在 Service Fabric Mesh 中公开多个服务
Exposing multiple services in Service Fabric Mesh
我正在尝试公开两个服务(Web API 和聊天机器人),它们通过 Service Fabric Mesh 网络的入口控制器在内部打开相同的端口。
运行 下面的定义总是让两个服务之一失败。
我不清楚的地方:
- 这是因为它们都在内部打开相同的端口(80 和 443)吗?
- 这通常是个坏主意吗?我应该使用像 NGINX 这样的反向代理吗?
- 我可以为这两个服务获取两个不同的 IP 地址吗?
文件:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-07-01-preview",
"name": "contosomaintenance",
"type": "Microsoft.ServiceFabricMesh/applications",
"location": "westeurope",
"dependsOn": [
"Microsoft.ServiceFabricMesh/networks/contosomaintenance-network"
],
"properties": {
"services": [
{
"name": "contosomaintenance-api",
"properties": {
"description": "Contoso Maintenance REST API",
"osType": "Linux",
"codePackages": [
{
"name": "contosomaintenance-api",
"image": "robinmanuelthiel/contosomaintenance-api:latest",
"endpoints": [
{
"name": "http",
"port": 80
},
{
"name": "https",
"port": 443
}
],
"resources": {
"requests": {
"cpu": "0.5",
"memoryInGB": "1"
}
}
}
],
"replicaCount": "1",
"networkRefs": [
{
"name": "[resourceId('Microsoft.ServiceFabricMesh/networks', 'contosomaintenance-network')]"
}
]
}
},
{
"name": "contosomaintenance-bot",
"properties": {
"description": "Contoso Maintenance Chat Bot",
"osType": "Linux",
"codePackages": [
{
"name": "contosomaintenance-bot",
"image": "robinmanuelthiel/contosomaintenance-bot:latest",
"endpoints": [
{
"name": "http",
"port": 80
},
{
"name": "https",
"port": 443
}
],
"resources": {
"requests": {
"cpu": "0.5",
"memoryInGB": "1"
}
}
}
],
"replicaCount": "1",
"networkRefs": [
{
"name": "[resourceId('Microsoft.ServiceFabricMesh/networks', 'contosomaintenance-network')]"
}
]
}
}
]
}
},
{
"apiVersion": "2018-07-01-preview",
"name": "contosomaintenance-network",
"type": "Microsoft.ServiceFabricMesh/networks",
"location": "westeurope",
"dependsOn": [],
"properties": {
"description": "Contoso Maintenance Network",
"addressPrefix": "10.0.0.0/22",
"ingressConfig": {
"layer4": [
{
"name": "contosomaintenance-api-ingress-http",
"publicPort": "20001",
"applicationName": "contosomaintenance",
"serviceName": "contosomaintenance-api",
"endpointName": "http"
},
{
"name": "contosomaintenance-api-ingress-bot",
"publicPort": "20002",
"applicationName": "contosomaintenance",
"serviceName": "contosomaintenance-bot",
"endpointName": "http"
}
]
}
}
}
]
}
更新2018-12-10
新的ApiVersion已经发布(2018-09-01-preview),新的Service暴露方式是使用Gateway资源。可以在 this github thread and this 文档中找到更多信息。
这是一个网关(仅)的片段,在同一应用程序中公开两个服务:
{
"apiVersion": "2018-09-01-preview",
"name": "helloWorldGateway",
"type": "Microsoft.ServiceFabricMesh/gateways",
"location": "[parameters('location')]",
"dependsOn": [
"Microsoft.ServiceFabricMesh/networks/helloWorldNetwork"
],
"properties": {
"description": "Service Fabric Mesh Gateway for HelloWorld sample.",
"sourceNetwork": {
"name": "Open"
},
"destinationNetwork": {
"name": "[resourceId('Microsoft.ServiceFabricMesh/networks', 'helloWorldNetwork')]"
