随着微服务架构的广泛应用,系统被拆分为众多独立的服务,每个服务都有自己的API接口。这种架构虽然带来了灵活性和可扩展性,但也引入了新的挑战:客户端需要与多个服务进行交互,服务发现变得复杂,横切关注点(如认证、限流、监控)需要在每个服务中重复实现。API网关作为微服务架构中的关键组件,为这些问题提供了优雅的解决方案。本文将深入探讨API网关的设计原理、核心功能和实践经验。
API网关概述
什么是API网关
API网关是一个服务器,是系统的唯一入口点。它封装了系统的内部架构,并为每个客户端提供一个定制的API。API网关负责请求路由、组合和协议转换,同时处理所有横切关注点,如认证、监控、负载均衡、缓存、请求分片与管理、静态响应处理等。
API网关的核心价值
- 统一入口:为所有客户端提供单一的访问点
- 协议转换:支持不同的通信协议(HTTP、WebSocket、gRPC等)
- 负载均衡:智能分发请求到后端服务实例
- 安全控制:统一的认证、授权和安全策略
- 监控分析:集中的日志记录、监控和分析
- 流量控制:限流、熔断、降级等保护机制
API网关在微服务架构中的位置
1
2
3
4
5
6
7
8
| ┌─────────────┐ ┌─────────────────┐ ┌─────────────┐
│ 客户端 │────│ API网关 │────│ 微服务集群 │
│ │ │ │ │ │
│ Web App │ │ • 路由转发 │ │ Service A │
│ Mobile App │ │ • 负载均衡 │ │ Service B │
│ Third Party │ │ • 认证授权 │ │ Service C │
│ │ │ • 限流熔断 │ │ ... │
└─────────────┘ └─────────────────┘ └─────────────┘
|
API网关核心功能
1. 请求路由
请求路由是API网关最基本的功能,根据请求的URL、HTTP方法、头部信息等将请求转发到相应的后端服务。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
routes:
- name: user-service-route
protocols: ["http", "https"]
methods: ["GET", "POST", "PUT", "DELETE"]
paths: ["/api/users"]
service:
name: user-service
url: http://user-service:8080
- name: order-service-route
protocols: ["http", "https"]
methods: ["GET", "POST"]
paths: ["/api/orders"]
service:
name: order-service
url: http://order-service:8080
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
@Configuration
public class GatewayConfig {
@Bean
public RouteLocator customRouteLocator(RouteLocatorBuilder builder) {
return builder.routes()
.route("user-service", r -> r
.path("/api/users/**")
.filters(f -> f
.stripPrefix(2)
.addRequestHeader("X-Gateway", "Spring-Cloud-Gateway")
)
.uri("lb://user-service")
)
.route("order-service", r -> r
.path("/api/orders/**")
.filters(f -> f
.stripPrefix(2)
.circuitBreaker(config -> config
.setName("order-service-cb")
.setFallbackUri("forward:/fallback/orders")
)
)
.uri("lb://order-service")
)
.build();
}
}
|
2. 负载均衡
API网关需要在多个后端服务实例之间分发请求,支持多种负载均衡算法。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
@Component
public class CustomLoadBalancer {
private final AtomicInteger counter = new AtomicInteger(0);
public ServiceInstance choose(List<ServiceInstance> instances) {
if (instances.isEmpty()) {
return null;
}
int index = counter.getAndIncrement() % instances.size();
return instances.get(index);
}
public ServiceInstance chooseWeighted(List<WeightedServiceInstance> instances) {
int totalWeight = instances.stream()
.mapToInt(WeightedServiceInstance::getWeight)
.sum();
int randomWeight = ThreadLocalRandom.current().nextInt(totalWeight);
for (WeightedServiceInstance instance : instances) {
randomWeight -= instance.getWeight();
if (randomWeight < 0) {
return instance.getServiceInstance();
}
}
return instances.get(0).getServiceInstance();
}
public ServiceInstance chooseLeastConnections(List<ServiceInstance> instances) {
return instances.stream()
.min(Comparator.comparingInt(this::getActiveConnections))
.orElse(null);
}
private int getActiveConnections(ServiceInstance instance) {
return connectionManager.getActiveConnections(instance);
}
}
|
3. 认证与授权
API网关作为系统的统一入口,是实施安全策略的最佳位置。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
@Component
public class JwtAuthenticationFilter implements GlobalFilter, Ordered {
@Autowired
private JwtTokenProvider jwtTokenProvider;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
if (isExcludedPath(request.getPath().value())) {
return chain.filter(exchange);
}
String token = extractToken(request);
if (token == null || !jwtTokenProvider.validateToken(token)) {
return handleUnauthorized(exchange);
}
String userId = jwtTokenProvider.getUserIdFromToken(token);
String userRole = jwtTokenProvider.getUserRoleFromToken(token);
ServerHttpRequest modifiedRequest = request.mutate()
.header("X-User-Id", userId)
.header("X-User-Role", userRole)
.build();
return chain.filter(exchange.mutate().request(modifiedRequest).build());
}
private String extractToken(ServerHttpRequest request) {
