xx

Author: juzhiyuan

.github/workflows/cicd.yaml

@@ -0,0 +1,61 @@
+name: apisix-adc-cicd
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    env:
+      # Demo only: plaintext values for simplicity. Do NOT use in production.
+      # Set this to your public VM address so GitHub Actions can reach APISIX Admin API.
+      # In Production environments, use secrets to inject these values securely.
+      APISIX_ADMIN_API: "http://68.183.178.88:9180"
+      # Demo admin key; replace if you change APISIX admin_key in config.
+      APISIX_ADMIN_KEY: "edd1c9f034335f136f87ad84b625c8f1"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Show environment
+        run: |
+          echo "APISIX_ADMIN_API=${APISIX_ADMIN_API}"
+          echo "adc version (if present):" || true
+          (adc --version || true)
+
+      - name: Install ADC (example, adjust as needed)
+        run: |
+          echo "Install ADC here (adjust to your environment)."
+          echo "Example: download ADC 0.21.2 binary and add to PATH."
+          echo "Ensure 'adc' is available in PATH afterward."
+
+      - name: Render OpenAPI -> APISIX config
+        id: render
+        run: |
+          bash scripts/adc_render.sh
+        continue-on-error: true
+
+      - name: Upload rendered artifact (if any)
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: apisix-config
+          path: dist/
+          if-no-files-found: ignore
+
+      - name: Publish to APISIX via Admin API/ADC
+        env:
+          APISIX_ADMIN_API: ${{ env.APISIX_ADMIN_API }}
+          APISIX_ADMIN_KEY: ${{ env.APISIX_ADMIN_KEY }}
+        run: |
+          if [ -z "${APISIX_ADMIN_API}" ] || [ -z "${APISIX_ADMIN_KEY}" ]; then
+            echo "APISIX_ADMIN_API / APISIX_ADMIN_KEY envs are required (demo uses plaintext)" >&2
+            exit 1
+          fi
+          bash scripts/adc_publish.sh

Makefile

@@ -0,0 +1,19 @@
+.PHONY: up down logs render publish seed
+
+up:
+	docker compose up -d
+
+down:
+	docker compose down
+
+logs:
+	docker compose logs -f apisix
+
+render:
+	bash scripts/adc_render.sh
+
+publish:
+	bash scripts/adc_publish.sh
+
+seed:
+	bash scripts/bootstrap_routes_via_admin.sh

