KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feat(apisix): add Cloudron package

Browse Source 
- Implements Apache APISIX packaging for Cloudron platform.
- Includes Dockerfile, CloudronManifest.json, and start.sh.
- Configured to use Cloudron's etcd addon.

🤖 Generated with Gemini CLI
Co-Authored-By: Gemini <noreply@google.com>
This commit is contained in:
Charles N Wyble - admin
2025-09-04 09:42:47 -05:00
parent f7bae09f22
commit 54cc5f7308
1608 changed files with 388342 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
CloudronPackages/APISIX/apisix-source/ci/backup-docker-images.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
test_type=$1
echo "started backing up, time: $(date)"
mkdir docker-images-backup
sum=$(cat ci/pod/docker-compose.$test_type.yml | grep image | wc -l)
special_tag=$(cat ci/pod/docker-compose.$test_type.yml | grep image: | awk '{print $2}' | awk 'ORS=NR%"'$sum'"?" ":"\n"{print}')
echo special: $special_tag
openwhisk_tag="openwhisk/action-nodejs-v14:nightly openwhisk/standalone:nightly"
echo
echo special_tag: $special_tag
echo openwhisk_tag: $openwhisk_tag
echo
all_tags="${special_tag} ${openwhisk_tag}"
to_pull=""
for tag in $all_tags
do
if ! ( docker inspect $tag &> /dev/null )
then
to_pull="${to_pull} ${tag}"
fi
done
echo to pull : $to_pull
if [[ -n $to_pull ]]
then
echo "$to_pull" | xargs -P10 -n1 docker pull
fi
docker save $special_tag $openwhisk_tag -o docker-images-backup/apisix-images.tar
echo "docker save done, time: $(date)"