String bearerToken = request.getHeaders().getFirst("Authorization");
if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
return bearerToken.substring(7);
}
return null;
}
private Mono<Void> handleUnauthorized(ServerWebExchange exchange) {
ServerHttpResponse response = exchange.getResponse();
response.setStatusCode(HttpStatus.UNAUTHORIZED);
String body = "{\"error\":\"Unauthorized\",\"message\":\"Invalid or missing token\"}";
DataBuffer buffer = response.bufferFactory().wrap(body.getBytes());
return response.writeWith(Mono.just(buffer));
}
@Override
public int getOrder() {
return -100;
}
}
|
4. 限流与熔断
保护后端服务免受过载和故障的影响。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
@Component
public class RateLimitFilter implements GlobalFilter, Ordered {
@Autowired
private RedisTemplate<String, String> redisTemplate;
private static final String RATE_LIMIT_SCRIPT =
"local key = KEYS[1]\n" +
"local limit = tonumber(ARGV[1])\n" +
"local window = tonumber(ARGV[2])\n" +
"local current = redis.call('GET', key)\n" +
"if current == false then\n" +
" redis.call('SET', key, 1)\n" +
" redis.call('EXPIRE', key, window)\n" +
" return 1\n" +
"else\n" +
" local count = tonumber(current)\n" +
" if count < limit then\n" +
" redis.call('INCR', key)\n" +
" return count + 1\n" +
" else\n" +
" return -1\n" +
" end\n" +
"end";
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
String rateLimitKey = getRateLimitKey(request);
DefaultRedisScript<Long> script = new DefaultRedisScript<>();
script.setScriptText(RATE_LIMIT_SCRIPT);
script.setResultType(Long.class);
Long result = redisTemplate.execute(script,
Collections.singletonList(rateLimitKey),
"100",
"60"
);
if (result != null && result == -1) {
return handleRateLimitExceeded(exchange);
}
return chain.filter(exchange);
}
private String getRateLimitKey(ServerHttpRequest request) {
String clientIp = getClientIp(request);
String path = request.getPath().value();
return "rate_limit:" + clientIp + ":" + path;
}
private Mono<Void> handleRateLimitExceeded(ServerWebExchange exchange) {
ServerHttpResponse response = exchange.getResponse();
response.setStatusCode(HttpStatus.TOO_MANY_REQUESTS);
response.getHeaders().add("X-RateLimit-Exceeded", "true");
String body = "{\"error\":\"Rate limit exceeded\",\"message\":\"Too many requests\"}";
DataBuffer buffer = response.bufferFactory().wrap(body.getBytes());
return response.writeWith(Mono.just(buffer));
}
@Override
public int getOrder() {
return -50;
}
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
@Configuration
public class CircuitBreakerConfig {
@Bean
public CircuitBreaker orderServiceCircuitBreaker() {
return CircuitBreaker.ofDefaults("order-service")
.toBuilder()
.failureRateThreshold(50)
.waitDurationInOpenState(Duration.ofSeconds(30))
.slidingWindowSize(10)
.minimumNumberOfCalls(5)
.build();
}
@Bean
public TimeLimiter orderServiceTimeLimiter() {
return TimeLimiter.of(Duration.ofSeconds(3));
}
}
|
5. 请求/响应转换
API网关可以对请求和响应进行转换,适配不同的客户端需求。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
@Component
public class RequestTransformFilter implements GlobalFilter, Ordered {
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
if (request.getPath().value().startsWith("/api/v1/")) {
String newPath = request.getPath().value().replace("/api/v1/", "/api/v2/");
ServerHttpRequest modifiedRequest = request.mutate()
.path(newPath)
.header("X-API-Version", "v2")
.header("X-Original-Path", request.getPath().value())
.build();
return chain.filter(exchange.mutate().request(modifiedRequest).build());
}
return chain.filter(exchange);
}
@Override
public int getOrder() {
return 0;
}
}
@Component
public class ResponseTransformFilter implements GlobalFilter, Ordered {
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
return chain.filter(exchange).then(Mono.fromRunnable(() -> {
ServerHttpResponse response = exchange.getResponse();
response.getHeaders().add("X-Gateway-Response", "true");
response.getHeaders().add("X-Response-Time",
String.valueOf(System.currentTimeMillis()));
