diff --git a/website/blog/2021/11/17/dapr-apisix.md b/website/blog/2021/11/17/dapr-apisix.md new file mode 100644 index 0000000000000..3740ccd4cef93 --- /dev/null +++ b/website/blog/2021/11/17/dapr-apisix.md @@ -0,0 +1,211 @@ +--- +title: "How to integrate with Dapr to build Apache APISIX Gateway Controller" +author: "Shanyou Zhang" +authorURL: "https://github.com/geffzhang" +authorImageURL: "https://avatars.githubusercontent.com/u/439390?v=4" +keywords: +- Apache APISIX +- Dapr +- Kubernetes +- API Gateway +- Sidecar +description: This article will show you how to create an Apache APISIX controller by integrating Dapr, includes the concept of the project and the specific operation steps. +tags: [Technology] +--- + +> This article will show you how to create an Apache APISIX controller by integrating Dapr, includes the concept of the project and the specific operation steps. + + + +This article will show you how to create an Apache APISIX controller by integrating Dapr, which will openly enable DAPR applications in the Kubernetes cluster. + +Essentially, the Apache APISIX controller will configure the same standard DAPR annotations to inject DAPRD sidecar. Exposing this sidecar allows external applications to communicate with applications in the cluster that have Dapr enabled. + +The following diagram shows the architectural flow of the actual project: + +![Overview](https://static.apiseven.com/202108/1637119221118-75dab9f1-4092-4684-ad23-34932d8a7eac.png) + +## Overview + +### Apache APISIX Ingress + +In the K8s ecosystem, Ingress is a resource that represents the entry point for K8s traffic. To make it effective, an Ingress Controller is needed to listen to the Ingress resources in K8s, resolve the rules for those resources, and actually carry the traffic. The most widely used Ingress Controller implementations in today's trends are Kubernetes Ingress Nginx. + +APISIX Ingress is another implementation of the Ingress Controller. The main difference from Kubernetes Ingress Nginx is that APISIX Ingress uses Apache APISIX as the actual data plane for hosting business traffic. As shown in the figure below, when a user requests a specific service/API/web page, the entire business traffic/user request is transferred to the K8s cluster through an external proxy and then processed by APISIX Ingress. + +![APISIX Ingress](https://static.apiseven.com/202108/1637119221119-71bbe219-dd19-46be-90fb-20cd667d9805.png) + +As you can see from the above diagram, APISIX Ingress is divided into two parts. One part is the APISIX Ingress Controller, which serves as the control plane for configuration management and distribution. The other part is the APISIX Proxy Pod, which is responsible for carrying business traffic and is implemented through CRD (Custom Resource Definitions). Apache APISIX Ingress supports not only custom resources but also native K8s Ingress resources. + +[Click here](https://www.apiseven.com/zh/blog/apisix-ingress-details) for more details. + +## Dapr + +Dapr is a portable, event-driven runtime. It makes it simple for developers to build elastic, stateless and stateful applications running on the cloud and edge, and includes