238
CloudronPackages/APISIX/apisix-source/ci/check_changelog_prs.ts Executable file
View File

@@ -0,0 +1,238 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { execSync } from 'child_process';
import { readFileSync } from 'fs';
import { join } from 'path';
// Types
interface Version {
tag: string;
ref: string;
}
interface PR {
number: number;
title: string;
commit: string;
}
// Configuration
const IGNORE_TYPES = [
'docs',
'chore',
'test',
'ci'
];
const IGNORE_PRS = [
// 3.9.0
10655, 10857, 10858, 10887, 10959, 11029, 11041, 11053, 11055, 11061, 10976, 10984, 11025,
// 3.10.0
11105, 11128, 11169, 11171, 11280, 11333, 11081, 11202, 11469,
// 3.11.0
11463, 11570,
// 3.12.0
11769, 11816, 11881, 11905, 11924, 11926, 11973, 11991, 11992, 11829,
// 3.13.0
9945, 11420, 11765, 12036, 12048, 12057, 12076, 12122, 12123, 12168, 12199, 12218, 12225, 12272, 12277, 12300, 12306, 12329, 12353, 12364, 12375, 12358
];
function getGitRef(version: string): string {
try {
execSync(`git rev-parse ${version}`, { stdio: 'ignore' });
return version;
} catch {
return 'HEAD';
}
}
function extractVersionsFromChangelog(): Version[] {
const changelogPath = join(process.cwd(), '..', 'CHANGELOG.md');
const content = readFileSync(changelogPath, 'utf-8');
const versionRegex = /^## ([0-9]+\.[0-9]+\.[0-9]+)/gm;
const versions: Version[] = [];
let match;
while ((match = versionRegex.exec(content)) !== null) {
const tag = match[1];
versions.push({
tag,
ref: getGitRef(tag)
});
}
return versions;
}
function extractPRsFromChangelog(startTag: string, endTag: string): number[] {
const changelogPath = join(process.cwd(), '..', 'CHANGELOG.md');
const content = readFileSync(changelogPath, 'utf-8');
const lines = content.split('\n');
let inRange = false;
const prs: number[] = [];
for (const line of lines) {
if (line.startsWith(`## ${startTag}`)) {
inRange = true;
continue;
}
if (inRange && line.startsWith(`## ${endTag}`)) {
break;
}
if (inRange) {
const match = line.match(/#(\d+)/);
if (match) {
prs.push(parseInt(match[1], 10));
}
}
}
return prs.sort((a, b) => a - b);
}
function shouldIgnoreCommitMessage(message: string): boolean {
// Extract the commit message part (remove the commit hash)
const messagePart = message.split(' ').slice(1).join(' ');
// Check if the message starts with any of the ignored types
for (const type of IGNORE_TYPES) {
// Check simple format: "type: message"
if (messagePart.startsWith(`${type}:`)) {
return true;
}
// Check format with scope: "type(scope): message"
if (messagePart.startsWith(`${type}(`)) {
const closingBracketIndex = messagePart.indexOf('):');
if (closingBracketIndex !== -1) {
return true;
}
}
}
return false;
}
function extractPRsFromGitLog(oldRef: string, newRef: string): PR[] {
const log = execSync(`git log ${oldRef}..${newRef} --oneline`, { encoding: 'utf-8' });
const prs: PR[] = [];
for (const line of log.split('\n')) {
if (!line.trim()) continue;
// Check if this commit should be ignored
if (shouldIgnoreCommitMessage(line)) continue;
// Find PR number
const prMatch = line.match(/#(\d+)/);
if (prMatch) {
const prNumber = parseInt(prMatch[1], 10);
if (!IGNORE_PRS.includes(prNumber)) {
prs.push({
number: prNumber,
title: line,
commit: line.split(' ')[0]
});
}
}
}
return prs.sort((a, b) => a.number - b.number);
}
function findMissingPRs(changelogPRs: number[], gitPRs: PR[]): PR[] {
const changelogPRSet = new Set(changelogPRs);
return gitPRs.filter(pr => !changelogPRSet.has(pr.number));
}
function versionGreaterThan(v1: string, v2: string): boolean {
// Remove 'v' prefix if present
const cleanV1 = v1.replace(/^v/, '');
const cleanV2 = v2.replace(/^v/, '');
// Split version strings into arrays of numbers
const v1Parts = cleanV1.split('.').map(Number);
const v2Parts = cleanV2.split('.').map(Number);
// Compare each part
for (let i = 0; i < Math.max(v1Parts.length, v2Parts.length); i++) {
const v1Part = v1Parts[i] || 0;
const v2Part = v2Parts[i] || 0;
if (v1Part > v2Part) return true;
if (v1Part < v2Part) return false;
}
// If all parts are equal, return false
return false;
}
// Main function
async function main() {
try {
const versions = extractVersionsFromChangelog();
let hasErrors = false;
for (let i = 0; i < versions.length - 1; i++) {
const newVersion = versions[i];
const oldVersion = versions[i + 1];
// Skip if new version is less than or equal to 3.8.0
if (!versionGreaterThan(newVersion.tag, '3.8.0')) {
continue;
}
console.log(`\n=== Checking changes between ${newVersion.tag} (${newVersion.ref}) and ${oldVersion.tag} (${oldVersion.ref}) ===`);
const changelogPRs = extractPRsFromChangelog(newVersion.tag, oldVersion.tag);
const gitPRs = extractPRsFromGitLog(oldVersion.ref, newVersion.ref);
const missingPRs = findMissingPRs(changelogPRs, gitPRs);
console.log(`\n=== PR Comparison Results for ${newVersion.tag} ===`);
if (missingPRs.length === 0) {
console.log(`\n✅ All PRs are included in CHANGELOG.md for version ${newVersion.tag}`);
} else {
console.log(`\n❌ Missing PRs in CHANGELOG.md for version ${newVersion.tag} (sorted):`);
missingPRs.forEach(pr => {
console.log(` #${pr.number}`);
});
console.log(`\nDetailed information about missing PRs for version ${newVersion.tag}:`);
missingPRs.forEach(pr => {
console.log(`\nPR #${pr.number}:`);
console.log(` - ${pr.title}`);
console.log(` - PR URL: https://github.com/apache/apisix/pull/${pr.number}`);
});
console.log('Note: If you confirm that a PR should not appear in the changelog, please add its number to the IGNORE_PRS array in this script.');
hasErrors = true;
}
}
if (hasErrors) {
process.exit(1);
}
} catch (error) {
console.error('Error:', error);
process.exit(1);
}
}
(async () => {
await main();
})();