}));
}
@Override
public int getOrder() {
return 100;
}
}
|
6. 监控与日志
全面的监控和日志记录对于API网关的运维至关重要。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
@Component
public class MonitoringFilter implements GlobalFilter, Ordered {
@Autowired
private MeterRegistry meterRegistry;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
long startTime = System.currentTimeMillis();
return chain.filter(exchange)
.doFinally(signalType -> {
long duration = System.currentTimeMillis() - startTime;
ServerHttpRequest request = exchange.getRequest();
ServerHttpResponse response = exchange.getResponse();
Timer.builder("gateway.request.duration")
.tag("method", request.getMethodValue())
.tag("path", request.getPath().value())
.tag("status", String.valueOf(response.getStatusCode().value()))
.register(meterRegistry)
.record(duration, TimeUnit.MILLISECONDS);
Counter.builder("gateway.request.count")
.tag("method", request.getMethodValue())
.tag("path", request.getPath().value())
.tag("status", String.valueOf(response.getStatusCode().value()))
.register(meterRegistry)
.increment();
logAccess(request, response, duration);
});
}
private void logAccess(ServerHttpRequest request, ServerHttpResponse response, long duration) {
String logMessage = String.format(
"[%s] %s %s - %d - %dms - %s",
LocalDateTime.now().format(DateTimeFormatter.ISO_LOCAL_DATE_TIME),
request.getMethodValue(),
request.getPath().value(),
response.getStatusCode().value(),
duration,
getClientIp(request)
);
log.info(logMessage);
}
@Override
public int getOrder() {
return Integer.MAX_VALUE;
}
}
|
API网关架构设计
1. 高可用架构
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
spec:
replicas: 3
selector:
matchLabels:
app: api-gateway
template:
metadata:
labels:
app: api-gateway
spec:
containers:
- name: gateway
image: api-gateway:latest
ports:
- containerPort: 8080
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: api-gateway-service
spec:
selector:
app: api-gateway
ports:
- port: 80
targetPort: 8080
type: LoadBalancer
|
2. 缓存架构
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
@Component
public class MultiLevelCache {
private final Cache<String, Object> localCache;
private final RedisTemplate<String, Object> redisTemplate;
public MultiLevelCache() {
this.localCache = Caffeine.newBuilder()
.maximumSize(1000)
.expireAfterWrite(5, TimeUnit.MINUTES)
.build();
}
public Object get(String key) {
Object value = localCache.getIfPresent(key);
if (value != null) {
return value;
}
value = redisTemplate.opsForValue().get(key);
if (value != null) {
localCache.put(key, value);
return value;
}
return null;
}
public void put(String key, Object value, Duration ttl) {
localCache.put(key, value);
redisTemplate.opsForValue().set(key, value, ttl);
}
public void evict(String key) {
localCache.invalidate(key);
redisTemplate.delete(key);
}
}
|
3. 配置管理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
@Component
public class DynamicConfigManager {
@Autowired
private NacosConfigManager nacosConfigManager;
private final Map<String, RouteDefinition> routes = new ConcurrentHashMap<>();
@PostConstruct
public void init() {
nacosConfigManager.getConfigService().addListener(
"gateway-routes.yaml",
"DEFAULT_GROUP",
new Listener() {
@Override
public void receiveConfigInfo(String configInfo) {
updateRoutes(configInfo);
}
@Override
public Executor getExecutor() {
return null;
}
}
);
}
private void updateRoutes(String configInfo) {
try {
List<RouteDefinition> newRoutes = parseRoutes(configInfo);
routes.clear();
newRoutes.forEach(route -> routes.put(route.getId(), route));
applicationEventPublisher.publishEvent(new RefreshRoutesEvent(this));
log.info("Routes updated successfully, total: {}", routes.size());
} catch (Exception e) {
log.error("Failed to update routes", e);
}
}
}
|
性能优化
1. 连接池优化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
@Configuration
public class HttpClientConfig {
@Bean
public ReactorClientHttpConnector httpConnector() {
