apache/apisix: The Cloud-Native API Gateway

标签: | 发表时间:2021-08-08 20:34 | 作者:
出处:https://github.com

Apache APISIX

APISIX logo

Build Status License

Apache APISIXis a dynamic, real-time, high-performance API gateway.

APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more.

You can use Apache APISIX to handle traditional north-south traffic, as well as east-west traffic between services. It can also be used as a k8s ingress controller.

The technical architecture of Apache APISIX:

Technical architecture of Apache APISIX

Community

Features

You can use Apache APISIX as a traffic entrance to process all business data, including dynamic routing, dynamic upstream, dynamic certificates, A/B testing, canary release, blue-green deployment, limit rate, defense against malicious attacks, metrics, monitoring alarms, service observability, service governance, etc.

  • All platforms

    • Cloud-Native: Platform agnostic, No vendor lock-in, APISIX can run from bare-metal to Kubernetes.
    • Run Environment: Both OpenResty and Tengine are supported.
    • Supports ARM64: Don't worry about the lock-in of the infra technology.
  • Multi protocols

    • TCP/UDP Proxy: Dynamic TCP/UDP proxy.
    • Dubbo Proxy: Dynamic HTTP to Dubbo proxy.
    • Dynamic MQTT Proxy: Supports to load balance MQTT by client_id, both support MQTT 3.1.*, 5.0.
    • gRPC proxy: Proxying gRPC traffic.
    • gRPC transcoding: Supports protocol transcoding so that clients can access your gRPC API by using HTTP/JSON.
    • Proxy Websocket
    • Proxy Protocol
    • Proxy Dubbo: Dubbo Proxy based on Tengine.
    • HTTP(S) Forward Proxy
    • SSL: Dynamically load an SSL certificate.
  • Full Dynamic

    • Hot Updates And Hot Plugins: Continuously updates its configurations and plugins without restarts!
    • Proxy Rewrite: Support rewrite the host, uri, schema, enable_websocket, headersof the request before send to upstream.
    • Response Rewrite: Set customized response status code, body and header to the client.
    • Serverless: Invoke functions in each phase in APISIX.
    • Dynamic Load Balancing: Round-robin load balancing with weight.
    • Hash-based Load Balancing: Load balance with consistent hashing sessions.
    • Health Checks: Enable health check on the upstream node and will automatically filter unhealthy nodes during load balancing to ensure system stability.
    • Circuit-Breaker: Intelligent tracking of unhealthy upstream services.
    • Proxy Mirror: Provides the ability to mirror client requests.
    • Traffic Split: Allows users to incrementally direct percentages of traffic between various upstreams.
  • Fine-grained routing

  • Security

  • OPS friendly

    • Zipkin tracing: Zipkin
    • Open source APM: support Apache SkyWalking
    • works with external service discovery:In addition to the built-in etcd, it also supports Consuland Nacos, and Eureka
    • Monitoring And Metrics: Prometheus
    • Clustering: APISIX nodes are stateless, creates clustering of the configuration center, please refer to etcd Clustering Guide.
    • High availability: Support to configure multiple etcd addresses in the same cluster.
    • Dashboard
    • Version Control: Supports rollbacks of operations.
    • CLI: start\stop\reload APISIX through the command line.
    • Stand-Alone: Supports to load route rules from local YAML file, it is more friendly such as under the kubernetes(k8s).
    • Global Rule: Allows to run any plugin for all request, eg: limit rate, IP filter etc.
    • High performance: The single-core QPS reaches 18k with an average delay of fewer than 0.2 milliseconds.
    • Fault Injection
    • REST Admin API: Using the REST Admin API to control Apache APISIX, which only allows 127.0.0.1 access by default, you can modify the allow_adminfield in conf/config.yamlto specify a list of IPs that are allowed to call the Admin API. Also, note that the Admin API uses key auth to verify the identity of the caller. The admin_keyfield in conf/config.yamlneeds to be modified before deployment to ensure security.
    • External Loggers: Export access logs to external log management tools. ( HTTP Logger, TCP Logger, Kafka Logger, UDP Logger)
    • Helm charts
  • Highly scalable

    • Custom plugins: Allows hooking of common phases, such as rewrite, access, header filter, body filterand log, also allows to hook the balancerstage.
    • Plugin can be writtern in Java/Go
    • Custom load balancing algorithms: You can use custom load balancing algorithms during the balancerphase.
    • Custom routing: Support users to implement routing algorithms themselves.

Get Started

  1. Installation

APISIX Installed and tested in the following systems:

CentOS 7, Ubuntu 16.04, Ubuntu 18.04, Debian 9, Debian 10, macOS, ARM64Ubuntu 18.04

Please refer to install documentation.

  1. Getting started

    The getting started guide is a great way to learn the basics of APISIX. Just follow the steps in Getting Started.

    Further, you can follow the documentation to try more plugins.

  2. Admin API

    Apache APISIX provides REST Admin APIto dynamically control the Apache APISIX cluster.

  3. Plugin development

    You can refer to plugin development guide, and sample plugin example-plugin's code implementation. Reading plugin conceptwould help you learn more about the plugin.

For more documents, please refer to Apache APISIX Documentation site

Benchmark

Using AWS's eight-core server, APISIX's QPS reaches 140,000 with a latency of only 0.2 ms.

Benchmark script, test method and processhas been open source, welcome to try and contribute.

