Apache APISIX Logo

Apache APISIX Gateway Provisioning

Laralord automates the deployment of Apache APISIX Gateway, a high-performance, Kubernetes-native ingress controller, within your Kubernetes cluster. APISIX manages ingress traffic, provides load balancing, TLS termination, and advanced routing for your Laravel applications. This page details the APISIX Gateway, APISIX Dashboard, and etcd database deployed by Laralord, including their configurations, features, and benefits for multi-tenant SaaS applications. For more information, refer to the official Apache APISIX documentation.

Secure Access Proxy to Apisix Dashboard
Secure access to APISIX Dashboard via Laralord’s SSO proxy

Apache APISIX Gateway Overview

Apache APISIX is a cloud-native, high-performance API gateway that serves as an ingress controller for Kubernetes clusters. It handles traffic routing, load balancing, TLS termination, and plugin-based extensibility, making it ideal for managing multi-tenant SaaS applications. Laralord provisions APISIX as a default service, along with the APISIX Dashboard for management and an etcd database for configuration storage.

APISIX Gateway Deployment Details

Laralord deploys Apache APISIX Gateway in the gateway namespace of your Kubernetes cluster using the official APISIX Helm chart (version 2.10.0). The deployment is configured for scalability, security, and integration with Kubernetes. Key aspects include:

  • Ingress Controller: APISIX is enabled as a Kubernetes ingress controller, managing ingress resources with API version v3 for advanced routing.
  • Load Balancer: Exposed via a LoadBalancer service, supporting TLS passthrough and configured with DigitalOcean-specific annotations for optimal performance.
  • Autoscaling: Configured with horizontal pod autoscaling, supporting 2 to 6 replicas based on load.
  • TLS Support: Enabled with TLSv1.2 and TLSv1.3 protocols, using port 9443 for secure traffic.
  • Admin API: Secured with randomly generated admin and viewer credentials stored in a Kubernetes secret, accessible from any IP (0.0.0.0/0).
  • Prometheus Monitoring: Integrated with Prometheus for metrics collection on port 9091.
  • Service Account and RBAC: Includes a dedicated service account and RBAC rules for secure Kubernetes interactions.

APISIX Dashboard

Laralord deploys the APISIX Dashboard (version 0.8.2, image tag 3.0.1-alpine) in the gateway namespace to provide a user-friendly interface for managing APISIX routes and configurations. Key details include:

  • Authentication: Secured with a randomly generated admin password and secret for user access.
  • etcd Integration: Connects to the etcd database in the databases namespace using root credentials.
  • Workaround for etcd Token Expiration: A daily Kubernetes CronJob restarts the APISIX Dashboard deployment to mitigate a known etcd token expiration issue, using a dedicated service account with permissions to patch deployments.
  • Logging: Configured to log errors at the "error" level for efficient troubleshooting.

etcd Deployment

Laralord deploys etcd (version 10.0.1) in the databases namespace as the backend storage for APISIX configurations. Key details include:

  • Purpose: etcd stores APISIX’s runtime configuration, routes, and plugins, ensuring high availability and consistency.
  • Authentication: Secured with a randomly generated root password for RBAC access.
  • Namespace: Deployed in the databases namespace, isolating it from other services.
  • Deployment Stability: Configured with a 300-second timeout to ensure reliable installation.

Key Features

The APISIX Gateway, Dashboard, and etcd deployment by Laralord provides the following features:

  • Advanced Routing: Supports complex routing rules, including path-based, host-based, and plugin-driven routing for multi-tenant applications.
  • TLS Termination: Handles TLS termination and passthrough, integrating with Laralord’s Cert Manager for certificate management.
  • Scalability: Autoscaling and LoadBalancer ensure high availability and performance under varying traffic loads.
  • User-Friendly Dashboard: The APISIX Dashboard provides an intuitive UI for managing routes, plugins, and configurations.
  • Monitoring: Prometheus integration enables real-time metrics for traffic and performance analysis.
  • Plugin Ecosystem: Supports a wide range of APISIX plugins for authentication, rate limiting, logging, and more.

Why Apache APISIX Gateway?

Apache APISIX is a leading API gateway chosen by Laralord for its performance, flexibility, and Kubernetes compatibility. Key advantages include:

  • Kubernetes-Native: Seamlessly integrates with Kubernetes as an ingress controller, supporting declarative configurations.
  • High Performance: Built for low latency and high throughput, ideal for SaaS applications with heavy traffic.
  • Extensive Plugin Support: Offers a rich ecosystem of plugins for customization, from security to analytics.
  • User-Friendly Management: The APISIX Dashboard simplifies route and plugin management, reducing complexity for developers.
  • Community and Support: Backed by a strong open-source community with extensive documentation and resources.

Integration with Laralord

APISIX Gateway is a core component of Laralord’s multi-tenant SaaS platform, enabling secure and scalable traffic management for tenants and applications. Key integrations include:

  • Tenant Routing: APISIX manages tenant-specific routes, supporting custom domains and path-based routing for isolated tenant environments.
  • SSO-Protected UI: Access the APISIX Dashboard through Laralord’s frontend, secured with Single Sign-On (SSO) and mTLS encryption.
  • Certificate Management: Integrates with Laralord’s Cert Manager to issue and renew TLS certificates via Let’s Encrypt, automatically applied to APISIX routes.
  • Vault Integration: APISIX uses secrets stored in Vault HashiCorp for secure admin and viewer credentials.
  • Argo CD Deployments: APISIX routes traffic to applications deployed via Argo CD, ensuring seamless access to tenant-specific services.
Laralord © 2024UI Build: 0.1.0-rc1-42-g4cde