CN116708123A

CN116708123A - Micro-service treatment platform based on nacos

Info

Publication number: CN116708123A
Application number: CN202310719306.1A
Authority: CN
Inventors: 贾俊
Original assignee: Ping An Bank Co Ltd
Current assignee: Ping An Bank Co Ltd
Priority date: 2023-06-16
Filing date: 2023-06-16
Publication date: 2023-09-05

Abstract

The invention discloses a micro-service management platform based on a nano-service, which is applicable to the technical fields of finance and science or other related technologies, and comprises a registration module, a flow management module, a fault tolerance module, a fault recovery module and a safety management module, wherein the registration module is used for providing a service instance registration interface for a service registrant and providing an access interface for a service instance for a service consumer; the flow control module is used for limiting the request amount of the service instance and carrying out degradation treatment on the service instance when the service instance is abnormal; the fault-tolerant module is used for carrying out fault-tolerant processing on the service instance when the service instance is in error; the fault recovery module is used for carrying out fault recovery processing on the service instance when the service instance fails; the security management module is used for managing the access authority and the configuration information of the service instance. The invention solves the technical problem of single service treatment mode in the prior art.

Description

Micro-service treatment platform based on nacos

Technical Field

The invention relates to the technical field of computers, in particular to a micro-service treatment platform based on a nano.

Background

The banking and finance industry combines and constructs an enterprise-level business process through an enterprise-level architecture method, decomposes enterprise-level strategies into strategy capacities, and realizes implementation of strategy landing through a landing business model after the business model is injected into the IT. The enterprise architecture has the value of realizing enterprise-level capability construction and multiplexing and rapidly promoting product innovation, and the core is that task components bearing business capability and IT services of a butt joint task component are required to be completely corresponding, a data table comprising IT service access and update and a calling relationship between the IT services are required to be consistent with a business architecture modeling result, so that IT can synchronously support flexible assembly when business utilizes the task components to flexibly combine innovation.

As enterprises continue to go deep in digital transformation, microservice architecture is becoming one of the mainstream architectures for enterprise development. In micro-service architecture, service management is particularly important. The traditional service management method mainly comprises a registration center, a configuration center, fusing, current limiting, degradation and the like, wherein the registration center is responsible for registering and discovering service instances, and the configuration center is used for managing configuration information of services. In the service discovery process, a consumer queries the position information of a service provider through a registration center, then obtains configuration information such as operation parameters, environment variables and the like of the service through a configuration center, and the three components such as fusing, current limiting and degradation are the cores of a service protection mechanism and are used for guaranteeing the reliability and stability of the service. The fuse can stop calling a certain service in time, and the avalanche effect caused by slow response or unavailability of the service due to some reasons is avoided. The flow limiter can limit the request flow of the service and avoid the service from being crashed due to overload. Degradation may provide some alternatives, such as returning cached data, default values, etc., to ensure availability and stability of the service. However, these governance approaches have certain limitations, such as single point of failure at the registry, inconsistent configuration, inconsistent production environment and pre-sent environment, etc.

Thus, there is a need for an all-link service governance scheme.

Disclosure of Invention

The invention aims to overcome the technical defects, provide a micro-service treatment platform based on the nano, which is applicable to the fields of financial science and technology or other related technologies, and solve the technical problem of single service treatment mode in the prior art.

In order to achieve the technical purpose, the invention adopts the following technical scheme:

a nacos-based micro-service remediation platform, comprising:

the registration module is used for providing a service instance registration interface for the service registrant and providing an access interface for the service instance for the service consumer;

the flow control module is used for limiting the request amount of the service instance and carrying out degradation treatment on the service instance when the service instance is abnormal;

the fault-tolerant module is used for carrying out fault-tolerant processing on the service instance when the service instance is in error;

the fault recovery module is used for carrying out fault recovery processing on the service instance when the service instance fails;

and the security management module is used for managing the access authority and the configuration information of the service instance.

In some embodiments, the registration module includes:

the connection configuration unit is used for configuring a server and a client so that the client can be connected to the server;

a registry creation unit for creating a service registry and for the service provider to register the service instance in the service registry;

and the interface providing unit is used for providing an interface for providing the client with the access service instance.

