The author ju Zhiyuan, Apache APISIX PMC, responsible person of products and big front-end technology of Tributary Technology Enterprise. By reading this article, you can learn about Apache APISIX and its basic usage scenarios, and how Apache APISIX integrates “drag and drop” plug-in choreography capabilities in the face of low code trends.

What is Apache APISIX?

Apache APISIX is a production-ready, seven-tier, full traffic processing platform that acts as an API gateway to handle business entry traffic with extremely high performance and ultra-low latency. It has more than 50 built-in plug-ins, covering authentication, security protection, flow control, Serverless, observability and other aspects, which can meet the common use scenarios of enterprise customers.

As shown in the following architecture diagram, Apache APISIX is divided into two parts: the data plane (left) and the control plane (right). The control plane sends configuration to ETCD, and the data plane processes internal and external traffic with the help of a variety of plug-ins.

Apache APISIX exposes a set of interfaces that make it easy to bind plug-ins to apis. If we want to add limit-limiting capabilities to our API, we simply bind limit-req to our API:

Curl -x PUT http://127.0.0.1:9080/apisix/admin/routes/1 - d '{" uri ":"/get ", "the methods:" [] "get", "upstream" : {" type ": "roundrobin", "nodes": { "httpbin.org:80": 1 } }, "plugins": { "limit-req": { "rate": 1, "burst": 2, "rejected_code": 503, "key": "remote_addr"}}} 'Copy the code

After the call is successful, the rate limit is controlled when the request reaches the API. This example uses limit-req for API speed limiting (specific functionality), but what about scenarios where the processing logic for subsequent requests is determined based on the processing results of a plug-in? At present, the existing plug-in mechanism cannot meet this requirement, so the ability of plug-in choreography is introduced to solve this problem.

What is plug-in choreography?

Plug-in choreography is a form of low code, which can help enterprises reduce usage cost and increase operation and maintenance efficiency. It is an indispensable ability in the process of enterprise digital transformation. With the plug-in choreography capabilities in Apache APISIX, a low-code API gateway, we can easily combine and orchestrate 50+ plug-ins in a “drag and drop” manner, and the orchestrated plug-ins can also share context information, ultimately meeting the requirements of the scene.

Extending the above API rate limiting scenario: The key-Auth plug-in is used for identity authentication. If the authentication succeeds, the Kafka-Logger plug-in takes over and logs. If the authentication fails (the plug-in returns the 401 status code), the limit-req plug-in is used to limit the speed.

See the following video: www.bilibili.com/video/BV1J5…

In this video, the Web interface lists the existing plugins and artboards, and you can drag and drop the plugins onto the artboards to arrange them, fill in the data bound to the plugins, and then complete the process. Throughout the process:

  1. Operation visualization: / We can not only use interface visualization to create API, but also through the choreography ability intuitive, clear scene design;
  2. Reuse of process: By importing and exporting the JSON data of the drawing board, engineering data generated by orchestration can be easily reused;
  3. Combine new “plug-ins” : Treat each scenario as a plug-in, and create plug-ins by combining different plug-ins using conditional components.

Realize the principle of

So how does Apache APISIX combine with low code capabilities? This requires the Apache APISIX Dashboard on the data surface and the Apache APISIX Dashboard on the control surface. The overall process is as follows:

Apache APISIX

In Apache APISIX, we added script execution logic to the Route entity (PR: github.com/apache/apis…). Can be used to receive and execute the Lua functions generated by Dashboard, and it supports calling existing plug-ins to reuse code. In addition, it also applies to various stages of the life cycle of HTTP requests, such as access, header_filer, body_filter, etc., and the system will automatically execute the script function corresponding to the corresponding stage code at the corresponding stage, as shown in the following script example:

{
  "script": "local _M = {} \n function _M.access(api_ctx) \n ngx.log(ngx.INFO,"hit access phase") \n end \nreturn _M"
}
Copy the code

Apache APISIX Dashboard

Dashboard consists of two sub-components, Web and ManagerAPI: Web provides a visual interface for configuring the API gateway; The ManagerAPI is used to provide RESTful apis that Web or other clients can call to manipulate the configuration center (ETCD by default), thereby indirectly controlling Apache APISIX.