HttpClient httpClient = HttpClient.create()
.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000)
.option(ChannelOption.SO_KEEPALIVE, true)
.option(ChannelOption.TCP_NODELAY, true)
.responseTimeout(Duration.ofSeconds(10))
.doOnConnected(conn -> {
conn.addHandlerLast(new ReadTimeoutHandler(10))
.addHandlerLast(new WriteTimeoutHandler(10));
});
ConnectionProvider connectionProvider = ConnectionProvider.builder("gateway")
.maxConnections(500)
.maxIdleTime(Duration.ofSeconds(20))
.maxLifeTime(Duration.ofSeconds(60))
.pendingAcquireTimeout(Duration.ofSeconds(5))
.evictInBackground(Duration.ofSeconds(120))
.build();
return new ReactorClientHttpConnector(httpClient.connectionProvider(connectionProvider));
}
}
|
2. 内存优化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
@Component
public class MemoryOptimizer {
private final ObjectPool<StringBuilder> stringBuilderPool =
new GenericObjectPool<>(new StringBuilderPooledObjectFactory());
public Mono<DataBuffer> processLargeData(DataBuffer input) {
return Mono.fromCallable(() -> {
ByteBuffer directBuffer = ByteBuffer.allocateDirect(input.readableByteCount());
input.toByteBuffer().get(directBuffer.array());
return DefaultDataBufferFactory.sharedInstance.wrap(directBuffer);
}).subscribeOn(Schedulers.boundedElastic());
}
@Scheduled(fixedRate = 300000)
public void cleanupCache() {
cacheManager.getCacheNames().forEach(cacheName -> {
Cache cache = cacheManager.getCache(cacheName);
if (cache instanceof CaffeineCache) {
((CaffeineCache) cache).getNativeCache().cleanUp();
}
});
}
}
|
3. 异步处理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
@Component
public class AsyncProcessor {
private final Executor asyncExecutor = Executors.newFixedThreadPool(
Runtime.getRuntime().availableProcessors() * 2,
new ThreadFactoryBuilder()
.setNameFormat("gateway-async-%d")
.setDaemon(true)
.build()
);
public void logAsync(AccessLog accessLog) {
CompletableFuture.runAsync(() -> {
try {
logService.saveAccessLog(accessLog);
} catch (Exception e) {
log.error("Failed to save access log", e);
}
}, asyncExecutor);
}
public void collectMetricsAsync(MetricData metricData) {
CompletableFuture.runAsync(() -> {
try {
metricsCollector.collect(metricData);
} catch (Exception e) {
log.error("Failed to collect metrics", e);
}
}, asyncExecutor);
}
}
|
安全考虑
1. HTTPS和证书管理
1
2
3
4
5
6
7
8
9
10
11
|
server:
port: 8443
ssl:
enabled: true
key-store: classpath:keystore.p12
key-store-password: changeit
key-store-type: PKCS12
key-alias: gateway
protocol: TLS
enabled-protocols: TLSv1.2,TLSv1.3
|
2. 安全头设置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
@Component
public class SecurityHeadersFilter implements GlobalFilter, Ordered {
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
return chain.filter(exchange).then(Mono.fromRunnable(() -> {
ServerHttpResponse response = exchange.getResponse();
HttpHeaders headers = response.getHeaders();
headers.add("X-Content-Type-Options", "nosniff");
headers.add("X-Frame-Options", "DENY");
headers.add("X-XSS-Protection", "1; mode=block");
headers.add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
headers.add("Content-Security-Policy", "default-src 'self'");
headers.add("Referrer-Policy", "strict-origin-when-cross-origin");
}));
}
@Override
public int getOrder() {
return -200;
}
}
|
3. 输入验证
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
@Component
public class InputValidationFilter implements GlobalFilter, Ordered {
private static final Pattern SQL_INJECTION_PATTERN =
Pattern.compile("(?i)(union|select|insert|update|delete|drop|create|alter|exec|script)");
private static final Pattern XSS_PATTERN =
Pattern.compile("(?i)(<script|javascript:|vbscript:|onload=|onerror=)");
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
MultiValueMap<String, String> queryParams = request.getQueryParams();
for (Map.Entry<String, List<String>> entry : queryParams.entrySet()) {
for (String value : entry.getValue()) {
if (containsMaliciousContent(value)) {