},
"http": [
{
"name": "web",
"port": 81,
"hosts": [
{
"name": "*",
"routes": [
{
"name": "helloRoute",
"match": {
"path": {
"value": "/",
"rewrite": "/",
"type": "Prefix"
}
},
"destination": {
"applicationName": "helloWorldApp",
"serviceName": "helloWorldService",
"endpointName": "helloWorldListener"
}
}
]
}
]
},
{
"name": "kuard",
"port": 82,
"hosts": [
{
"name": "*",
"routes": [
{
"name": "kuardRoute",
"match": {
"path": {
"value": "/",
"rewrite": "/",
"type": "Prefix"
}
},
"destination": {
"applicationName": "helloWorldApp",
"serviceName": "kuardService",
"endpointName": "kuardListener"
}
}
]
}
]
}
],
"tcp": [
{
"name": "web",
"port": 80,
"destination": {
"applicationName": "helloWorldApp",
"serviceName": "helloWorldService",
"endpointName": "helloWorldListener"
}
},
{
"name": "kuard",
"port": 8080,
"destination": {
"applicationName": "helloWorldApp",
"serviceName": "kuardService",
"endpointName": "kuardListener"
}
}
]
}
}
备注:
- 应用程序是相同的 helloWorld 示例,但有额外的服务
- 网关已修改为通过 TCP 和 HTTP 公开不同的端口[=52=]
- 无法再通过网络公开服务(如原始答案中所述)
原答案
目前网络有两大限制:
- 每个应用程序一个网络:您不能在两个网络中有一个应用程序。 source
- 每个服务一个网络入口:当您使用针对多个服务的多个规则定义入口时,只有其中一个可以正常工作,即使在大多数情况下部署成功但没有警告。 source
这些是 public 预览限制,可能已在 GA 中修复。
在这种情况下,如果您需要公开两个服务,您的备选方案是:
- 创建两个网络和两个应用程序:每个具有独立服务的应用程序都部署在自己的网络上,每个服务将有不同的 IP。
- 创建代理服务:使用 NGINX 等解决方案接收所有连接并将请求在内部路由到适当的服务。
- 使用gateway资源:SF Mesh将很快发布基于envoy的网关服务,当可用时将是这种场景的最佳解决方案,它将起作用与上面的 NGINX 方法非常相似,但由 Azure 管理,它还不可用,但很快就会发布。
我正在尝试公开两个服务(Web API 和聊天机器人),它们通过 Service Fabric Mesh 网络的入口控制器在内部打开相同的端口。
运行 下面的定义总是让两个服务之一失败。
我不清楚的地方:
- 这是因为它们都在内部打开相同的端口(80 和 443)吗?
- 这通常是个坏主意吗?我应该使用像 NGINX 这样的反向代理吗?
- 我可以为这两个服务获取两个不同的 IP 地址吗?
文件:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-07-01-preview",
"name": "contosomaintenance",
"type": "Microsoft.ServiceFabricMesh/applications",
"location": "westeurope",
"dependsOn": [
"Microsoft.ServiceFabricMesh/networks/contosomaintenance-network"
],
"properties": {
"services": [
{
"name": "contosomaintenance-api",
"properties": {
"description": "Contoso Maintenance REST API",
"osType": "Linux",
"codePackages": [
{
"name": "contosomaintenance-api",
"image": "robinmanuelthiel/contosomaintenance-api:latest",
"endpoints": [
{
"name": "http",
"port": 80
},
{
"name": "https",
"port": 443
}
],
"resources": {
"requests": {
"cpu": "0.5",
"memoryInGB": "1"
}
}
}
],
"replicaCount": "1",
"networkRefs": [
{
"name": "[resourceId('Microsoft.ServiceFabricMesh/networks', 'contosomaintenance-network')]"
}
]
}
},
{
"name": "contosomaintenance-bot",
"properties": {
"description": "Contoso Maintenance Chat Bot",
"osType": "Linux",
"codePackages": [
{
"name": "contosomaintenance-bot",
"image": "robinmanuelthiel/contosomaintenance-bot:latest",
"endpoints": [
{
"name": "http",
"port": 80
},
{
"name": "https",
"port": 443
}
],
"resources": {
"requests": {
"cpu": "0.5",
"memoryInGB": "1"