multiple languages and developer frameworks. + +![Dapr](https://static.apiseven.com/202108/1637119221120-15a5be20-17a2-4c18-a82e-91e1ff3709f0.png) + +Today, we are experiencing a wave of cloud applications. Developers are familiar with web+ database application architectures (e.g., classic 3-tier designs), but not with what is essentially a distributed microservice application architecture. Developers want to focus on business logic while relying on the platform to infuse their applications with scalability, elasticity, maintainability, resiliency, and other attributes of native cloud architectures. + +This is where Dapr comes in. + +Dapr can codify best practices for building microservice applications into open, independent building blocks, enabling users to build portable applications using the language and framework of their choice. Each building block is completely independent and one or more of them can be used in an application. + +In addition, Dapr is platform agnostic, which means users can run applications natively in any Kubernetes cluster and other hosting environments that integrate with Dapr. + +[Click here](https://docs.dapr.io/zh-hans/concepts/overview/) for more details. + +## Start of practice + +### Environment preparation + +- Kubernetes 1.19+ cluster with Dapr already configured on the cluster +- Helm CLI 3x installed +- Kubectl CLI installed and configured to access the cluster +- Optional: OpenSSL for creating self-signed certificates +- The Helm Chart version for Apache APISIX is 0.7.2+ + +### Step 1: Apache APISIX Helm Configuration + +Add the latest helm chart repo for the Apache APISIX controller by running the following command. + +`` +$ helm repo add apisix https://charts.apiseven.com +$ helm repo update +`` + +### Step 2: Create the Apache APISIX Ingerss namespace + +Ensure that the current kubectl context points to the correct Kubernetes cluster, and then run the following command. + +`` +kubectl create namespace ingress-apisix +`` + +### Step 3: Install the APISIX Controller with Dapr Support + +Use the following to create a file called dapr-annotations.yaml to set up annotations on the Apache APISIX Proxy Pod. + +`` +apisix: + podAnnotations: + dapr.io/enabled: "true" + dapr.io/app-id: " apisix-gateway" +dapr.io/app-port: "9080" +dapr.io/enable-metrics: "true" +dapr.io/metrics-port: "9099" +dapr.io/sidecar-listen-addresses: 0.0.0.0 +dapr.io/config: ingress-apisix-config +`` + +> Note: The app-port above is telling the daprd sidecar Proxy which port it is listening on. For a full list of supported annotations, see the [Dapr Kubernetes pod annotation specification](https://docs.dapr.io/operations/hosting/kubernetes/kubernetes-annotations/). + +Here is a sample dapr-annotations.yaml from my personal installation on AKS. + +`` + apisix: + podAnnotations: + dapr.io/app-id: apisix-gateway + dapr.io/app-port: '9080' + dapr.io/enable-metrics: 'true' + dapr.io/enabled: 'true' + dapr.io/metrics-port: '9099' +dapr.io/sidecar-listen-addresses: 0.0.0.0 +dapr.io/config: ingress-apisix-config + +gateway: + type: LoadBalancer + +ingress-controller: + enabled: true + +dashboard: + enabled: true +`` + +Next, run the