You can enable Microservices Governance of Microservices Engine (MSE) for microservice applications, such as Spring Cloud and Dubbo applications, that are deployed in a Container Service for Kubernetes (ACK) cluster or Container Compute Service (ACS) cluster. This gives you access to service governance capabilities that are provided by MSE to govern the microservice applications. This helps improve the stability and development efficiency of online microservice applications. This topic describes how to enable Microservices Governance for microservice applications in an ACK or ACS cluster.
Prerequisites
An ACK dedicated cluster, ACK managed cluster, or ACK Serverless cluster is created.
Microservices Governance is activated. You can do so on the Microservices Governance tab.
If you use both the open-source Sentinel and
com.alibaba.cloud.sentinel.feign.SentinelFeignAutoConfigurationfor your project, Microservices Governance may fail to be enabled for your Java applications.To mount the MSE Java agent, the Java virtual machine (JVM) heap memory must be at least 256 MB.
Procedure
If you need to enable Microservices Governance for all or most applications in a namespace, follow the instructions in "Scenario 1: Enable Microservices Governance for all applications in an ACK or ACS cluster namespace." For the other applications that don't need Microservices Governance enabled in the namespace, add the flag
spec.template.labels.msePilotAutoEnable: "off"for the applications.If you need to enable Microservices Governance for a small number of applications in a namespace, follow the instructions in "Scenario 2: Enable Microservices Governance for a single application."
Scenario 1: Enable Microservices Governance for all applications in an ACK or ACS cluster namespace
After Microservices Governance is enabled for applications in a namespace, all the pods there are automatically connected to it.
Log on to the MSE console, and select a region in the top navigation bar.
In the left-side navigation pane, choose Microservices Governance > Application Governance.
On the Application list page, click ACK Application Access.
In the ACK Application Access dialog box, configure the parameters and click OK.
Parameter
Description
Parameter
Description
Cluster type
Select ACK Cluster, ACK Serverless Cluster, or ACS Cluster.
If you have not granted the cluster permissions to call MSE, you must first perform authorization.
Cluster Name/ID
Select the name or ID of the cluster for which Microservices Governance is enabled. You can use keywords to search for cluster names or IDs.
ack-onepilot
View the status of the ack-onepilot component.
If the ack-onepilot component is not installed, click Click Install on the right of ack-onepilot. After the installation is complete, the status of the ack-onepilot component is displayed as Installed.
If you perform the operation as a RAM user and a message is displayed, indicating that you have no permissions to perform the operation, log on to the ACK console to access the desired cluster. Choose , then find ack-onepilot and click Install.
In this step, the ack-onepilot component is involved. Log on to the ACK console to access the destination cluster. Choose to view the component details.
After the ack-onepilot component is installed, the agent is automatically injected. In this case, the startup time of the application may be increased by up to 10s.
If you want to enable Microservices Governance for applications in an ACK or ACS cluster namespace, but the cluster is not deployed in a supported region, make sure the cluster can access the Internet and connect to acm.aliyun.com:8080. The supported regions include China (Qingdao), China (Hangzhou), China (Beijing), China (Shanghai), China East 2 Finance, China (Shenzhen), China (Hong Kong), Singapore, Germany (Frankfurt), Australia (Sydney), US (Silicon Valley), and US (Virginia).
Access Type
Select Namespace Access.
ACK Cluster Namespace
Select an ACK cluster namespace.
Microservices Governance Namespace
Select the Microservices Governance namespace. Then, redeploy existing applications or create new ones in the associated microservice namespace. This enables Microservices Governance.
Notes:
By default, the name of an application for which Microservices Governance is enabled is the same as the deployment. To modify it, edit the application's YAML file.
spec: template: metadata: labels: mseNamespace: default # The name of the MSE microservice namespace where your application resides. If you do not specify this parameter, the microservice namespace default is used. msePilotCreateAppName: "your-deployment-name" # Replace your-deployment-name with the name of your application.To disable Microservices Governance for an application, set
msePilotAutoEnabletoofffor the application.spec: template: metadata: labels: msePilotAutoEnable: "off" # The off value must be enclosed in double quotation marks (") or single quotation marks (').
Scenario 2: Enable Microservices Governance for a single application
If you want to enable Microservices Governance for only a few applications in your namespace, do so for each one individually.
Log on to the MSE console, and select a region in the top navigation bar.
In the left-side navigation pane, choose Microservices Governance > Application Governance.
On the Application list page, click ACK Application Access.
In the ACK Application Access dialog box, configure the parameters and click OK.
Parameter
Description
Parameter
Description
Cluster type
Select ACK Cluster, ACK Serverless Cluster, or ACS Cluster.
If you have not granted the cluster permissions to call MSE, you must first perform authorization.
Cluster Name/ID
Select the name or ID of the cluster for which Microservices Governance is enabled. You can use keywords to search for cluster names or IDs.
ack-onepilot
Displays the status of the ack-onepilot component.
If the ack-onepilot component is not installed, click Click Install on the right of ack-onepilot. After the installation is complete, the status of the ack-onepilot component is displayed as Installed.
If you perform the operation as a RAM user and a message is displayed, indicating that you have no permissions to perform the operation, log on to the ACK console to access the desired cluster. Choose , then find ack-onepilot and click Install.
In this step, the ack-onepilot component is involved. Log on to the ACK console to access the destination cluster, and choose to view the component details.
After the ack-onepilot component is installed, the agent is automatically injected. In this case, the startup time of the application may be increased by up to 10s.
Access Type
Select Single Application Access.
Access Procedure
Perform the following steps:
Step 1: Go to the ACK console, and click the cluster name. In the left-side navigation pane of the page that appears, choose . Then, select the namespace to which the application belongs.
Step 2: Click the name of the connected application. On the page that appears, click View in YAML.
Step 3: Edit the labels field in the following format and click Update.
spec: template: metadata: labels: # The on value indicates that Microservices Governance is enabled. The on value must be enclosed in double quotation marks ("). msePilotAutoEnable: "on" # The MSE microservice namespace where your application resides. If the namespace that you specify does not exist, a namespace with the specified name is automatically created. mseNamespace: 202401 # The actual name of the application for which Microservices Governance is enabled. The name must be enclosed in double quotation marks ("). msePilotCreateAppName: "your-deployment-name"
Verify the result
After you perform the preceding steps and restart the applications, Microservices Governance is enabled for the applications deployed in the Container Service for Kubernetes or Container Compute Service cluster. Here's how to verify it was successful:
Log on to the MSE console, and select a region in the top navigation bar.
In the left-side navigation pane, choose Microservices Governance > Application Governance.
Select a microservice namespace to view the applications for which Microservices Governance is enabled.
Best practices
For end-to-end canary release, see:
For traffic governance, see:
