微服务架构实战 #
一、架构概述 #
1.1 微服务架构 #
text
微服务架构:
┌─────────────────────────────────────────────────────────────┐
│ 用户 │
└───────────────────────────┬─────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ API Gateway │
│ (统一入口) │
└───────────────────────────┬─────────────────────────────────┘
│
┌─────────────┼─────────────┐
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ 用户服务 │ │ 订单服务 │ │ 商品服务 │
│ (User) │ │ (Order) │ │ (Product) │
│ ECS/EKS │ │ ECS/EKS │ │ ECS/EKS │
└────────┬────────┘ └────────┬────────┘ └────────┬────────┘
│ │ │
└───────────────────┼───────────────────┘
│
┌──────────────┼──────────────┐
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ 用户数据库 │ │ 订单数据库 │ │ 商品数据库 │
│ (RDS) │ │ (DynamoDB) │ │ (RDS) │
└─────────────────┘ └─────────────────┘ └─────────────────┘
1.2 核心组件 #
text
微服务核心组件:
├── 容器编排
│ ├── ECS (Elastic Container Service)
│ └── EKS (Elastic Kubernetes Service)
│
├── 服务发现
│ ├── Cloud Map
│ └── Service Connect
│
├── 配置管理
│ ├── Parameter Store
│ └── Secrets Manager
│
├── 通信
│ ├── 同步:HTTP/REST
│ └── 异步:SNS/SQS/EventBridge
│
└── 可观测性
├── CloudWatch
├── X-Ray
└── OpenTelemetry
二、ECS集群配置 #
2.1 创建ECS集群 #
bash
aws ecs create-cluster \
--cluster-name microservices-cluster \
--configuration execute-configuration
2.2 创建任务定义 #
json
{
"family": "user-service",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512",
"executionRoleArn": "arn:aws:iam::123456789012:role/ecsTaskExecutionRole",
"taskRoleArn": "arn:aws:iam::123456789012:role/ecsTaskRole",
"containerDefinitions": [{
"name": "user-service",
"image": "123456789012.dkr.ecr.us-east-1.amazonaws.com/user-service:latest",
"essential": true,
"portMappings": [{
"containerPort": 8080,
"protocol": "tcp"
}],
"environment": [
{"name": "DB_HOST", "value": "user-db.xxxxx.us-east-1.rds.amazonaws.com"},
{"name": "DB_NAME", "value": "users"}
],
"secrets": [
{"name": "DB_PASSWORD", "valueFrom": "arn:aws:secretsmanager:us-east-1:123456789012:secret:user-db-password"}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/user-service",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}]
}
2.3 创建服务 #
bash
aws ecs create-service \
--cluster microservices-cluster \
--service-name user-service \
--task-definition user-service \
--desired-count 2 \
--launch-type FARGATE \
--network-configuration "awsvpcConfiguration={subnets=[subnet-12345678],securityGroups=[sg-12345678],assignPublicIp=DISABLED}" \
--load-balancers "targetGroupArn=arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/user-service/12345678,containerName=user-service,containerPort=8080"
三、服务发现 #
3.1 Cloud Map配置 #
bash
aws servicediscovery create-private-dns-namespace \
--name microservices.local \
--vpc vpc-12345678
aws servicediscovery create-service \
--name user-service \
--namespace-id ns-12345678 \
--dns-config "DnsRecords=[{Type=A,TTL=10}]" \
--health-check-custom-config "FailureThreshold=1"
3.2 服务发现集成 #
bash
aws ecs create-service \
--cluster microservices-cluster \
--service-name user-service \
--service-registries "registryArn=arn:aws:servicediscovery:us-east-1:123456789012:service/srv-12345678"
3.3 服务间通信 #
javascript
const axios = require('axios');
const USER_SERVICE_URL = 'http://user-service.microservices.local:8080';
async function getUser(userId) {
const response = await axios.get(`${USER_SERVICE_URL}/users/${userId}`);
return response.data;
}
async function createUser(userData) {
const response = await axios.post(`${USER_SERVICE_URL}/users`, userData);
return response.data;
}
四、配置管理 #
4.1 Parameter Store #
bash
aws ssm put-parameter \
--name "/microservices/user-service/db-host" \
--value "user-db.xxxxx.us-east-1.rds.amazonaws.com" \
--type String
aws ssm put-parameter \
--name "/microservices/user-service/api-key" \
--value "secret-api-key" \
--type SecureString
4.2 Secrets Manager #
bash
aws secretsmanager create-secret \
--name microservices/user-service/db-credentials \
--secret-string '{"username":"admin","password":"MyPassword123!"}'
4.3 在容器中使用 #
json
{
"containerDefinitions": [{
"name": "user-service",
"secrets": [
{
