Higress is a next-generation cloud-native gateway based on Alibaba's internal gateway practices.
Powered by Istio and Envoy, Higress realizes the integration of the triple gateway architecture of traffic gateway, microservice gateway and security gateway, thereby greatly reducing the costs of deployment, operation and maintenance.
-
Kubernetes ingress controller:
Higress can function as a feature-rich ingress controller, which is compatible with many annotations of K8s' nginx ingress controller.
Gateway API support is in progress and will support smooth migration from Ingress API to Gateway API.
-
Microservice gateway:
Higress can function as a microservice gateway, which can discovery microservices from various service registries, such as Nacos, ZooKeeper, Consul, etc.
It deeply integrates of Dubbo, Nacos, Sentinel and other microservice technology stacks.
-
Security gateway:
Higress can be used as a security gateway, supporting WAF and various authentication strategies, such as key-auth, hmac-auth, jwt-auth, basic-auth, oidc, etc.
(TODO)
select higress istio:
helm install istio -n istio-system oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/charts/istioor select official istio (lose some abilities, such as using annotation to limit request rate): https://istio.io/latest/docs/setup/install
helm install higress -n higress-system oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/charts/higress apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-example
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /foo
pathType: Prefix
backend:
service:
name: test
port:
number: 80 curl "$(k get svc -n higress-system higress-gateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"/foo -H 'host: foo.bar.com'