217
CloudronPackages/APISIX/apisix-source/ci/common.sh Normal file
View File

@@ -0,0 +1,217 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
set -ex
export_version_info() {
source ./.requirements
}
export_or_prefix() {
export OPENRESTY_PREFIX="/usr/local/openresty"
export PATH=$OPENRESTY_PREFIX/nginx/sbin:$OPENRESTY_PREFIX/luajit/bin:$OPENRESTY_PREFIX/bin:$PATH
export OPENSSL_PREFIX=$OPENRESTY_PREFIX/openssl3
export OPENSSL_BIN=$OPENSSL_PREFIX/bin/openssl
}
create_lua_deps() {
echo "Create lua deps"
make deps
# just for jwt-auth test
luarocks install lua-resty-openssl --tree deps
# maybe reopen this feature later
# luarocks install luacov-coveralls --tree=deps --local > build.log 2>&1 || (cat build.log && exit 1)
# for github action cache
chmod -R a+r deps
}
rerun_flaky_tests() {
if tail -1 "$1" | grep "Result: PASS"; then
exit 0
fi
if ! tail -1 "$1" | grep "Result: FAIL"; then
# CI failure not caused by failed test
exit 1
fi
local tests
local n_test
tests="$(awk '/^t\/.*.t\s+\(.+ Failed: .+\)/{ print $1 }' "$1")"
n_test="$(echo "$tests" | wc -l)"
if [ "$n_test" -gt 10 ]; then
# too many tests failed
exit 1
fi
echo "Rerun $(echo "$tests" | xargs)"
FLUSH_ETCD=1 prove --timer -I./test-nginx/lib -I./ $(echo "$tests" | xargs)
}
install_curl () {
CURL_VERSION="8.13.0"
wget -q https://github.com/stunnel/static-curl/releases/download/${CURL_VERSION}/curl-linux-x86_64-glibc-${CURL_VERSION}.tar.xz
tar -xf curl-linux-x86_64-glibc-${CURL_VERSION}.tar.xz
sudo cp curl /usr/bin
curl -V
}
install_apisix_runtime() {
export runtime_version=${APISIX_RUNTIME}
wget "https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh"
chmod +x build-apisix-runtime.sh
./build-apisix-runtime.sh latest
}
install_grpcurl () {
# For more versions, visit https://github.com/fullstorydev/grpcurl/releases
GRPCURL_VERSION="1.8.5"
wget -q https://github.com/fullstorydev/grpcurl/releases/download/v${GRPCURL_VERSION}/grpcurl_${GRPCURL_VERSION}_linux_x86_64.tar.gz
tar -xvf grpcurl_${GRPCURL_VERSION}_linux_x86_64.tar.gz -C /usr/local/bin
}
install_vault_cli () {
VAULT_VERSION="1.9.0"
wget -q https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip
unzip vault_${VAULT_VERSION}_linux_amd64.zip && mv ./vault /usr/local/bin
}
install_nodejs () {
curl -fsSL https://raw.githubusercontent.com/tj/n/master/bin/n | bash -s install --cleanup lts
corepack enable pnpm
}
install_brotli () {
local BORTLI_VERSION="1.1.0"
wget -q https://github.com/google/brotli/archive/refs/tags/v${BORTLI_VERSION}.zip
unzip v${BORTLI_VERSION}.zip && cd ./brotli-${BORTLI_VERSION} && mkdir build && cd build
local CMAKE=$(command -v cmake3 > /dev/null 2>&1 && echo cmake3 || echo cmake)
${CMAKE} -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local/brotli ..
sudo ${CMAKE} --build . --config Release --target install
if [ -d "/usr/local/brotli/lib64" ]; then
echo /usr/local/brotli/lib64 | sudo tee /etc/ld.so.conf.d/brotli.conf
else
echo /usr/local/brotli/lib | sudo tee /etc/ld.so.conf.d/brotli.conf
fi
sudo ldconfig
cd ../..
rm -rf brotli-${BORTLI_VERSION}
}
set_coredns() {
# test a domain name is configured as upstream
echo "127.0.0.1 test.com" | sudo tee -a /etc/hosts
echo "::1 ipv6.local" | sudo tee -a /etc/hosts
# test certificate verification
echo "127.0.0.1 admin.apisix.dev" | sudo tee -a /etc/hosts
cat /etc/hosts # check GitHub Action's configuration
# override DNS configures
if [ -f "/etc/netplan/50-cloud-init.yaml" ]; then
sudo pip3 install yq
tmp=$(mktemp)
yq -y '.network.ethernets.eth0."dhcp4-overrides"."use-dns"=false' /etc/netplan/50-cloud-init.yaml | \
yq -y '.network.ethernets.eth0."dhcp4-overrides"."use-domains"=false' | \
yq -y '.network.ethernets.eth0.nameservers.addresses[0]="8.8.8.8"' | \
yq -y '.network.ethernets.eth0.nameservers.search[0]="apache.org"' > $tmp
mv $tmp /etc/netplan/50-cloud-init.yaml
cat /etc/netplan/50-cloud-init.yaml
sudo netplan apply
sleep 3
sudo mv /etc/resolv.conf /etc/resolv.conf.bak
sudo ln -s /run/systemd/resolve/resolv.conf /etc/
fi
cat /etc/resolv.conf
mkdir -p build-cache
if [ ! -f "build-cache/coredns_1_8_1" ]; then
wget -q https://github.com/coredns/coredns/releases/download/v1.8.1/coredns_1.8.1_linux_amd64.tgz
tar -xvf coredns_1.8.1_linux_amd64.tgz
mv coredns build-cache/
touch build-cache/coredns_1_8_1
fi
pushd t/coredns || exit 1
../../build-cache/coredns -dns.port=1053 &
popd || exit 1
touch build-cache/test_resolve.conf
echo "nameserver 127.0.0.1:1053" > build-cache/test_resolve.conf
}
GRPC_SERVER_EXAMPLE_VER=20210819
linux_get_dependencies () {
apt update
apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev xz-utils
apt remove -y curl
apt-get install -y libyaml-dev
wget https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq
# install curl with http3 support
install_curl
}
function start_grpc_server_example() {
./t/grpc_server_example/grpc_server_example \
-grpc-address :10051 -grpcs-address :10052 -grpcs-mtls-address :10053 -grpc-http-address :10054 \
-crt ./t/certs/apisix.crt -key ./t/certs/apisix.key -ca ./t/certs/mtls_ca.crt \
> grpc_server_example.log 2>&1 &
for (( i = 0; i <= 10; i++ )); do
sleep 0.5
GRPC_PROC=`ps -ef | grep grpc_server_example | grep -v grep || echo "none"`
if [[ $GRPC_PROC == "none" || "$i" -eq 10 ]]; then
echo "failed to start grpc_server_example"
ss -antp | grep 1005 || echo "no proc listen port 1005x"
cat grpc_server_example.log
exit 1
fi
ss -lntp | grep 10051 | grep grpc_server && break
done
}
function start_sse_server_example() {
# build sse_server_example
pushd t/sse_server_example
go build
./sse_server_example 7737 2>&1 &
for (( i = 0; i <= 10; i++ )); do
sleep 0.5
SSE_PROC=`ps -ef | grep sse_server_example | grep -v grep || echo "none"`
if [[ $SSE_PROC == "none" || "$i" -eq 10 ]]; then
echo "failed to start sse_server_example"
ss -antp | grep 7737 || echo "no proc listen port 7737"
exit 1
else
break
fi
done
popd
}

