具有Google Cloud功能的微服务Api网关 [英] Api gateway for Microservices with Google Cloud Functions

问题描述

例如，我们有一些服务.

For example, we have a few services.

1. 帐户服务
2. 产品服务
3. 付款服务

每个服务都是单独的Google Cloud Function.每个服务都有其自己的HTTP API.例如，帐户服务具有:

Each service is a separate Google Cloud Function. Each service has its own HTTP API. For example, the account service has:

1. https://REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net/account/sign-up
2. https://REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net/account/sign-in
3. https://REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net/account/reset-password
4. 等

每个服务都有其自己的不拘一格的文档终结点/docs .

Each service has its own swagger documentation endpoint /docs.

如何使我的Cloud Functions私有(没有公共访问权限)并将其放置在某些API网关后面?

How can I make my Cloud Functions private (without public access) and place them behind some API Gateway?

Google提供了云功能的端点(请参阅 https://cloud.google.com/endpoints/docs/openapi/get-started-cloud-functions ).但是，据我了解，Endpoints允许您仅定义yaml OpenAPI文件.

Google offers Endpoints for Cloud Functions (see https://cloud.google.com/endpoints/docs/openapi/get-started-cloud-functions ). But, as I understand it, Endpoints allow you to define only the yaml OpenAPI file.

在这个yaml文件中，我可以定义如下内容:

In this yaml file, I can define something like this:

swagger: '2.0'
info:
  title: Cloud Endpoints + GCF
  description: Sample API on Cloud Endpoints with a Google Cloud Functions backend
  version: 1.0.0
host: HOST
schemes:
  - https
produces:
  - application/json
paths:
  /hello:
    get:
      summary: Greet a user
      operationId: hello
      x-google-backend:
        address: https://REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net/helloGET
      responses:
        '200':
          description: A successful response
          schema:
            type: string

但就我而言，我需要具有代理云功能的能力(例如反向代理).

But in my case, I need to have ability to proxy my cloud functions (like reverse proxy).

推荐答案

您可以使用终结点.当然，您必须手动定义您的OpenAPI yaml文件(版本2.0，而不是3！).使用通配符和路径翻译定义

You can use endpoint. Of course, you have to define your OpenAPI yaml file manually (version 2.0, not 3!). Use wildcard and path translation definition

...
paths:
  /account/*:
      get:
        summary: sign-up a user
        operationId: sign-up
        x-google-backend:
          address: https://REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net
          path_translation: APPEND_PATH_TO_ADDRESS
       responses:
          '200':
            description: A successful response
            schema:
              type: string

APPEND_PATH_TO_ADDRESS 只需将路径值粘贴到后端定义的末尾.顺便说一句，仅使用此定义，您就可以到达所有私有函数端点和子端点，例如您的招摇文档.

The APPEND_PATH_TO_ADDRESS simply paste the path value at the end of your backend definition. By the way, with only this definition, you can reach all your private function endpoint and sub-endpoint, like your swagger documentation.

您可以使用API​​ KEY(我

You can protect your gateway with API KEY (I wrote an article on this) but there is also another security solution in the documentation.

但是，您不能使用Endpoint提出的开发人员门户，因为它基于Endpoint yaml文件定义，并且未聚合所有发现的服务定义(在您的/docs 路径中).

However you couldn't use the developer portal proposed by Endpoint because it's based on the Endpoint yaml file definition and not aggregate all the discovered service definition (in your /docs path).

这篇关于具有Google Cloud功能的微服务Api网关的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！