To generate valid and valid script functions, ManagerAPI uses DAG directed acyclic graph data structure for the underlying design and develops the Dag-to-Lua project (GitHub: github.com/api7/dag-to…). : It takes the root node as the start node and decides the next flow plug-in according to the judgment conditions, which effectively avoids the logical loop. The following is a schematic diagram of DAG data structure:

Corresponds to a script parameter received by the ManagerAPI as shown in the following example:

{ "conf": { "1-2-3": { "name": "plugin-a", "conf": { ... } }, "4-5-6": { "name": "plugin-b", "conf": { ... } }, "7-8-9": { "name": "plugin-c", "conf": { ... }}}, "rule" : {" root ":" 1-2-3 ", / / the start node ID "1-2-3" : [[code = = "200", "4-5-6"], [" ", "7-8-9"]]}}Copy the code

After the client converts the final marshaled data to the above format, the ManagerAPI uses the Dag-to-Lua project to generate lua functions that Apache APISIX executes.

On the Web side, after selection, comparison and project verification, we chose ant Financial’s open source X6 graph editing engine as the underlying framework of the plug-in layout Web part. In addition to perfect and clear documents, a series of out-of-box interactive components and the ability of node customization are also the reasons for our choice.

During the choreography implementation, we abstracted the concept of common components and plug-in components: common components are start nodes, end nodes, and conditional judgment nodes, and plug-in components are every available Apache APISIX plug-in, which is choreographed by dragging and dropping them onto the artboard. As shown in the figure:

In drag, we need to restrict a set of boundary conditions. Here are a few examples:

When the plug-in is not configured, the system will display an error message “there is an unconfigured component”. You can intuitively see which plug-in does not have configuration data:

When editing an API, if the API has been bound with plug-in data, the system will display a warning message after detection when using plug-in choreography mode. Only when the user clearly confirms that the system wants to use the choreography mode, the system can continue. This effectively prevents API data from being mishandled.

In addition, there are cases such as the start element having only one output and the conditional element having only one input. Consider: if the system allows users to operate without restrictions, unreasonable combination of plug-ins is meaningless and will produce unexpected errors, so the continuous enrichment of boundary conditions is also a problem that needs to be considered when designing the layout of plug-ins.

When we are finished with the choreography, we will use the API exposed by X6 to generate JSON data for the flowchart, which will then be converted into DAG data needed by the system, and finally generate Lua functions.

future

By drag-and-drop, users can easily combine plug-ins to meet different scenarios, improving the EXTENsibility of the API gateway and the operation and maintenance experience. In actual use, there are the following problems that can be further optimized:

  1. At present, the boundary judgment conditions of components are not rich enough. By improving these conditions, unreasonable arrangement and combination can be reduced.
  2. At present, there are not many examples of choreography, so more reference examples are provided for developers to learn and users to use.
  3. Apache APISIX currently uses the code defined by the plug-in for status return (exception return status code, request termination). It can support more HTTP Response fields and even modify the plug-in definition to extend the plug-in orchestration capabilities, such as the following plug-in definition:
Local _M = {version = 0.1, priority = 2500, type = 'auth', name = plugin_name, schema = schema, You can store the results of a plug-in run and pass them to the next plug-in. result = { code = { type = "int" } } }Copy the code

About the Apache APISIX

Apache APISIX is a dynamic, real-time, high-performance open source API gateway that provides rich traffic management features such as load balancing, dynamic upstream, grayscale publishing, service circuit breaker, authentication, observability, and more. Apache APISIX helps enterprises quickly and securely handle API and microservice traffic, including gateways, Kubernetes Ingress, and service grids.

World has hundreds of companies using Apache APISIX processing key business flow, covering financial, Internet, manufacturing, retail, operators, etc., such as NASA (NASA), the European Union, letter of digital factory, Air China, China mobile, tencent, huawei, weibo, netease, shell to find room, 360, taikang, nai snow tea, etc.

More than 200 contributors contribute to Apache APISIX, the world’s most active open source gateway project. Smart developers! Join this vibrant and diverse community to bring more good to the world!

  • Apache APISIX project address: github.com/apache/apis…
  • Apache APISIX website: apisix.apache.org/zh/