48
CloudronPackages/APISIX/apisix-source/ci/free_disk_space.sh Normal file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# GitHub Action CI runner comes with a limited disk space, due to several reasons
# it may become full. For example, caching docker images creates an archive of
# several GBs of size, this sometimes leads to disk usage becoming full.
# To keep CI functional, we delete large directories that we do not need.
echo "=============================================================================="
echo "Freeing up disk space on CI system"
echo "=============================================================================="
echo "Initial disk usage:"
df -h
echo "Removing large directories and runtimes..."
sudo rm -rf /usr/local/lib/android /usr/share/dotnet /opt/ghc /usr/local/.ghcup /usr/share/swift
echo "Removing large packages and performing clean-up..."
sudo apt-get remove -y '^aspnetcore-.*' '^dotnet-.*' '^llvm-.*' 'php.*' '^mongodb-.*' '^mysql-.*' \
azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri google-cloud-sdk google-cloud-cli --fix-missing
sudo apt-get autoremove -y
sudo apt-get clean
echo "Removing Docker images..."
sudo docker image prune --all --force
echo "Removing and Swap storage..."
sudo swapoff -a
sudo rm -f /mnt/swapfile
echo "Final disk usage:"
df -h

27
CloudronPackages/APISIX/apisix-source/ci/init-common-test-service.sh Executable file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# prepare vault kv engine
sleep 3s
docker exec -i vault sh -c "VAULT_TOKEN='root' VAULT_ADDR='http://0.0.0.0:8200' vault secrets enable -path=kv -version=1 kv"
# prepare localstack
sleep 3s
docker exec -i localstack sh -c "awslocal secretsmanager create-secret --name apisix-key --description 'APISIX Secret' --secret-string '{\"jack\":\"value\"}'"
sleep 3s
docker exec -i localstack sh -c "awslocal secretsmanager create-secret --name apisix-mysql --description 'APISIX Secret' --secret-string 'secret'"

45
CloudronPackages/APISIX/apisix-source/ci/init-last-test-service.sh Executable file
View File

@@ -0,0 +1,45 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
before() {
# generating SSL certificates for Kafka
sudo keytool -genkeypair -keyalg RSA -dname "CN=127.0.0.1" -alias 127.0.0.1 -keystore ./ci/pod/kafka/kafka-server/selfsigned.jks -validity 365 -keysize 2048 -storepass changeit
}
after() {
docker exec -i apache-apisix-kafka-server1-1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server1:2181 --replication-factor 1 --partitions 1 --topic test2
docker exec -i apache-apisix-kafka-server1-1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server1:2181 --replication-factor 1 --partitions 3 --topic test3
docker exec -i apache-apisix-kafka-server2-1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server2:2181 --replication-factor 1 --partitions 1 --topic test4
docker exec -i apache-apisix-kafka-server1-1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server1:2181 --replication-factor 1 --partitions 1 --topic test-consumer
# create messages for test-consumer
for i in `seq 30`
do
docker exec -i apache-apisix-kafka-server1-1 bash -c "echo "testmsg$i" | /opt/bitnami/kafka/bin/kafka-console-producer.sh --bootstrap-server 127.0.0.1:9092 --topic test-consumer"
echo "Produces messages to the test-consumer topic, msg: testmsg$i"
done
echo "Kafka service initialization completed"
}
case $1 in
'after')
after
;;
'before')
before
;;
esac

