init

juzhiyuan · juzhiyuan · commit a63c179ee8d2 · 2025-10-29T22:31:33.000+08:00
diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml
@@ -0,0 +1,76 @@
+name: apisix-adc-cicd
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    env:
+      # Demo only: plaintext values for simplicity. Do NOT use in production.
+      # Set this to your public VM address so GitHub Actions can reach APISIX Admin API.
+      # In Production environments, use secrets to inject these values securely.
+      APISIX_ADMIN_API: "http://68.183.178.88:9180"
+      # Demo admin key; replace if you change APISIX admin_key in config.
+      APISIX_ADMIN_KEY: "edd1c9f034335f136f87ad84b625c8f1"
+      ADC_VERSION: "0.21.2"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Show environment
+        run: |
+          echo "APISIX_ADMIN_API=${APISIX_ADMIN_API}"
+          echo "adc version (if present):" || true
+          (adc --version || true)
+
+      - name: Install ADC CLI
+        run: |
+          set -euxo pipefail
+          arch="$(uname -m)"
+          case "${arch}" in
+            x86_64|amd64) adc_arch="amd64" ;;
+            arm64|aarch64) adc_arch="arm64" ;;
+            *)
+              echo "Unsupported architecture: ${arch}" >&2
+              exit 1
+              ;;
+          esac
+          url="https://github.com/api7/adc/releases/download/v${ADC_VERSION}/adc_${ADC_VERSION}_linux_${adc_arch}.tar.gz"
+          curl -sSL -o adc.tar.gz "${url}"
+          tar -xzf adc.tar.gz
+          install_dir="${HOME}/.local/bin"
+          mkdir -p "${install_dir}"
+          install -m 0755 adc "${install_dir}/adc"
+          echo "${install_dir}" >> "${GITHUB_PATH}"
+          adc --version
+
+      - name: Render OpenAPI -> APISIX config
+        id: render
+        run: |
+          bash scripts/adc_render.sh
+
+      - name: Upload rendered artifact (if any)
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: apisix-config
+          path: dist/
+          if-no-files-found: ignore
+
+      - name: Publish to APISIX via Admin API/ADC
+        env:
+          APISIX_ADMIN_API: ${{ env.APISIX_ADMIN_API }}
+          APISIX_ADMIN_KEY: ${{ env.APISIX_ADMIN_KEY }}
+        run: |
+          if [ -z "${APISIX_ADMIN_API}" ] || [ -z "${APISIX_ADMIN_KEY}" ]; then
+            echo "APISIX_ADMIN_API / APISIX_ADMIN_KEY envs are required (demo uses plaintext)" >&2
+            exit 1
+          fi
+          bash scripts/adc_publish.sh
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+dist/
+.DS_Store
diff --git a/Makefile b/Makefile
@@ -0,0 +1,19 @@
+.PHONY: up down logs render publish seed
+
+up:
+	docker compose up -d
+
+down:
+	docker compose down
+
+logs:
+	docker compose logs -f apisix
+
+render:
+	bash scripts/adc_render.sh
+
+publish:
+	bash scripts/adc_publish.sh
+
+seed:
+	bash scripts/bootstrap_routes_via_admin.sh
diff --git a/README.md b/README.md
@@ -0,0 +1,110 @@
+# APISIX + etcd + ADC + GitHub Actions + OpenAPI Demo
+
+This repository provides a runnable demo featuring:
+
+- APISIX Gateway + etcd via Docker Compose
+- OpenAPI (httpbin example) with APISIX/ADC annotations
+- ADC CLI to generate and publish APISIX configuration
+- GitHub Actions for CI/CD
+
+Note: This demo routes to a local `httpbin` container by default for offline use. You can optionally switch to the public `httpbin.org`.
+
+## Quickstart (Local)
+
+Prerequisites: Docker 20+, Docker Compose, curl.
+
+- Start APISIX + etcd + httpbin:
+  - `docker compose up -d`
+  - Wait 10–20s for APISIX to be ready
+- Verify Admin API (optional):
+  - `curl -s http://localhost:9180/apisix/admin/routes -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' | head`
+- Seed routes without ADC (admin API demo):
+  - `bash scripts/bootstrap_routes_via_admin.sh`
+- Test traffic through APISIX:
+  - `curl -i http://localhost:9080/get`
+  - `curl -i http://localhost:9080/status/201`
+  - `curl -i -X POST http://localhost:9080/anything -d 'hello=apisix'`
+
+When ADC CLI is ready, use `make render` to produce APISIX config and `make publish` to deploy it (see below).
