Ocelot是什么
Ocelot是一个用.NET Core实现并且开源的API网关,就像一个公司的门卫承担着寻址、限制进入、安全检查、位置引导、等等功能。它的功能包括了:路由、请求聚合、服务发现、认证、鉴权、限流熔断、并内置了负载均衡器、Service Fabric、Skywalking等的集成。而且这些功能都只需要简单的配置即可完成。
Ocelot部署场景
一般而言,我们不会只部署一台网关服务器,那样太危险了。只要有一台挂了,就全完蛋了。为了实现高可用,我们会部署多台,当然在多台网关前,你还需要一台负载均衡器。Ocelot类型Nginx,内置了负载均衡器,但是他无法提供健康检查功能,服务注册也只能通过手动在配置文件里面添加完成。不够灵活。这个时候我们会采用Consul来做服务发现。Consul与Ocelot完美结合。
Ocelot配置说明
安装直接nuget上下载,再Add一下,这里就不说了。
{
"ReRoutes": [
{
"DownstreamPathTemplate": "/api/Products/{everything}",
"DownstreamScheme": "http",
"UpstreamPathTemplate": "/api/Products/{everything}",
"ServiceName": "ProductService",
"UpstreamHttpMethod": [ "Get" ],
"FileCacheOptions": { "TtlSeconds": 15 },
"AuthenticationOptions": {
"AuthenticationProviderKey": "ApiSecurity",
"AllowedScopes": []
},
"RouteClaimsRequirement": {
"userType" : "SALESMAN"
}
},
{
"DownstreamPathTemplate": "/api/Products",
"DownstreamScheme": "http",
"UpstreamPathTemplate": "/api/Products",
"ServiceName": "ProductService",
"UpstreamHttpMethod": [ "Get" ],
"FileCacheOptions": { "TtlSeconds": 15 },
"AuthenticationOptions": {
"AuthenticationProviderKey": "ApiSecurity",
"AllowedScopes": []
},
"RouteClaimsRequirement": {
"userType" : "SALESMAN"
}
},
{
"DownstreamPathTemplate": "/api/Offer",
"DownstreamScheme": "http",
"UpstreamPathTemplate": "/api/Offers",
"ServiceName": "PolicyService",
"UpstreamHttpMethod": [ "Post" ],
"AuthenticationOptions": {
"AuthenticationProviderKey": "ApiSecurity",
"AllowedScopes": []
},
"RouteClaimsRequirement": {
"userType" : "SALESMAN"
},
"AddHeadersToRequest": {
"AgentLogin" : "Claims[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier] > value[0] > |"
}
},
{
"DownstreamPathTemplate": "/api/Policy",
"DownstreamScheme": "http",
"UpstreamPathTemplate": "/api/Policies",
"ServiceName": "PolicyService",
"UpstreamHttpMethod": [ "Post" ],
"AuthenticationOptions": {
"AuthenticationProviderKey": "ApiSecurity",
"AllowedScopes": []
},
"RouteClaimsRequirement": {
"userType" : "SALESMAN"
}
},
{
"DownstreamPathTemplate": "/api/Policy/{number}",
"DownstreamScheme": "http",
"UpstreamPathTemplate": "/api/Policies/{number}",
"ServiceName": "PolicyService",
"UpstreamHttpMethod": [ "Get" ],
"FileCacheOptions": { "TtlSeconds": 15 },
"AuthenticationOptions": {
"AuthenticationProviderKey": "ApiSecurity",
"AllowedScopes": []
},
"RouteClaimsRequirement": {
"userType" : "SALESMAN"
}
},
{
"DownstreamPathTemplate": "/api/PolicySearch",
"DownstreamScheme": "http",
"UpstreamPathTemplate": "/api/PolicySearch",
"ServiceName": "PolicySearchService",
"UpstreamHttpMethod": [ "Get" ],
"AuthenticationOptions": {
"AuthenticationProviderKey": "ApiSecurity",
"AllowedScopes": []
},
"RouteClaimsRequirement": {
"userType" : "SALESMAN"
}
}
],
"GlobalConfiguration": {
"RequestIdKey": "OcRequestId",
"AdministrationPath": "/administration",
"UseServiceDiscovery" : true,
"ServiceDiscoveryProvider": { "Type": "Eureka", "Host" : "localhost", "Port" : "8761"}
}
}
两个根节点ReRoutes,GlobalConfiguration。
ReRoutes (告诉Ocelot如何处理上游请求)
【DownstreamPathTemplate】
下游路由模板,即真实处理请求的路径模板
【DownstreamScheme】
请求方式,http/https
【UpstreamPathTemplate】
上游请求的模板,即用户真实请求的链接
【UpstreamHttpMethod】
上游请求的http方法,是个数组,你可以写多个
【LoadBalancerOptions】
LeastConnection : 将请求发往最空闲的那个服务器
RoundRobin :轮流发送
NoLoadBalance :不启用负载均衡,总是发往第一个请求或者服务发现的那个服务器
【RateLimitOptions】
限流相关配置
GlobalConfiguration(顾名思义,全局配置)
包括了服务发现Eureka