73
CloudronPackages/APISIX/apisix-source/ci/init-plugin-test-service.sh Executable file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
after() {
docker exec -i apache-apisix-kafka-server1-1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server1:2181 --replication-factor 1 --partitions 1 --topic test2
docker exec -i apache-apisix-kafka-server1-1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server1:2181 --replication-factor 1 --partitions 3 --topic test3
docker exec -i apache-apisix-kafka-server2-1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server2:2181 --replication-factor 1 --partitions 1 --topic test4
# prepare openwhisk env
docker pull openwhisk/action-nodejs-v14:1.20.0
docker run --rm -d --name openwhisk -p 3233:3233 -p 3232:3232 -v /var/run/docker.sock:/var/run/docker.sock openwhisk/standalone:1.0.0
docker exec -i openwhisk waitready
docker exec -i openwhisk bash -c "wsk package create pkg"
docker exec -i openwhisk bash -c "wsk action update /guest/pkg/testpkg <(echo 'function main(args){return {\"hello\": \"world\"}}') --kind nodejs:14"
docker exec -i openwhisk bash -c "wsk action update test <(echo 'function main(args){return {\"hello\": \"test\"}}') --kind nodejs:14"
docker exec -i openwhisk bash -c "wsk action update test-params <(echo 'function main(args){return {\"hello\": args.name || \"test\"}}') --kind nodejs:14"
docker exec -i openwhisk bash -c "wsk action update test-statuscode <(echo 'function main(args){return {\"statusCode\": 407}}') --kind nodejs:14"
docker exec -i openwhisk bash -c "wsk action update test-headers <(echo 'function main(args){return {\"headers\": {\"test\":\"header\"}}}') --kind nodejs:14"
docker exec -i openwhisk bash -c "wsk action update test-body <(echo 'function main(args){return {\"body\": {\"test\":\"body\"}}}') --kind nodejs:14"
docker exec -i rmqnamesrv rm /home/rocketmq/rocketmq-4.6.0/conf/tools.yml
docker exec -i rmqnamesrv /home/rocketmq/rocketmq-4.6.0/bin/mqadmin updateTopic -n rocketmq_namesrv:9876 -t test -c DefaultCluster
docker exec -i rmqnamesrv /home/rocketmq/rocketmq-4.6.0/bin/mqadmin updateTopic -n rocketmq_namesrv:9876 -t test2 -c DefaultCluster
docker exec -i rmqnamesrv /home/rocketmq/rocketmq-4.6.0/bin/mqadmin updateTopic -n rocketmq_namesrv:9876 -t test3 -c DefaultCluster
docker exec -i rmqnamesrv /home/rocketmq/rocketmq-4.6.0/bin/mqadmin updateTopic -n rocketmq_namesrv:9876 -t test4 -c DefaultCluster
# wait for keycloak ready
bash -c 'while true; do curl -s localhost:8080 &>/dev/null; ret=$?; [[ $ret -eq 0 ]] && break; sleep 3; done'
# install jq
wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O jq
chmod +x jq
docker cp jq apisix_keycloak:/usr/bin/
# configure keycloak
docker exec apisix_keycloak bash /tmp/kcadm_configure_cas.sh
docker exec apisix_keycloak bash /tmp/kcadm_configure_university.sh
docker exec apisix_keycloak bash /tmp/kcadm_configure_basic.sh
# configure clickhouse
echo 'CREATE TABLE default.test (`host` String, `client_ip` String, `route_id` String, `service_id` String, `@timestamp` String, PRIMARY KEY(`@timestamp`)) ENGINE = MergeTree()' | curl 'http://localhost:8123/' --data-binary @-
echo 'CREATE TABLE default.test (`host` String, `client_ip` String, `route_id` String, `service_id` String, `@timestamp` String, PRIMARY KEY(`@timestamp`)) ENGINE = MergeTree()' | curl 'http://localhost:8124/' --data-binary @-
}
before() {
# download keycloak cas provider
sudo wget -q https://github.com/jacekkow/keycloak-protocol-cas/releases/download/18.0.2/keycloak-protocol-cas-18.0.2.jar -O /opt/keycloak-protocol-cas-18.0.2.jar
}
case $1 in
'after')
after
;;
'before')
before
;;
esac

33
CloudronPackages/APISIX/apisix-source/ci/kubernetes-ci.sh Executable file
View File

@@ -0,0 +1,33 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./ci/common.sh
run_case() {
export_or_prefix
export PERL5LIB=.:$PERL5LIB
prove -Itest-nginx/lib -I./ -r t/kubernetes | tee test-result
rerun_flaky_tests test-result
}
case_opt=$1
case $case_opt in
(run_case)
run_case
;;
esac