In some embodiments, the flow remediation module comprises:

the traffic rule configuration unit is used for configuring traffic rules, wherein the traffic rules are used for limiting the request amount of the service instance and carrying out degradation processing on the service instance when the service instance is abnormal;

the provider flow rule reading unit is used for enabling the Nacos client of the service provider to read the flow rule through the API and apply the flow rule to the service instance;

and the consumer flow rule reading unit is used for reading the flow rule by the Nacos client of the service consumer through the API, and selecting the service instance according to the flow rule.

In some embodiments, the fault tolerance module comprises:

a health check rule configuration unit configured to configure a health check rule based on the first health checker;

a provider health check rule reading unit, configured to read the health check rule by a Nacos client of a service provider through an API, and apply the health check rule to a service instance;

and the consumer health check rule reading unit is used for reading the health check rule by the Nacos client of the service consumer through an API, and selecting the service instance according to the health check rule.

In some embodiments, the health check rules are specifically:

and sending a first heartbeat request to the service instance within a preset interval time, checking whether the service instance survives, and if the service instance does not respond to the first heartbeat request within the preset time or the returned state code is not the first preset state code, determining that the service instance is unhealthy, otherwise, determining that the service instance is healthy.

In some embodiments, the fault recovery module comprises:

a fault recovery rule configuration unit configured to configure a fault recovery rule based on the second health checker and the flow controller;

a provider fault recovery rule reading unit, configured to allow a Nacos client of a service provider to read the fault recovery rule through an API and apply the fault recovery rule to a service instance;

and the consumer fault recovery rule reading unit is used for reading the fault recovery rule by the Nacos client of the service consumer through the API, and selecting the service instance according to the fault recovery rule.

In some embodiments, the fault recovery rule is specifically:

and sending a second heartbeat request to the service instance at a preset moment, detecting whether the service instance is available, if the service instance does not respond to the second heartbeat request for a plurality of times or the returned state code is not a second preset state code, determining that the service instance is unavailable, redirecting the flow of the service instance according to a preset flow control strategy, and otherwise, determining that the service instance is available.

In some embodiments, the security management module comprises:

a security management rule configuration unit for configuring security management rules;

the provider security management rule reading unit is used for enabling the Nacos client of the service provider to read the security management rule through the API and apply the security management rule to the service instance;

and the consumer safety management rule reading unit is used for the Nacos client of the service consumer to read the safety management rule through the API so as to ensure the safety of the request.

In some embodiments, the security management rules include at least authentication and authorization management sub-rules and a security communication sub-rule.

In some embodiments, the first and second health inspectors are one of a TCP health inspector, an HTTP health inspector, a MySQL health inspector, and a custom health inspector, and the flow controller is one of a poll scheduler, a weight-based scheduler, and a I P hash-based scheduler.

Compared with the prior art, the micro-service management platform based on the nano solves a plurality of problems of the traditional service management mode, improves the availability and stability of the service, can carry out service management of multiple data centers by utilizing the high availability and the characteristics of the multiple data centers provided by the nano, can realize full-link service management by utilizing the dynamic configuration, metadata management, gray level release and service monitoring functions provided by the nano, can conveniently manage interface documents by utilizing an interface document management center, and improves the development efficiency and the code quality, and has the following advantages:

1. the functions are rich: the Nacos provides a plurality of functional modules such as service registration and discovery, load balancing, fault detection and fault tolerance, configuration center and the like, supports clients with multiple languages, and can meet the requirements of different scenes;

2. the usability is high: nacos has the characteristics of simplicity and easiness in use, can be used only by introducing corresponding dependence and configuration, and does not need complex code modification and configuration;

3. the cost is lower: nacos is open source and free to use, so that the development and operation cost of enterprises can be reduced;

4. the liveness is high: nacos has an active open source community, can be timely technically supported and maintained in an updated version, and can provide more stable and reliable service.

