Ambassador 模式架构
Architecture
Ambassador 模式架构图,本地代理边车处理身份验证头注入、熔断、重试逻辑和对外部第三方 API 出站请求的指标收集。该模板模拟 Ambassador 模式,与应用一起运行的辅助服务卸载外部通信的横切关注点。适合与需要弹性包装器的不可靠第三方服务集成的团队。
微服务服务网格架构
Architecture
服务网格架构图,展示 Istio 或 Linkerd 边车代理处理 mTLS 加密、流量策略、熔断器和跨微服务的分布式追踪。该模板可视化服务网格如何将网络关注点从应用代码中抽象出来,实现服务间的零信任通信。对于采用服务网格基础设施以提升可观测性和安全性的团队至关重要。
完整 FlowZap 代码
Ingress { # Ingress Controller
n1: circle label:"External Traffic"
n2: rectangle label:"TLS Termination"
n3: rectangle label:"Route to Service Mesh"
n1.handle(right) -> n2.handle(left)
n2.handle(right) -> n3.handle(left)
n3.handle(bottom) -> Mesh.n4.handle(top) [label="Enter Mesh"]
}
Mesh { # Service Mesh (Istio/Linkerd)
n4: rectangle label:"Sidecar Proxy Intercept"
n5: rectangle label:"mTLS Encryption"
n6: rectangle label:"Traffic Policy Check"
n7: diamond label:"Circuit Breaker Open?"
n8: rectangle label:"Load Balance Request"
n9: rectangle label:"Return Fallback"
n10: rectangle label:"Collect Telemetry"
n11: rectangle label:"Distributed Tracing"
n4.handle(right) -> n5.handle(left)
n5.handle(right) -> n6.handle(left)
n6.handle(right) -> n7.handle(left)
n7.handle(right) -> n8.handle(left) [label="Closed"]
n7.handle(bottom) -> n9.handle(top) [label="Open"]
n8.handle(bottom) -> Services.n12.handle(top) [label="Forward"]
n9.handle(bottom) -> Services.n18.handle(top) [label="Fallback"]
n10.handle(right) -> n11.handle(left)
}
Services { # Backend Services
n12: rectangle label:"Product Catalog Service"
n13: rectangle label:"Pricing Service"
n14: rectangle label:"Recommendation Engine"
n15: rectangle label:"Response Aggregation"
n16: rectangle label:"Sidecar Proxy Egress"
n17: circle label:"Response to Client"
n18: rectangle label:"Cached Fallback Response"
n12.handle(right) -> n13.handle(left) [label="Get Prices"]
n13.handle(right) -> n14.handle(left) [label="Enrich"]
n14.handle(right) -> n15.handle(left)
n15.handle(right) -> n16.handle(left)
n16.handle(right) -> n17.handle(left)
n18.handle(right) -> n16.handle(left) [label="Stale Data"]
n16.handle(top) -> Mesh.n10.handle(bottom) [label="Metrics"]
}
为什么需要这个工作流?
As microservices scale beyond a dozen services, managing mTLS certificates, traffic policies, retries, and observability at the application level becomes unsustainable. A service mesh moves these concerns into infrastructure-level sidecar proxies, giving platform teams centralized control over service-to-service communication without requiring application code changes.
工作原理
- Step 1: External traffic enters through the ingress controller with TLS termination.
- Step 2: The sidecar proxy intercepts all inbound and outbound traffic for the service.
- Step 3: mTLS encryption is applied automatically between all services in the mesh.
- Step 4: Traffic policies and circuit breaker rules are enforced at the proxy level.
- Step 5: Requests are load-balanced across healthy service instances.
- Step 6: Telemetry data (metrics, traces) is collected by the sidecar and exported to the observability stack.
替代方案
Implementing mTLS and circuit breaking in application code is error-prone and language-dependent. Managed service meshes like AWS App Mesh or GCP Traffic Director reduce operational overhead. This template helps teams understand the service mesh topology before adopting Istio or Linkerd.
Key Facts
| Template Name | 微服务服务网格架构 |
| Category | Architecture |
| Steps | 6 workflow steps |
| Format | FlowZap Code (.fz file) |
相关模板
微服务 API 网关架构
Architecture
微服务 API 网关架构图,展示请求路由、JWT 身份验证、速率限制、服务发现以及跨分布式后端服务的响应聚合。该模板模拟微服务生态系统中所有客户端流量的入口点,在请求到达内部服务之前执行安全策略。适合设计具有集中式横切关注点的可扩展 API 基础设施的平台工程师。
微服务每服务独立数据库架构
Architecture
每服务独立数据库架构图,每个微服务拥有其专用数据存储,通过 Kafka 进行事件驱动同步以实现跨服务数据一致性。该模板展示了微服务数据隔离的核心原则,展示 PostgreSQL 和 MongoDB 如何在多语言持久化策略中共存。对于在保持最终一致性的同时强制服务自治的架构师至关重要。
按业务能力分解微服务架构
Architecture
按业务能力组织的微服务分解架构图:身份认证、产品目录、定价和订单履行,每个都有独立的数据存储和 API。该模板展示如何将单体应用拆分为与业务领域对齐的服务,使用 Backend-for-Frontend (BFF) 模式进行客户端特定的聚合。适合规划领域驱动微服务边界的架构师。
微服务绞杀者模式迁移架构
Architecture
绞杀者模式迁移架构图,展示使用路由层在新旧系统之间分流流量,逐步用新微服务替换遗留单体应用。该模板模拟经过验证的迁移策略,新功能作为微服务构建,遗留端点逐步退役。对于在不进行高风险大爆炸重写的情况下现代化遗留系统的团队至关重要。