}
}
}
],
"replicaCount": "1",
"networkRefs": [
{
"name": "[resourceId('Microsoft.ServiceFabricMesh/networks', 'contosomaintenance-network')]"
}
]
}
}
]
}
},
{
"apiVersion": "2018-07-01-preview",
"name": "contosomaintenance-network",
"type": "Microsoft.ServiceFabricMesh/networks",
"location": "westeurope",
"dependsOn": [],
"properties": {
"description": "Contoso Maintenance Network",
"addressPrefix": "10.0.0.0/22",
"ingressConfig": {
"layer4": [
{
"name": "contosomaintenance-api-ingress-http",
"publicPort": "20001",
"applicationName": "contosomaintenance",
"serviceName": "contosomaintenance-api",
"endpointName": "http"
},
{
"name": "contosomaintenance-api-ingress-bot",
"publicPort": "20002",
"applicationName": "contosomaintenance",
"serviceName": "contosomaintenance-bot",
"endpointName": "http"
}
]
}
}
}
]
}
更新2018-12-10
新的ApiVersion已经发布(2018-09-01-preview),新的Service暴露方式是使用Gateway资源。可以在 this github thread and this 文档中找到更多信息。
这是一个网关(仅)的片段,在同一应用程序中公开两个服务:
{
"apiVersion": "2018-09-01-preview",
"name": "helloWorldGateway",
"type": "Microsoft.ServiceFabricMesh/gateways",
"location": "[parameters('location')]",
"dependsOn": [
"Microsoft.ServiceFabricMesh/networks/helloWorldNetwork"
],
"properties": {
"description": "Service Fabric Mesh Gateway for HelloWorld sample.",
"sourceNetwork": {
"name": "Open"
},
"destinationNetwork": {
"name": "[resourceId('Microsoft.ServiceFabricMesh/networks', 'helloWorldNetwork')]"
},
"http": [
{
"name": "web",
"port": 81,
"hosts": [
{
"name": "*",
"routes": [
{
"name": "helloRoute",
"match": {
"path": {
"value": "/",
"rewrite": "/",
"type": "Prefix"
}
},
"destination": {
"applicationName": "helloWorldApp",
"serviceName": "helloWorldService",
"endpointName": "helloWorldListener"
}
}
]
}
]
},
{
"name": "kuard",
"port": 82,
"hosts": [
{
"name": "*",
"routes": [
{
"name": "kuardRoute",
"match": {
"path": {
"value": "/",
"rewrite": "/",
"type": "Prefix"
}
},
"destination": {
"applicationName": "helloWorldApp",
"serviceName": "kuardService",
"endpointName": "kuardListener"
}
}
]
}
]
}
],
"tcp": [
{
"name": "web",
"port": 80,
"destination": {
"applicationName": "helloWorldApp",
"serviceName": "helloWorldService",
"endpointName": "helloWorldListener"
}
},
{
"name": "kuard",
"port": 8080,
"destination": {
"applicationName": "helloWorldApp",
"serviceName": "kuardService",
"endpointName": "kuardListener"
}
}
]
}
}
备注:
- 应用程序是相同的 helloWorld 示例,但有额外的服务
- 网关已修改为通过 TCP 和 HTTP 公开不同的端口[=52=]
- 无法再通过网络公开服务(如原始答案中所述)
原答案
目前网络有两大限制:
- 每个应用程序一个网络:您不能在两个网络中有一个应用程序。 source
- 每个服务一个网络入口:当您使用针对多个服务的多个规则定义入口时,只有其中一个可以正常工作,即使在大多数情况下部署成功但没有警告。 source
这些是 public 预览限制,可能已在 GA 中修复。
在这种情况下,如果您需要公开两个服务,您的备选方案是:
- 创建两个网络和两个应用程序:每个具有独立服务的应用程序都部署在自己的网络上,每个服务将有不同的 IP。
- 创建代理服务:使用 NGINX 等解决方案接收所有连接并将请求在内部路由到适当的服务。
- 使用gateway资源:SF Mesh将很快发布基于envoy的网关服务,当可用时将是这种场景的最佳解决方案,它将起作用与上面的 NGINX 方法非常相似,但由 Azure 管理,它还不可用,但很快就会发布。