+
+## OpenAPI + ADC annotations
+
+- See `openapi/httpbin.yaml`, including `/get`, `/status/{code}`, `/anything`.
+- The first `servers` entry defines upstream nodes (`httpbin:8080` for local compose).
+- `x-adc-*` per operation guides ADC resource generation:
+  - `x-adc-name`: route name override (`httpbin_get`, etc.)
+  - `x-adc-plugins`: enable plugins (e.g., `cors`)
+
+## Use ADC (Local)
+
+- Install ADC CLI (see https://github.com/api7/adc)
+- Render:
+  - `make render`
+  - Output: `dist/apisix.yaml`
+- Publish (requires Admin API key below):
+  - `make publish`
+
+Notes:
+- This repo assumes `adc` is available in PATH.
+- ADC verbs vary by version. Scripts attempt common ones and will guide you if adjustment is needed. For ADC 0.21.2, the script first tries `adc convert openapi`; if unavailable it falls back to historical verbs (`adc openapi generate`, `adc generate`, `adc render`, `adc compile`).
+
+## GitHub Actions (CI/CD)
+
+- Workflow: `.github/workflows/cicd.yaml`
+- Triggers: push to `main` or PR
+- Steps:
+  - Install ADC CLI (GitHub Actions downloads v0.21.2 release binary)
+  - Validate and render OpenAPI → APISIX config
+  - Publish to APISIX Admin API
+Environment in workflow (demo only):
+- The workflow uses plaintext env vars for simplicity:
+  - `APISIX_ADMIN_API`: e.g., `http://YOUR_PUBLIC_VM:9180`
+  - `APISIX_ADMIN_KEY`: demo `edd1c9f034335f136f87ad84b625c8f1`
+- This is for demo purposes only. For production, use GitHub Secrets.
+
+## Switch to httpbin.org (Optional)
+
+If outbound network is allowed and you prefer public `httpbin.org`:
+
+1. Edit `openapi/httpbin.yaml`, update the first `servers` entry to `https://httpbin.org` (or your upstream).
+2. Add/adjust `x-adc-plugins` as needed (e.g., `proxy-rewrite` to set `host: httpbin.org`).
+3. Re-run `make render` and publish.
+
+## APISIX/etcd Configuration
+
+- `docker-compose.yml` runs `etcd`, `apisix`, `httpbin` containers (no persistent volumes)
+- APISIX config: stored in `apisix/conf/config.yaml` and mounted read-only into the APISIX container via Compose
+  - etcd: `http://etcd:2379`
+  - Admin API: `9180`
+  - Gateway ports: `9080` (HTTP), `9443` (HTTPS)
+  - Admin Key (demo only): `edd1c9f034335f136f87ad84b625c8f1`
+  - APISIX image: `apache/apisix:3.14.1-ubuntu`
+
+## Useful Commands
+
+- `make up`: start all services
+- `docker compose logs -f apisix`: tail APISIX logs
+- `make render`: generate APISIX config using ADC
+- `make publish`: publish config to APISIX Admin API
+- `bash scripts/bootstrap_routes_via_admin.sh`: seed routes via Admin API (no ADC)
+- `make down`: stop containers (no persistent volumes)
+
+## Running on a Public VM
+
+- Point GitHub Actions to your VM by editing `.github/workflows/cicd.yaml` env:
+  - `APISIX_ADMIN_API: "http://YOUR_PUBLIC_VM:9180"`
+  - Ensure your VM firewall/security group allows inbound TCP 9180 from GitHub Actions runners (demo only). For production, restrict sources and rotate the admin key.
+
+## Layout
+
+- `docker-compose.yml`: containers orchestration
+- `apisix/conf/config.yaml`: APISIX config mounted by Compose
+- `openapi/httpbin.yaml`: OpenAPI with x-adc hints for ADC
+- `scripts/adc_render.sh`: ADC render script (auto-detect verbs)
+- `scripts/adc_publish.sh`: ADC publish/apply/sync script (auto-detect verbs)
+- `scripts/bootstrap_routes_via_admin.sh`: seed APISIX resources via Admin API
+- `apisix/admin_payloads/*.json`: Admin API payload examples
+- `.github/workflows/cicd.yaml`: CI/CD workflow
+- `Makefile`: helper targets
+
+If you want me to pin scripts/workflow exactly to your ADC 0.21.2 verbs, I can adjust commands precisely once you confirm the exact subcommands you use locally (e.g., `adc openapi generate`).
