Building a Cloud‑Native Microservice Governance Platform with Alibaba MSE

Background

CPaaS (Cainiao Platform as a Service) is an enterprise‑grade DevOps PaaS built on public‑cloud and cloud‑native principles. It supports cloud‑based R&D, SaaS capabilities, and commercial output that can be deployed on public or private clouds.

Goal

Provide traffic isolation and rapid joint debugging for parallel multi‑branch development.

Implement canary (gray) releases in production to lower change risk.

Enable graceful service up/down to avoid call errors during restarts.

Research Phase

The team first evaluated open‑source SDK approaches. Maintaining custom SDKs required deep knowledge of Spring Cloud, Dubbo, RocketMQ and multiple framework versions, and introduced heavy intrusion into developers' build and deployment pipelines.

After consulting Alibaba middleware experts, they adopted MSE (Microservice Engine), a cloud‑native microservice governance product that offers non‑intrusive, agent‑based integration and capabilities such as service control, tag routing, outlier removal, graceful shutdown, and microservice testing.

Implementation Scenarios

Project Environment (Traffic Isolation)

In multi‑branch development, each branch needs an isolated traffic path. Using MSE tag‑routing, the team assigned distinct deployment tags (e.g., joint1 and joint2) to the containers of each branch. The Kubernetes Ingress routes requests based on the x-mse-tag header, ensuring that traffic is confined to the corresponding branch environment.

Service Testing

MSE provides a microservice testing platform that can be integrated into the PaaS. Developers can perform self‑tests without building a custom framework. Tests can target services by provider IP, complementing the traffic‑isolation strategy.

Gray Release Environment

The gray‑release environment reduces the risk of online version upgrades by gradually routing traffic. Using MSE tag routing, the team implemented gray releases for HTTP ingress and RPC calls, covering entry points such as HTTP gateways, downstream RPC calls, MQ consumers, and task schedulers.

Four typical gray‑release scenarios were realized with MSE, as shown in the diagrams.

Future Plans

Adopting MSE has eliminated duplicated effort at the PaaS layer. The team plans to extend capabilities to outlier removal, service list exposure, authentication, and local debugging deployment, aiming to further lower operational costs, improve observability, and enhance service availability.