Spring Cloud Gateway integrated Ali Sentinel Gateway flow limiting actual combat!

Hello, everyone. I’m Chen

This is the eighth article in Spring Cloud Advancements. The previous article is as follows:

• How strong is Nacos, the soul ferryman of microservices, in 55 images?
• OpenFeign kills series 9 asks, who can stand that?
• Ali interview asked: Nacos, Apollo, Config configuration center how to select? These 10 dimensions tell you!
• Ali failed in the interview: How to select 5 kinds of microservice registry? These dimensions tell you!
• Ali’s Sentinel-killing Device 17 questions?
• Compare 7 distributed transaction schemes, or prefer Ali open source Seata, really fragrant! (Principle + actual combat)
• Spring Cloud Gateway kills 10 questions?

The previous article introduced some basic knowledge of Spring Cloud Gateway, today Chen came to Lao a Lao Gateway level how to do flow limiting?

The table of contents is as follows:

How does the gateway limit traffic?

Spring Cloud Gateway itself own current limit, filter is RequestRateLimiterGatewayFilterFactory, but will not be covered on the mesa’s, are interested can be achieved.

Today’s focus is to integrate Ali’s Sentinel to achieve gateway flow limiting. Sentinel has not understood, you can see Chen’s article: Ali’s Sentinel flow limiting device has killed 17 questions?

Starting from version 1.6.0, Sentinel provides an adaptation module of the SpringCloud Gateway, which can provide flow limiting of two resource dimensions:

• Dimension of the route: indicates the route entry configured in the configuration filerouteId, which belongs to coarse-grained traffic limiting, generally applies traffic limiting to a microservice.
• Custom API dimensions: Users can customize API groupings using the API provided by Sentinel. This is fine-grained flow limiting that matches a certain type of URI and can span multiple microservices.

Sentinel official file: github.com/alibaba/Sen…

Spring Cloud Gateway is easy to integrate with Sentinel implementations, which is the beauty of Ali, providing simple, easy-to-use tools that allow programmers to focus on business.

New project

Create a new gateway-Sentinel9026 module and add the following dependencies:

<! -- NACOS Registry -->
    <dependency>
      <groupId>com.alibaba.cloud</groupId>
      <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
    </dependency>

    <! --spring cloud gateway-->
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-gateway</artifactId>
    </dependency>

    <! -- Spring Cloud Gateway integrated with Sentinel -->
    <dependency>
      <groupId>com.alibaba.cloud</groupId>
      <artifactId>spring-cloud-alibaba-sentinel-gateway</artifactId>
    </dependency>

    <! -- Sentinel dependence -->
    <dependency>
      <groupId>com.alibaba.cloud</groupId>
      <artifactId>spring-cloud-starter-alibaba-sentinel</artifactId>
    </dependency>
Copy the code

Note: This is still a gateway service, do not add WEB dependencies

The configuration file

The following three configurations are specified in the configuration file:

• Nacos address
• Sentinel console address
• Configure gateway routes

The configuration is as follows:

spring:
  cloud:
    Configure the address of the Sentinel console
    sentinel:
      transport:
        ## Specifies the console address. The default port is 8080
        dashboard: localhost:8080
    nacos:
      Registry configuration
      discovery:
        The IP address in nacOS-server is the port number
        server-addr: 127.0. 01.: 8848
    gateway:
      # # routing
      routes:
        ## id is unique
        - id: gateway-provider
          uri: lb://gateway-provider
          # configure assertions
          predicates:
            The /gateway/provider/** request Path will be routed to the uri http://localhost:9024
            - Path=/gateway/provider/**
Copy the code

In the preceding configuration, a route gateway-provider is configured. If the request path meets /gateway/provider/**, the request path is routed to the gateway-provider service.

Current limiting configuration

After the above two steps are integrated well Sentinel, at this time visit the interface: http://localhost:9026/gateway/provider/port

In the sentinel console, you can see that the monitored route is gateway-provider, as shown in the following figure:

At this point, we can add a new traffic limiting of route dimension, as shown in the following figure:

In the preceding figure, traffic limiting is performed for the gateway-provider route. The QPS threshold is 1.

