laoshanxi / app-mesh Goto Github PK

A secure Multi-Tenant, Cloud Native, Micro Service application management platform

License: MIT License

C++ 76.71% Shell 4.41% Dockerfile 0.24% CMake 2.29% Python 8.03% Go 8.21% Makefile 0.08% HTML 0.03%

jwt docker cloud-native consul-client prometheus-exporter loki alertmanager scheduler cron ldap 2fa grafana-datasource service-mesh kubernetes sbom arm64 pypi-package

app-mesh's Introduction

App Mesh

App Mesh is a Multi-Tenant, Cloud Native, Micro Service application management platform, used to manage, schedule and monitor applications. Each app can be a specific microservice for service discovery or a normal app with replication, the app-mesh will guarantee all defined applications run on time with defined behavior and resource requests. The platform can run in standalone or cluster mode, and provide REST APIs, command-line and web-ui.

App Mesh is similar to Kubernetes but much more lightweight, supporting both container apps and native apps.

Features

Feature	Description
Application management	1. Manage independent applications and guard the process running, similar with systemd but more flexible (long/short running, periodic long running, cron schedule, customized day time and error handling control) and comprehensive monitoring (number of starts, return code, error message, health-check) for both native and docker application. 2. Use SDK/CLI run application on a remote host with sync/async mode and fetch result to client. 3. Full control of application lifecycle (cgroup for resource limitation, specific OS user for execution user). 4. Interactive application start support specify input data by pipe and environment variables. 5. All functionality provides by CLI, REST, SDK and WebGUI interface.
Security	⚡️ JWT authentication for CLI and REST interface ⚡️ LDAP support ⚡️ Role based permission control ⚡️ Multi-factor authentication SSL support (ECDH and secure ciphers) for REST http connection Multi-tenant support
Cloud native	Schedule cloud level applications for running on multile hosts with resource size request. ⚡️ Prometheus Exporter (build-in) ⚡️ Grafana SimpleJson datasource ⚡️ Grafana Loki ⚡️ Dockerfile
Micro service application	⚡️ Consul micro-service cluster management
Extra Features	Collect host/app resource usage Remote run shell commands Download/Upload files interface Hot-update support `systemctl reload appmesh` Bash completion Reverse proxy Web GUI
Platform support	X86_64 ARM32 ARM64
SDK	Python Golang

Getting started

The Installation doc introduces how to install App Mesh via docker-compose or native way and setup App Mesh cluster.

Documentation

Comparison

Standalone mode

Feature	App Mesh	Supervisor	crontab
Accuracy	Seconds	Seconds	Minutes
Language	C++11	Python	C
Web GUI	√	√
Command lines	√	√	√
SDK	√
Cron schedule expression	√		√
Manage daemon process			√
Manage docker app	√
Start check (avoid leak)	√	√
Session login
Manage stdout/stderr	√	√
Health check	√
Rich control options	√
Authentication	√	√
Multi-tenant	√		√

Cluster mode

Feature	App Mesh	Kubernetes
Easy deploy	√
More features		√
Non-container app	√
Service expose	√	√
Scheduler	√	√
Definition file	JSON	YAML
GUI	√	√
Virtual Network		√
Monitor tools	√	√

Component diagram

Success

Library dependency

app-mesh's People

Contributors

Stargazers

Watchers

Forkers

xuhm3 hanjiangping lip0091981 yutiansut dicky98 geyaandy simhaonline ibmxianliqi rk801 frederickhou markkun doytsujin gitter-badger hanixnicolas shuhecn zjf984078330 step-security-bot davecarlson

app-mesh's Issues

app view display last run/finish time

Apine Linux image support

Most of the dependency can support Alpine Linux (mainly used for tiny Docker container), but ACE have not support Alpine yet.

