preface
This article introduces you to configuration management and service isolation in Nacos multiple environments
- What is the Namespace of Nacos
- Business status and pain points
- This section describes the environment isolation solution
- Configure the synchronization management scheme
What is the Namespace of Nacos
Nacos is a popular microservice configuration center and registry service component. It introduces the concept of Namespace to carry out configuration management and service isolation in multiple environments. Each member of the team can also share a Nacos service, and share Nacos resources by creating a personal Namespace space.
Business status and pain points
-
Each developer builds Nacos locally, which is inconvenient to manage if the environment is not unified.
- Solution: Build shared Nacos to isolate developers from the environment through namespaces.
-
The development environment, test environment and production environment have their own Nacos, and it is very inconvenient to modify the configuration manually
- Solution: Build the GitLab pipeline for configuration synchronization by scripting calls to the NacosAPI
-
The current configuration file is in JSON format. After the modification, you cannot determine whether the syntax is correct. After the modification, you cannot determine the health status of the service
- Solution: Pass
python -m json.toolFor syntax verification, by invoking the service interface according to the return value of health status detection.
Let’s take steps to address these pain points
- Solution: Pass
This section describes the environment isolation solution
Before addressing these pain points, you need to first understand the environmental isolation plan.
-
Nacos recommends the following solutions for multi-tenancy:
From the perspective of multiple tenants, each tenant may have its own namespace. The configuration data and registered service data of each tenant belong to its own namespace to achieve data isolation among tenants.
For example, three tenants are allocated, namely, Zhang SAN, Li Si and Wang Wu. Zhang SAN is in charge of project A, Li Si is in charge of project B and Wang Wu is in charge of project C
After the namespace is assigned, each tenant logs in with his/her own account name and password to create his/her own namespace. As shown below:
Nacos isolates services and configurations between tenants through namespaces, and it is very extensible
-
As a business becomes larger, you can also use groups to Group the environment.
Assuming that the company develops rapidly and business is adjusted, Zhang SAN is responsible for A project, B project and C project, Li Si is responsible for D project, E project and F project, Wang Wu is responsible for G project, H project and I project.
Each project is divided into dev, test and PROd environments. It is inconvenient to continue to use the previous Namespace isolation tenant scheme. At this time, groups can be added to the Namespace for project environment grouping, as shown in the figure:
- But when the business is bigger
Item number > Environment number) can beGroup items through groups, as shown below:
Through the above theoretical analysis, it can be seen that the scheme has good expansibility.
Let’s try it out with a script.
Configure the synchronization management scheme
1. Developers create shared nacOS
Write the user account to Users and submit the master branch to automatically create a namespace in the shared Nacos.
This is done by scripting calls to apis that use Nacos, two key apis described below
Nacos API research
-
Create the namespace API
Request type POST
Request path/nacos/v1 / console/namespaces
Request parameters (string type)
customNamespaceIdNamespace ID (mandatory)namespaceNameNamespace name (mandatory)namespaceDescNamespace description
Example request:
curl -X POST 'http://localhost:8848/nacos/v1/console/namespaces'-d 'customNamespaceId=&namespaceName=dev&namespaceDesc=' Copy the code -
Publish configuration API
Request type POST
The requested URL/nacos/v1 / cs/configs
Request parameters (string type)
tenantTenant information, corresponding to the namespace ID field of NacosdataIdConfiguring the ID (Mandatory)groupConfiguring Groups (Mandatory)contentConfiguration Content (Mandatory)typeConfiguration type
Example request:
curl -X POST 'http://127.0.0.1:8848/nacos/v1/cs/configs'-d 'dataId=nacos.example&group=com.alibaba.nacos&content=contentTest' Copy the code -
The implementation code
The Namespace is created by cyclic reading of the users in users and data creation configuration in nacos-conf.json
Create a namespace automatically based on the user if [ $CI_COMMIT_BRANCH = "master" ]; then namespace=($(cat users)) for url in ${nacos_url[@]}; do for ns in ${namespace[@]}; do echo create namespace:$ns namespace Create a namespace curl -X POST "${url}/nacos/v1/console/namespaces" -d "customNamespaceId=${ns}&namespaceName=${ns}&namespaceDesc=${ns}" echo done done Automatic publish configuration namespace=($(cat users)) config=$(cat nacos-conf.json) dataId=gateway-route.properties group=DEFAULT_GROUP for url in ${nacos_url[@]}; do echo ${url} echo ${namespace[@]} for ns in ${namespace[@]}; do echo ${url} echo ${namespace[@]} echo create dataId:$dataId in namespace:$ns group:$group curl --location --request POST "${url}/nacos/v1/cs/configs? tenant=${ns}&dataId=${dataId}&group=${group}" --form "content=$config" echo done done fi Copy the code
2. Submit the modified configuration to the branch and publish it to the corresponding environment
Variables bound to different environments according to the branch
-
The implementation code
if [ $CI_COMMIT_BRANCH = "master" ]; then export nacos_url=( nacos.test.com:8848. ...). export CHECK_URL=(http://api-test.yizhoucp.cn/api/lanling/login. ...). fiCopy the code
Grammar check and health check
-
Check whether the JSON format is valid
The example gitlab-ci.yml is shown below
stages: - deploy-nacos deploy-nacos: stage: deploy-nacos tags: - nacos image: Nacos - check: alpine3.14 script: - cat nacos-conf.json |python -m json.tool - ./nacos.sh only: refs: - master - deploy-test - deploy-prod Copy the codeThe image used here must contain Python and curl. An example Dockerfile is shown below
FROM python:3.9.9-alpine3.14 RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && apk add --no-cache git curl bash ca-certificates CMD ["/bin/sh"] Copy the code -
Health check
By requesting the previously defined service interface, the return field with code is considered available, failing otherwise.
## Health check for CHECK in ${CHECK_URL[@]}; do echo -----$CHECK CMD=`curl ${CHECK} 2>/dev/null | grep -E 'code' | wc -l` if [ ${CMD} -eq 1 ]; then echo "Succ: Check proxy ${CHECK} is succeed." # exit 0 else echo "Fail: check proxy ${CHECK} is failed." export erro_var=1 fi done fi # echo $erro_var if [ ${erro_var} -eq 1 ]; then exit 1 fi Copy the code
conclusion
The practical scheme of Nacos using Namespace for environment isolation was analyzed above, and the automatic configuration synchronization code experiment was carried out, which reached the expected requirements.
Reference and thanks: Nacos official manual, Namespace, Endpoint best Practices
About the author:
Guang, from Hangzhou Xiaoyu Technology, technical center operation and maintenance engineer.
| this paper XiaoYu production technology team, copyright ownership XiaoYu technology team. Welcome to reprint or use the content of this article for non-commercial purposes such as sharing and communication, please mark “content reprinted from Xiaoyu Technology and Technology team”. This article shall not be reproduced or used commercially without permission.