Drawings

FIG. 1 is a block diagram of a micro-service remediation platform based on a nacos provided by an embodiment of the present invention;

FIG. 2 is a block diagram of the registration module in the micro-service administration platform based on the nacos according to the embodiment of the present invention;

FIG. 3 is a block diagram of the flow management module in the micro-service management platform based on the nacos according to the embodiment of the present invention;

FIG. 4 is a block diagram of the fault tolerant module in the micro-service administration platform based on the nacos according to the embodiment of the present invention;

FIG. 5 is a block diagram of the failure recovery module in the micro-service administration platform based on the nacos according to the embodiment of the present invention;

fig. 6 is a block diagram of the security management module in the micro-service administration platform based on the nacos according to the embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.

The banking and finance industry combines and constructs an enterprise-level business process through an enterprise-level architecture method, decomposes enterprise-level strategies into strategic capabilities, and realizes strategic landing implementation through a landing business model after the strategic capabilities are injected into the business model I T. The value of the enterprise architecture is to realize enterprise-level capability construction and multiplexing, rapidly promote product innovation, and the core is that task components bearing business capability and I T services of the docking task components must completely correspond, call relations between data tables including I T service access and update and I T services must be consistent with modeling results of the business architecture, so that I T can synchronously support flexible assembly when business utilization task components are flexibly combined and innovated.

As enterprises continue to go deep in digital transformation, microservice architecture is becoming one of the mainstream architectures for enterprise development. In micro-service architecture, service management is particularly important. Traditional service management methods mainly comprise a registration center, a configuration center, fusing, current limiting, degradation and the like. However, these governance approaches have certain limitations, such as single point of failure at the registry, inconsistent configuration, inconsistent production environment and pre-sent environment, etc.

Based on the above-mentioned drawbacks, referring to fig. 1, the present invention provides a micro-service management platform based on nano, which includes a registration module 100, a traffic management module 200, a fault tolerance module 300, a fault recovery module 400, and a security management module 500, wherein the traffic management module 200, the fault tolerance module 300, the fault recovery module 400, and the security management module 500 are all connected to the registration module 100.

The registration module 100 is used for providing a service registrant with a service instance registration interface and for providing a service consumer with an access interface for a service instance.

The traffic management module 200 is configured to limit the request amount of the service instance and perform degradation processing on the service instance when the service instance is abnormal.

The fault-tolerant module 300 is configured to perform fault-tolerant processing on the service instance when the service instance is in error.

The fault recovery module 400 is configured to perform fault recovery processing on the service instance when the service instance fails.

The security management module 500 is configured to manage access rights and configuration information of the service instance.

In this embodiment, a full-link service management technology based on Nacos is provided, where Nacos is a service discovery, configuration management, flow management and service management platform with open source, and provides a series of service management components including service registration, flow management, fault tolerance mechanism, fault recovery, and security management.

Specifically, the embodiment of the invention constructs the registration center based on the nacos by utilizing the high availability provided by the nacos and the characteristics of the multi-data center on the basis of the traditional registration center. Therefore, the problem of single-point fault of the traditional registration center can be solved, service management of multiple data centers can be conveniently carried out, service availability and stability are improved, and the nacos adopts various technical means to solve single-point exception handling, and is specific:

a. clustering architecture: nacos adopts a clustering architecture, and a plurality of nodes form a cluster to cooperate and synchronize data. Therefore, after a single node fails, other nodes still keep working normally, and the normal operation of the whole system is not affected.

b. And (3) primary and standby switching: each node in the Nacos cluster can be configured with a main-standby relationship, and when the main node fails, the standby node can automatically take over the work of the main node, so that the availability of the system is ensured.

c. Front buffer: the Nacos adds a pre-cache at the server, and a copy of the metadata is stored in the cache node, so that the access speed of the system can be improved by quickly accessing the cache data. Meanwhile, timely updating of the cache data is guaranteed through a heartbeat mechanism.

d. Current limiting fusing: nacos supports the current limiting fusing function, and can effectively avoid the problem of service paralysis. The overload of the system is prevented by limiting the request speed and frequency of the system and automatically blowing irregular requests.

