APISIX Gateway¶

APISIX is a cloud-native API gateway that provides dynamic routing, load balancing, authentication, and other API management features.

Overview¶

APISIX serves as the API gateway for the RCIIS platform, handling external API requests and providing advanced routing capabilities.

Configuration¶

Deployment Location¶

Configuration: apps/rciis/apisix/
Environments: Local, Testing, Staging
Chart: Official Apache APISIX Helm chart

Directory Structure¶

apps/rciis/apisix/
├── local/
│   └── values.yaml
├── testing/
│   └── values.yaml
└── staging/
    └── values.yaml

Core Features¶

Dynamic Routing¶

HTTP/HTTPS traffic management
Advanced load balancing algorithms
Health check and failover
Traffic splitting for A/B testing

Security¶

Authentication and authorization
Rate limiting and throttling
IP whitelisting/blacklisting
Web Application Firewall (WAF)

Observability¶

Request/response logging
Metrics collection
Distributed tracing
Real-time monitoring

Configuration Examples¶

Basic Values Configuration¶

# APISIX Gateway configuration
apisix:
  enabled: true

  # Admin API configuration
  admin:
    enabled: true
    port: 9180
    credentials:
      admin: "admin-key-secret"
      viewer: "viewer-key-secret"

  # Gateway configuration
  gateway:
    type: LoadBalancer
    http:
      enabled: true
      servicePort: 80
      containerPort: 9080
    https:
      enabled: true
      servicePort: 443
      containerPort: 9443

  # Plugins configuration
  plugins:
    - prometheus
    - jwt-auth
    - cors
    - rate-limit
    - proxy-rewrite

# Dashboard configuration
dashboard:
  enabled: true
  service:
    type: ClusterIP
    port: 9000

Route Configuration Examples¶

API Route with Authentication:

apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
  name: nucleus-api
  namespace: nucleus
spec:
  http:
  - name: nucleus-api-route
    match:
      hosts:
      - api.devops.africa
      paths:
      - /api/v1/*
    backends:
    - serviceName: nucleus-service
      servicePort: 80
    plugins:
    - name: jwt-auth
      enable: true
      config:
        key: "api-key"
    - name: rate-limit
      enable: true
      config:
        count: 100
        time_window: 60

Secret Management¶

Admin API Keys¶

SOPS-encrypted secrets: apps/rciis/secrets/{environment}/apisix/apisix-admin.yaml

apiVersion: v1
kind: Secret
metadata:
  name: apisix-admin
  namespace: apisix
type: Opaque
stringData:
  admin-key: "[SOPS ENCRYPTED]"
  viewer-key: "[SOPS ENCRYPTED]"

Integration Patterns¶

Service Discovery¶

Automatic service discovery from Kubernetes
Dynamic upstream configuration
Health check integration
Load balancing across pods

Authentication Integration¶

JWT token validation
OAuth2 integration
API key management
Custom authentication plugins

Monitoring Integration¶

Prometheus metrics export
Grafana dashboard integration
Log aggregation
Alert configuration

For detailed configuration and troubleshooting, refer to the official APISIX documentation.