Cloud-native Gateway provided by Microservices Engine (MSE) is compatible with Kubernetes Ingress standards and integrates traditional traffic gateways and microservices gateways into one. Cloud-native Gateway can help reduce resource costs by 50%. Cloud-native Gateway supports service discovery based on multiple sources such as Container Service for Kubernetes (ACK) and Nacos instances. Cloud-native Gateway also supports multiple logon authentication methods to provide security protection.
Scenarios
Communications management of the microservices architecture: provides load balancing and routing of traffic among services to ensure efficient allocation and high availability.
API access control: allows you to manage access to external APIs in a centralized manner and perform traffic control, identity authentication, and permission management.
Canary release and traffic management: supports canary release and traffic tagging to implement smooth application upgrades and stable operations.
Traffic governance: provides traffic governance features, such as throttling, circuit breaking, and degradation to improve service stability and ensure high availability.
Security protection: provides anti-DDoS, HTTPS encryption, and IP address blacklists and whitelists to ensure service security.
Cross-region deployment: allows you to schedule traffic across regions and implement global service deployment and management.
Benefits
Low costs
Cloud-native Gateway provided by MSE integrates traffic gateways (including Kubernetes Ingress gateways and NGINX gateways) and microservices gateways (including Spring Cloud Gateways and Zuul gateways) into one to help reduce resource costs by 50%. Cloud-native Gateway also reduces the request time and simplifies O&M operations.
Security protection
Supports JSON Web Token (JWT) authentication.
Supports OpenID Connect (OIDC) authentication based on OAuth 2.0.
Seamless integration
Seamlessly integrates with container services and microservices systems, and supports service discovery based on multiple service sources such as Nacos instances, ZooKeeper instances, and Kubernetes clusters.
Supports Dubbo 3.0 and graceful shutdown.
Seamlessly integrates with logging and monitoring systems. You can view key metrics that indicate the performance of a cloud-native gateway and metrics that indicate potential risks. This way, you can troubleshoot issues in an efficient manner.
Seamlessly integrates with a certificate system to simplify certificate management.
High availability
Cloud-native Gateway provided by MSE is developed based on the internal services of Alibaba Group. Cloud-native Gateway can handle hundreds of thousands of requests per second during Double 11 of 2020. Cloud-native Gateway is used in a wide range of business systems within Alibaba Group, such as Alipay, DingTalk, Taobao, Tmall, Youku, Fliggy, and Koubei.
Features
Traffic governance
Provides multiple service governance features, such as traffic throttling, service degradation, service discovery, service routing, traffic tagging, and timeout settings. Cloud-native Gateway also provides support for multiple service registries. This ensures that traffic can be allocated among multiple services in an efficient and stable manner.
Security management
Integrates with a logon authentication system to ensure the security of your applications. Cloud-native Gateway supports HTTPS certificates, IP address whitelists and blacklists, authentication, and traffic scrubbing. The authentication methods include JWT authentication, OIDC authentication, and Alibaba Cloud Identity as a Service (IDaaS) authentication.
Observability
Provides capabilities, such as global dashboards, gateway monitoring, log retrieval, top N service lists, log shipping, tracing analysis, and alert management.
High availability
Cloud-native Gateway uses the Envoy proxy and integrates Kubernetes Ingress gateways and microservices gateways into one. Cloud-native Gateway supports overload protection, graceful start and shutdown, multi-zone disaster recovery, auto scaling, and self-healing. A service-level agreement (SLA) of up to 99.95% is provided.
Limits
Item | Requirement |
Regions that support Transport Layer Security (TLS) hardware acceleration | Due to limits on the underlying hardware, TLS hardware acceleration is supported only in the following regions:
|
Regions that support Web Application Firewall (WAF) 3.0 integration | Cloud-native Gateway can be connected to WAF 2.0 by using traditional methods such as CNAME records. However, WAF 3.0 is required for integration with Cloud-native Gateway. WAF 3.0 integration is supported only in the following regions:
|
Regions that support Plug-in Marketplace | Plug-in Marketplace is supported in regions in which MSE is activated. For more information, see Supported regions. Note The maximum size of a custom plug-in that you can upload is 50 MB. |
Get started with Cloud-native Gateway
For more information about how to get started with Cloud-native Gateway, see Access applications in an ACK cluster by using a cloud-native gateway.
References
For more information about how to get started with Cloud-native Gateway, see Access applications in an ACK cluster by using a cloud-native gateway.
For more information about the supported regions of Cloud-native Gateway, see Supported regions.
For more information about the billing of Cloud-native Gateway, see Cloud-native Gateway.