Furthermore, the embodiment of the invention utilizes the dynamic configuration function provided by the nacos to construct the configuration center based on the nacos. Therefore, the problem of inconsistent configuration of the traditional configuration center can be solved, the configuration can be updated in real time, the difference between the production environment and the prefire environment is avoided, and the service availability and stability are improved.

Furthermore, the embodiment of the invention constructs an interface document management center by utilizing the metadata management function provided by the nano. The interface document can be managed conveniently through the center, the development efficiency and the code quality are improved, and the misuse and abuse of the interface are reduced.

Further, in the service management of the embodiment of the invention, gray level distribution is an important technology. By using the gray level release function provided by the nano, full-link gray level release based on the nano can be realized. Therefore, the robustness test and monitoring can be conveniently carried out, and the service availability and stability are improved.

In addition, the embodiment of the invention can realize full-link monitoring based on the nacos by utilizing the service monitoring function provided by the nacos. Through the function, the running state and performance index of the service can be monitored in real time, the problems are found and solved, and the availability and stability of the service are improved.

The embodiment of the invention provides a plurality of functional modules such as service registration and discovery, load balancing, fault detection and fault tolerance, configuration center and the like, and supports clients with multiple languages, so that the requirements of different scenes can be met; moreover, nacos has the characteristics of simplicity and easiness in use, can be used only by introducing corresponding dependence and configuration, and does not need complex code modification and configuration; in addition, nacos is open source and free to use, so that the development and operation cost of enterprises can be reduced; in addition, nacos has an active open source community, can be timely technically supported and maintained in an updated version, and can provide more stable and reliable service.

In some embodiments, referring to fig. 2, the registration module 100 includes a connection configuration unit 110, a registry creation unit 120, and an interface providing unit 130, wherein the connection configuration unit 110, the registry creation unit 120, and the interface providing unit 130 are sequentially connected.

The connection configuration unit 110 is configured to perform configuration of a server and a client, so that the client can connect to the server.

The registry creation unit 120 is used to create a service registry and for the service provider to register the service instance in the service registry.

The interface providing unit 130 is configured to provide an interface for providing the client with access to a service instance.

In this embodiment, the Nacos provides a service registry, and the service provider registers its own service instance in the registry, so that the service consumer can query available service instances through the registry. Service registration is the basis of service governance and is also the premise of traffic governance, fault tolerance mechanism and fault recovery.

In specific implementation, service registration is achieved by:

1. configuring a Nacos server and a client, ensuring that the Nacos server can be started normally and the client can be connected to the Nacos server;

2. writing codes of service providers and service consumers, adding Nacos client dependencies in the codes, and registering and discovering services by using an Nacos client API;

3. creating a service registry in the Nacos console, registering the service provider in the center;

4. the service provider is discovered in the service consumer through the Nacos client API and sends a request to it.

In some embodiments, referring to fig. 3, the flow management module 200 includes a flow rule configuration unit 210, a provider flow rule reading unit 220, and a consumer flow rule reading unit 230, wherein the flow rule configuration unit 210 is connected to the provider flow rule reading unit 220 and the consumer flow rule reading unit 230.

The traffic rule configuration unit 210 is configured to configure traffic rules, where the traffic rules are used to limit the request amount of the service instance and perform degradation processing on the service instance when the service instance is abnormal.

The provider traffic rule reading unit 220 is configured to allow the Nacos client of the service provider to read the traffic rule through the API and apply the traffic rule to the service instance.

The consumer traffic rule reading unit 230 is configured to read the traffic rule by the Nacos client of the service consumer through the API, and select the service instance according to the traffic rule.

In this embodiment, the Nacos provides two traffic management modes, i.e., service throttling and service degradation. The service flow limit can limit the request amount of the service according to indexes such as concurrent request, request processing time and the like, and prevent service unavailability caused by excessive request of the service. Service degradation can be performed for abnormal situations or high concurrent traffic of the service, and the availability of core services is guaranteed. Service throttling and service degradation are based on service registration, requiring the registry to provide available service information.

