APISIX

介绍 Apache APISIX 是一个动态、实时、高性能的 API 网关。基于 Nginx 和 Etcd 实现。作为 API 网关，APISIX 提供了灵活插件机制、动态上游、动态路由、灰度发布、熔断限流、身份认证、可观测性、Serverless、Wasm等功能。可以处理L4、L7层的流量支持HTTP、HTTPS、TCP、UDP、MQTT、gRPC等协议。安装部署在 kubesphere 中创建一个 Workspace，添加 APISIX Helm Chart 仓库 https://charts.apiseven.com/。然后新建一个 ingress-apisix 的 projects，也就是 namespace。在该 project 下创建一个 apisix App，选择刚才添加的仓库。创建 apisix 会同时创建 APISIX Gateway + Dashboard + Ingress Controller。版本选择 0.10.0 [2.14.1] 我最终的配置： global: imagePullSecrets: [] apisix: enabled: true enableIPv6: true setIDFromPodUID: false customLuaSharedDicts: [] luaModuleHook: enabled: false luaPath: '' hookPoint: '' configMapRef: name: '' mounts: - key: '' path: '' enableCustomizedConfig: false customizedConfig: {} image: repository: apache/apisix pullPolicy: IfNotPresent tag: 2.14.1-alpine kind: Deployment replicaCount: 1 podAnnotations: {} podSecurityContext: {} securityContext: {} podDisruptionBudget: enabled: false minAvailable: 90% maxUnavailable: 1 resources: {} nodeSelector: {} tolerations: [] affinity: {} podAntiAffinity: enabled: false timezone: Asia/Shanghai extraEnvVars: [] nameOverride: '' fullnameOverride: '' gateway: type: NodePort externalTrafficPolicy: Cluster externalIPs: [] http: enabled: true servicePort: 80 containerPort: 9080 tls: enabled: false servicePort: 443 containerPort: 9443 existingCASecret: '' certCAFilename: '' http2: enabled: true stream: enabled: false only: false tcp: [] udp: [] ingress: enabled: false annotations: {} hosts: - host: apisix.local paths: [] tls: [] admin: enabled: true type: ClusterIP externalIPs: [] port: 9180 servicePort: 9180 cors: true credentials: admin: edd1c9f034335f136f87ad84b625c8f1 viewer: 4054f7cf07e344346cd3f287985e76a2 allow: ipList: - 0.0.0.0/0 plugins: - api-breaker - authz-keycloak - basic-auth - batch-requests - consumer-restriction - cors - echo - fault-injection - grpc-transcode - hmac-auth - http-logger - ip-restriction - ua-restriction - jwt-auth - kafka-logger - key-auth - limit-conn - limit-count - limit-req - node-status - openid-connect - authz-casbin - prometheus - proxy-cache - proxy-mirror - proxy-rewrite - redirect - referer-restriction - request-id - request-validation - response-rewrite - serverless-post-function - serverless-pre-function - sls-logger - syslog - tcp-logger - udp-logger - uri-blocker - wolf-rbac - zipkin - traffic-split - gzip - real-ip - ext-plugin-pre-req - ext-plugin-post-req - server-info stream_plugins: - mqtt-proxy - ip-restriction - limit-conn pluginAttrs: {} extPlugin: enabled: false cmd: - /path/to/apisix-plugin-runner/runner - run customPlugins: enabled: true luaPath: /opts/custom_plugins/?.lua plugins: - name: prometheus attrs: export_addr: ip: 0.0.0.0 port: 9091 configMap: name: prometheus mounts: [] updateStrategy: {} extraVolumes: [] extraVolumeMounts: [] discovery: enabled: false registry: null logs: enableAccessLog: true accessLog: /dev/stdout accessLogFormat: >- $remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\" accessLogFormatEscape: default errorLog: /dev/stderr errorLogLevel: warn dns: resolvers: - 127.0.0.1 - 172.20.0.10 - 114.114.114.114 - 223.5.5.5 - 1.1.1.1 - 8.8.8.8 validity: 30 timeout: 5 initContainer: image: busybox tag: 1.28 autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 configurationSnippet: main: '' httpStart: '' httpEnd: '' httpSrv: '' httpAdmin: '' stream: '' serviceMonitor: enabled: false namespace: '' name: '' interval: 15s path: /apisix/prometheus/metrics metricPrefix: apisix_ containerPort: 9091 labels: {} annotations: {} etcd: enabled: true host: - 'http://etcd.host:2379' prefix: /apisix timeout: 30 auth: rbac: create: false user: '' password: '' tls: enabled: false existingSecret: '' certFilename: '' certKeyFilename: '' verify: true sni: '' service: port: 2379 replicaCount: 3 dashboard: enabled: true service: type: NodePort ingress-controller: enabled: true config: apisix: serviceNamespace: ingress-apisix serviceMonitor: enabled: true namespace: ingress-apisix interval: 15s 慢慢等待相关镜像下载运行完成。找到 apisix-dashboard Service 的 Node port 在浏览器中打开进入 dashboard，默认用户名、密码都是 admin。 ...