API网关在微服务架构中的应用

如果无法正常显示,请先停止浏览器的去广告插件。
分享至:
1.
2.
3. S2 7 1 A 5 P I I 0
4. 演讲大纲
5. )( ( ( )
6.
7. ) B ( ( ( ( (
8.
9. ☺ " ☺ " ☺ " "
10.
11. A D )( A B D B D B D B + + + + api.yourcompany.com C + + + +
12. ü ü ü ü ü
13.
14.
15. - O . . - F API网关 - § § § IP IP AM O . - CK A
16. / https://api.your-company.com API网关 / § § Provider 2
17. J / CI H A2 /
18. KEY/SECRET 摘要签名鉴权 K N POST /users HTTP/1.1 Host: api.foo.com Content-Type: application/json { "userId“: 101, "userName": "Jack" } POST 2019-06-02T23:22:33Z AeWvOOgP7Gg7Ydd23 123432 F41CAA3A-A096-48CD-AD53-BA5430D30C94 1474274624962 /users POST /users HTTP/1.1 Host: api.foo.com Content-Type: application/json X-Ca-Key: 1234328892 Date: 2019-06-02T23:22:33Z X-Ca-Nonce: F41CAA3A-A096-48CD-AD53- BA5430D30C94 X-Ca-Timestamp:1474274624962 Content-MD5: AeWvOOgP7Gg7Ydd23 X-Ca-Signature-Headers: X-Ca-Key,X-Ca- Nonce,X-Ca-Timestamp X-Ca-Signature:2WvOOgP7Gg7Yd9879832dsdfsdf= API网关 { "userId“: 101, "userName": "Jack" } signature = HmacSHA256(stringToSign, secret) HmacSHA1 HmacSHA256 HmacMD5 SHA256withRSA … K
19. C ey1234abcdefegJIUzI1NiIsInR5cCI6Ikp1234 56.JzdWIiOiIxkwIiwibm1234563ODFtZSI6Ikp vaG4gR1234abcdedfgjoxNTE2XYUSDFGMDIyfQ. Abcdefgjijkl12345T4fwpMeJf36POk6yJV_adQ ssw5c API网关 GET /orders X-JWT-Token: ey1234abcdefegJIUzI1NiIsInR5cCI6Ikp1234 56.JzdWIiOiIxkwIiwibm1234563ODFtZSI6IkpvaG 4gR1234abcdedfgjoxNTE2XYUSDFGMDIyfQ.Abcdef gjijkl12345T4fwpMeJf36POk6yJV_adQssw5c GET /orders X-UserName: Jack X-UserId: 10001 A + + { "alg": "HS256", "typ": "JWT" } { "userId": "10001", "userName": "Jack", "userRole": "User", "iat": 1516239022 } E § B A + +
20. /+ { GET /orders/10002 X-JWT-Token: ey1234abcdefegJIUzI1NiIs InR5cCI6Ikp123456.JzdWIiO iIxkwIiwibm1234563ODFtZSI6I kpvaG4gR1234abcdedfgjoxNTE2 XYUSDFGMDIyfQ.Abcdefgjijk l12345T4fwpMeJf36POk6yJV _adQssw5c "alg": "HS256", "typ": "JWT" } { "userId": "10001", "userName": "Jack", "userRole": "User", "iat": 1516239022 } allowPolicies: - name: userId condition: "$userId = $JwtClaims.userId" API网关 + HTTP/1.1 403 Access Denied
21. 参数的校验与映射 GET /users/1002 HTTP/1.1 Host: api.foo.com "/users/{userId}": GET: x-aliyun-apigateway-mapping-mode: mapping x-aliyun-apigateway-backend: address: http://100.67.8.10:18088 method: POST path: getUserInfo parameters: - name: userId in: path name: integer required: true x-aliyun-apigateway-backend-location: formData - name: filter in: query required: false default: summary type: string x-aliyun-apigateway-backend-location: formData API网关 § § § POST /getUserInfo HTTP/1.1 userId=1002&filter=summary
