preface

This article introduces you to configuration management and service isolation in Nacos multiple environments

  • What is the Namespace of Nacos
  • Business status and pain points
  • This section describes the environment isolation solution
  • Configure the synchronization management scheme

What is the Namespace of Nacos

Nacos is a popular microservice configuration center and registry service component. It introduces the concept of Namespace to carry out configuration management and service isolation in multiple environments. Each member of the team can also share a Nacos service, and share Nacos resources by creating a personal Namespace space.

Business status and pain points

  1. Each developer builds Nacos locally, which is inconvenient to manage if the environment is not unified.

    • Solution: Build shared Nacos to isolate developers from the environment through namespaces.
  2. The development environment, test environment and production environment have their own Nacos, and it is very inconvenient to modify the configuration manually

    • Solution: Build the GitLab pipeline for configuration synchronization by scripting calls to the NacosAPI
  3. The current configuration file is in JSON format. After the modification, you cannot determine whether the syntax is correct. After the modification, you cannot determine the health status of the service

    • Solution: Passpython -m json.toolFor syntax verification, by invoking the service interface according to the return value of health status detection.

    Let’s take steps to address these pain points

This section describes the environment isolation solution

Before addressing these pain points, you need to first understand the environmental isolation plan.

  • Nacos recommends the following solutions for multi-tenancy:

    From the perspective of multiple tenants, each tenant may have its own namespace. The configuration data and registered service data of each tenant belong to its own namespace to achieve data isolation among tenants.

    For example, three tenants are allocated, namely, Zhang SAN, Li Si and Wang Wu. Zhang SAN is in charge of project A, Li Si is in charge of project B and Wang Wu is in charge of project C

    After the namespace is assigned, each tenant logs in with his/her own account name and password to create his/her own namespace. As shown below:

Nacos isolates services and configurations between tenants through namespaces, and it is very extensible

  • As a business becomes larger, you can also use groups to Group the environment.

    Assuming that the company develops rapidly and business is adjusted, Zhang SAN is responsible for A project, B project and C project, Li Si is responsible for D project, E project and F project, Wang Wu is responsible for G project, H project and I project.

    Each project is divided into dev, test and PROd environments. It is inconvenient to continue to use the previous Namespace isolation tenant scheme. At this time, groups can be added to the Namespace for project environment grouping, as shown in the figure:

  • But when the business is biggerItem number > Environment number) can beGroup items through groups, as shown below:

Through the above theoretical analysis, it can be seen that the scheme has good expansibility.

Let’s try it out with a script.

Configure the synchronization management scheme

1. Developers create shared nacOS

Write the user account to Users and submit the master branch to automatically create a namespace in the shared Nacos.

This is done by scripting calls to apis that use Nacos, two key apis described below

Nacos API research

  • Create the namespace API

    Request type POST

    Request path/nacos/v1 / console/namespaces

    Request parameters (string type)

    • customNamespaceId Namespace ID (mandatory)
    • namespaceName Namespace name (mandatory)
    • namespaceDesc Namespace description

    Example request:

    curl -X POST 'http://localhost:8848/nacos/v1/console/namespaces'-d 'customNamespaceId=&namespaceName=dev&namespaceDesc='
    Copy the code
  • Publish configuration API

    Request type POST

    The requested URL/nacos/v1 / cs/configs

    Request parameters (string type)

    • tenant Tenant information, corresponding to the namespace ID field of Nacos
    • dataId Configuring the ID (Mandatory)
    • group Configuring Groups (Mandatory)
    • content Configuration Content (Mandatory)
    • type Configuration type

    Example request:

    curl -X POST 'http://127.0.0.1:8848/nacos/v1/cs/configs'-d 'dataId=nacos.example&group=com.alibaba.nacos&content=contentTest'
    Copy the code
  • The implementation code

    The Namespace is created by cyclic reading of the users in users and data creation configuration in nacos-conf.json

    Create a namespace automatically based on the user
    
    if [ $CI_COMMIT_BRANCH = "master" ]; then
    
        namespace=($(cat users))
    
        for url in ${nacos_url[@]}; do
    
            for ns in ${namespace[@]}; do
    
            echo create namespace:$ns namespace
    
            Create a namespace
    
            curl -X POST "${url}/nacos/v1/console/namespaces" -d "customNamespaceId=${ns}&namespaceName=${ns}&namespaceDesc=${ns}"
    
            echo
    
            done
    
        done    
    
    Automatic publish configuration
    
        namespace=($(cat users))
    
        config=$(cat nacos-conf.json)
    
        dataId=gateway-route.properties
    
        group=DEFAULT_GROUP
    
        for url in ${nacos_url[@]}; do
    
            echo ${url}
    
            echo ${namespace[@]}
    
            for ns in ${namespace[@]}; do
    
                echo ${url}
    
                echo ${namespace[@]}
    
                echo create dataId:$dataId in namespace:$ns group:$group
    
                curl --location --request POST "${url}/nacos/v1/cs/configs? tenant=${ns}&dataId=${dataId}&group=${group}"   --form "content=$config"
    
                echo
    
            done
    
        done
    
    
    
    fi
    Copy the code

2. Submit the modified configuration to the branch and publish it to the corresponding environment

Variables bound to different environments according to the branch

  • The implementation code

    if [ $CI_COMMIT_BRANCH = "master" ]; then
    
        export nacos_url=(
    
            nacos.test.com:8848. ...). export CHECK_URL=(http://api-test.yizhoucp.cn/api/lanling/login. ...). fiCopy the code

Grammar check and health check

  • Check whether the JSON format is valid

    The example gitlab-ci.yml is shown below

    stages: 
    
      - deploy-nacos
    
    deploy-nacos:
    
      stage: deploy-nacos
    
      tags: 
    
        - nacos
    
      image: Nacos - check: alpine3.14
    
      script:
    
        - cat nacos-conf.json |python -m json.tool
    
        - ./nacos.sh
    
      only:
    
        refs:
    
          - master
    
          - deploy-test
    
          - deploy-prod
    Copy the code

    The image used here must contain Python and curl. An example Dockerfile is shown below

    FROM python:3.9.9-alpine3.14
    
    RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && apk add --no-cache git curl bash ca-certificates
    
    CMD     ["/bin/sh"]
    Copy the code
  • Health check

    By requesting the previously defined service interface, the return field with code is considered available, failing otherwise.

    ## Health check
    
        for CHECK in ${CHECK_URL[@]}; do
    
            echo  -----$CHECK
    
            CMD=`curl  ${CHECK} 2>/dev/null | grep -E 'code' | wc -l`
    
            if [ ${CMD} -eq 1 ]; then
    
                echo "Succ: Check proxy ${CHECK} is succeed."
    
        # exit 0
    
            else
    
                echo "Fail: check proxy ${CHECK} is failed."
    
                export erro_var=1
    
            fi
    
        done
    
    fi
    
    
    
    # echo $erro_var
    
    
    
    if [ ${erro_var} -eq 1 ]; then
    
        exit 1
    
    fi
    Copy the code

conclusion

The practical scheme of Nacos using Namespace for environment isolation was analyzed above, and the automatic configuration synchronization code experiment was carried out, which reached the expected requirements.

Reference and thanks: Nacos official manual, Namespace, Endpoint best Practices

About the author:

Guang, from Hangzhou Xiaoyu Technology, technical center operation and maintenance engineer.

| this paper XiaoYu production technology team, copyright ownership XiaoYu technology team. Welcome to reprint or use the content of this article for non-commercial purposes such as sharing and communication, please mark “content reprinted from Xiaoyu Technology and Technology team”. This article shall not be reproduced or used commercially without permission.