Specifically, firstly, configuring the flow rule in the Nacos console and applying the flow rule to the service provider, then using the Nacos client API to read the flow rule in the service provider, and limiting the flow according to the rule, specifically, the Nacos client API can read the flow rule by the following steps:

1. introducing a Nacos client-side dependent package: introducing a dependency package of Nacos clients in an item, e.g., a Maven item can add the following dependencies in a pon.xml file:

<groupId>com.alibaba.nacos</groupId>

<artifactId>nacos-client</artifactId>

<version>${nacos.client.version}</version>

</dependency>

2. creating a Nacos client instance: a Nacos client instance is created through the Nacos client API and specifies information such as the address, namespace, access key, etc. of the Nacos Server. For example:

3. calling API to read traffic rules: and obtaining the flow rule of the appointed service by calling the getFlowRule method of the Nacos client API and designating parameters such as service names, groups, clusters, namespaces and the like. For example:

String flowRules＝namingService.getFlowRule(serviceName,group,cluster,namespaceId)；

System.out.println(flowRules)；

the code returns a character string which contains the traffic rule information of the service and can be analyzed and processed according to the service requirement.

When a service consumer makes a service instance access, the service consumer reads the traffic rules using the Nacos client API and selects the appropriate service provider based on the rules.

In some embodiments, referring to fig. 4, the fault tolerance module 300 includes a health check rule configuration unit 310, a provider health check rule reading unit 320, and a consumer health check rule reading unit 330.

The health check rule configuration unit 310 is configured to configure health check rules based on the first health checker.

The provider health check rule reading unit 320 is configured to allow the Nacos client of the service provider to read the health check rule through the API and apply the health check rule to the service instance.

The consumer health check rule reading unit 330 is configured to read the health check rule by the Nacos client of the service consumer through an API, and select the service instance according to the health check rule.

In this embodiment, the Nacos provides two fault tolerance mechanisms, namely service fusing and service fault tolerance. Service fusing refers to automatically disconnecting call of the service when service call is abnormal or overtime, and avalanche effect is avoided. Service fault tolerance refers to automatically switching to an alternative service or returning to a default value, etc., when a service is not available. Service fusing and service fault tolerance require use with a service registry to obtain available service information in real time for fusing or fault tolerance processing.

First, health check rules in the Nacos console are configured and applied to the service provider, specifically, in the Nacos console, the Health check rules are implemented by a first Health Checker (Health Checker). The health checker is a mechanism by which the Nacos Server determines whether a service instance is healthy.

Optionally, the health check rule specifically includes:

In this embodiment, the health checker sends a heartbeat request to the service instance at a certain time interval, and detects whether the service instance survives. If the service instance does not respond to the heartbeat request in time or the returned status code is not 200, the service instance is considered unhealthy, thereby triggering a corresponding flow control policy. Wherein, nacos provides a plurality of types of health inspectors, and the proper health inspector can be selected according to specific scenes. The method comprises the following steps:

TCP health checker: and sending a TCP connection request to the service instance, and judging whether the service instance responds normally or not.

HTTP health checker: and an HTTP request is sent to the service instance, whether the service instance responds normally or not is detected, and parameters such as a request path, a request method and the like can be configured.

MySQL health checker: and connecting the MySQL database, executing the SQL query statement, and detecting whether the service instance responds normally.

Custom health inspector: the health checker is customized according to the business requirements, for example, by calling a certain interface, sending a certain request, and the like, to detect whether the service instance is normal.

In the Nacos console, health check rules can be added to the service instance by way of configuration of the health checker. The method comprises the following specific steps:

1. logging in Nacos control desk, selecting corresponding service, entering "service detail" page.

2. In the "instance list", a service instance to which a health check rule needs to be added is selected, and the "configuration management" button is clicked.

3. In the 'configuration management' page, a 'health check' tab is selected, and health check rules are configured, wherein the health check rules comprise parameters such as health check type, check interval, check timeout time, check times and the like.

4. Clicking the save button to save the health check rule, the Nacos Server will send heartbeat request to the service instance periodically, and judge whether the service instance is healthy according to the response situation of the service instance.

After the health check rule configuration is completed, the health check rule is read by using the Nacos client API in the service provider, the health condition of the user is judged according to the rule, the health check rule is read by using the Nacos client API in the service consumer, the available service provider is selected according to the rule, in addition, the Nacos client API is used for load balancing in the service consumer, the available service provider is selected, and the request is sent to the service consumer for processing.

