网关流控:统一流量入口的防护
引言:为什么要在网关层做流控? 在微服务架构中,API网关是所有外部流量的统一入口: 用户请求 ↓ 【API Gateway】 ← 在这里做流控 ↓ ┌───────┴───────┐ ↓ ↓ 订单服务 商品服务 为什么要在网关层做流控? 统一防护:一处配置,保护所有后端服务 提前拦截:在流量进入内网之前就拦截,节省资源 全局视角:可以基于租户、API、IP等多维度限流 安全防护:防止DDoS攻击、CC攻击 今天我们就来学习Sentinel在Spring Cloud Gateway中的集成和使用。 Spring Cloud Gateway + Sentinel集成 第一步:添加依赖 <!-- Spring Cloud Gateway --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-gateway</artifactId> </dependency> <!-- Sentinel Gateway适配器 --> <dependency> <groupId>com.alibaba.csp</groupId> <artifactId>sentinel-spring-cloud-gateway-adapter</artifactId> <version>1.8.6</version> </dependency> 第二步:配置Gateway application.yml: spring: application: name: api-gateway cloud: gateway: routes: # 订单服务路由 - id: order-service uri: lb://order-service predicates: - Path=/api/order/** filters: - StripPrefix=2 # 商品服务路由 - id: product-service uri: lb://product-service predicates: - Path=/api/product/** filters: - StripPrefix=2 第三步:配置Sentinel网关限流 import com.alibaba.csp.sentinel.adapter.gateway.common.SentinelGatewayConstants; import com.alibaba.csp.sentinel.adapter.gateway.common.api.ApiDefinition; import com.alibaba.csp.sentinel.adapter.gateway.common.api.ApiPathPredicateItem; import com.alibaba.csp.sentinel.adapter.gateway.common.api.ApiPredicateItem; import com.alibaba.csp.sentinel.adapter.gateway.common.api.GatewayApiDefinitionManager; import com.alibaba.csp.sentinel.adapter.gateway.common.rule.GatewayFlowRule; import com.alibaba.csp.sentinel.adapter.gateway.common.rule.GatewayRuleManager; import com.alibaba.csp.sentinel.adapter.gateway.sc.SentinelGatewayFilter; import com.alibaba.csp.sentinel.adapter.gateway.sc.exception.SentinelGatewayBlockExceptionHandler; import org.springframework.beans.factory.ObjectProvider; import org.springframework.cloud.gateway.filter.GlobalFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.http.codec.ServerCodecConfigurer; import org.springframework.web.reactive.result.view.ViewResolver; import javax.annotation.PostConstruct; import java.util.*; @Configuration public class GatewaySentinelConfig { private final List<ViewResolver> viewResolvers; private final ServerCodecConfigurer serverCodecConfigurer; public GatewaySentinelConfig(ObjectProvider<List<ViewResolver>> viewResolversProvider, ServerCodecConfigurer serverCodecConfigurer) { this.viewResolvers = viewResolversProvider.getIfAvailable(Collections::emptyList); this.serverCodecConfigurer = serverCodecConfigurer; } /** * 配置Sentinel网关限流过滤器 */ @Bean @Order(Ordered.HIGHEST_PRECEDENCE) public GlobalFilter sentinelGatewayFilter() { return new SentinelGatewayFilter(); } /** * 配置Sentinel网关限流异常处理器 */ @Bean @Order(Ordered.HIGHEST_PRECEDENCE) public SentinelGatewayBlockExceptionHandler sentinelGatewayBlockExceptionHandler() { return new SentinelGatewayBlockExceptionHandler(viewResolvers, serverCodecConfigurer); } /** * 初始化网关限流规则 */ @PostConstruct public void initGatewayRules() { Set<GatewayFlowRule> rules = new HashSet<>(); // 规则1:订单服务限流 QPS 1000 rules.add(new GatewayFlowRule("order-service") .setCount(1000) .setIntervalSec(1)); // 规则2:商品服务限流 QPS 2000 rules.add(new GatewayFlowRule("product-service") .setCount(2000) .setIntervalSec(1)); GatewayRuleManager.loadRules(rules); System.out.println("✅ 网关限流规则已加载"); } } 网关限流的三种粒度 1. Route维度限流 含义:对整个路由进行限流。 ...