第三章:APISIX 部署与配置¶
Apache APISIX 是国产开源的云原生 API 网关,性能优异,功能丰富。
架构¶
┌─────────────────────────────────────────────────────────────┐
│ APISIX 架构 │
├─────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ APISIX Gateway │ │
│ │ ┌─────────────────────────────────────────────┐ │ │
│ │ │ OpenResty + Lua │ │ │
│ │ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │ │
│ │ │ │ Router │ │ Plugins │ │ Balancer│ │ │ │
│ │ │ └─────────┘ └─────────┘ └─────────┘ │ │ │
│ │ └─────────────────────────────────────────────┘ │ │
│ └─────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ etcd (配置存储) │ │
│ │ - 路由配置 │ │
│ │ - 服务发现 │ │
│ │ - 插件配置 │ │
│ └─────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────┘
部署方式¶
Docker 部署¶
# 部署 etcd
docker run -d --name etcd \
-p 2379:2379 \
-p 2380:2380 \
-e ALLOW_NONE_AUTHENTICATION=yes \
bitnami/etcd:3.5
# 部署 APISIX
docker run -d --name apisix \
-p 9080:9080 \
-p 9443:9443 \
-e APISIX_STAND_ALONE=true \
apache/apisix:3.6
Docker Compose¶
version: "3"
services:
etcd:
image: bitnami/etcd:3.5
environment:
- ALLOW_NONE_AUTHENTICATION=yes
ports:
- "2379:2379"
apisix:
image: apache/apisix:3.6
volumes:
- ./config.yaml:/usr/local/apisix/conf/config.yaml
ports:
- "9080:9080"
- "9443:9443"
depends_on:
- etcd
apisix-dashboard:
image: apache/apisix-dashboard:3.0
volumes:
- ./dashboard.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
ports:
- "9000:9000"
depends_on:
- etcd
Kubernetes 部署¶
# 使用 Helm
helm repo add apisix https://charts.apiseven.com
helm repo update
helm install apisix apisix/apisix \
--namespace apisix \
--create-namespace \
--set gateway.type=LoadBalancer \
--set admin.allow.ipList="{0.0.0.0/0}"
配置文件¶
# config.yaml
apisix:
node_listen: 9080
ssl:
enable: true
listen: 9443
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "http://etcd:2379"
prefix: "/apisix"
plugin_attr:
prometheus:
enable_exporter: true
exporter_addr:
ip: "0.0.0.0"
port: 9091
核心概念¶
Route¶
定义请求路由规则:
# 创建 Route
curl -i -X PUT http://localhost:9180/apisix/admin/routes/1 \
-H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
-d '{
"uri": "/api/users/*",
"methods": ["GET", "POST"],
"upstream": {
"type": "roundrobin",
"nodes": {
"user-service:8080": 1
}
}
}'
Upstream¶
定义后端服务:
# 创建 Upstream
curl -i -X PUT http://localhost:9180/apisix/admin/upstreams/1 \
-H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
-d '{
"name": "user-service",
"type": "roundrobin",
"nodes": {
"user-service-1:8080": 1,
"user-service-2:8080": 1
},
"checks": {
"active": {
"http_path": "/health",
"healthy": {
"interval": 5,
"successes": 2
}
}
}
}'
Service¶
服务抽象:
# 创建 Service
curl -i -X PUT http://localhost:9180/apisix/admin/services/1 \
-H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
-d '{
"name": "user-service",
"upstream_id": "1",
"plugins": {
"limit-count": {
"count": 100,
"time_window": 60,
"rejected_code": 429
}
}
}'
Consumer¶
消费者:
# 创建 Consumer
curl -i -X PUT http://localhost:9180/apisix/admin/consumers/1 \
-H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
-d '{
"username": "client-app",
"plugins": {
"key-auth": {
"key": "app-secret-key"
}
}
}'
插件配置¶
认证插件¶
# JWT 认证
curl -i -X PUT http://localhost:9180/apisix/admin/routes/1 \
-H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
-d '{
"uri": "/api/*",
"plugins": {
"jwt-auth": {
"key": "app-key",
"secret": "app-secret"
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"backend:8080": 1
}
}
}'
限流插件¶
# 请求限流
curl -i -X PUT http://localhost:9180/apisix/admin/routes/1 \
-H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
-d '{
"uri": "/api/*",
"plugins": {
"limit-count": {
"count": 100,
"time_window": 60,
"key_type": "var",
"key": "remote_addr",
"rejected_code": 429,
"policy": "local"
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"backend:8080": 1
}
}
}'
熔断插件¶
# 熔断器
curl -i -X PUT http://localhost:9180/apisix/admin/routes/1 \
-H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
-d '{
"uri": "/api/*",
"plugins": {
"api-breaker": {
"break_response_code": 503,
"unhealthy": {
"http_statuses": [500, 502, 503, 504],
"failures": 3
},
"healthy": {
"http_statuses": [200],
"successes": 3
}
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"backend:8080": 1
}
}
}'
APISIX Dashboard¶
访问 Dashboard¶
# 端口转发
kubectl port-forward -n apisix svc/apisix-dashboard 9000:9000
# 访问
open http://localhost:9000
Dashboard 功能¶
- 路由管理:可视化配置路由
- 服务管理:管理上游服务
- 插件市场:启用和配置插件
- 监控面板:查看运行状态
服务发现¶
Kubernetes 服务发现¶
Nacos 服务发现¶
小结¶
APISIX 部署要点:
- 部署方式:Docker、Kubernetes
- 核心概念:Route、Upstream、Service、Consumer
- 插件配置:认证、限流、熔断
- Dashboard:可视化管理
下一章我们将学习路由与负载均衡。