apisix
envoy
Our great sponsors
apisix | envoy | |
---|---|---|
63 | 66 | |
13,560 | 23,743 | |
1.9% | 1.4% | |
9.6 | 10.0 | |
5 days ago | 4 days ago | |
Lua | C++ | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
apisix
-
Apache APISIX plugin priority, a leaky abstraction?
The main issue is that priority is documented in the config-default.yaml file, while the phase is buried in the code. Worse, some plugins run across different phases. For example, let's check the proxy proxy-rewrite plugin and, more precisely, the functions defined there:
-
A "Tiny" APISIX Plugin
// references: // https://github.com/tetratelabs/proxy-wasm-go-sdk/tree/main/examples // https://github.com/apache/apisix/blob/master/t/wasm/ package main import ( "github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm" "github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types" "github.com/valyala/fastjson" ) func main() { proxywasm.SetVMContext(&vmContext{}) } // each plugin has its own VMContext. // it is responsible for creating multiple PluginContexts for each route. type vmContext struct { types.DefaultVMContext } // each route has its own PluginContext. // it corresponds to one instance of the plugin. func (*vmContext) NewPluginContext(contextID uint32) types.PluginContext { return &pluginContext{} } type header struct { Name string Value string } type pluginContext struct { types.DefaultPluginContext Headers []header } func (ctx *pluginContext) OnPluginStart(pluginConfigurationSize int) types.OnPluginStartStatus { data, err := proxywasm.GetPluginConfiguration() if err != nil { proxywasm.LogErrorf("error reading plugin configuration: %v", err) return types.OnPluginStartStatusFailed } var p fastjson.Parser v, err := p.ParseBytes(data) if err != nil { proxywasm.LogErrorf("error decoding plugin configuration: %v", err) return types.OnPluginStartStatusFailed } headers := v.GetArray("headers") ctx.Headers = make([]header, len(headers)) for i, hdr := range headers { ctx.Headers[i] = header{ Name: string(hdr.GetStringBytes("name")), Value: string(hdr.GetStringBytes("value")), } } return types.OnPluginStartStatusOK } // each HTTP request to a route has its own HTTPContext func (ctx *pluginContext) NewHttpContext(contextID uint32) types.HttpContext { return &httpContext{parent: ctx} } type httpContext struct { types.DefaultHttpContext parent *pluginContext } func (ctx *httpContext) OnHttpResponseHeaders(numHeaders int, endOfStream bool) types.Action { plugin := ctx.parent for _, hdr := range plugin.Headers { proxywasm.ReplaceHttpResponseHeader(hdr.Name, hdr.Value) } return types.ActionContinue }
-
10 Reasons for Choosing API7
API7 takes Apache APISIX as its robust foundation, which is open-source and has an active community with over 600 contributors all over the world. The nature of open source allows users to examine the source code, which promotes transparency. This transparency helps users understand how APISIX works, verify its security, and identify and fix any potential vulnerabilities or bugs.
-
How is Apache APISIX Fast?
But the best part is that the libraries mentioned here and Apache APISIX are entirely open source, meaning you can look under the hood and modify things yourself.
-
Custom Plugin Development For APISIX With Lua And ChatGPT
4. Plugin definition: It is a really important part of plugin implementation that we define as a table with properties for the version, priority, name, and schema. The name and schema are the plugin's name and schema defined earlier. The version and priority are used by APISIX to manage the plugin. The version typically refers to the version that is currently in use like API versioning. If you publish and update your plugin logic, it is going to be 1.1 (You can set any version you wish). But you need to be very careful in choosing priority. The priority field defines in which order and phase your plugin should be executed. For example, the 'ip-restriction' plugin, with a priority of 3000, will be executed before the 'example-plugin', which has a priority of 0. This is due to the higher priority value of the 'ip-restriction' plugin. If you're developing your own plugin, make sure that you followed the order of plugins not to mess up the order of existing plugins. You can check the order of existing plugins in the config-default.yaml file and open the Apache APISIX Plugin Development Guide to determine.
-
Your opinion on Kong
Their use of etcd was a hard pass for me; I don't need more etcd in my life
-
The Ultimate Beginner’s Guide to Open Source Contribution
Apache APISIX Apache APISIX is an open source, dynamic, real-time, high-performance cloud native API gateway. APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more. Official website https://apisix.apache.org/ GitHub projects APISIX (the core): https://github.com/apache/apisix GitHub - apache/apisix: The Cloud-Native API Gateway GitHub - apache/apisix-dashboard: Dashboard for Apache APISIX GitHub - apache/apisix-website: Apache APISIX Website GitHub - apache/apisix-docker: the docker for Apache APISIX GitHub - apache/apisix-go-plugin-runner: Go Plugin Runner for APISIX GitHub - apache/apisix-java-plugin-runner: APISIX Plugin Runner in Java GitHub - apache/apisix-python-plugin-runner: Apache APISIX Python plugin runner GitHub - apache/apisix-helm-chart: Apache APISIX Helm Chart GitHub - apache/apisix-ingress-controller: ingress controller for K8s
-
A poor man's API
Grafana configuration. Most of it comes from the configuration provided by APISIX.