README.md

@@ -0,0 +1,111 @@
+# APISIX + etcd + ADC + GitHub Actions + OpenAPI Demo
+
+This repository provides a runnable demo featuring:
+
+- APISIX Gateway + etcd via Docker Compose
+- OpenAPI (httpbin example) with APISIX/ADC annotations
+- ADC CLI to generate and publish APISIX configuration
+- GitHub Actions for CI/CD
+
+Note: This demo routes to a local `httpbin` container by default for offline use. You can optionally switch to the public `httpbin.org`.
+
+## Quickstart (Local)
+
+Prerequisites: Docker 20+, Docker Compose, curl.
+
+- Start APISIX + etcd + httpbin:
+  - `docker compose up -d`
+  - Wait 10–20s for APISIX to be ready
+- Verify Admin API (optional):
+  - `curl -s http://localhost:9180/apisix/admin/routes -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' | head`
+- Seed routes without ADC (admin API demo):
+  - `bash scripts/bootstrap_routes_via_admin.sh`
+- Test traffic through APISIX:
+  - `curl -i http://localhost:9080/get`
+  - `curl -i http://localhost:9080/status/201`
+  - `curl -i -X POST http://localhost:9080/anything -d 'hello=apisix'`
+
+When ADC CLI is ready, use `make render` to produce APISIX config and `make publish` to deploy it (see below).
+
+## OpenAPI + APISIX/ADC annotations
+
+- See `openapi/httpbin.yaml`, including `/get`, `/status/{code}`, `/anything`.
+- `x-apisix-*` per operation guides ADC resource generation:
+  - `x-apisix-upstream`: upstream nodes (`httpbin:8080`)
+  - `x-apisix-plugins`: enable plugins (e.g., `cors`, `proxy-rewrite`)
+
+## Use ADC (Local)
+
+- Install ADC CLI (see https://github.com/api7/adc)
+- Render:
+  - `make render`
+  - Output: `dist/apisix.yaml`
+- Publish (requires Admin API key below):
+  - `make publish`
+
+Notes:
+- This repo assumes `adc` is available in PATH.
+- ADC verbs vary by version. Scripts attempt common ones and will guide you if adjustment is needed. For ADC 0.21.2, there is no `render` command; `scripts/adc_render.sh` tries `openapi generate`, `generate`, then `compile`.
+
+## GitHub Actions (CI/CD)
+
+- Workflow: `.github/workflows/cicd.yaml`
+- Triggers: push to `main` or PR
+- Steps:
+  - Install/prepare ADC (adjust to your environment)
+  - Validate and render OpenAPI → APISIX config
+  - Publish to APISIX Admin API
+Environment in workflow (demo only):
+- The workflow uses plaintext env vars for simplicity:
+  - `APISIX_ADMIN_API`: e.g., `http://YOUR_PUBLIC_VM:9180`
+  - `APISIX_ADMIN_KEY`: demo `edd1c9f034335f136f87ad84b625c8f1`
+- This is for demo purposes only. For production, use GitHub Secrets.
+
+## Switch to httpbin.org (Optional)
+
+If outbound network is allowed and you prefer public `httpbin.org`:
+
+1. Edit `openapi/httpbin.yaml`, set `x-apisix-upstream` to:
+   - `nodes: { "httpbin.org:443": 1 }`
+   - `scheme: https`
+   - Optionally add `proxy-rewrite` with `host: httpbin.org`
+2. Re-run `make render` and publish.
+
+## APISIX/etcd Configuration
+
+- `docker-compose.yml` runs `etcd`, `apisix`, `httpbin` containers (no persistent volumes)
+- APISIX config: provided inline via `APISIX_CONFIG_YAML` in Compose (file `apisix/conf/config.yaml` is included as a reference, not mounted)
+  - etcd: `http://etcd:2379`
+  - Admin API: `9180`
+  - Gateway ports: `9080` (HTTP), `9443` (HTTPS)
+  - Admin Key (demo only): `edd1c9f034335f136f87ad84b625c8f1`
+  - APISIX image: `apache/apisix:3.14.1-debian`
+
+## Useful Commands
+
+- `make up`: start all services
+- `docker compose logs -f apisix`: tail APISIX logs
+- `make render`: generate APISIX config using ADC
+- `make publish`: publish config to APISIX Admin API
+- `bash scripts/bootstrap_routes_via_admin.sh`: seed routes via Admin API (no ADC)
+- `make down`: stop containers (no persistent volumes)
+
+## Running on a Public VM
+
+- Point GitHub Actions to your VM by editing `.github/workflows/cicd.yaml` env:
+  - `APISIX_ADMIN_API: "http://YOUR_PUBLIC_VM:9180"`
+  - Ensure your VM firewall/security group allows inbound TCP 9180 from GitHub Actions runners (demo only). For production, restrict sources and rotate the admin key.
+
+## Layout
+
+- `docker-compose.yml`: containers orchestration
+- `apisix/conf/config.yaml`: Reference APISIX config (Compose uses inline APISIX_CONFIG_YAML)
+- `openapi/httpbin.yaml`: OpenAPI with x-apisix hints for ADC
+- `scripts/adc_render.sh`: ADC render script (auto-detect verbs)
+- `scripts/adc_publish.sh`: ADC publish/apply/sync script (auto-detect verbs)
+- `scripts/bootstrap_routes_via_admin.sh`: seed APISIX resources via Admin API
+- `apisix/admin_payloads/*.json`: Admin API payload examples
+- `.github/workflows/cicd.yaml`: CI/CD workflow
+- `Makefile`: helper targets
+
+If you want me to pin scripts/workflow exactly to your ADC 0.21.2 verbs, I can adjust commands precisely once you confirm the exact subcommands you use locally (e.g., `adc openapi generate`).

apisix/admin_payloads/route_httpbin_anything.json

@@ -0,0 +1,11 @@
+{
+  "uri": "/anything",
+  "name": "httpbin_anything",
+  "desc": "POST /anything via APISIX",
+  "upstream_id": "httpbin_upstream",
+  "methods": ["POST"],
+  "plugins": {
+    "cors": {}
+  }
+}
+

apisix/admin_payloads/route_httpbin_get.json

@@ -0,0 +1,11 @@
+{
+  "uri": "/get",
+  "name": "httpbin_get",
+  "desc": "GET /get via APISIX",
+  "upstream_id": "httpbin_upstream",
+  "methods": ["GET"],
+  "plugins": {
+    "cors": {}
+  }
+}
+

