OT but are any ingress/gateway systems using uring yet?<p>Really enjoyed reading CloudFlare's justification for wrtiting Pingora gateway recently[1], a similar-ish system. Im interested to see what systems tech (what system calls) it ends up using.<p>There's a ton of really great ingress/gateway tech out there. Kubernetes has a sublist that's pretty long[2]. There's a good comparison matrix[3] I ran into & it immediately made me very interested in APISIX (<i>lots</i> of box ticking). I think at one point I'd also run into a benchmark somewhere & they were quite performant, top tier. Would be interested to know more about tbeir chosen architecture & what if any performance optimizations they have planned/roadmapped/are-thinking-about.<p>[1]
<a href="https://blog.cloudflare.com/how-we-built-pingora-the-proxy-that-connects-cloudflare-to-the-internet/" rel="nofollow">https://blog.cloudflare.com/how-we-built-pingora-the-proxy-t...</a>
<a href="https://news.ycombinator.com/item?id=32836661" rel="nofollow">https://news.ycombinator.com/item?id=32836661</a>
(362points, 1d ago, 92comments)<p>[2] <a href="https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/" rel="nofollow">https://kubernetes.io/docs/concepts/services-networking/ingr...</a><p>[3] <a href="https://kubedex.com/ingress/" rel="nofollow">https://kubedex.com/ingress/</a>
“envoy” is another popular option and they are building a gateway solution for API/inbound traffic <a href="https://github.com/envoyproxy/gateway" rel="nofollow">https://github.com/envoyproxy/gateway</a>
Hey folks, here has one blog from APISIX’s initial authors, those points may help you understand APISIX better: <a href="https://api7.ai/blog/why-is-apache-apisix-the-best-api-gateway/" rel="nofollow">https://api7.ai/blog/why-is-apache-apisix-the-best-api-gatew...</a>
Some insights: Apache APISIX Slack channel[1] is under the Apache Software Foundation, and 1000+ members joined in to ask questions or share cases around Apache APISIX API Gateway or its Ingress Controller.<p>After asking users why they prefer Apache APISIX than other solutions, there have four important points:<p>1. Feature Rich: Many users need to use API Gateway with OpenID Providers (e.g., Auth0, Keycloak), other solutions sold this feature on Enterprise Product only. There has one How-to guide "Use Keycloak with API Gateway to protect your APIs".<p>2. Quick Support: Apache APISIX has many active contributors and maintainers, they keep watching activities on GitHub[3], Slack[1], Mailing List and other channels. When users ask questions, they respond quickly, the goal is to help users onboard quick.<p>3. Apache Project: After APISIX project was donated to the Apache Software Foundation, it means nobody can change its License any more, so enjoy Apache projects ([<a href="https://www.apache.org](https://www.apache.org)" rel="nofollow">https://www.apache.org](https://www.apache.org)</a>).<p>4. Benchmark is excellent, and the most active maintainer's explaination here[4]: LuaJIT + Nginx.<p>P.S Welcome to join Apache APISIX Slack[1] to discuss, and you can find many useful posts from its blog[5].<p>- 1. <a href="https://apisix.apache.org/slack" rel="nofollow">https://apisix.apache.org/slack</a>
- 2. <a href="https://apisix.apache.org/blog/2022/07/06/use-keycloak-with-api-gateway-to-secure-apis/" rel="nofollow">https://apisix.apache.org/blog/2022/07/06/use-keycloak-with-...</a>
- 3. <a href="https://github.com/apache/apisix" rel="nofollow">https://github.com/apache/apisix</a>
- 4. <a href="https://apisix.apache.org/blog/2021/08/25/why-apache-apisix-chose-nginx-and-lua/" rel="nofollow">https://apisix.apache.org/blog/2021/08/25/why-apache-apisix-...</a>
- 5. <a href="https://apisix.apache.org/blog" rel="nofollow">https://apisix.apache.org/blog</a>
For my use case, this would have to be incredibly awesome for it to justify self-hosting such a complex and critical system. My current go-to solutions are AWS API Gateway, Azure API Manager and Apigee.
The selling point for me was ability to configure it using Kubernetes CRD's and future support of the Gateway API (under development - <<a href="https://gateway-api.sigs.k8s.io/" rel="nofollow">https://gateway-api.sigs.k8s.io/</a>>).<p>Developers can version their API now within helm charts or even yaml templates held along the code in their repositories.
What is the main benefit to running a gateway? Auth should already be handled by the api and adding things like rate limiting, ip address filtering ,caching and so on are ridiculously trivial..