Apache APISIX — Cloud Native High-Performance API Gateway

Introduction

APISIX is a top-level Apache project originally built at Zhiliu Tech to replace older gateways like Kong at scale. It keeps the speed of NGINX / OpenResty, stores routes and plugins in etcd for live reconfiguration, and ships with 80+ plugins for auth, traffic control, observability, and serverless integrations.

What APISIX Does

• Routes HTTP(S), gRPC, WebSocket, TCP/UDP, MQTT, and Dubbo traffic with a single data plane.
• Enforces authentication (JWT, OIDC, key-auth, basic-auth, LDAP, HMAC) per route or service.
• Applies limit-count, limit-conn, limit-req, and circuit-breaker policies using Redis or in-memory counters.
• Integrates with Prometheus, OpenTelemetry, Zipkin, Skywalking, Datadog, and syslog.
• Acts as a Kubernetes ingress controller and supports the Gateway API.

Architecture Overview

APISIX runs as an OpenResty/Lua application fronted by NGINX. Configuration lives in etcd; every APISIX node subscribes to change streams, so new routes or plugin configs propagate in sub-millisecond latency without reloading NGINX. Plugins are pure Lua modules that plug into request phases (rewrite, access, header_filter, body_filter, log), making custom extensions easy.

Self-Hosting & Configuration

• Deploy via Docker Compose, Helm (apisix/apisix), or the official Ansible role; etcd is the only stateful dep.
• Use the Dashboard (apisix/apisix-dashboard) for a GUI, or manage via Admin API / declarative YAML.
• Configure TLS and mTLS termination with SNI-routed server blocks and automatic Let''s Encrypt (ACME plugin).
• Enable OpenTelemetry or Prometheus metrics by editing config.yaml; scrape /apisix/prometheus/metrics.
• For Kubernetes, install apisix-ingress-controller which syncs ApisixRoute CRDs into APISIX routes.

Key Features

• Hot-reload everything — routes, plugins, upstreams, certs — without dropping connections.
• Serverless backends: invoke AWS Lambda, Azure Functions, OpenFaaS, or Apache OpenWhisk inline.
• Fault injection, traffic mirroring, canary releasing, and dark launching via plugins.
• Multi-protocol: HTTP/1/2/3, gRPC, Dubbo, MQTT, WebSocket, TCP/UDP stream routing.
• Scriptable plugin authoring in Lua, Go (via external plugin runner), Java, Python, or WASM.

Comparison with Similar Tools

• Kong — established OpenResty gateway with paid Enterprise tier; APISIX is fully open source with faster route updates.
• Envoy / Emissary / Contour — xDS-native, great for service mesh; APISIX is more batteries-included for gateway use.
• Traefik — beautiful DX and ACME story; APISIX wins on plugin breadth and TCP/UDP/gRPC.
• NGINX Plus — commercial; APISIX matches many features plus dynamic configuration for free.
• Tyk — Go gateway with good dashboards; APISIX typically benchmarks faster under heavy load.

FAQ

Q: What storage backends are supported? A: etcd v3 is the primary store. Some deployments use consul or a file-based fallback for dev.

Q: Can I write plugins outside Lua? A: Yes — the external plugin runner supports Go, Java, Python, and Node.js; WASM plugins are also available.

Q: Does it run standalone without Kubernetes? A: Absolutely. Single-node, HA-bare-metal, and VM deployments are all first-class.

Q: How does APISIX compare to ingress-nginx in Kubernetes? A: APISIX-Ingress supports more protocols, dynamic plugins, and finer traffic-shaping CRDs than vanilla Ingress.

Sources

• https://github.com/apache/apisix
• https://apisix.apache.org