Apache APISIX vs. Kong

Both of them have been covered core features of API gateway

Features Apache APISIX KONG
Dynamic upstream Yes Yes
Dynamic router Yes Yes
Health check Yes Yes
Dynamic SSL Yes Yes
L4 and L7 proxy Yes Yes
Opentracing Yes Yes
Custom plugin Yes Yes
REST API Yes Yes
CLI Yes Yes

The advantages of Apache APISIX

Features Apache APISIX Kong
Belongs to Apache Software Foundation Kong Inc.
Tech Architecture Nginx + etcd Nginx + Postgres
Communication channels Mail list, Wechat group, QQ group, GitHub, Slack, meetup GitHub, Freenode, forum
Single-core CPU, QPS(enable limit-count and Prometheus plugins) 18000 1700
Latency 0.2 ms 2 ms
Dubbo Yes No
Configuration rollback Yes No
Route with TTL Yes No
Plug-in hot loading Yes No
Custom LB and route Yes No
REST API <--> gRPC transcoding Yes No
Tengine Yes No
MQTT Yes No
Configuration effective time Event-driven, < 1ms polling, 5 seconds
Dashboard Yes No
IdP Yes No
Configuration Center HA Yes No
Speed limit for a specified time window Yes No
Support any Nginx variable as routing condition Yes No

Benchmark comparison test details data

Contributor Over Time

visit hereto generate Contributor Over Time.

Contributor over time

Videos And Articles

User Stories

Who Uses APISIX?

A wide variety of companies and organizations use APISIX for research, production and commercial product, including:

Users are encouraged to add themselves to the Powered Bypage.

Landscape

  

APISIX enriches the CNCF API Gateway Landscape.

Logos

Acknowledgments

Inspired by Kong and Orange.

License

Apache 2.0 License

相关 [apache apisix the] 推荐:

apache/apisix: The Cloud-Native API Gateway

- -
Health Checks: Enable health check on the upstream node and will automatically filter unhealthy nodes during load balancing to ensure system stability..

Apache APISIX 在雪球双活架构演进中的生产与实践

- - 掘金 架构
本文整理自雪球基础组件团队在 Apache APISIX Summit ASIA 2022 上的分享. 雪球的愿景是做「中国人首选的在线财富管理平台」,为投资者提供优质内容、实时行情、交易工具、财富管理等多种服务. 其中实时行情服务对接了多种上游数据源,通过数据流式计算、存储、分发,为投资者提供稳定的数据服务.

Apache Shiro 介绍

- - CSDN博客推荐文章
什么是Apache Shiro?. Apache shiro 是一个强大而灵活的开源安全框架,可清晰地处理身份认证、授权、会话(session)和加密. Apache Shiro最主要的初衷是为了易用和易理解,处理安全问题可能非常复杂甚至非常痛苦,但并非一定要如此. 一个框架应该尽可能地将复杂的问题隐藏起来,提供清晰直观的API使开发者可以很轻松地开发自己的程序安全代码.

Apache Derby Papers

- -
Derby Type System (Note: if your browser shows HTML source for this page instead of displaying it, save the file locally with . It will prompt you to click on "Grant license to ASF for inclusion in ASF works", and this is the permission we need in place to host your contribution on the Derby web site..

Apache防止攻击

- - 小彰
为了防止恶意用户对Apache进行攻击,我们需要安装mod_security这个安全模块. mod_security 1.9.x模块的下载与安装. 下载地址: http://www.modsecurity.org/download/index.html. 建议使用1.9.x,因为2.x的配置指令与1.x完全不同,解压后进入解压目录,执行:.

Apache OpenOffice 3.4发布

- - Solidot
Apache OpenOffice的第一个版本v3.4正式发布. 主要新特性包括:改进ODF支持,包括ODF 1.2加密选项和新电子表格功能;改进Calc组件的数据透视表(Pivot Table)支持;原生支持SVG,增强图形如线帽和剪切变形;简体和繁体中文等原生语言支持;改进性能等. 在甲骨文将OpenOffice.org捐给Apache软件基金会后,OOo的命运曾存在许多争议.

Apache PDFBox 1.8.0 发布

- - 开源中国社区最新新闻
Apache PDFBox 1.8.0 发布了,该版本除了修复大量 bug 之外,还包含如下新特性:. PDFBox是Java实现的PDF文档协作类库,提供PDF文档的创建、处理以及文档内容提取功能,也包含了一些命令行实用工具. PDF 文档加密与解密. 与 Lucene搜索引擎的集成. 填充PDF/XFDF表单数据.

Apache Log4j 2.0介绍

- - CSDN博客推荐文章
Apache Log4j 2.0介绍. 作者:chszs,转载需注明. 作者博客主页:http://blog.csdn.net/chszs. Apache Log4j是著名的Java日志框架之一,在早些年应用最广. 但近两年来,随着SLF4J和LogBack的兴起,很多流行的开源框架在日志模块方面逐步转移到SLF4J+LogBack上,Log4j日渐衰落.

Apache 的 MaxClients 與 MaxRequestsPerChild

- - SSORC.tw
對於 Apache 架設的伺服器,在遇到連線數問題上,以下參數是會考慮微調的. 不過遇到多個 VirtualHost 與連線變多時,需要適時調整. ServerLimit 與 MaxClients 是針對同時間最大連線數為多少,也等於是 Apache 程序數量,ps 一下就會有多少個 /usr/sbin/httpd 等.

apache 工作模式

- - 互联网 - ITeye博客
如果httpd -l列出prefork.c. 则表示是 prefork 工作方式. 这表明当前apache2的工作方式是 prefork. prefork的工作原理是,控制进程在最初建立“StartServers”个子进程后,为了满足MinSpareServers设置的需要创建一个进程,等待一秒钟,继续创建两个,再等待一秒钟,继续创建四个……如此按指数级增加创建的进程数,最多达到每秒32个,直到满足MinSpareServers设置的值为止.