Service Fabric-如何保留或保护我的硬编码端口 [英] Service Fabric - How to reserve or protect my hardcoded Port

问题描述

风景:

1. 我们有一个带有两个微服务的应用程序.

1. We have an Application with two micro services.

微服务A用于将应用程序公开到群集(我们的Web服务器)之外

Micro Service A is used to expose the application outside the cluster (our web server)

微服务B是我们的业务功能.

Micro Service B is our business functionality.

我们在微服务A的前面有一个F5，用于处理硬编码端口(onPrem)上的负载平衡.

We have an F5 in front of Micro Service A to handle the load balancing over the hard coded Ports(onPrem).

问题: 我们看到有时Micro Service B(业务功能)可能会盗用Micro Service A硬编码使用的端口.这样它将永远无法正确启动服务.

Problem: We witness it is possible that sometimes Micro Service B (Business functionality) will steal the port that Micro Service A is hard coded to use. Then it will never start the service correctly.

我们还看到SF似乎依次使用了可用的端口.因此，如果我们对Micro Service A进行硬编码以使其使用端口001，而Micro Service B则是随机的.当A重新启动时，B有时会抢走001.

We also see that SF seems to use the available ports sequentially. So If we hard coded Micro Service A to use port 001 and the Micro Service B to be random. When A got restarted sometimes B would grab 001.

可能的解决方案:

1. 我们可以对所有微服务进行硬编码-不喜欢.
2. 我们可以为这些硬编码端口保留更大的范围.例如，如果Service Fabric使用1000个端口，我们可以为Service A保留501-1000，让Service B保留001-499.这只会延迟问题，直到您有500多个实例为止. -也不是这的忠实粉丝.
3. 将端口硬编码为群集范围之外的端口?例如，如果我们在建立集群时使用20001-20500作为ApplicationEndpoints范围，如果我们将MicroService A硬编码为用户21000，它似乎可以工作吗?我不确定会造成什么意外后果?

请给我一个很好的选择4:)

Please give me a great option 4 :)

谢谢

格雷格

推荐答案

拥有此扩展级别时，最好的方法是使用节点类型来处理与内部访问分开的外部访问.

When you have this scale level, the best approach is use node types to handle external access separate from Internal.

您将创建一个FrontNode NodeType来托管暴露硬编码端口(即80、443)的API或WebService，然后创建BackEnd NodeType来使用随机端口托管您的服务.使用这种方法，您不必担心端口，因为服务将根据它们的角色在不同的节点上运行，并且只能从群集外部访问FE.

You would create a FrontEnd NodeType to host your APIs or WebServices that expose hard-coded ports(i.e.: 80, 443), and then create BackEnd NodeType to host your services with random ports. With this approach, you don't have to worry about the ports, because the services will run on different nodes according to their roles and only FE will be accessible from outside the cluster.

如果仍然需要在同一节点内处理此问题，则可以使用节点类型配置应用程序启动端口"& 应用程序终止端口"将处理在启动时将服务分配给的端口列表. 因此，您可以对这些列表之外的端口进行硬编码，然后让BE服务使用应用程序端口"中的列表，就像您在第三个选项中建议的那样.

If still need to handle this inside the same nodes, you can make use of the node type configuration "Application Start Port" & "Application End Port" that will handle the list of ports your service will be assigned to at started. So you would Hard-code your ports outside these lists, and let the BE services to use list from Application Ports, like you suggested on your 3rd option.

确保在负载均衡器上配置了硬编码端口，否则将无法从群集外部访问它们.

Make sure that the Hard-Coded ports are configured on your load balancer, otherwise they won't be accessible from outside the cluster.

这篇关于Service Fabric-如何保留或保护我的硬编码端口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！