting system, blue-green, canary or grayscale publishing mechanism;
Gateway and internal micro-service client synchronization services regularly service routing table on the registry, according to the traffic load balancing policy to distribute the new service instance.
In addition, continuous delivery pipeline (CD Pipeline) is also an important part of the micro-service publishing, and this is mainly related development process generally requires companies to customize, below is a model for reference lines, some lightweight package management center on the mirror governance processes, for example, can only be released by upgrading the mirror test environment to test the UAT environment, it can only be released to upgrade the production environment by mirroring UAT test environment by setting some quality doors on the assembly line to ensure the delivery of high-quality applications to production.
XI, written in the last
Note that this article is limited to the length of the test and CI and other sectors not involved, but they are also an important part of building micro-service architecture, there are many mature mature open source products available.
After the selection of technology is important, but also micro-services building just a small part of the work, product selection to really fall within the enterprise to form a complete micro-services technology stack system, subsequent as well as a lot of integration, customization, management, operation and maintenance and promotion work.
This article only personal experience perspective, selection of ideas for reference only draw. The specific context of each enterprise (business scenarios, team organization, technical architecture, etc.) vary, each architect's background experience is also different, we have to make the actual selection of their own, not the best technology stack, only relatively suitable technology stack. In addition, the technology selection is good even learn from each other out of the PK, we welcome the discussion, given their own micro-Services 2.0 technology stack selection advice.
appendix
Spring Boot
https://github.com/spring-projects/spring-boot
Alibaba Dubbo
https://github.com/alibaba/dubbo
Google gRPC
https://github.com/grpc/grpc
NetflixOSS Eureka
https://github.com/Netflix/eureka
Hashicorp Consul
https://github.com/hashicorp/consul
NetflixOSS Zuul
https://github.com/Netflix/zuul
Kong
https://github.com/Kong/kong
Spring Cloud Config
https://github.com/spring-cloud/spring-cloud-config
CTrip Apollo
https://github.com/ctripcorp/apollo
ElasticSearch
https://github.com/elastic/elasticsearch
Yelp Elastalert
https://github.com/Yelp/elastalert
Dianping CAT
https://github.com/dianping/cat
Zipkin
https://github.com/openzipkin/zipkin
Naver Pinpoint
https://github.com/naver/pinpoint
OpenTSDB
https://github.com/OpenTSDB/opentsdb
KairosDB
https://github.com/kairosdb/kairosdb
Argus
https://github.com/salesforce/Argus
InfluxDB
https://github.com/influxdata/influxdb
Prometheus
https://github.com/prometheus/prometheus
Grafana
https : //github.com/grafana/grafana
Sensu
https://github.com/sensu/sensu
Esty 411
https://github.com/etsy/411
Zalando ZMon
https://github.com/zalando/zmon
NetflixOSS Hystrix
https://github.com/Netflix/Hystrix
Nginx
https://github.com/nginx/nginx
Apache Kafka
https://github.com/apache/kafka
Allegro Hermes
https://github.com/allegro/hermes
Apache Rocketmq
https://github.com/apache/rocketmq
Rabbitmq
https://github.com/rabbitmq/rabbitmq-server
Sohutv CacheCloud
https://github.com/sohutv/cachecloud
Twitter twemproxy
https://github.com/twitter/twemproxy
CodisLab codis
https://github.com/CodisLabs/codis
Dangdang Sharding-jdbc
https://github.com/shardingjdbc/sharding-jdbc
MyCAT
https://github.com/MyCATApache/Mycat-Server
Xxl-job
https://github.com/xuxueli/xxl-job
Dangdang elastic-job
https://github.com/elasticjob/elastic-job-lite
Apereo CAS
https://github.com/apereo/cas
JBoss keycloak
https://github.com/keycloak/keycloak
Spring cloud security
https://github.com/spring-cloud/spring-cloud-security
OpenID-Connect-Java-Spring-Server
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
Google Kubernetes
https://github.com/kubernetes/kubernetes
Apache Mesos
https://github.com/apache/mesos
Vmware Harbor
https://github.com/vmware/harbor
Netflix Spinnaker
https://github.com/spinnaker/spinnaker
Practice in Microservices - Key Concepts of Architecture AN MSA
https://wso2.com/whitepapers/microservices-in-practice-key-architectural-concepts-of-an-msa/
design and micro-ecosystem services
http: // servicecomb .incubator.apache.org / assets / slides / 20170619 / MSAPrinciple & EcoSystem.pdf
———— e n d ————
Article from: java Advanced architect
