Giters

rodrigoserracoelho / capi-gateway

Light API Gateway implemented with Apache Camel

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

This repository is being deprecated, please visit: CAPI-LB

Light API Gateway implemented with Apache Camel

Apache Con 2020 Presentation: https://www.youtube.com/watch?v=sEKCI8IBCfc

CAPI-Gateway-Diagram

Supports:

  • Light API Gateway powered by Apache Camel dynamics routes.
  • Customizable processors
  • Easy deployment of Swagger and Open API endpoints.
  • Keycloak integration, for API Manager and Deployed API's
  • REST endpoint to manage your API's.
  • Distributed tracing system (Zipkin)
  • Metrics (Prometheus)
  • Hawtio (JVM management console)
  • API Subscription Engine (Keycloak)
  • Traffic management (Apache Camel Kafka)
  • Analytics for the metrics (Grafana)
  • Error/Blocking strategies.

Soon available:

Example of an API definition

{
	"endpoints": [
		"your.app.node1:8080",
		"your.app.node2:8080"
	],
	"endpointType": "HTTP",
	"connectTimeout": 0,
	"socketTimeout": 0,
	"name": "api-name",
	"secured": true,
	"context": "api-context",
	"swagger": true,
	"swaggerEndpoint": "http://your.server/v2/api-docs",
	"blockIfInError": false,
	"maxAllowedFailedCalls": 0,
	"zipkinTraceIdVisible": false,
	"internalExceptionMessageVisible": false,
	"internalExceptionVisible": false,
	"returnAPIError": false,
	"unblockAfter": false,
	"unblockAfterMinutes": 0,
	"clientID": "your-app-role",
	"corsEnabled": true,
	"credentialsAllowed": true,
	"allowedOrigins": [
		"http://your.web.app:4300",
		"http://another.web.app:4400"
	],
	"throttlingPolicy": {
		"maxCallsAllowed": 10,
		"periodForMaxCalls": 60000,
		"applyPerPath": true
	}
}

Field Description

  • endpoints (Array) - If you specify more than one endpoint, then CAPI will load balance (round robin fashion)
  • endpointType (HTTP, HTTPS) - If you are exposing on HTTPS it is important to add your certificate to CAPI trust store. The API Manager exposes an API for managing your certificates.
  • connectTimeout (default 2 minutes) - You can specify the timeout for CAPI to try to connect to your endpoint.
  • socketTimeout (default 2 minutes) - You can specify the timeout for CAPI to wait for a response from your endpoint.
  • name (string)
  • context (string) - Context will be the path of your API in the CAPI environment. Ex.: https://localhost/gateway/yourcontext/
  • secured (boolean) (CAPI only supports Bearer JWT Tokens) - If true, CAPI will check:
    • If a token is provided.
    • It the provided token was signed by the Keycloak instance.
    • If the client and/or user subscribed to the role. (check clientID)
  • clientID (string) The API role on Keycloak.
  • swaggerEndpoint (string) - Your swagger endpoint
  • blockIfInError (boolean) - If true, and if your api retuns an error (!200) CAPI will suspend the route to the faulty path, for the amount of time defined in the field: unblockAfterMinutes and after the number of attempts defined in the field: maxAllowedFailedCalls
  • corsEnabled If true CAPI will allow pre-flight requests from browsers (AJAX calls).
  • allowedOrigins (Array) - If CORS is enabled then calls will be allowed to the declared origins.

Play with CAPI Gateway

Prerequisites

For Docker, please visit: https://github.com/rodrigoserracoelho/capi-docker

The default Keycloak contains a CAPI realm with the following defaults:

  • Admin user:
    • User: admin
    • Password: admin
  • Default client to get your first token and deploy an API:
    • Client ID: Manager
    • Credentials: manager:988404d3-38bd-4246-a923-8b772c213b88
  • Default client to login with a single page application (OpenID Connect - Implicit flow)
    • Client ID: rest
  • User to try the implicit flow:
    • User: test
    • Password: password

Get your first token:

curl --location --request POST 'https://localhost:8443/auth/realms/capi/protocol/openid-connect/token' \
--header 'Authorization: Basic bWFuYWdlcjo5ODg0MDRkMy0zOGJkLTQyNDYtYTkyMy04Yjc3MmMyMTNiODg=' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials'

Publish your first API:

curl --location --request POST 'https://localhost:8080/route' \
--header 'Authorization: Bearer [your first token]' \
--header 'Content-Type: application/json' \
--data-raw '{
    "endpoints": [
        "your.endpoint.eu:8080"
    ],
    "endpointType": "HTTP",
    "connectTimeout": 0,
    "socketTimeout": 0,
    "name": "first-api",
    "secured": true,
    "context": "first-api",
    "swagger": false,
    "swaggerEndpoint": "http://your.endpoint.eu:8080/v2/api-docs",
    "blockIfInError": false,
    "maxAllowedFailedCalls": 0,
    "zipkinTraceIdVisible": false,
    "internalExceptionMessageVisible": false,
    "internalExceptionVisible": false,
    "returnAPIError": false,
    "unblockAfter": false,
    "unblockAfterMinutes": 0,
    "corsEnabled": true,
    "credentialsAllowed": true,
    "allowedOrigins": [
        "http://localhost:4300",
        "http://localhost:4400",
        "http://localhost:4200"
    ],
    "throttlingPolicy": {
        "maxCallsAllowed": 10,
        "periodForMaxCalls": 60000,
        "applyPerPath": true
    }
}'

Shortly your API will be available here:

curl --location --request GET 'https://localhost:8380/gateway/first-api/some/context'

What we use:

  • Apache Camel
  • Spring Boot
  • Hazelcast
  • Prometheus
  • Grafana
  • Zipkin
  • Mongo
  • Kafka
  • Zookeeper
  • Keycloak
  • Hawtio

About

Light API Gateway implemented with Apache Camel

License:Apache License 2.0

Languages

Language:Java 99.9%Language:Dockerfile 0.1%