When you update an online application, you must ensure business continuity during the period in which the application is stopped and restarted. If you want to deploy, stop, roll back, scale in, or reset an application, you must configure the graceful shutdown feature to ensure that the application is shut down without affecting your business. This topic describes the notes and benefits of using graceful shutdown and how to use the graceful shutdown feature in the Microservices Engine (MSE) console.
Prerequisites
Microservices Governance is activated. For more information, see Activate Microservices Governance.
Microservices Governance is enabled for microservice applications in your Container Service for Kubernetes (ACK) cluster. For more information, see Enable Microservices Governance for microservice applications in an ACK cluster.
Usage notes
If your application only needs to access MSE, the graceful shutdown feature is automatically enabled. This ensures that the upstream application can call an application without service interruption when the application is shut down. You do not need to configure additional settings in the MSE console. In addition, the MSE graceful start and shutdown features provide observability that helps you determine whether an application is gracefully shut down.
Microservices Governance provided by MSE does not support graceful shutdown of the following applications:
Non-WebFlux applications or non-Spring MVC applications.
Downstream provider applications whose consumer applications are not microservice applications.
Non-Java applications.
Consumer applications and provider applications for which Microservices Governance is not enabled.
You must set the terminationGracePeriodSeconds parameter to a value greater than 30 in the ACK console. We recommend that you set this parameter to 90.
Background information
Service requests of consumer applications are inevitably affected during the period in which provider applications are stopped and restarted. The most secure and reliable solution is to update your application when no service requests exist. However, service requests exist even when your application is shut down.
A traditional solution is to manually remove traffic, stop your application, update your application, and then restart your application. If you use this solution to update your application, business continuity is not affected.
Graceful shutdown is an automated mechanism at the container or framework level. It is used to automatically remove traffic and process received requests before you update an application. This mechanism makes the update process imperceptible to your business and greatly improves the O&M efficiency during an application update.
Benefits
If you use the graceful shutdown solution provided by open source Spring Cloud, applications can be gracefully shut down by using a shutdown hook, Spring Boot Actuator, or Ribbon. This solution requires extra development efforts and may cause traffic loss to some registries in a short period of time.
If you use the graceful shutdown solution provided by open source Dubbo, you can use shutdown hooks and QoS to gracefully shut down applications. This not only requires extra development efforts but also has version requirements for the Dubbo applications. In addition, known issues are still available. As a result, the use of the applications is negatively affected.
MSE Microservices Governance integrates the graceful shutdown feature into the application release process. This way, applications are gracefully shut down when you stop, deploy, roll back, scale in, or reset applications.
Compared with the graceful shutdown solution provided by open source Spring Cloud, the graceful shutdown feature of MSE Microservices Governance has the advantages that are described in the following table.
Item
Open source Spring Cloud
MSE Microservices Governance
Version
When you call ServiceRegistryEndpoint, you must use Spring Boot Actuator and update it to the version that is compatible with the version of Spring Cloud.
MSE Microservices Governance supports Spring Cloud Dalston or later. You do not need to perform any modification operations.
Service registries and traffic loss
Open source Spring Cloud depends on registries that may cause traffic loss.
If ZooKeeper registries are used, no traffic loss occurs.
If Eureka registries are used, traffic loss occurs for up to 3 seconds.
If Nacos registries are used, traffic loss may occur for up to 10 seconds due to the cache on clients.
MSE Microservices Governance does not depend on registries. No traffic loss occurs.
Scenario
If you want to shut down an application that is deployed on an Elastic Compute Service (ECS) instance, you must view the change details of the application in the MSE console. If you want to shut down an application that is deployed in a Kubernetes cluster, you can use the preStop interface. However, you can configure only one action for the interface.
You can gracefully shut down applications that are deployed on ECS instances and in Kubernetes clusters. The operations on the applications and the configurations of the applications are not affected.
Cache on clients
You must configure an appropriate time range for Ribbon to refresh the cache on clients. If the time range is excessively large, traffic loss occurs when you shut down an application. If the time range is excessively small, service performance is affected.
MSE Microservices Governance provides an enhanced mechanism for Ribbon to refresh the cache during application shutdown. This mechanism allows MSE Microservices Governance to automatically refresh the cache by using a reactive response method.
Compared with the graceful shutdown solution provided by open source Dubbo, the graceful shutdown feature of MSE Microservices Governance has the advantages that are described in the following table.
NoteBefore you configure the graceful shutdown feature provided by MSE Microservices Governance for your applications, you must enable MSE Microservices Governance for both consumer applications and provider applications.
Item
Open source Dubbo
MSE Microservices Governance
Fixes of concurrency issues that occur because the unexport method of registries does not use atomic variables
Not supported in 2.5.3 or earlier
Supported
Reverse notification
Not supported in 2.5.3 or earlier
Supported
Wait for in-transit requests by clients
Not supported in 2.5.3 or earlier
Supported
qos offline
Supported in 2.5.8 to 2.6.2 and later
Supported
Trigger of Dubbo and Spring Cloud shutdown hooks
Supported in Apache Dubbo 2.7.3 and later
Supported
Shutdown events
Supported in Apache Dubbo 2.7.3 and later
Supported
Server wait
Not supported
Supported
Delivery of ReadOnly events in advance
Not supported
Supported
Enable proactive notification of graceful shutdown
Log on to the MSE console, and select a region in the top navigation bar.
In the left-side navigation pane, choose . On the page that appears, click the resource card of the application that you want to manage.
On the application details page, click Traffic management in the left-side navigation pane, and click the Lossless up and down line tab.
In the Graceful Shutdown section, turn on the Proactive Notification switch. In the Prompt message, click OK.
After the proactive notification feature is enabled, a notification is sent to the consumer application when a provider application is shut down. Then, the consumer application no longer calls the provider application.