diff --git a/apisix/admin_payloads/route_httpbin_anything.json b/apisix/admin_payloads/route_httpbin_anything.json
@@ -0,0 +1,11 @@
+{
+  "uri": "/anything",
+  "name": "httpbin_anything",
+  "desc": "POST /anything via APISIX",
+  "upstream_id": "httpbin_upstream",
+  "methods": ["POST"],
+  "plugins": {
+    "cors": {}
+  }
+}
+
diff --git a/apisix/admin_payloads/route_httpbin_get.json b/apisix/admin_payloads/route_httpbin_get.json
@@ -0,0 +1,11 @@
+{
+  "uri": "/get",
+  "name": "httpbin_get",
+  "desc": "GET /get via APISIX",
+  "upstream_id": "httpbin_upstream",
+  "methods": ["GET"],
+  "plugins": {
+    "cors": {}
+  }
+}
+
diff --git a/apisix/admin_payloads/route_httpbin_status.json b/apisix/admin_payloads/route_httpbin_status.json
@@ -0,0 +1,11 @@
+{
+  "uri": "/status/*",
+  "name": "httpbin_status",
+  "desc": "GET /status/{code} via APISIX",
+  "upstream_id": "httpbin_upstream",
+  "methods": ["GET"],
+  "plugins": {
+    "cors": {}
+  }
+}
+
diff --git a/apisix/admin_payloads/upstream_httpbin.json b/apisix/admin_payloads/upstream_httpbin.json
@@ -0,0 +1,10 @@
+{
+  "type": "roundrobin",
+  "scheme": "http",
+  "nodes": {
+    "httpbin:8080": 1
+  },
+  "pass_host": "pass",
+  "name": "httpbin_upstream",
+  "desc": "Local httpbin upstream"
+}
diff --git a/apisix/conf/config.yaml b/apisix/conf/config.yaml
@@ -0,0 +1,39 @@
+deployment:
+  role: traditional
+  role_traditional:
+    config_provider: etcd
+  admin:
+    # Demo only: open to all. Narrow CIDR in production.
+    allow_admin:
+      - 0.0.0.0/0
+    admin_key:
+      - name: admin
+        key: edd1c9f034335f136f87ad84b625c8f1
+        role: admin
+      - name: "viewer"
+        key: 4054f7cf07e344346cd3f287985e76a2
+        role: viewer
+  etcd:
+    host:
+      - "http://etcd:2379"
+    prefix: "/apisix"
+    timeout: 30
+apisix:
+  node_listen: 9080
+  enable_admin: true
+  ssl:
+    enable: true
+    listen_port: 9443
+stream_plugins: []
+plugin_attr:
+  prometheus:
+    export_addr:
+      ip: "0.0.0.0"
+      port: 9091
+nginx_config:
+  error_log: logs/error.log
+  worker_processes: auto
+  worker_rlimit_nofile: 20480
+  http:
+    access_log: logs/access.log
+    keepalive_timeout: 60s
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,50 @@
+services:
+  etcd:
+    image: bitnamilegacy/etcd:3.5.15
+    container_name: etcd
+    environment:
+      - ALLOW_NONE_AUTHENTICATION=yes
+      - ETCD_ENABLE_V2=false
+      - ETCD_ADVERTISE_CLIENT_URLS=http://etcd:2379
+      - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
+      - ETCDCTL_API=3
+    ports:
+      - "2379:2379"
+    healthcheck:
+      test: ["CMD", "etcdctl", "--endpoints=http://127.0.0.1:2379", "endpoint", "health"]
+      interval: 5s
+      timeout: 3s
+      retries: 20
+      start_period: 5s
+    networks:
+      - apisix
+
+  apisix:
+    image: apache/apisix:3.14.1-ubuntu
+    container_name: apisix
+    depends_on:
+      etcd:
+        condition: service_healthy
+    restart: unless-stopped
+    ports:
+      - "9080:9080"   # APISIX HTTP
+      - "9443:9443"   # APISIX HTTPS
+      - "9180:9180"   # Admin API
+    volumes:
+      - ./apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
+    networks:
+      - apisix
+
+  httpbin:
+    image: mccutchen/go-httpbin:latest
+    container_name: httpbin
+    expose:
+      - "8080"
+    ports:
+      - "8080:8080"   # Optional: access http://localhost:8080 directly
+    networks:
+      - apisix
+
+networks:
+  apisix:
+    driver: bridge
diff --git a/openapi/httpbin.yaml b/openapi/httpbin.yaml
diff --git a/scripts/adc_publish.sh b/scripts/adc_publish.sh
diff --git a/scripts/adc_render.sh b/scripts/adc_render.sh
diff --git a/scripts/bootstrap_routes_via_admin.sh b/scripts/bootstrap_routes_via_admin.sh