return handleMaliciousRequest(exchange);
}
}
}
HttpHeaders headers = request.getHeaders();
for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
for (String value : entry.getValue()) {
if (containsMaliciousContent(value)) {
return handleMaliciousRequest(exchange);
}
}
}
return chain.filter(exchange);
}
private boolean containsMaliciousContent(String input) {
return SQL_INJECTION_PATTERN.matcher(input).find() ||
XSS_PATTERN.matcher(input).find();
}
private Mono<Void> handleMaliciousRequest(ServerWebExchange exchange) {
ServerHttpResponse response = exchange.getResponse();
response.setStatusCode(HttpStatus.BAD_REQUEST);
String body = "{\"error\":\"Malicious request detected\"}";
DataBuffer buffer = response.bufferFactory().wrap(body.getBytes());
return response.writeWith(Mono.just(buffer));
}
@Override
public int getOrder() {
return -150;
}
}
|
运维与监控
1. 健康检查
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
@Component
public class GatewayHealthIndicator implements HealthIndicator {
@Autowired
private ServiceDiscoveryClient discoveryClient;
@Override
public Health health() {
Health.Builder builder = new Health.Builder();
try {
List<String> services = discoveryClient.getServices();
builder.withDetail("discoveredServices", services.size());
Map<String, String> serviceStatus = new HashMap<>();
for (String service : Arrays.asList("user-service", "order-service")) {
boolean isHealthy = checkServiceHealth(service);
serviceStatus.put(service, isHealthy ? "UP" : "DOWN");
}
builder.withDetail("serviceStatus", serviceStatus);
boolean redisHealthy = checkRedisHealth();
builder.withDetail("redis", redisHealthy ? "UP" : "DOWN");
boolean allHealthy = serviceStatus.values().stream()
.allMatch("UP"::equals) && redisHealthy;
return allHealthy ? builder.up().build() : builder.down().build();
} catch (Exception e) {
return builder.down(e).build();
}
}
private boolean checkServiceHealth(String serviceName) {
try {
List<ServiceInstance> instances = discoveryClient.getInstances(serviceName);
return !instances.isEmpty();
} catch (Exception e) {
return false;
}
}
private boolean checkRedisHealth() {
try {
redisTemplate.opsForValue().get("health-check");
return true;
} catch (Exception e) {
return false;
}
}
}
|
2. 指标收集
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
@Component
public class GatewayMetrics {
private final Counter requestCounter;
private final Timer requestTimer;
private final Gauge activeConnections;
public GatewayMetrics(MeterRegistry meterRegistry) {
this.requestCounter = Counter.builder("gateway.requests.total")
.description("Total number of requests")
.register(meterRegistry);
this.requestTimer = Timer.builder("gateway.request.duration")
.description("Request processing time")
.register(meterRegistry);
this.activeConnections = Gauge.builder("gateway.connections.active")
.description("Number of active connections")
.register(meterRegistry, this, GatewayMetrics::getActiveConnectionCount);
}
public void recordRequest(String method, String path, int status, long duration) {
requestCounter.increment(
Tags.of(
Tag.of("method", method),
Tag.of("path", path),
Tag.of("status", String.valueOf(status))
)
);
requestTimer.record(duration, TimeUnit.MILLISECONDS,
Tags.of(
Tag.of("method", method),
Tag.of("path", path)
)
);
}
private double getActiveConnectionCount() {
return connectionManager.getActiveConnectionCount();
}
}
|
最佳实践
1. 设计原则
- 单一职责:API网关专注于路由、安全、监控等横切关注点
- 高可用:避免单点故障,支持水平扩展
- 性能优先:优化响应时间,减少延迟
- 安全第一:实施全面的安全策略
- 可观测性:提供完整的监控和日志
2. 配置管理
- 使用配置中心进行集中管理
- 支持动态配置更新
- 实施配置版本控制
- 提供配置回滚机制
3. 错误处理
- 实施统一的错误处理策略
- 提供有意义的错误信息
- 实施降级和熔断机制
- 记录详细的错误日志
4. 测试策略
- 单元测试覆盖核心逻辑
- 集成测试验证端到端功能
- 性能测试确保满足SLA
- 混沌工程测试系统韧性
总结
API网关作为微服务架构的关键组件,为系统提供了统一的入口点和横切关注点的处理能力。通过合理的设计和实施,API网关能够显著提升系统的可维护性、安全性和可观测性。
在实际项目中,选择API网关解决方案时需要考虑:
- 业务需求:根据具体的业务场景选择合适的功能
- 技术栈:与现有技术栈的兼容性
- 性能要求:满足系统的性能和扩展性需求
- 运维能力:团队的运维和维护能力
- 成本考虑:开发、部署和维护成本
API网关的建设是一个持续优化的过程,需要在实践中不断总结经验,持续改进和完善系统架构,最终构建出稳定、高效、安全的API网关系统。
版权所有,如有侵权请联系我