The quick access: http://localhost:9026/gateway/provider/port, see current limit had been made, and the diagram below:

Traffic limiting of the route dimension has been configured successfully. You can follow the preceding steps to try it yourself.

API group limiting is also very simple, first need to define a group, API management -> new API group, as shown below:

Matching model chose an exact match (and prefix match, regular matching), so only this uri: http://xxxx/gateway/provider/port will be current limit.

The second step is to add flow control rules to this group. Flow control Rules -> Add gateway flow control, as shown below:

You can select the corresponding group in the API name. After the new group is added, the traffic limiting rule takes effect.

Chen mou no longer tests, small partners start their own test……………

See Chen’s Sentinel article for more information about the persistence of limiting traffic rules.

How can I customize traffic limiting exception information?

As you can see from the demo above, the default exception return message is: “Block………” This is definitely not acceptable to the client, so you need to customize your own exception return information.

Here are two different ways to customize the exception return information. Choose one during your development.

Customize directly in the configuration file

The developer can directly modify the returned information in the configuration file as follows:

spring:
  cloud:
    Configure the address of the Sentinel console
    sentinel:
      After configuring traffic limiting, respond to the content
      scg:
        fallback:
          ## Two modes, one is response to return text prompt message,
          Redirect (uri) redirect(uri)
          mode: response
          The status of the response
          response-status: 200
          # # response body
          response-body: '{"code": 200,"message": "Request failed, try again later!" } '
Copy the code

In the above configuration, mode sets response. Once the stream is restricted, JSON string will be returned.

{
    "code": 200."message": "Request failed, try again later!"
}
Copy the code

The redirection configuration is as follows:

spring:
  cloud:
    Configure the address of the Sentinel console
    sentinel:
      After configuring traffic limiting, respond to the content
      scg:
        fallback:
          [redirect] [redirect] [redirect] [redirect] [redirect] [redirect] [redirect] [redirect]
          mode: redirect
          ## Redirect URL
          redirect: http://www.baidu.com
Copy the code

Once traffic is restricted, you will be directed to www.baidu.com

Code to customize

This is not very flexible. By hard coding, the complete code is as follows:

@Configuration
public class GatewayConfig {
    /** * Custom stream limiting processor */
    @PostConstruct
    public void initBlockHandlers(a) {
        BlockRequestHandler blockHandler = (serverWebExchange, throwable) -> {
            Map map = new HashMap();
            map.put("code".200);
            map.put("message"."Request failed, try again later!");
            return ServerResponse.status(HttpStatus.OK)
                    .contentType(MediaType.APPLICATION_JSON_UTF8)
                    .body(BodyInserters.fromObject(map));
        };
        GatewayCallbackManager.setBlockHandler(blockHandler);
    }
}
Copy the code

After the introduction of the two ways, choose the appropriate way according to the business needs. Of course, Chen preferred the first way, for reasons: convention > configuration > coding.

Is the service secure if the gateway limits traffic?

Many people think that once traffic limiting is done at the gateway level, the service behind can rest easy. Do you think so?

Obviously, this idea is wrong. Complex microservices architecture an independent service is called not only by one party, but often by multiple parties, as shown below:

The goods service is not only invoked by the gateway layer, but also by the internal order service. In this case, the flow is restricted only at the gateway layer. Is the goods service safe?

Once a large number of requests for order services, such as the big quick kill, goods and services without limited flow will be instantly overwhelmed.

Therefore, based on the company’s business scenario, traffic limiting should be implemented for the services it is responsible for. The most common solution is cluster traffic limiting at the gateway layer and single-node traffic limiting for internal services to prevent them from being washed out by traffic.

conclusion

This paper introduces the flow limiting of Gateway layer by integrating Sentinel with Spring Cloud Gateway, and some thoughts about the flow limiting. If there is any mistake, welcome to comment.

The project source code has been uploaded to Github, the public number [code ape technology column] reply key words: 9528 access!

One last word (attention, don’t fuck me for nothing)

Chen each original article is carefully output, especially “Spring Cloud advanced” column article, knowledge too much, want to speak fine, must spend a lot of time to prepare, from knowledge to source demo.

If this article is helpful to you, or inspired by it, please like it, read it, forward it, and favorites it. Your support is the biggest motivation for me to stick to it!