31
CloudronPackages/APISIX/apisix-source/ci/linux-install-etcd-client.sh Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
ETCD_ARCH="amd64"
ETCD_VERSION=${ETCD_VERSION:-'3.5.4'}
ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`}
if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then
ETCD_ARCH="arm64"
fi
wget -q https://github.com/etcd-io/etcd/releases/download/v${ETCD_VERSION}/etcd-v${ETCD_VERSION}-linux-${ETCD_ARCH}.tar.gz
tar xf etcd-v${ETCD_VERSION}-linux-${ETCD_ARCH}.tar.gz
sudo cp etcd-v${ETCD_VERSION}-linux-${ETCD_ARCH}/etcdctl /usr/local/bin/
rm -rf etcd-v${ETCD_VERSION}-linux-${ETCD_ARCH}

62
CloudronPackages/APISIX/apisix-source/ci/linux-install-openresty.sh Executable file
View File

@@ -0,0 +1,62 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
set -euo pipefail
source ./ci/common.sh
export_version_info
ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`}
arch_path=""
if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then
arch_path="arm64/"
fi
wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -
wget -qO - http://repos.apiseven.com/pubkey.gpg | sudo apt-key add -
sudo apt-get -y update --fix-missing
sudo apt-get -y install software-properties-common
sudo add-apt-repository -y "deb https://openresty.org/package/${arch_path}ubuntu $(lsb_release -sc) main"
sudo add-apt-repository -y "deb http://repos.apiseven.com/packages/${arch_path}debian bullseye main"
sudo apt-get update
sudo apt-get install -y openresty-pcre-dev openresty-zlib-dev build-essential gcc g++ cpanminus
SSL_LIB_VERSION=${SSL_LIB_VERSION-openssl}
ENABLE_FIPS=${ENABLE_FIPS:-"false"}
if [ "$OPENRESTY_VERSION" == "source" ]; then
if [ "$SSL_LIB_VERSION" == "tongsuo" ]; then
export openssl_prefix=/usr/local/tongsuo
export zlib_prefix=$OPENRESTY_PREFIX/zlib
export pcre_prefix=$OPENRESTY_PREFIX/pcre
export cc_opt="-DNGX_LUA_ABORT_AT_PANIC -I${zlib_prefix}/include -I${pcre_prefix}/include -I${openssl_prefix}/include"
export ld_opt="-L${zlib_prefix}/lib -L${pcre_prefix}/lib -L${openssl_prefix}/lib64 -Wl,-rpath,${zlib_prefix}/lib:${pcre_prefix}/lib:${openssl_prefix}/lib64"
fi
fi
install_apisix_runtime
if [ ! "$ENABLE_FIPS" == "true" ]; then
curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \
https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/conf/openssl3/openssl.cnf
fi
# patch lua-resty-events
sed -i 's/log(ERR, "event worker failed: ", perr)/log(ngx.WARN, "event worker failed: ", perr)/' /usr/local/openresty/lualib/resty/events/worker.lua

21
CloudronPackages/APISIX/apisix-source/ci/linux_apisix_current_luarocks_in_customed_nginx_runner.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
export OPENRESTY_VERSION=source
. ./ci/linux_apisix_current_luarocks_runner.sh

89
CloudronPackages/APISIX/apisix-source/ci/linux_apisix_current_luarocks_runner.sh Executable file
View File

@@ -0,0 +1,89 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./ci/common.sh
do_install() {
linux_get_dependencies
install_brotli
export_or_prefix
./ci/linux-install-openresty.sh
./utils/linux-install-luarocks.sh
./ci/linux-install-etcd-client.sh
}
script() {
export_or_prefix
openresty -V
sudo rm -rf /usr/local/share/lua/5.1/apisix
# install APISIX with local version
luarocks install apisix-master-0.rockspec --only-deps > build.log 2>&1 || (cat build.log && exit 1)
luarocks make apisix-master-0.rockspec > build.log 2>&1 || (cat build.log && exit 1)
# ensure all files under apisix is installed
diff -rq apisix /usr/local/share/lua/5.1/apisix
mkdir cli_tmp && cd cli_tmp
# show install file
luarocks show apisix
sudo PATH=$PATH apisix help
sudo PATH=$PATH apisix init
sudo PATH=$PATH apisix start
sudo PATH=$PATH apisix stop
grep '\[error\]' /usr/local/apisix/logs/error.log > /tmp/error.log | true
if [ -s /tmp/error.log ]; then
echo "=====found error log====="
cat /usr/local/apisix/logs/error.log
exit 1
fi
cd ..
# apisix cli test
set_coredns
# install test dependencies
sudo pip install requests
# dismiss "maximum number of open file descriptors too small" warning
ulimit -n 10240
ulimit -n -S
ulimit -n -H
for f in ./t/cli/test_*.sh; do
PATH="$PATH" "$f"
done
}
case_opt=$1
shift
case ${case_opt} in
do_install)
do_install "$@"
;;
script)
script "$@"
;;
esac