following command (referencing the above file). + +`` +helm install apisix apisix/apisix -f dapr-annotations.yaml -n ingress-apisix +`` + +### Step 4: Create the Dapr Sidecar resource for Apache APISIX + +First, configure Apache APISIX upstream-apisix-dapr. + +![Create the Dapr Sidecar](https://static.apiseven.com/202108/1637119221106-e57ae8b8-38ed-46ea-b219-401619fadbe3.png) + +Fill in the hostname here: apisix-gateway-dapr and the port number 3500. + +`` +{ + "nodes": [ + { + "host": "apisix-gateway-dapr", + "port": 3500, + "weight": 1 + } + ], + "retries": 1, + "timeout": { + "connect": 6, + "read": 6, + "send": 6 + }, + "type": "roundrobin", + "scheme": "http", + "pass_host": "pass", + "name": "apisix-dapr" +} +`` + +Then configure the Apache APISIX service apisix-gateway-dapr, and select apisix-dapr for the upstream service. + +![Configuration service](https://static.apiseven.com/202108/1637119221115-ae7c847a-99a3-4ee6-b36f-4269fd067198.png) + +`` +{ + "name": "apisix-gateway-dapr", + "upstream_id": "376187148778341098" +} +`` + +### Step 5: Deploy the test sample project + +[HTTPBin](https://httpbin.org/) is a tool written in Python+Flask that covers various HTTP scenarios and returns to each interface. Next, we'll use kennethreitz/httpbin as a sample project for demonstration purposes. + +`` +kubectl apply -f 01.namespace.yaml +kubectl apply -f 02.deployment.yaml +kubectl apply -f 03.svc.yaml +`` + +![Project configuration](https://static.apiseven.com/202108/1637119221110-9b901451-6ca6-4d15-b591-69f7c5d57ce1.png) + +The image above shows a hypothetical microservice running with the Dapr app-id kennethreitz-httpbin. + +#### Path Matching Rewrites + +Here we add some settings related to path matching. For example, if the request gateway is /httpbin/, the backend receive path should be /, with httpbin acting as a service name identifier. + +![Interpretation](https://static.apiseven.com/202108/1637119221114-90c1ef58-6743-419c-be87-9cdc8503aa30.png) + +On hosted platforms that support namespaces, the Dapr application ID is in a valid FQDN format, which includes the target namespace. For example, the following string contains the application ID (svc-kennethreitz-httpbin) and the namespace the application is running in (kind-test). + +Finally, you can see if the proxy was successful by visiting: http://20.195.90.43/httpbin/get. + +![Check proxy](https://static.apiseven.com/202108/1637119221100-13997340-dfb6-45fb-abba-4215e0318238.png) + +## Additional Notes + +Of course, you can also deploy Apache APISIX and APISIX Ingress Controller directly in Kubernetes using the official Apache APISIX Helm repository, which allows you to directly use Apache APISIX as a gateway to the APISIX Ingress Controller data plane to carry business traffic. This allows you to directly use Apache APISIX as a gateway to carry business traffic on the data plane of the APISIX Ingress Controller. + +Finally, Dapr is injected into the Apache APISIX Proxy Pod via Sidecar annotations, and the microservices in the cluster are invoked through the service invocation module to achieve complete process deployment. + +### Deleting Apache APISIX Controller + +If you