Alpine is not glibc but musl libc, see according issue:

DOCGroup/ACE_TAO#914

cgroup support disk limit

LDAP auth support

LDAP Server:
https://github.com/osixia/docker-openldap

docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.5.0

LDAP UI:
https://github.com/osixia/docker-phpLDAPadmin

docker run -p 6443:443 \
        --env PHPLDAPADMIN_LDAP_HOSTS=ldap.example.com \
        --detach osixia/phpldapadmin:0.9.0

Integrate with Prometheus

prepare Prometheus config file

$ echo -n 'global: 
  scrape_interval: 15s
  evaluation_interval: 15s

scrape_configs:
  - job_name: 'prometheus'
    static_configs:
      - targets: ['127.0.0.1:9090']
  - job_name: 'centos7-appmgr'
    scrape_interval: 10s
    static_configs:
      - targets: ['10.1.241.54:6061']
' | tee /opt/prometheus.yml

start Promeeheus container (use host mode networking for container connect host port)

docker run --restart=always -d --net=host --user root --privileged --name prom -v /opt/prometheus.yml:/etc/prometheus/prometheus.yml prom/prometheus

http://10.1.241.54:9090/config

http://10.1.241.54:9090/targets

Cluster management

Target:

Application failover
Master election
Package management (docker could easy for package management)

reduce 3rd party

remote shell output should distinguish stdout and stderr

Current remote shell run will print both stderr and stdout to stdout.

Customerized REST API

Define a REST according to a application

Provide exporter for prometheus

https://github.com/prometheus/mysqld_exporter/

Application support HA

App can register to 2+ hosts for HA.

Introduce Consul to eletion Appmanager Master to schedule Apps.

remove shell hide debug output

appc run can not support env like "ifconfig | grep 127"

"ifconfig | grep 127" will be parse to bellow cause error:
fconfig '|' grep 127

C++11 can not support full regex

GCC4.8.5 can not support regex well, wait to C++14.

docker app allow empty command line input

SSL should not use RC4 cipher

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566

SSL certificate file issue and gernerate when installation

run as sidecar for docker container

add lable feature

appc sh specify user

need passless to self

$ appc sh -u admin -c 'su - -c "oc project"'

no need passless
root switch to admin user with login environment:

$ appc sh -b "10.127.21.1" -c 'su - admin -c "oc get nodes"'

Support centos7 service locate at /usr/lib/systemd/

Reg short running one time app

Support HA

Solutions:

persist configuration file in 3rd storage
configuration file name use a unique file name

short running app add next start time attribute

http authentication support

Add authentication to http request

Multi-tenancy support

Application does not have ownership, it's better to support a tree structure multi tenant, so specific user could see the sub-tree content.

add service shutdown REST and CLI

add a REST to force service exit.

Support redirect to other jwt server for authenticate

build & install enhancement

watchdog.sh support register a args as application
If install in docker container, should support not instsall system service

support dynamic change log level

appc log --level DEBUG

CLI return 0 on success and other code on failure

Failed to connect to any resolved endpoint?

Usage: appc [COMMAND] [ARG...] [flags]
root@quantaxis-PowerEdge-R610:/home/quantaxis# appc view
Failed to connect to any resolved endpoint
root@quantaxis-PowerEdge-R610:/home/quantaxis# appc reg -n ping -c 'ping www.baidu.com' -o 10
Failed to connect to any resolved endpoint
root@quantaxis-PowerEdge-R610:/home/quantaxis#

docker container support start instead of run

add health check script for application

appc reg -n ttt -c "sleep 600" -l "sh -c 'if [[ $$(curl -k --fail https://127.0.0.1:6060/app/ttt/health) != ""0"" ]]; then exit 1; else exit 0;'"

# start consul
$ docker run -d --name=consul --net=host consul

# register service to consul
$ curl -X PUT -d '
{
   "address": "192.168.3.27",
   "checks": [
       {
           "http": "https://192.168.3.27:6060",
           "interval": "5s",
           "method": "GET",
           "tls_skip_verify": true
       }
   ],
   "id": "appmgr192.168.3.27",
   "name": "appmgr192.168.3.27",
   "port": 6060,
   "tags": [
       "appmgr"
   ]
}
'   http://192.168.3.27:8500/v1/agent/service/register