Spring Cloud Gateway series [1] API Gateway overview and Gateway infrastructure construction

API gateway (service gateway)

concept

APl Gateway (API gateway), as its name implies, is an API oriented, serial and centralized strong control service that appears on the system boundary. The boundary here is the boundary of enterprise I system, which can be understood as enterprise application firewall, which mainly plays the role of isolating external access from internal systems. Before the popularity of the concept of micro services, API gateway has been born, such as front-end computer systems commonly used in banking, securities and other fields. It also solves the problems of access authentication, message conversion, access statistics and so on.

The popularity of API gateway stems from the rise of the demand for interconnection between mobile applications and enterprises in recent years. Mobile applications and enterprise interconnection make the objects supported by background services expand from a single Web application to a variety of use scenarios, and each use scenario has different requirements for background services. This not only increases the response of background services, but also increases the complexity of background services. With the proposal of the concept of micro service architecture, API gateway has become a standard component of micro service architecture.

API gateway is a server and the only external entrance of the system. API gateway encapsulates the internal architecture of the system and provides customized APIs for each client. All clients and consumers access microservices through a unified gateway and handle all non business functions at the gateway layer.

However, for businesses with a large number of services, high complexity and large scale, the introduction of API gateway has a series of benefits:

  • The aggregation interface makes the service transparent to the caller and reduces the coupling between the client and the back end
  • Aggregate background services to save traffic. Improve performance and user experience
  • It provides API management functions such as security, flow control, filtering, caching, billing and monitoring

Role of API gateway

The main functions of API gateway include the following:

1. Unified external interface
When users need to integrate functions between different products or services, they call the capabilities provided by different services. Using APIGateway allows users to assemble services using a unified interface without perceiving the service edge.
For different services within the company, there may be some differences in the style of the interfaces provided. This difference can be unified through APIGateway. When the internal service is modified, it can be adapted through APIGateway without adjustment by the caller.

2. Increase system security
APIGateway isolates the outside from the inside and reduces the external exposure of services, which can increase the system security and ensure the security of background services.

3. Unified authentication
Access is uniformly authenticated through APIGateway. Each application does not need to authenticate the caller separately. Applications can focus on business.
4. Service registration and authorization
You can control the services that callers can and cannot use.

5. Service current limit
Through APIGateway, you can limit the daily calls and total calls of each interface called by the caller.

6. Improve advance capacity
It provides a simple scheme for service fusing, gray publishing and online testing.

7. Full link tracking
Monitor the calling process and the response time of the call through the unique request Id provided by APIGateway.

Common Gateway Solutions

1. Netlix Zuul

zuul It is an open source API gateway component of Netflx company. Spring Cloud carries out secondary annotation encapsulation based on Spring Boot to achieve out of the box use. At present, combined with the service governance system provided by sring Cloud, you can forward requests, route and Load Balance according to the configured or default routing rules, and painlessly integrate hystrix.

Although the functions we want can be realized through a custom Filter, zuul's design is based on single thread receiving request and forwarding processing. It is blocking 10 and does not support long connections. At present, ZuulI is very weak. As Zuul2.x has been skipping tickets (zuul version 2.0 was released in May 2019), Spring Cloud launched its own gateway component Spring Cloud Gateway.

2. Spring Cloud Gateway

Spring Cloud Gateway As a gateway in the Spring Cloud ecosystem, the goal is to replace Netlix Zuul, which not only provides a unified routing method, but also provides the basic functions of the gateway based on the Filter chain.

Spring cloud gateway is an API gateway built on the spring ecosystem, including Spring 5, Spring Boot 2 and Project Reactor. Spring cloud gateway aims to provide a simple and effective method to route to APIs and provide them with cross domain concerns, such as security, monitoring / indicators, current limiting, etc. Since Spring 5.0 supports Netty and Http2, and Spring Boot 2.0 supports Spring 5.0, it is natural that spring cloud gateway supports Netty and Http2.

3. Nginx + Lua

Nginx is developed by lgorSysoev for Ramble.ru, the second most visited site in Russia. It is a high-performance HTTP and reverse proxy server. On the one hand, nginx can be used as a reverse proxy, and on the other hand, it can be used as a static resource server.