want to delete the Apache APISIX controller at the end of the project, you can follow the command below (remember not to forget to delete the namespace ingress-apisix created before). + +`` +helm delete apisix -n ingress-apisix +`` diff --git a/website/i18n/zh/docusaurus-plugin-content-blog/2021/11/17/dapr-apisix.md b/website/i18n/zh/docusaurus-plugin-content-blog/2021/11/17/dapr-apisix.md new file mode 100644 index 0000000000000..f9e49b2318306 --- /dev/null +++ b/website/i18n/zh/docusaurus-plugin-content-blog/2021/11/17/dapr-apisix.md @@ -0,0 +1,213 @@ +--- +title: "如何与 Dapr 集成打造 Apache APISIX 网关控制器" +author: "张善友" +authorURL: "https://github.com/geffzhang" +authorImageURL: "https://avatars.githubusercontent.com/u/439390?v=4" +keywords: +- Apache APISIX +- Dapr +- Kubernetes +- 网关 +- Sidecar +description: 本文将为大家展示如何通过集成 Dapr 创建一个 Apache APISIX 控制器。包括项目概念以及具体操作步骤。 +tags: [Technology] +--- + +> 本文将为大家展示如何通过集成 Dapr 创建一个 Apache APISIX 控制器。包括项目概念以及具体操作步骤。 + + + +本文将为大家展示如何通过集成 Dapr 创建一个 Apache APISIX 控制器,该控制器在 Kubernetes 集群中会公开启用 Dapr 的应用程序。 + +本质上,Apache APISIX 控制器将配置相同标准 Dapr annotations 以注入 daprd sidecar。通过公开这个 sidecar,将允许外部应用程序与集群中启用 Dapr 的应用程序进行通信。 + +下图为实际项目中的架构流程: + +![总体架构流程](https://static.apiseven.com/202108/1637119221118-75dab9f1-4092-4684-ad23-34932d8a7eac.png) + +## 基本项目概览 + +### Apache APISIX Ingress + +在 K8s 生态中,Ingress 作为表示 K8s 流量入口的一种资源,想要让其生效,就需要有一个 Ingress Controller 去监听 K8s 中的 Ingress 资源,并对这些资源进行相应规则的解析和实际承载流量。在当下趋势中,像 Kubernetes Ingress Nginx 就是使用最广泛的 Ingress Controller 实现。 + +而 APISIX Ingress 则是另一种 Ingress Controller 的实现。跟 Kubernetes Ingress Nginx 的区别主要在于 APISIX Ingress 是以 Apache APISIX 作为实际承载业务流量的数据面。如下图所示,当用户请求到具体的某一个服务/API/网页时,通过外部代理将整个业务流量/用户请求传输到 K8s 集群,然后经过 APISIX Ingress 进行后续处理。 + +![APISIX Ingress](https://static.apiseven.com/202108/1637119221119-71bbe219-dd19-46be-90fb-20cd667d9805.png) + +从上图可以看到,APISIX Ingress 分成了两部分。一部分是 APISIX Ingress Controller,作为控制面它将完成配置管理与分发。另一部分 APISIX Proxy Pod 负责承载业务流量,它是通过 CRD(Custom Resource Definitions) 的方式实现的。Apache APISIX Ingress 除了支持自定义资源外,还支持原生的 K8s Ingress 资源。 + +点击查看[更多详情](https://www.apiseven.com/zh/blog/apisix-ingress-details)。 + +### Dapr + +Dapr 是一个可移植、事件驱动的运行时。它使开发人员简单地去构建运行在云和 edge上弹性、无状态和有状态的应用,并且包含多种语言和开发人员框架。 + +![Dapr 生态图](https://static.apiseven.com/202108/1637119221120-15a5be20-17a2-4c18-a82e-91e1ff3709f0.png) + +今天,我们正经历一波云应用浪潮。开发人员熟悉 web+ 数据库应用程序架构(例如经典的3层设计),但不熟悉本质上是分布式的微服务应用程序架构。开发人员希望专注于业务逻辑,同时依靠平台为他们的应用程序注入伸缩性、弹性、可维护性、弹性和其他本地云架构的属性。 + +这就是 Dapr 的用武之地。 + +Dapr 可以将构建微服务应用程序的最佳实践编入开放、独立的构建块中,使用户能够使用自己选择的语言和框架构建可移植的应用程序。每个构建块都是完全独立,并可在应用程序中使用其中的一个或多个。 + +此外,Dapr 与平台无关,这意味着用户可以在任何 Kubernetes 集群和其他与 Dapr 集成的托管环境本地运行应用程序。 + +点击查看[更多详情](https://docs.dapr.io/zh-hans/concepts/overview/)。 + +## 实践开始 + +### 环境准备 + +- Kubernetes 1.19+ 集群,集群上已经配置了 Dapr +- 安装了 Helm CLI 3x +- Kubectl CLI 已安装并配置为访问集群 +- 可选:用于创建自签名证书的 OpenSSL +- Apache APISIX 的 Helm Chart 版本为 0.7.2+ + +### 步骤一:Apache APISIX Helm 配置 + +通过运行以下命令为 Apache APISIX 控制器添加最新的 helm chart repo: + +`` +$ helm repo add apisix https://charts.apiseven.com +$ helm repo update +`` + +### 步骤二:创建 Apache APISIX Ingerss 命名空间 + +确保当前 kubectl 上下文指向正确的 Kubernetes 集群,然后运行以下命令: + +`` +kubectl create namespace ingress-apisix +`` + +### 步骤三:安装支持 Dapr 的 APISIX 控制器 + +使用以下内容创建一个名为 dapr-annotations.yaml 的文件,以在 Apache APISIX Proxy Pod 上设置注释。 + +`` +apisix: + podAnnotations: + dapr.io/enabled: "true" + dapr.io/app-id: " apisix-gateway" +dapr.io/app-port: "9080" +dapr.io/enable-metrics: "true" +dapr.io/metrics-port: "9099" +dapr.io/sidecar-listen-addresses: 0.0.0.0 +dapr.io/config: ingress-apisix-config +`` + +> 注意:上面的 app-port 是告诉 daprd sidecar Proxy 在监听哪个端口。有关受支持的注释完整列表,可参考 [Dapr Kubernetes pod 注释规范](https://docs.dapr.io/operations/hosting/kubernetes/kubernetes-annotations/)。 + +下面以我个人在 AKS 上安装的示例 dapr-annotations.yaml 进行展示。 + +`` + apisix: + podAnnotations: + dapr.io/app-id: apisix-gateway + dapr.io/app-port: '9080' + dapr.io/enable-metrics: 'true' + dapr.io/enabled: 'true' + dapr.io/metrics-port: '9099' +dapr.io/sidecar-listen-addresses: 0.0.0.0 +dapr.io/config: ingress-apisix-config + +gateway: + type: LoadBalancer + +ingress-controller: + enabled: true + +dashboard: + enabled: true +`` + +接下来运行以下命令(引用上述文件): + +`` +helm install apisix apisix/apisix -f dapr-annotations.yaml -n ingress-apisix +`` + +### 步骤四:创建 Apache APISIX 的 Dapr Sidecar 资源 + +首先,配置 Apache APISIX upstream-apisix-dapr。 + +![配置上游业务](https://static.apiseven.com/202108/1637119221106-e57ae8b8-38ed-46ea-b219-401619fadbe3.png) + +在这里主机名填写:apisix-gateway-dapr,端口号填写 3500。 + +``json +{ + "nodes": [ + { + "host": "apisix-gateway-dapr", + "port": 3500, + "weight": 1 + } + ], + "retries": 1, + "timeout": { + "connect": 6, + "read": 6, + "send": 6 + }, + "type": "roundrobin", + "scheme": "http", + "pass_host": "pass", + "name": "apisix-dapr" +} +`` + +然后配置 Apache APISIX 服务 apisix-gateway-dapr,上游服务选择 apisix-dapr。 + +![配置服务](https://static.apiseven.com/202108/1637119221115-ae7c847a-99a3-4ee6-b36f-4269fd067198.png) + + +`` +{ + "name": "apisix-gateway-dapr", + "upstream_id": "376187148778341098" +} +`` + +### 步骤五:部署测试示例项目 + +[HTTPBin](https://httpbin.org/) 是以 Python+Flask 写的一款工具,这款工具涵盖了各类 HTTP 场景,且每个接口都有返回。接下来,我们使用 kennethreitz/httpbin 作为示例项目进行演示。 + +`` +kubectl apply -f 01.namespace.yaml +kubectl apply -f 02.deployment.yaml +kubectl apply -f 03.svc.yaml +`` + +![项目配置](https://static.apiseven.com/202108/1637119221110-9b901451-6ca6-4d15-b591-69f7c5d57ce1.png) + +上图为假设有一个使用 Dapr app-id kennethreitz-httpbin 运行的微服务。 + +#### 路径匹配改写 + +这里补充一下关于路径匹配的相关设置。比如请求网关是 /httpbin/*,后端接收路径应该是 /*,中间的 httpbin 只充当服务名的标识。 + +![填写释义](https://static.apiseven.com/202108/1637119221114-90c1ef58-6743-419c-be87-9cdc8503aa30.png) + +在支持命名空间的托管平台上,Dapr 应用 ID 是符合有效的 FQDN 格式,其中包括目标名称空间。例如,以下字符串包含应用 ID (svc-kennethreitz-httpbin) 以及应用运行在命名空间(kind-test)。 + +最后可以通过访问:http://20.195.90.43/httpbin/get 来查看代理是否成功。 + +![检查是否代理成功](https://static.apiseven.com/202108/1637119221100-13997340-dfb6-45fb-abba-4215e0318238.png) +## 额外补充说明 + +当然,在进行部署的过程中,也可以在 Kubernetes 中使用 Apache APISIX 官方 Helm 仓库直接部署 Apache APISIX 和 APISIX Ingress Controller。这样可以直接将 Apache APISIX 作为网关,进行 APISIX Ingress Controller 的数据面来承载业务流量。 + +最后将 Dapr 通过 Sidecar annotations 注入到 Apache APISIX Proxy Pod,通过服务调用模块来调用集群中的微服务,实现完整流程部署。 + +### 删除 Apache APISIX 控制器 + +如项目结束,想要删除 Apache APISIX 控制器,可按下方命令操作(记得不要忘记删除之前创建的命名空间 ingress-apisix)。 + +`` +helm delete apisix -n ingress-apisix +`` + +