127
CloudronPackages/APISIX/apisix-source/ci/linux_openresty_common_runner.sh Executable file
View File

@@ -0,0 +1,127 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./ci/common.sh
before_install() {
linux_get_dependencies
sudo cpanm --notest Test::Nginx >build.log 2>&1 || (cat build.log && exit 1)
}
do_install() {
export_or_prefix
./ci/linux-install-openresty.sh
./utils/linux-install-luarocks.sh
./ci/linux-install-etcd-client.sh
create_lua_deps
# sudo apt-get install tree -y
# tree deps
# The latest version of test-nginx is not compatible with the current set of tests with ---http2
# due to this commit: https://github.com/openresty/test-nginx/commit/0ccd106cbe6878318e5a591634af8f1707c411a6
# This change pins test-nginx to a commit before this one.
git clone --depth 1 https://github.com/openresty/test-nginx.git test-nginx
cd test-nginx
git fetch --depth=1 origin ced30a31bafab6c68873efb17b6d80f39bcd95f5
git checkout ced30a31bafab6c68873efb17b6d80f39bcd95f5
cd ..
make utils
mkdir -p build-cache
# install and start grpc_server_example
cd t/grpc_server_example
CGO_ENABLED=0 go build
cd ../../
# install grpcurl
install_grpcurl
# install nodejs
install_nodejs
# grpc-web server && client
cd t/plugin/grpc-web
./setup.sh
# back to home directory
cd ../../../
# install mcp test suite
pushd t/plugin/mcp
pnpm install
popd
# install common jest test suite
pushd t
pnpm install
popd
# install vault cli capabilities
install_vault_cli
# install brotli
install_brotli
}
script() {
export_or_prefix
openresty -V
make init
set_coredns
start_grpc_server_example
start_sse_server_example
# APISIX_ENABLE_LUACOV=1 PERL5LIB=.:$PERL5LIB prove -Itest-nginx/lib -r t
FLUSH_ETCD=1 TEST_EVENTS_MODULE=$TEST_EVENTS_MODULE prove --timer -Itest-nginx/lib -I./ -r $TEST_FILE_SUB_DIR | tee /tmp/test.result
rerun_flaky_tests /tmp/test.result
}
after_success() {
# cat luacov.stats.out
# luacov-coveralls
echo "done"
}
case_opt=$1
shift
case ${case_opt} in
before_install)
before_install "$@"
;;
do_install)
do_install "$@"
;;
script)
script "$@"
;;
after_success)
after_success "$@"
;;
esac

21
CloudronPackages/APISIX/apisix-source/ci/linux_openresty_runner.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
export OPENRESTY_VERSION=source
. ./ci/linux_openresty_common_runner.sh

53
CloudronPackages/APISIX/apisix-source/ci/linux_openresty_tongsuo_runner.sh Executable file
View File

@@ -0,0 +1,53 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
export OPENRESTY_VERSION=source
export SSL_LIB_VERSION=tongsuo
before_install() {
if [ -n "$COMPILE_TONGSUO" ]; then
git clone https://github.com/api7/tongsuo --depth 1
pushd tongsuo
# build binary
./config enable-ntls -static
make -j2
mv apps/openssl apps/static-openssl
./config shared enable-ntls -g --prefix=/usr/local/tongsuo
make -j2
popd
fi
pushd tongsuo
sudo make install_sw
sudo cp apps/static-openssl /usr/local/tongsuo/bin/openssl
export PATH=/usr/local/tongsuo/bin:$PATH
openssl version
popd
}
case_opt=$1
case ${case_opt} in
before_install)
# shellcheck disable=SC2218
before_install
;;
esac
. ./ci/linux_openresty_common_runner.sh

