Microservices in the Cloud‑Native Era: Architecture, Traffic Management & Security

1. Microservice Architecture and Cloud Native

Microservices emerged around 2010, initially running on traditional IDC or physical machines as distributed systems. With the shift to cloud computing, the first step was cloud hosting, moving workloads from physical servers to virtual machines (Lift‑and‑Shift) and leveraging elastic scaling.

In the cloud‑native era, microservices aim to integrate tightly with cloud services and platforms, optimizing resource usage and improving development and operations efficiency.

2. Microservices and Cloud Native

The relationship between microservices and cloud native can be examined from four aspects: lifecycle management, traffic governance, programming model, and trusted security.

Lifecycle Management

Microservices decompose a monolithic application into many small services that depend on each other and are deployed across multiple resources, forming a complex mesh. Over 50% of enterprises consider lifecycle management the biggest challenge due to this complexity.

Containers and container platforms (e.g., Kubernetes) standardize deployment, providing unified DNS, health checks, and automated scaling, which simplifies lifecycle and operational management.

Kubernetes introduces the pod concept—a group of containers sharing a lifecycle. Sidecar containers can add auxiliary functions such as logging, proxying, or authentication, giving microservices additional capabilities.

Traffic Governance

Microservices require communication and coordination, which brings traffic management challenges like service discovery, load balancing, and fault tolerance. Frameworks such as Spring Cloud, Go‑Micro, and Alibaba's HSF provide these capabilities.

Service Mesh (e.g., Envoy + Istio) abstracts traffic management into a sidecar process deployed alongside each pod, handling routing, security, and observability via a control plane.

Programming Model

The request‑driven model separates request handling from business logic, standardizing incoming requests, routing them, and scaling processing units independently, resembling Serverless architectures.

Distributed runtimes aim for multi‑language support, portability, and fast startup. Dapr exemplifies this by exposing lightweight HTTP and gRPC APIs, abstracting middleware functions into sidecars, and integrating with various back‑ends such as Kafka, Redis, and tracing systems.

Trusted Security

Microservices communicate over networks that may not be fully trusted. Instead of assuming a trusted network, each service should present an identity and be authenticated, similar to HTTPS certificates.

Establishing a platform‑level trust chain (e.g., using SPIFFE) enables secure inter‑service communication across heterogeneous environments.

EDAS

Alibaba Cloud's EDAS has evolved into a cloud‑native PaaS, offering container lifecycle management, microservice governance, observability, and secure traffic control, allowing users to adopt cloud‑native microservices without building the underlying platform.

Characteristics of Cloud‑Native Microservices

Platform‑centric: leverage the cloud as a platform.

Standardized deployment, operation, and communication.

Lightweight: developers focus on core business logic.

Productized: microservice capabilities are offered as easy‑to‑use products.

Open‑Source Microservice Framework Activity Report (2020)

Analysis of GitHub activity from Jan to Jun 2020 shows that projects like Quarkus, Spring Cloud (especially Spring Cloud Alibaba), Dubbo, and Dapr are highly active in the cloud‑native microservice space.