opa-keto
apisix
Our great sponsors
opa-keto | apisix | |
---|---|---|
1 | 63 | |
3 | 13,652 | |
- | 1.6% | |
0.0 | 9.6 | |
about 1 year ago | 6 days ago | |
Go | Lua | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
opa-keto
-
Ask HN: What API Gateways do you use?
I'm currently looking into using Apache APISIX, seems really interesting - especially the part of writing custom plugins.
At Swisscom [1] we've created an APISIX [2] Plugin [3] to interact with Open Policy Agent (OPA) [4] to perform certain actions depending on the result of a policy evaluation.
An integration with Ory Keto [5] could allow us to have a centralized API Gateway with authentication and authorization termination (by using opa-keto [6]).
This is the power of open source technologies :)
[1]: https://swisscom.ch
[2]: https://apisix.apache.org/
[3]: https://github.com/swisscom/apisix-opa-plugin
[4]: https://www.openpolicyagent.org/
[5]: https://www.ory.sh/keto/docs/
[6]: https://github.com/swisscom/opa-keto
apisix
-
Multi-layer Caching in API Gateway Tackles High Traffic Challenges
Through this intelligent caching mechanism, APISIX efficiently utilizes system resources when handling a large volume of requests, thereby improving overall system performance and stability. APISIX, with its advanced LRU cache, provides developers with a reliable and efficient API gateway solution, facilitating smooth communication with external services.
-
Apache APISIX plugin priority, a leaky abstraction?
The main issue is that priority is documented in the config-default.yaml file, while the phase is buried in the code. Worse, some plugins run across different phases. For example, let's check the proxy proxy-rewrite plugin and, more precisely, the functions defined there:
-
A "Tiny" APISIX Plugin
// references: // https://github.com/tetratelabs/proxy-wasm-go-sdk/tree/main/examples // https://github.com/apache/apisix/blob/master/t/wasm/ package main import ( "github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm" "github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types" "github.com/valyala/fastjson" ) func main() { proxywasm.SetVMContext(&vmContext{}) } // each plugin has its own VMContext. // it is responsible for creating multiple PluginContexts for each route. type vmContext struct { types.DefaultVMContext } // each route has its own PluginContext. // it corresponds to one instance of the plugin. func (*vmContext) NewPluginContext(contextID uint32) types.PluginContext { return &pluginContext{} } type header struct { Name string Value string } type pluginContext struct { types.DefaultPluginContext Headers []header } func (ctx *pluginContext) OnPluginStart(pluginConfigurationSize int) types.OnPluginStartStatus { data, err := proxywasm.GetPluginConfiguration() if err != nil { proxywasm.LogErrorf("error reading plugin configuration: %v", err) return types.OnPluginStartStatusFailed } var p fastjson.Parser v, err := p.ParseBytes(data) if err != nil { proxywasm.LogErrorf("error decoding plugin configuration: %v", err) return types.OnPluginStartStatusFailed } headers := v.GetArray("headers") ctx.Headers = make([]header, len(headers)) for i, hdr := range headers { ctx.Headers[i] = header{ Name: string(hdr.GetStringBytes("name")), Value: string(hdr.GetStringBytes("value")), } } return types.OnPluginStartStatusOK } // each HTTP request to a route has its own HTTPContext func (ctx *pluginContext) NewHttpContext(contextID uint32) types.HttpContext { return &httpContext{parent: ctx} } type httpContext struct { types.DefaultHttpContext parent *pluginContext } func (ctx *httpContext) OnHttpResponseHeaders(numHeaders int, endOfStream bool) types.Action { plugin := ctx.parent for _, hdr := range plugin.Headers { proxywasm.ReplaceHttpResponseHeader(hdr.Name, hdr.Value) } return types.ActionContinue }
-
10 Reasons for Choosing API7
API7 takes Apache APISIX as its robust foundation, which is open-source and has an active community with over 600 contributors all over the world. The nature of open source allows users to examine the source code, which promotes transparency. This transparency helps users understand how APISIX works, verify its security, and identify and fix any potential vulnerabilities or bugs.
-
How is Apache APISIX Fast?
But the best part is that the libraries mentioned here and Apache APISIX are entirely open source, meaning you can look under the hood and modify things yourself.
-
Ops friendly Apache APISIX
Default configuration
-
Custom Plugin Development For APISIX With Lua And ChatGPT
4. Plugin definition: It is a really important part of plugin implementation that we define as a table with properties for the version, priority, name, and schema. The name and schema are the plugin's name and schema defined earlier. The version and priority are used by APISIX to manage the plugin. The version typically refers to the version that is currently in use like API versioning. If you publish and update your plugin logic, it is going to be 1.1 (You can set any version you wish). But you need to be very careful in choosing priority. The priority field defines in which order and phase your plugin should be executed. For example, the 'ip-restriction' plugin, with a priority of 3000, will be executed before the 'example-plugin', which has a priority of 0. This is due to the higher priority value of the 'ip-restriction' plugin. If you're developing your own plugin, make sure that you followed the order of plugins not to mess up the order of existing plugins. You can check the order of existing plugins in the config-default.yaml file and open the Apache APISIX Plugin Development Guide to determine.
-
Your opinion on Kong
Their use of etcd was a hard pass for me; I don't need more etcd in my life
-
The Ultimate Beginner’s Guide to Open Source Contribution
Apache APISIX Apache APISIX is an open source, dynamic, real-time, high-performance cloud native API gateway. APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more. Official website https://apisix.apache.org/ GitHub projects APISIX (the core): https://github.com/apache/apisix GitHub - apache/apisix: The Cloud-Native API Gateway GitHub - apache/apisix-dashboard: Dashboard for Apache APISIX GitHub - apache/apisix-website: Apache APISIX Website GitHub - apache/apisix-docker: the docker for Apache APISIX GitHub - apache/apisix-go-plugin-runner: Go Plugin Runner for APISIX GitHub - apache/apisix-java-plugin-runner: APISIX Plugin Runner in Java GitHub - apache/apisix-python-plugin-runner: Apache APISIX Python plugin runner GitHub - apache/apisix-helm-chart: Apache APISIX Helm Chart GitHub - apache/apisix-ingress-controller: ingress controller for K8s
-
A poor man's API
Grafana configuration. Most of it comes from the configuration provided by APISIX.
What are some alternatives?
apisix-opa-plugin
Kong - 🦍 The Cloud-Native API Gateway and AI Gateway.
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
haproxy-lua-http - Simple Lua HTTP helper && client for use with HAProxy.
emissary - open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
envoy - Cloud-native high-performance edge/middle/service proxy
lua-resty-auto-ssl - On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
tyk-operator - Tyk Operator for Kubernetes
gloo - The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
easegress - A Cloud Native traffic orchestration system
docker-jitsi-meet - Jitsi Meet on Docker
Docker Compose - Define and run multi-container applications with Docker