In some embodiments, referring to fig. 5, the fault recovery module 400 includes a fault recovery rule configuration unit 410, a provider fault recovery rule reading unit 420, and a consumer fault recovery rule reading unit 430, where the provider fault recovery rule reading unit 420 and the consumer fault recovery rule reading unit 430 are connected to the fault recovery rule configuration unit 410.

The fault recovery rule configuration unit 410 is configured to configure a fault recovery rule based on the second health checker and the flow controller.

The provider failure recovery rule reading unit 420 is configured to allow the Nacos client of the service provider to read the failure recovery rule through the API and apply the failure recovery rule to the service instance.

The consumer fault recovery rule reading unit 430 is configured to read the fault recovery rule by using an API through a Nacos client of a service consumer, and select the service instance according to the fault recovery rule.

In this embodiment, nacos provides the functions of service health checking and automatic fault awareness. The service provider can perform self-checking through the Nacos, and upload service state information to the Nacos, and the Nacos can sense the service condition in real time according to the information. When the service breaks down, the Nacos can quickly find and locate the fault, and the fault recovery is performed through a service fusing and fault tolerant mechanism.

Specifically, the fault recovery rule in the Nacos console is first configured and applied to the service provider, specifically, the configuration of the fault recovery rule is implemented by combining the second health checker with the Flow controller (Flow Control), and when the service instance is marked as unavailable due to a fault, the fault recovery rule decides whether to redirect the traffic to the service instance according to a certain policy.

Optionally, the fault recovery rule specifically includes:

In this embodiment, the health checker detects whether the service instance is healthy by periodically sending heartbeat requests to the service instance. If the service instance does not respond to the heartbeat request for a plurality of times continuously, or the returned state code is not 200, the service instance is marked as unavailable, and thus, a fault recovery flow is triggered; when a service instance is marked as unavailable, the flow controller will decide whether to redirect traffic to the service instance based on the configured rules. The second health checker is one of a TCP health checker, an HTTP health checker, a MySQL health checker and a custom health checker, and the flow controller is one of a polling Scheduler, a weight-based Scheduler and an IP hash-based Scheduler, wherein the polling Scheduler (Round-Robin Scheduler) can sequentially send requests to different service examples according to a certain sequence, so that the effect of load balancing is achieved; a weight-based Scheduler (Weighted Round-Robin Scheduler) can allocate different weights to different service instances, and schedule requests according to weight proportions; the scheduler (IP Hash Scheduler) based on the IP hash can send the request to the corresponding service instance according to the source IP address of the request, so that the request of the same client is always routed to the same service instance.

In the Nacos console, the fault recovery and flow control of the service instance can be realized by configuring a fault recovery rule. The method comprises the following specific steps:

2. In the service detail page, a fault recovery tab is selected, and a fault recovery rule is configured, wherein the fault recovery rule comprises parameters such as retry times, retry intervals, recovery intervals, weights and the like.

3. Clicking the save button saves the fault recovery rule, and the Nacos Server automatically performs fault recovery and flow control according to the rule.

After the configuration of the fault recovery rule is completed, the fault recovery rule is read in the service provider by using the Nacos client API, and the fault recovery is carried out according to the rule; the Nacos client API is used in the service consumer to read the failure recovery rules and to do the failure recovery according to the rules.

In some embodiments, referring to fig. 6, the security management module 500 includes a security management rule configuration unit 510, a provider security management rule reading unit 520, and a consumer security management rule reading unit 530, where the provider security management rule reading unit 520 and the consumer security management rule reading unit 530 are connected to the security management rule configuration unit 510.

The security management rule configuration unit 510 is configured to configure security management rules.

The provider security management rule reading unit 520 is configured to allow the Nacos client of the service provider to read the security management rule through the API and apply the security management rule to the service instance.

The consumer security management rule reading unit 530 is configured to read the security management rule by the Nacos client of the service consumer through the API, so as to ensure the security of the request.

