开源API网关大全
[TOC]
1. Kong
Kong官网
Kong开源
Openresty + Lua 技术栈
Kong是一个云原生,快速,可扩展和分布式微服务抽象层(也称为API网关,API中间件或在某些情况下为Service Mesh)。 作为2015年的开源项目,其核心价值在于高性能和可扩展性。
Kong积极维护,广泛应用于从创业公司到Global 5000以及政府组织等公司的生产。
Features
- Cloud-Native: Platform agnostic, Kong can run from bare metal to
Kubernetes. - Dynamic Load Balancing: Load balance traffic across multiple upstream
services. - Hash-based Load Balancing: Load balance with consistent hashing/sticky
sessions. - Circuit-Breaker: Intelligent tracking of unhealthy upstream services.
- Health Checks: Active and passive monitoring of your upstream services.
- Service Discovery: Resolve SRV records in third-party DNS resolvers like
Consul. - Serverless: Invoke and secure AWS Lambda or OpenWhisk functions directly
from Kong. - WebSockets: Communicate to your upstream services via WebSockets.
- OAuth2.0: Easily add OAuth2.0 authentication to your APIs.
- Logging: Log requests and responses to your system over HTTP, TCP, UDP,
or to disk. - Security: ACL, Bot detection, whitelist/blacklist IPs, etc…
- Syslog: Logging to System log.
- SSL: Setup a Specific SSL Certificate for an underlying service or API.
- Monitoring: Live monitoring provides key load and performance server
metrics. - Forward Proxy: Make Kong connect to intermediary transparent HTTP proxies.
- Authentications: HMAC, JWT, Basic, and more.
- Rate-limiting: Block and throttle requests based on many variables.
- Transformations: Add, remove, or manipulate HTTP requests and responses.
- Caching: Cache and serve responses at the proxy layer.
- CLI: Control your Kong cluster from the command line.
- REST API: Kong can be operated with its RESTful API for maximum
flexibility. - Geo-Replicated: Configs are always up-to-date across different regions.
- Failure Detection & Recovery: Kong is unaffected if one of your Cassandra
nodes goes down. - Clustering: All Kong nodes auto-join the cluster keeping their config
updated across nodes. - Scalability: Distributed by nature, Kong scales horizontally by simply
adding nodes. - Performance: Kong handles load with ease by scaling and using NGINX at
the core. - Plugins: Extendable architecture for adding functionality to Kong and
APIs.
点评: 开源版本功能基本够用
2. Gravitee
Gravitee官网
Gravitee开源
开发语言:java
Gravitee.io – API Management – OpenSource API Gateway
网关是Gravitee.io平台的核心组件。 您可以将其与“智能”代理进行比较,以了解其目标。
与传统的HTTP代理不同,网关能够根据您的需要将策略(即规则)应用于HTTP请求和响应,这意味着您可以通过添加转换,安全性和许多其他疯狂功能来增强请求和响应处理!
主要功能特性
- REST API:通过 Web UI 执行的每个操作都使用内部的 Rest API
- 一键部署:只需单击一下,API 就会部署到每个 Gravitee.io 网关,并且可以随时使用
- 高可扩展:可以轻松地将新的 Gravitee.io 网关添加到集群中。并且数据已同步,无需浪费时间进行配置
- 自定义策略:Gravitee.io 提供了许多开箱即用的策略(速率限制、CORS、IP过滤等)。如果还不够,可以自己进行开发
- 健康检测:作为 API 提供商,请为你的服务添加运行状况检查,并向你的用户提供有关 API 可用性的反馈
点评: 功能非常全,自带的dashboard也非常好用
3. Zuul
Zuul官网
Zuul开源
开发语言:java
Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more.
Zuul是一种网关服务,可提供动态路由,监控,弹性,安全性等。
- Authentication and Security – identifying authentication requirements for each resource and rejecting requests that do not satisfy them.
- Insights and Monitoring – tracking meaningful data and statistics at the edge in order to give us an accurate view of production.
- Dynamic Routing – dynamically routing requests to different backend clusters as needed.
- Stress Testing – gradually increasing the traffic to a cluster in order to gauge performance.
- Load Shedding – allocating capacity for each type of request and dropping requests that go over the limit.
- Static Response handling – building some responses directly at the edge instead of forwarding them to an internal cluster
- Multiregion Resiliency – routing requests across AWS regions in order to diversify our ELB usage and move our edge closer to our members
点评: 用Spring Cloud全家桶首选
4. Tky
Tyk官网
Tyk开源
开发语言:golang
Tyk Open Source API Gateway written in Go
Tyk是一个轻量级的开源API网关,管理平台使您能够控制访问API的人员,访问API以及访问API的方式。 Tyk还将记录用户如何与您的API进行交互以及出现问题时的详细分析。
Key Features of Tyk
Tyk offers powerful, yet lightweight features that allow fine grained control over your API ecosystem.
- RESTFul API – Full programmatic access to the internals makes it easy to manage your API users, keys and Api Configuration from within your systems
- Multiple access protocols – Out of the box, Tyk supports Token-based, HMAC Signed, Basic Auth and Keyless access methods
- Rate Limiting – Easily rate limit your API users, rate limiting is granular and can be applied on a per-key basis
- Quotas – Enforce usage quotas on users to manage capacity or charge for tiered access
- Granular Access Control – Grant api access on a version by version basis, grant keys access to multiple API’s or just a single version
- Key Expiry – Control how long keys are valid for
- API Versioning – API Versions can be easily set and deprecated at a specific time and date
- Blacklist/Whitelist/Ignored endpoint access – Enforce strict security models on a version-by-version basis to your access points
- Analytics logging – Record detailed usage data on who is using your API’s (raw data only)
Webhooks – Trigger webhooks against events such as Quota Violations and Authentication failures - IP Whitelisting – Block access to non-trusted IP addresses for more secure interactions
- Zero downtime restarts – Tyk configurations can be altered dynamically and the service restarted without affecting any active request