"name": "DB_CREDENTIALS",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456789012:secret:microservices/user-service/db-credentials"
}
]
}]
}
五、异步通信 #
5.1 SNS主题 #
bash
aws sns create-topic \
--name order-created \
--tags Key=Service,Value=order-service
5.2 SQS队列 #
bash
aws sqs create-queue \
--queue-name order-processing \
--attributes VisibilityTimeout=300
5.3 事件发布 #
javascript
const AWS = require('aws-sdk');
const sns = new AWS.SNS();
async function publishOrderCreated(order) {
await sns.publish({
TopicArn: 'arn:aws:sns:us-east-1:123456789012:order-created',
Message: JSON.stringify(order),
MessageAttributes: {
'orderType': {
DataType: 'String',
StringValue: order.type
}
}
}).promise();
}
5.4 事件消费 #
javascript
const AWS = require('aws-sdk');
const sqs = new AWS.SQS();
async function processMessages() {
const result = await sqs.receiveMessage({
QueueUrl: 'https://sqs.us-east-1.amazonaws.com/123456789012/order-processing',
MaxNumberOfMessages: 10,
WaitTimeSeconds: 20
}).promise();
if (result.Messages) {
for (const message of result.Messages) {
const order = JSON.parse(message.Body);
await processOrder(order);
await sqs.deleteMessage({
QueueUrl: 'https://sqs.us-east-1.amazonaws.com/123456789012/order-processing',
ReceiptHandle: message.ReceiptHandle
}).promise();
}
}
}
六、API Gateway集成 #
6.1 创建API #
yaml
Resources:
UserApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: User Service API
Description: API for User microservice
UserResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref UserApi
ParentId: !GetAtt UserApi.RootResourceId
PathPart: users
UserMethod:
Type: AWS::ApiGateway::Method
Properties:
RestApiId: !Ref UserApi
ResourceId: !Ref UserResource
HttpMethod: GET
AuthorizationType: NONE
Integration:
Type: HTTP_PROXY
IntegrationHttpMethod: GET
Uri: http://user-service.microservices.local:8080/users
七、可观测性 #
7.1 CloudWatch Container Insights #
bash
aws ecs put-cluster-setting \
--cluster microservices-cluster \
--settings name=containerInsights,value=enabled
7.2 X-Ray追踪 #
json
{
"containerDefinitions": [{
"name": "xray-daemon",
"image": "amazon/aws-xray-daemon",
"essential": true,
"portMappings": [{
"containerPort": 2000,
"protocol": "udp"
}]
}]
}
7.3 分布式追踪代码 #
javascript
const AWSXRay = require('aws-xray-sdk');
const axios = AWSXRay.captureHTTPs(require('axios'));
AWSXRay.captureAWS(require('aws-sdk'));
app.use(AWSXRay.express.openSegment('user-service'));
app.get('/users/:id', async (req, res) => {
const segment = AWSXRay.getSegment();
segment.addAnnotation('userId', req.params.id);
const user = await getUser(req.params.id);
res.json(user);
});
app.use(AWSXRay.express.closeSegment());
八、CI/CD流水线 #
8.1 CodePipeline配置 #
yaml
Resources:
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: user-service-pipeline
RoleArn: !GetAtt PipelineRole.Arn
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: 1
Configuration:
RepositoryName: user-service
BranchName: main
OutputArtifacts:
- Name: SourceCode
- Name: Build
Actions:
- Name: Build
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: 1
Configuration:
ProjectName: !Ref BuildProject
InputArtifacts:
- Name: SourceCode
OutputArtifacts:
- Name: BuildOutput
- Name: Deploy
Actions:
- Name: Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: ECS
Version: 1
Configuration:
ClusterName: microservices-cluster
ServiceName: user-service
InputArtifacts:
- Name: BuildOutput
九、最佳实践 #
9.1 服务设计 #
text
服务设计原则:
├── 单一职责
│ └── 每个服务只做一件事
│
├── 独立部署
│ └── 服务可独立部署和扩展
│
├── 松耦合
│ └── 服务间通过API或消息通信
│
├── 数据隔离
│ └── 每个服务有自己的数据库
│
└── 故障隔离
└── 一个服务故障不影响其他服务
9.2 容器最佳实践 #
text
容器最佳实践:
├── 镜像优化
│ ├── 使用多阶段构建
│ └── 最小化镜像大小
│
├── 健康检查
│ ├── 配置健康检查端点
│ └── 设置合理的超时
│
├── 资源限制
│ ├── 设置CPU和内存限制
│ └── 避免资源争抢
│
├── 日志管理
│ ├── 统一日志格式
│ └── 使用结构化日志
│
└── 配置外置
├── 使用环境变量
└── 使用配置服务
十、小结 #
本章介绍了微服务架构实战:
| 内容 | 要点 |
|---|---|
| ECS配置 | 集群、任务定义、服务 |
| 服务发现 | Cloud Map、服务间通信 |
| 配置管理 | Parameter Store、Secrets Manager |
| 异步通信 | SNS、SQS、EventBridge |
| 可观测性 | CloudWatch、X-Ray |
下一步学习 #
完成微服务架构后,接下来可以:
- 安全最佳实践 - 加强安全配置
- Lambda无服务器 - 学习无服务器计算
- VPC高级配置 - 学习网络配置
最后更新:2026-03-28