⛅️ Beyond The Clouds

Apache APISIX in Action

2 min read

Description

APISIX Ingress Controller offers more complex routing rules, rate limiting, circuit breaking, and other advanced features. It provides a rich plugin system, allowing integration of plugins through APISIX Ingress CRD using declarative configuration to handle authentication, authorization, monitoring, logging, and other functionalities. This enriches the capabilities of the APISIX Ingress Controller and simplifies configuration.

Requirements

  1. A running Elastic Kubernetes Service Cluster. You can use AKS, GKE, minikube
  2. AWS EBS CSI Driver Add-on Installed (Link)
  3. Kubectl installed
  4. Helm

Setup in Kubernetes using Helm

Documentation can be found here Blog page can be found here

  1. Install apisix and the ingress controller:
helm repo add apisix https://charts.apiseven.com
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
#  We use Apisix 3.0 in this example. If you're using Apisix v2.x, please set to v2
ADMIN_API_VERSION=v3
helm install apisix apisix/apisix \
  --set gateway.type=LoadBalancer \
  --set ingress-controller.enabled=true \
  --create-namespace \
  --namespace ingress-apisix \
  --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix \
  --set ingress-controller.config.apisix.adminAPIVersion=$ADMIN_API_VERSION \
  --set apisix.ssl.enabled=true
kubectl get service --namespace ingress-apisix
  1. Install Cert manager
helm repo add jetstack https://charts.jetstack.io
helm install cert-manager jetstack/cert-manager \
	--namespace cert-manager \
	--create-namespace \
	--version v1.14.4
  1. Create LetsEncrypt-prod Certificate ClusterIssuer
cat > letsencrypt_issuer.yaml <<EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  annotations:
  name: letsencrypt-prod
spec:
  acme:
    email: platform@savannahinformatics.com
    privateKeySecretRef:
      name: letsencrypt-prod
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          class: kong
          podTemplate:
            metadata:
              annotations:
                kuma.io/sidecar-injection: "false"
                sidecar.istio.io/inject: "false"
            spec: {}
 
kubectl apply -f letsencrypt_issuer.yaml
  1. Configuring a sample Ingress resource
# use v1beta1 if your Kubernetes cluster version is older than v1.19.0
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: httpserver-ingress
  namespace: httpserver
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  # we use APISIX Ingress and it watches Ingress resources with "apisix" ingressClassName
  ingressClassName: apisix
  rules:
  - host: local.httpbin.org
    http:
      paths:
      - backend:
          service:
            name: httpbin
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - local.httpbin.org
    secretName: tls-httpbin-ingress
  1. Apply it
kubectl apply -f httpbin-ingress.yaml

Setup in VM using Ansible

Blogs

Setup an API-Gateway With Ingress Controller in a Kubernetes Cluster

https://medium.com/codex/setup-an-api-gateway-with-ingress-controller-in-a-kubernetes-cluster-78768281abbb

Announcing open-appsec WAF integration with Apache APISIX API Gateway

open-appsec announces its new integration with APISIX gateway.
https://www.openappsec.io/post/announcing-open-appsec-WAF-integration-with-Apache-APISIX-API-Gateway

Demo in Linux, Docker and K8S

Graph View

Backlinks