apisix/admin_payloads/route_httpbin_status.json

@@ -0,0 +1,11 @@
+{
+  "uri": "/status/*",
+  "name": "httpbin_status",
+  "desc": "GET /status/{code} via APISIX",
+  "upstream_id": "httpbin_upstream",
+  "methods": ["GET"],
+  "plugins": {
+    "cors": {}
+  }
+}
+

apisix/admin_payloads/upstream_httpbin.json

@@ -0,0 +1,10 @@
+{
+  "type": "roundrobin",
+  "scheme": "http",
+  "nodes": {
+    "httpbin:8080": 1
+  },
+  "pass_host": "pass",
+  "name": "httpbin_upstream",
+  "desc": "Local httpbin upstream"
+}

docker-compose.yml

@@ -0,0 +1,77 @@
+services:
+  etcd:
+    image: bitnamilegacy/etcd:3.5.15
+    container_name: etcd
+    environment:
+      - ALLOW_NONE_AUTHENTICATION=yes
+      - ETCD_ENABLE_V2=false
+      - ETCD_ADVERTISE_CLIENT_URLS=http://etcd:2379
+      - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
+    ports:
+      - "2379:2379"
+    networks:
+      - apisix
+
+  apisix:
+    image: apache/apisix:3.14.1-ubuntu
+    container_name: apisix
+    depends_on:
+      - etcd
+    environment:
+      APISIX_CONFIG_YAML: |
+        deployment:
+          role: traditional
+          role_traditional:
+            config_provider: etcd
+        apisix:
+          node_listen: 9080
+          enable_admin: true
+          # Demo only: open to all. Narrow CIDR in production.
+          allow_admin:
+            - 0.0.0.0/0
+          admin_key:
+            - name: admin
+              key: edd1c9f034335f136f87ad84b625c8f1
+              role: admin
+          ssl:
+            enable: true
+            listen_port: 9443
+        etcd:
+          host:
+            - "http://etcd:2379"
+          prefix: "/apisix"
+          timeout: 30
+        plugins:
+          - cors
+          - proxy-rewrite
+          - request-id
+          - server-info
+        plugin_attr: {}
+        nginx_config:
+          error_log: logs/error.log
+          worker_processes: auto
+          worker_rlimit_nofile: 20480
+          http:
+            access_log: logs/access.log
+            keepalive_timeout: 60s
+    restart: unless-stopped
+    ports:
+      - "9080:9080"   # APISIX HTTP
+      - "9443:9443"   # APISIX HTTPS
+      - "9180:9180"   # Admin API
+    networks:
+      - apisix
+
+  httpbin:
+    image: mccutchen/go-httpbin:latest
+    container_name: httpbin
+    expose:
+      - "8080"
+    ports:
+      - "8080:8080"   # Optional: access http://localhost:8080 directly
+    networks:
+      - apisix
+
+networks:
+  apisix:
+    driver: bridge

openapi/httpbin.yaml

@@ -0,0 +1,75 @@
+openapi: 3.0.3
+info:
+  title: Httpbin via APISIX
+  description: |
+    Demonstration of routing httpbin through APISIX. Includes x-apisix extensions for ADC to generate APISIX resources.
+  version: 1.0.0
+servers:
+  - url: http://localhost:9080
+    description: Local APISIX Gateway
+
+paths:
+  /get:
+    get:
+      summary: Proxy to httpbin GET
+      description: Returns request info from httpbin
+      tags: [httpbin]
+      responses:
+        '200':
+          description: OK
+      x-apisix-plugins:
+        cors: {}
+      x-apisix-upstream:
+        type: roundrobin
+        scheme: http
+        nodes:
+          "httpbin:8080": 1
+
+  /status/{code}:
+    get:
+      summary: Return specific HTTP status code
+      tags: [httpbin]
+      parameters:
+        - in: path
+          name: code
+          required: true
+          schema:
+            type: integer
+            minimum: 100
+            maximum: 599
+      responses:
+        '200':
+          description: Example response (status code depends on path parameter)
+      x-apisix-plugins:
+        cors: {}
+      x-apisix-upstream:
+        type: roundrobin
+        scheme: http
+        nodes:
+          "httpbin:8080": 1
+
+  /anything:
+    post:
+      summary: Echo any request data
+      tags: [httpbin]
+      requestBody:
+        required: false
+        content:
+          application/json:
+            schema:
+              type: object
+          application/x-www-form-urlencoded:
+            schema:
+              type: object
+      responses:
+        '200':
+          description: OK
+      x-apisix-plugins:
+        cors: {}
+      x-apisix-upstream:
+        type: roundrobin
+        scheme: http
+        nodes:
+          "httpbin:8080": 1
+
+components: {}