22. 常量参数与系统参数 GET /users/1002 HTTP/1.1 Host: api.foo.com ... x-aliyun-apigateway-constant-parameters: - name: version location: formData value: 1.0 x-aliyun-apigateway-system-parameters: - systemName: CaClientIp location: header name: X-ClientIp API网关 § § POST /getUserInfo HTTP/1.1 X-ClientIp: 63.232.33.3 userId=1002&filter=summary&versi on=1.0
23. 处理CORS跨域资源访问 OPTIONS /cors HTTP/1.1 Origin: http://api.bob.com Access-Control-Request-Method: PUT Access-Control-Request-Headers: X-Custom-Header Host: api.alice.com Accept-Language: en-US Connection: keep-alive User-Agent: Mozilla/5.0... allowOrigins: api.bob.com allowMethods: GET,POST,PUT,PATCH allowHeaders: X-Custom-Header allowCredentials: true API网关 § § HTTP/1.1 200 OK Date: Mon, 01 Dec 2008 01:15:39 GMT Server: Apache/2.0.61 (Unix) Access-Control-Allow-Origin: http://api.bob.com Access-Control-Allow-Methods: GET, POST, PUT, PATCH Access-Control-Allow-Headers: X-Custom-Header Content-Type: text/html; charset=utf-8 Content-Encoding: gzip Content-Length: 0 Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Type: text/plain
24. API缓存 varyByParameters: - userId varyByHeaders: - Accept - Accept-Language GET /users/1002 HTTP/1.1 Host: api.foo.com API网关 HTTP/1.1 200 Cache-Control: duration=900 § § { “name”: “Jack”, “age”: 24 ”role”: user }
25. 参数路由 VIP routes: - name: vipService backend: address: 172.16.0.11 condition: "$CaAppKey = ‘100666’” - name: experienceService backend: address: 172.16.0.15 condition: "$CaUserAgent = '2.0.0'" .. & 0 1 § § A2 & :=2 6 A 2
26. 蓝绿发布(灰度发布) routes: - name: blueGreen1 backend: address: 172.16.0.24 condition: "Random() < 0.05" 5 § § 5 % %
27. 流量复制 . replicates: - name: alphaTest backend: address: 172.16.0.17 condition: "Random() < 0.10" % § § 1A 0 .
28. 流量控制 § § § §
29. ( ( ) )
30. 断路器与服务降级 § § §
31. entry: if (not expired) { return CIRCUIT_BREAKER_OPEN } state = HALF_OPEN leave: entry: if (over max concurrent) { return BUSY; } leave: if (too many timeouts) { state = OPEN expired = now + OPEN_EXPIRES } entry: if (over half_open concurrent) { return CIRCUIT_BREAKER_OPEN } leave: if (success over threshold) { state = CLOSE } if (failed over threshold) { state = OPEN expired = now + HALF_OPEN_EXPIRES }
32. HTTP 404 X-Ca-Error-Message: Role Not Exist mapping HTTP 200 OK Content-Type:applica6on/json { "req_msg_id":"d02afa56394f458e1772", "result_code":"ROLE_NOT_EXISTS” }
33.
34. API元数据定义与管理 I O P / / > § § EA N
35.
36. 管理API的整个生命周期
37. R • • • • • • • • c T t b o A • • • • • • • W / D r S CP • • • • • • O Ma J k w • • • • • • K IH e t tg
38. 1
39. : A ., . // ., . ,
40. API市场
41. PK PK C7 I 6 9 8 23 1 5 A 1 4 1
42. API Gateway
43. 关注msup微信公众账号 关注高可用架构公众账号 获取更多技术实践干货 改变互联网的构建方式

Accueil - Wiki
Copyright © 2011-2024 iteam. Current version is 2.139.0. UTC+08:00, 2024-12-27 01:53
浙ICP备14020137号-1 $Carte des visiteurs$