In this embodiment, the Nacos provides security management functions such as service access control and configuration encryption. The service provider can control access through Nacos, control access authority and scope of the service, and prevent the service from being maliciously accessed or attacked. Nacos also supports encryption of configuration information, and security of sensitive information is guaranteed.

Specifically, firstly, a security management rule in a Nacos console is configured and applied to a service provider, and optionally, the security management rule at least comprises an identity verification and authorization management sub-rule and a security communication sub-rule, wherein the identity verification and authorization sub-rule specifically comprises: in Nacos, access authority control to services can be realized by configuring corresponding authentication and authorization rules. Nacos supports a variety of authentication methods including username-password, JWT, OAuth2, etc. After passing the identity verification, different users or roles can be authorized by configuring ACL rules, so that the access control to the service resources is realized. The safety communication sub-rules are specifically as follows: in Nacos, the safety of communication between services can be ensured by configuring SSL/TLS safety communication. Specifically, encryption and authentication of communication between services can be achieved by configuring SSL certificates, keys, CA certificates, and the like.

In the concrete implementation, in the Nacos console, the protection and management of the service resources can be realized by configuring the safety management rule. The method comprises the following specific steps:

2. In the "service details" page, the "security management" tab is selected, and authentication and authorization rules are configured, including parameters such as user name, password, ACL rules, etc.

3. In the "SSL/TLS" tab, SSL/TLS secure communication parameters are configured, including certificates, keys, CA certificates, and the like.

4. Clicking the save button saves the security management rule, and the Nacos Server performs access control and security protection on the service resource according to the rule.

After the configuration of the security management rule is completed, the security management rule is read by using the Nacos client API in the service provider, the security management is carried out according to the rule, the security management rule is read by using the Nacos client API in the service consumer, and the security of the request is ensured according to the rule.

In summary, the microcos-based micro-service management platform provided by the invention has tight relevance among components such as service registration, flow management, fault tolerance mechanism, fault recovery, safety management and the like in the Nacos, and the components are mutually dependent to form a complete service management system. Service registration is the basis of service management, traffic management, fault tolerance mechanism and fault recovery are key to guaranteeing service availability and stability, and security management is a necessary condition for guaranteeing service security. Therefore, when Nacos is used for service governance, the relevance among the components needs to be comprehensively considered, and a complete service governance system is built by comprehensively using the components, so that the stability and the safety of the service are ensured.

The invention solves a plurality of problems of the traditional service management mode, improves the availability and stability of the service, can carry out service management of a plurality of data centers by utilizing the high availability provided by the nano and the characteristics of the data centers, can realize full-link service management by utilizing the dynamic configuration, metadata management, gray level release and service monitoring functions provided by the nano, and can conveniently manage interface documents by utilizing an interface document management center, thereby improving the development efficiency and the code quality, and has the following advantages:

The above-described embodiments of the present invention do not limit the scope of the present invention. Any other corresponding changes and modifications made in accordance with the technical idea of the present invention shall be included in the scope of the claims of the present invention.

Claims

1. A microservice governance platform based on nacos, comprising:

2. The nacos-based micro-service remediation platform of claim 1, wherein the registration module comprises:

3. The nacos-based micro-service remediation platform of claim 2, wherein the flow remediation module comprises:

4. The nacos-based micro-service remediation platform of claim 3, wherein the fault tolerance module comprises:

5. The microservice management platform based on nacos according to claim 4, wherein the health check rules are in particular:

6. The nacos-based micro-service remediation platform of claim 5, wherein the fault recovery module comprises:

7. The microservice management platform of claim 6 wherein the fault recovery rules are specifically:

8. The nacos-based micro-service remediation platform of claim 7, wherein the security management module comprises:

9. The nacos-based micro-service remediation platform of claim 8 wherein the security management rules include at least authentication and authorization management sub-rules and security communication sub-rules.

10. The nacos-based micro-service remediation platform of claim 9, wherein the first health checker and the second health checker are one of a TCP health checker, an HTTP health checker, a MySQL health checker, and a custom health checker, and the flow controller is one of a poll scheduler, a weight-based scheduler, and an IP hash-based scheduler.