Nginx is suitable for being a portal gateway. It is the kind of gateway in the outermost layer as the whole global gateway. Gateway is a service gateway, which is mainly used to provide services corresponding to different clients and aggregate services. Each micro service is deployed independently and has a single responsibility. When providing services externally, there needs to be something to aggregate the business.

Gateway can realize functions such as fusing and retry, which Nginx does not have.

4. Kong

Kong It is an API management software provided by Mashape. It is based on Ngnix + Lua, but it provides a simpler configuration than Nginx. The data is stored in Apache Cassandra/PostgresSQL, and provides some excellent plug-ins, such as verification, logging, call frequency limit, etc. What makes Kong attractive is that it provides a large number of plug-ins to extend applications. By setting different plug-ins, it can provide various enhanced functions for services.

Advantages: Based on Nginx. So there is no problem in performance and stability. As a commercial software, Kong has done a lot of expansion work on Nginx, and there are many paid commercial plug-ins. Kong also has a paid enterprise version, including technical support, use training services and API analysis plug-ins.

Disadvantages: if you use spring cloud, how does Kong combine with the existing service governance system?

5. Traefik

Traefik is a modern HTTP reverse proxy and load balancing tool developed by open source GO language to make the deployment of microservices more convenient. It supports a variety of background (docker, swarm, kubernetes, marathon, mesos, consul, etcd, zzookeeper, boltdb, rest APL, FLE... To automatically and dynamically apply its configuration file settings. Trsefik has a configuration file based on angular) The simple website interface written by Si supports Rest API and hot update of configuration files without restarting the process. High availability cluster mode, etc.

Compared with Spring Cloud and Kubernetes, it is more suitable for Kubernetes at present.

6. Orange

Orange An API gateway based on Open Resty. In addition to the basic functions of Nginx, it can also be used for API monitoring, access control (authentication, WAF), traffic filtering, access speed limit, AB test, static / dynamic shunting, etc. It has the following features:

  • A default Dashboard is provided for dynamic management of various functions and configurations.
  • API interfaces are provided to implement third-party services (such as personalized operation and maintenance requirements, third-party Dashboard, etc.).
  • You can write custom plug-ins to extend Orange functions according to specifications.

Establishment of Spring Cloud Gateway basic environment

1. Create project

Create three Spring Boot projects. Gateway is the gateway server, and app-service001 and app-service002 are two background applications

2. Add dependency

In the pom of the gateway demo, add version control. The spring.boot version is 2.5.2 and the spring cloud version is 2020.0.3.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.example</groupId>
    <artifactId>gateway-demo</artifactId>
    <version>1.0-SNAPSHOT</version>
    <modules>
        <module>gateway</module>
        <module>app-service001</module>
        <module>app-service002</module>
    </modules>

    <packaging>pom</packaging>

    <properties>
        <java.version>1.8</java.version>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <!--Spring-->
        <spring.boot.version>2.5.2</spring.boot.version>
        <spring.cloud.version>2020.0.3</spring.cloud.version>
        <spring.cloud.alibaba.version>2.2.6.RELEASE</spring.cloud.alibaba.version>
    </properties>

    <!--Spring edition-->
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>com.alibaba.cloud</groupId>
                <artifactId>spring-cloud-alibaba-dependencies</artifactId>
                <version>${spring.cloud.alibaba.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
                <version>${spring.boot.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring.cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

    <repositories>
        <repository>
            <id>aliyun-repos</id>
            <url>https://maven.aliyun.com/nexus/content/groups/public/</url>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
        </repository>
    </repositories>
    <pluginRepositories>
        <pluginRepository>
            <id>aliyun-plugin</id>
            <url>https://maven.aliyun.com/nexus/content/groups/public/</url>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
        </pluginRepository>
    </pluginRepositories>

</project>

In the gateway module, add the Spring Cloud Gateway dependency:

    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>
    </dependencies>

In the gateway module, add the YML configuration:

server:
  port: 80
spring:
  cloud:
    gateway:
      enabled: true

You can see that the gateway server uses version 3.0.3 and weblux is 2.5.2.

3. Start the project

Start three projects, start normally and successfully, and configure the next document for use.

Tags: Spring Spring Cloud security https gateway

Posted on Wed, 01 Dec 2021 17:55:55 -0500 by karlovac