It has been more than half a year since Apache APISIX last released LTS. Today, the Apache APISIX community is bringing a new VERSION of LTS — 2.13.0. Not only is the LTS version more stable in performance, but it also supports more observability, service discovery plug-ins, and a more complete multi-language development architecture.

If you want to try out new features while still looking for overall stability, consider upgrading your existing Apache APISIX to 2.13.0. In the future, the community will release a series of patch versions based on version 2.13.0.

Update function

New: No longer exposes apis by default

Prior to 2.13.0, we allowed plug-ins to register apis that could be called by clients. For example, the jWT-Auth plug-in registers a JWT-signed interface that clients can access to generate signatures for validation. But this design has a potential flaw — because it exposes interfaces rather than routes, it cannot be secured in the same way as routes. Although the existing mechanism allows users to intercept interface access by writing corresponding Plugin interceptor, this approach still has security risks.

So starting with version 2.13.0, we decided to make a major change and no longer expose API** by default. ** If the user needs to expose the interface, it needs to bind the interface to the corresponding route through the public-API plug-in. This approach brings two benefits:

  1. Registered apis will have greater visibility, currently registered apis will only take effect through display configuration, access is also user-defined.
  2. Allows for more security protection options and the same permission control for registered apis and routes.

Of course, there are other new changes in version 2.13.0, such as fixing inappropriate behavior in previous versions. For details about optimization, see 2.13.0 Changelog.

New features: More monitoring systems at the observability level

As an API gateway, Apache APISIX has been working on connecting more services and connecting more observable upstream and downstream. We’ve built on this in every release, and 2.13.0 is no exception.

This time we have added a tracing plug-in: ** OpentElemetry ****, which allows you to send OpentElemetry tracing data to a configured collector. ** Let’s take a quick look at an example.

Set collector in static configuration:

plugin_attr:
  opentelemetry:
    resource:
      service.name: APISIX
      tenant.id: business_id
    collector:
      address: "127.0.0.1:4317"
    batch_span_processor:
      drop_on_queue_full: false
      max_queue_size: 6
      batch_timeout: 2
      inactive_timeout: 1
      max_export_batch_size: 2
Copy the code

Tracing can then be opened on specific routes:

curl http://127.0.0.1:9080/apisix/admin/routes/1  -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "methods": ["GET"], "uris": [ "/uid/*" ], "plugins": { "opentelemetry": { "sampler": { "name": "Always_on"}}}, "upstream" : {" type ":" roundrobin ", "nodes" : {" 127.0.0.1:8089 ": 1}}} '
Copy the code

Requests that match the route will report OpenTelemetry data to the corresponding Collector.

In addition, we have added two logging plug-ins that support reporting logs to ClickHouse and Loggly.

ClickHouse is one of the fastest OLAP databases on the surface. Apache APISIX supports sending Access logs and error logs to ClickHouse as shown in the following example:

curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "plugins": { "clickhouse-logger": { "user": "default", "password": "a", "database": "default", "logtable": "Test", "endpoint_addr" : "http://127.0.0.1:8123"}}, "upstream" : {" type ":" roundrobin ", "nodes" : {" 127.0.0.1:1980 ": 1 } }, "uri": "/hello" }'
curl http://127.0.0.1:9080/apisix/admin/plugin_metadata/error-log-logger -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "clickhouse": { "user": "default", "password": "a", "database": "error_log", "logtable": "t", "endpoint_addr": "Http://127.0.0.1:8123"}} '
Copy the code

Loggly is SolarWinds’ log processing SaaS platform that supports sending Access logs via Syslog or HTTP/HTTPS. The following is an example:

Configuring the Reporting Mode

curl http://127.0.0.1:9080/apisix/admin/plugin_metadata/loggly -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "protocol": "http" }'
Copy the code

Configure routes to be reported

curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "plugins":{ "loggly":{ "customer_token":"xxx", } }, "upstream":{ "type":"roundrobin", "Nodes" : {" 127.0.0.1:80 ": 1}}," uri ":"/index. The HTML "} '
Copy the code

A more complete multi-language development system

Apache APISIX supports Proxy Wasm SDK (Wasm SDK) since version 2.11, but the LTS version has not provided corresponding support. In this release, we have added and improved this feature in Apache APISIX 2.13.0.

After six months of development with over 10,000 lines of code (including tests and documentation), APISIX now fully supports running Wasm code in the four phases of processing request headers, request bodies, response headers, and response bodies. Version 2.13.0 is the first LTS release to support Wasm and is a new milestone.

In addition to Wasm, we are also developing a traditional rPC-based multi-language plug-in architecture. Not long ago, we released Python Runner 0.2.0. We’ll be releasing Go Runner 0.3.0 in a few days.

Bug fix

  • SkyWalking and OpenTelemetry did not track authentication failures.

  • Log-rotate Logs cannot be cut on an hour.

  • Deepcopy does not copy metatable.

  • Request-validate handles duplicate keys in JSON.

  • Prometheus duplicates metrics.

  • Conf. Method in proxy-rewrite does not take effect when conf. Headers is missing.

  • Traffic-split Failed to match the first rule when it failed.

  • Etcd timeout triggers resync_delay.

  • Proto defines a conflict.

  • The limit-count configuration remains unchanged, and the counter is reset.

  • The plugin-metadata and global-rule counts of the Admin API are incorrect.

  • Labels are lost when route and service are merged.

For more details

In addition to the above features and components, Apache APISIX version 2.13.0 has been updated with the following features:

  • Grpc-transcode is supported.pbThe file handles proto definitions with import.
  • Support for obtaining upstream nodes from K8s configuration.
  • newcsrfPlugin to provide cross-site request forgery protection.
  • newmockingPlug-in for easy generation of test data.