最近,有几个老项目需要做一些限流、安全、灰度发布等这些方面的升级。由于项目中也一直在用Nginx做请求转发。所以在在OpenResty,Kong、APISIX三者之间初步对比了一下。从性能、功能和易用性的角度考虑,最终初步选择APISIX这玩意。
对于安装。我本人是比较偏向于,源码或者二进制手动安装。在安装APISIX时,其他都准备就绪了,就在安装APISIX时,很多代码拉不下来。导致我从源码安装到放弃。最终选择Docker方式
安装etcd
去Githubhttps://github.com/etcd-io/etcd/releases/下载编译好的二进制.
先创建好配置文件。
1
2
3
| mkdir -p /etc/etcd/
cd /etc/etcd/
vim etcd.yaml
|
复制一下内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
| # This is the configuration file for the etcd server.
# Human-readable name for this member.
name: 'etcd1'
# Path to the data directory.
data-dir:
# Path to the dedicated wal directory.
wal-dir:
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://172.31.79.250:2380
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://172.31.79.250:2379
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://172.31.79.250:2380
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://172.31.79.250:2379
# Discovery URL used to bootstrap the cluster.
discovery:
# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'
# HTTP proxy to use for traffic to discovery service.
discovery-proxy:
# DNS domain used to bootstrap initial cluster.
discovery-srv:
# Initial cluster configuration for bootstrapping.
initial-cluster:
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'
# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false
# Enable runtime profiling data via HTTP server
enable-pprof: true
# Valid values include 'on', 'readonly', 'off'
proxy: 'off'
# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000
# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000
# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000
# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000
# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
client-transport-security:
# Path to the client server TLS cert file.
cert-file:
# Path to the client server TLS key file.
key-file:
# Enable client cert authentication.
client-cert-auth: false
# Path to the client server TLS trusted CA cert file.
trusted-ca-file:
# Client TLS using generated certificates
auto-tls: false
peer-transport-security:
# Path to the peer server TLS cert file.
cert-file:
# Path to the peer server TLS key file.
key-file:
# Enable peer client cert authentication.
client-cert-auth: false
# Path to the peer server TLS trusted CA cert file.
trusted-ca-file:
# Peer TLS using generated certificates.
auto-tls: false
# The validity period of the self-signed certificate, the unit is year.
self-signed-cert-validity: 1
# Enable debug-level logging for etcd.
log-level: debug
logger: zap
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-outputs: [stderr]
# Force to create a new one member cluster.
force-new-cluster: false
auto-compaction-mode: periodic
auto-compaction-retention: "1"
|
1
2
3
4
5
| wget https://github.com/etcd-io/etcd/releases/download/v3.5.7/etcd-v3.5.7-linux-amd64.tar.gz
tar -xvf etcd-v3.5.7-linux-amd64.tar.gz
cd etcd-v3.5.7-linux-amd64
cp -a etcd etcdctl /usr/bin/
nohup etcd --config-file /etc/etcd/etcd.yaml >/tmp/etcd.log 2>&1 & #后台启动etcd
|
安装Docker
添加阿里镜像源
1
| yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
|
安装Docker
1
| yum install docker-ce docker-ce-cli containerd.io
|
启动Docker服务
设置Docker开机自动启动
1
| systemctl enable docker
|
Docker compose安装
下载并安装
1
| curl -SL https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
|
上面这个地址非常慢,有时候直接连不通,具体原因,大家肯定都知道。所以下载用国内的镜像地址吧
1
| sudo curl -L https://get.daocloud.io/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
|
去下载源码https://github.com/apache/apisix-docker.git。cd apisix-docker/example进入到example目录
由于etcd我是以二进制方式安装,那么apisix_conf和dashboard_conf里面的etcd配置信息改为实际地址和端口。
1
2
3
4
5
| etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://172.31.79.250:2379" # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
|
另外docker-compose-arm64.yml里面的ETCD去掉,再去掉depends_on,删除下面这段
接下来执行启动命令docker-compose -f docker-compose-arm64.yml -p docker-apisix up -d
这样,APISIX便搭建好了
我们使用dashboard_conf文件夹中conf.yaml文件里的users属性来登录APISIX.
创建APISIX服务
上游类型可以是,固定维护的节点或者是服务注册
服务注册中心支持目前比较主流的注册中心
这里我们选择的是节点方式
这时候,我们就可以去访问9080端口的/web1/路径
刷新一下页面。请求会转发到另外一个服务上
APISIX初步安装完成,基本功能我们可以基于web UI界面配置完成,还可以借助插件来保护我们的服务,让服务更加稳定、安全。接下来就是进一步的探究APISIX提供的插件。
