APISIX Service Mesh Integration

Introduction

APISIX can be integrated with service mesh solutions to provide advanced traffic management, security, and observability features. This guide covers integration patterns and best practices.

Prerequisites:
  • APISIX installed and configured
  • Kubernetes cluster running
  • Basic understanding of service mesh concepts

Istio Integration

APISIX with Istio

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: apisix-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: apisix-route
spec:
  hosts:
  - "*"
  gateways:
  - apisix-gateway
  http:
  - route:
    - destination:
        host: apisix-service
        port:
          number: 9080

Sidecar Configuration

APISIX Sidecar Setup

apiVersion: apps/v1
kind: Deployment
metadata:
  name: apisix
spec:
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "true"
    spec:
      containers:
      - name: apisix
        image: apache/apisix:2.15.0
        ports:
        - containerPort: 9080

Traffic Management

Mesh Traffic Control

{
    "plugins": {
        "proxy-rewrite": {
            "scheme": "https",
            "uri": "/mesh-service$uri",
            "headers": {
                "X-Mesh-Request": "true"
            }
        },
        "traffic-split": {
            "rules": [
                {
                    "weighted_upstreams": [
                        {
                            "upstream": {
                                "name": "mesh-service-v1",
                                "type": "roundrobin",
                                "nodes": {
                                    "mesh-service.default.svc:8080": 1
                                }
                            },
                            "weight": 90
                        },
                        {
                            "upstream": {
                                "name": "mesh-service-v2",
                                "type": "roundrobin",
                                "nodes": {
                                    "mesh-service-v2.default.svc:8080": 1
                                }
                            },
                            "weight": 10
                        }
                    ]
                }
            ]
        }
    }
}

Security Features

Mesh Security

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: apisix-auth
spec:
  selector:
    matchLabels:
      app: apisix
  rules:
  - from:
    - source:
        principals: ["cluster.local/ns/default/sa/apisix-sa"]
    to:
    - operation:
        methods: ["GET", "POST"]

Observability

Monitoring and Tracing

{
    "plugins": {
        "zipkin": {
            "endpoint": "http://zipkin:9411/api/v2/spans",
            "sample_ratio": 1
        },
        "prometheus": {
            "prefer_name": true
        }
    }
}

Best Practices

Implementation Guidelines

  • Use consistent naming conventions
  • Implement proper health checks
  • Configure appropriate resource limits
  • Enable mutual TLS authentication
  • Set up comprehensive monitoring

Read Next

Performance Tuning

Optimize your APISIX deployment

Read More

Traffic Splitting

Advanced traffic management

Read More
Quick Links
Related Articles
Resources