领事：SD架构。从前端访问微服务的正确方法是什么？ [英] Consul: SD architecture. What is the right way to access microservices from a front-end side?

问题描述

我有几个由领事管理的后端微服务，并从另一个服务中获取一些数据，我使用领事馆的服务发现功能，如获得所有健康的服务器，然后从服务器地址和端口检索条目等，但是我应该如何从前端执行？只需使用实际的ip调用所需的微服务器，或者使用docker容器的命名空间来调用它？因为我坚持下去，所以得到任何知道如何做甚至更好的人的回应将是非常有帮助的。

解决方案

前端是指Javascript在网络浏览器上运行，还是您在同一个数据中心内运行的软件？我会假设我们不是在这里讨论网络浏览器的情况。

我认为，智能缓存和循环负载平衡的客户端发现是最好的，因为没有单点故障，并且对集群内的任何中断都做出非常快的反应。但是它推动了更多的逻辑到客户端，并使日志记录比Nginx的平凡访问日志更困难。

第二个选项是非常标准和很好的理解，Nginx和Haproxy是专为此工作负载而设计。请注意，您应该使用其中的一些可用性不会有单点故障，并升级其二进制文件（特别是如果在Docker上运行它们）将导致短暂的停机时间。客户端需要以某种方式发现这些负载平衡器，DNS是最常见的选项。当情况非常静态，并且所有内容都在默认端口上运行时，DNS的运行良好，因此您不需要使用TTL和SRV记录来修改太多。

第3个选项客户端逻辑更简单，因为API网关可以作为您内部可用的服务的视图。但您仍然需要为客户找到服务发现，以便他们无法真正解决原始问题。

欢迎任何反馈，这是一个非常广泛的话题，您的里程可能会有所不同。

更新：如果您使用HTTP协议，您可能希望通过HTTPS来保护它。使用负载平衡器，您有机会终止HTTPS，并且在VPC内还有其他防火墙后面的非加密流量更简单。

I have a few back-end microservices managed by consul, and to get some data from one service for the other one, I use service discovery feature of consul - like get all healthy servers, then get server address and port from the retrieved entry etc. But how should I do it from a front-end side? Just call needed microserver using it's actual ip or call it using namespace of docker container? It will be very helpful to get any response from someone who knows how to do it or even better, who did it before, because I stuck with it a bit.

解决方案

By "frontend" do you mean Javascript running on a web browser or a piece of software you've got running within the same datacenter? I'll assume we are not talking about web browser scenario here.

I think client-side discovery with smart caching and round-robin load balancing scales the best as there is no single point of failure and it reacts very fast to any disruptions within the cluster. But it pushes more logic to client side and makes logging more difficult than the trivial access log of Nginx.

2nd option is very standard and well understood, and Nginx and Haproxy were designed for this workload. Note that you should have a few of them available not to have a single point of failure, and upgrading their binaries (especially if you run them on Docker) will cause a short period of downtime. Clients need to discover these load balancers somehow anyway, DNS is the most common option. DNS works well when the situation is quite static and everything is running on default ports so you don't need to tinker too much with TTLs and SRV records.

3rd option makes client logic simpler because the API Gateway can act as a "view" to the services you've got internally available. But you still need service discovery for clients to find these so they don't really solve the original problem.

Any feedback is welcome, this is a very broad topic and your mileage may vary.

Update: Also if you are using HTTP protocol you might want to secure it by HTTPS. With a load balancer you have the chance of terminating HTTPS there and have simpler non-encrypted traffic within your VPC or whatever behind a firewall.

这篇关于领事：SD架构。从前端访问微服务的正确方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！