- Apache Shenyu Project Graduates
-
Apache Apisix: Open-Source API Gateway and API Management Platform
Indeed Many members in the Slack channel reported that they came to APISIX because its feature-rich, check its README, please: https://github.com/apache/apisix
envoy
- Google Chrome's new "IP Protection" will hide users' IP addresses
-
Show HN: WebAssembly dev environment for Envoy Proxy
Hi HN!
For the past few weeks we've been working on Proximal - a workflow engine that lets you quickly iterate on WebAssembly extensions for Envoy Proxy[0] (or other proxies) right on your local machine: https://github.com/apoxy-dev/proximal
This work is based on Proxy-WASM[1] extension ABI for Envoy (and other proxies like APISIX and Mosn[2]) which allows you to execute WebAssembly code on every API request a la Cloudflare Workers. As part of our wider effort at https://apoxy.dev to improve API glue code we built an experimentation / development platform and hope you will find it useful!
On the technical side this project packs Envoy itself, Envoy controller, REST API (for controlling the controller =)), React SPA, and Temporal server/worker (for orchestration) - all baked into a single Go binary. You can find more on architecture and limitations in the repository README[4].
This project is pretty early stage and we would appreciate community feedback!
Previous HN discussions on this topic:
* https://news.ycombinator.com/item?id=36113542
* https://news.ycombinator.com/item?id=22582276
---
[0] https://www.envoyproxy.io/
[1] https://github.com/proxy-wasm/spec/blob/master/docs/WebAssem...
[2] https://apisix.apache.org/ https://mosn.io/
[3] https://github.com/apoxy-dev/proximal/blob/main/README.md#ar...
-
Show HN: Envoy Playground in the Browser
Hey HN,
We made an Envoy Proxy[0] playground so we could test out our Envoy configs directly in the browser. This is based on Julia's work with Nginx Playround[1] (we forked[2] that repo and added more Envoy to it). Check it out!
[0] - Envoy is a popular programmable proxy similar to Nginx or HAProxy that is popular with cloud-native setups: https://www.envoyproxy.io
-
Istio moved to CNCF Graduation stage
Envoy is the proxy that does the heavy lifting. Istio is just a glorified configuration system. Even if you choose to use Istio you're still using Envoy.
You're spot-on about using iptables rules. There is an example here with a yaml configuration and some iptables commands: https://github.com/envoyproxy/envoy/blob/main/configs/origin...
You might be able to re-use some of that. It should be pretty easy to get metrics for outbound/inbound http requests, but I don't remember the exact yaml incantation.
-
Need advice on K3s cluster setup
I'm using the default RaspiOS Lite 64bits and as highlighted in this issue, the RaspiOS kernel does not support CONFIG_ARM64_VA_BITS_48, which makes cilium-envoy to fail building. As solution, I was told to use either Ubuntu as base OS or Traefik Ingress Controller, which is not configured in K3s.
-
I'm looking for an SSO server/reverse proxy with features I'm not sure exist
I know envoy (https://www.envoyproxy.io/, https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/jwt_authn_filter) can do this natively, I'm sure you could probably build something with nginx and its Lua scripting, not sure about traefik and caddy but I dont think they support that.
-
Envoy External Authorization with Golang GRPC service
Envoy is a cloud native opensource proxy server. The Envoy proxy offers a variety of http filters to handle incoming requests.
-
A Comprehensive Guide to API Gateways, Kubernetes Gateways, and Service Meshes
Istio: By far the most popular service mesh. It is built on top of Envoy proxy, which many service meshes use.
- Scaling Rust Builds with Bazel
-
Oxy is Cloudflare's Rust-based next generation proxy framework
Check out Envoy - An open source proxy
What are some alternatives?
Kong - 🦍 The Cloud-Native API Gateway and AI Gateway.
YARP - A toolkit for developing high-performance HTTP reverse proxy applications.
Squid - Squid Web Proxy Cache
traefik - The Cloud Native Application Proxy
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
Varnish - The project homepage
Nginx - An official read-only mirror of http://hg.nginx.org/nginx/ which is updated hourly. Pull requests on GitHub cannot be accepted and will be automatically closed. The proper way to submit changes to nginx is via the nginx development mailing list, see http://nginx.org/en/docs/contributing_changes.html
HAProxy - HAProxy documentation
haproxy-lua-http - Simple Lua HTTP helper && client for use with HAProxy.
emissary - open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
lua-resty-auto-ssl - On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
tyk-operator - Tyk Operator for Kubernetes