apisix-dashboard VS traefik

With various access control models and implementation methods available, constructing an authorization system for backend service APIs can still be challenging. However, the ultimate goal is to ensure that the correct individual has appropriate access to the relevant resource. In this article, we will discuss how to enable the Role-based access control(RBAC) authorization model for your API with open-source API Gateway Apache APISIX and Open Policy Agent (OPA).

The API Create phase is the first stage in the API product lifecycle management process where you design, orchestrate, transform, document, and test your API. At this stage, modern API gateways like Apache APISIX can be helpful to build your API from scratch or import API definitions from a range of sources like OpenAPI YAML/JSON structure to register Route and Upstreams.

Apache APISIX is an API Gateway. By default, it stores its configuration in etcd, a distributed key-value store - the same one used by Kubernetes. Note that in real-world scenarios, we should set up etcd clustering to improve the resiliency of the solution. For this post, we will limit ourselves to a single etcd instance. Apache APISIX offers an admin API via HTTP endpoints. Finally, the gateway forwards calls from the client to an upstream. Here's an overview of the architecture and the required certificates:

One of the key features of modern API Gateways such as Apache APISIX is its support for GraphQL APIs. APISIX makes it easy to manage and scale GraphQL APIs using its flexible configuration system and powerful plugins. One such plugin is the degrapghql plugin, which allows us to convert the GraphQL API into a REST API. In this post, we will explore this feature with an example.

Secure your API: Use an to secure API Gateway by adding authentication, rate limiting, and other security features. It reduces the number of exposed APIs, organizations can reduce surfaces of attacks.

An alternative exists, though, if you're using an API Gateway. I'll describe how to do it with Apache APISIX, but perhaps other gateways can do the same. grpc-transcode is a plugin that allows transcoding REST calls to gRPC and back again.

I've used Kong but currently evaluating APISix as it's a more 'free/open' API gateway.

In this article, we will show you how to create a custom connector for the open-source Apache APISIX API Gateway in Power Platform as an alternative to Azure API Management in case you are building up additional components to an existing system with usable APIs and your system's infrastructure is hosted on-premises or on other cloud services provider rather than Azure.

Here's how to do it with Apache APISIX.

Apache APISIX is an open-source, high-performance API gateway built on top of Nginx. One of its powerful features is the ability to create serverless functions, which are small, stateless programs that can extend the functionality of Apache APISIX. In this article, we'll cover the basics of the Apache APISIX serverless plugin and how it can be used to trigger serverless functions in response to events.

However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:

Not as good though. Case in point: https://github.com/traefik/traefik/issues/5472#issuecomment-... (that's just from this morning)

I'm speak objectively here. Of course, any built-in auto HTTPS that works (more or less) is better than none. Traefik uses an ACME library that was originally written for Caddy. After the original author left that project, Traefik team started maintaining it. Caddy's users' requirements exceeded what the library was capable of, but unfortunately there was friction in getting it to achieve our requirements. So I ended up writing a new ACME client library in Go and, together with upgrades in CertMagic (Caddy's auto-TLS lib), Caddy has the more flexible, robust, and capable auto-HTTPS functionality.

That is to say, not all auto-HTTPS functionalities are the same.

We'll use Traefik, an open source cloud native gateway that can plug into a Kubernetes cluster. It has the concept of "middleware" that can process API requests before passing them through to a backend. We can configuring a rate limit for all of our API endpoints by matching on the request path:

I did the same question here and here

Sadly there is currently no way of doing so. https://github.com/traefik/traefik/issues/6999

Traefik is another widely used system that has automatic configuration and offers support for more things like swarm/kubernetes/etc.

I have a webapp which I currently have deployed by running nginx in a container. Works as it should, however I am intersted in adding more observability to the webapp and found this reverse-proxy https://github.com/traefik/traefik which seems to expose some nice metrics which can be useful for observability.