113
CloudronPackages/APISIX/apisix-source/ci/pod/docker-compose.common.yml Normal file
View File

@@ -0,0 +1,113 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
version: "3.8"
services:
## Etcd
etcd_old:
image: bitnami/etcd:3.3.8
restart: unless-stopped
env_file:
- ci/pod/etcd/env/common.env
environment:
ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379
ports:
- "3379:2379"
- "3380:2380"
etcd:
image: bitnami/etcd:3.5.4
restart: unless-stopped
env_file:
- ci/pod/etcd/env/common.env
environment:
ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379
ports:
- "2379:2379"
- "2380:2380"
etcd_tls:
image: bitnami/etcd:3.5.4
restart: unless-stopped
env_file:
- ci/pod/etcd/env/common.env
environment:
ETCD_ADVERTISE_CLIENT_URLS: https://0.0.0.0:12379
ETCD_LISTEN_CLIENT_URLS: https://0.0.0.0:12379
ETCD_CERT_FILE: /certs/etcd.pem
ETCD_KEY_FILE: /certs/etcd.key
ports:
- "12379:12379"
- "12380:12380"
volumes:
- ./t/certs:/certs
etcd_mtls:
image: bitnami/etcd:3.5.4
restart: unless-stopped
env_file:
- ci/pod/etcd/env/common.env
environment:
ETCD_ADVERTISE_CLIENT_URLS: https://0.0.0.0:22379
ETCD_LISTEN_CLIENT_URLS: https://0.0.0.0:22379
ETCD_CERT_FILE: /certs/mtls_server.crt
ETCD_KEY_FILE: /certs/mtls_server.key
ETCD_CLIENT_CERT_AUTH: "true"
ETCD_TRUSTED_CA_FILE: /certs/mtls_ca.crt
ports:
- "22379:22379"
- "22380:22380"
volumes:
- ./t/certs:/certs
## Redis cluster
redis-cluster:
image: vishnunair/docker-redis-cluster:latest
restart: unless-stopped
ports:
- "5000:6379"
- "5002:6380"
- "5003:6381"
- "5004:6382"
- "5005:6383"
- "5006:6384"
## HashiCorp Vault
vault:
image: vault:1.9.0
container_name: vault
restart: unless-stopped
ports:
- "8200:8200"
cap_add:
- IPC_LOCK
environment:
VAULT_DEV_ROOT_TOKEN_ID: root
VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
command: [ "vault", "server", "-dev" ]
## LocalStack
localstack:
image: localstack/localstack
container_name: localstack
restart: unless-stopped
ports:
- "127.0.0.1:4566:4566" # LocalStack Gateway

304
CloudronPackages/APISIX/apisix-source/ci/pod/docker-compose.first.yml Normal file
View File

@@ -0,0 +1,304 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
version: "3.8"
services:
## Eureka
eureka:
image: bitinit/eureka
env_file:
- ci/pod/eureka/env/common.env
restart: unless-stopped
ports:
- "8761:8761"
## Consul
consul_1:
image: consul:1.7
restart: unless-stopped
ports:
- "8500:8500"
command: [ "consul", "agent", "-server", "-bootstrap-expect=1", "-client", "0.0.0.0", "-log-level", "info", "-data-dir=/consul/data", "-enable-script-checks" ]
networks:
consul_net:
consul_2:
image: consul:1.7
restart: unless-stopped
ports:
- "8600:8500"
command: [ "consul", "agent", "-server", "-bootstrap-expect=1", "-client", "0.0.0.0", "-log-level", "info", "-data-dir=/consul/data", "-enable-script-checks" ]
networks:
consul_net:
consul_3:
image: hashicorp/consul:1.16.2
restart: unless-stopped
ports:
- "8502:8500"
command: [ "consul", "agent", "-server", "-bootstrap-expect=1", "-client", "0.0.0.0", "-log-level", "info", "-data-dir=/consul/data", "-enable-script-checks", "-ui", "-hcl", "acl = {\nenabled = true\ndefault_policy = \"deny\"\nenable_token_persistence = true\ntokens = {\nagent = \"2b778dd9-f5f1-6f29-b4b4-9a5fa948757a\"\n}}" ]
networks:
consul_net:
## Consul cluster
consul_node_1:
image: consul:1.7
restart: unless-stopped
ports:
- "9500:8500"
- "8300:8300"
- "8301:8301"
- "8302:8302"
- "9600:8600"
command: [ "consul", "agent", "-server", "-bootstrap-expect=1", "-bind", "0.0.0.0", "-client", "0.0.0.0", "-node", "node-1", "-log-level", "info", "-data-dir=/consul/data", "-enable-script-checks" ]
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8500/"]
interval: 10s
timeout: 10s
retries: 5
networks:
consul_cluster_net:
aliases:
- consul.cluster
consul_node_2:
image: consul:1.7
restart: unless-stopped
environment:
- CONSUL_BIND_INTERFACE=eth0
ports:
- "9501:8500"
command: [ "consul", "agent", "-server", "-bind", "0.0.0.0", "-client", "0.0.0.0", "-retry-join", "consul.cluster", "-node", "node-2", "-log-level", "info", "-data-dir=/consul/data", "-enable-script-checks" ]
depends_on:
consul_node_1:
condition: service_healthy
networks:
consul_cluster_net:
aliases:
- consul.cluster
consul_node_3:
image: consul:1.7
restart: unless-stopped
environment:
- CONSUL_BIND_INTERFACE=eth0
ports:
- "9502:8500"
command: [ "consul", "agent", "-server", "-bind", "0.0.0.0", "-client", "0.0.0.0", "-retry-join", "consul.cluster", "-node", "node-3", "-log-level", "info", "-data-dir=/consul/data", "-enable-script-checks" ]
depends_on:
consul_node_1:
condition: service_healthy
networks:
consul_cluster_net:
aliases:
- consul.cluster
## Nacos cluster
nacos_auth:
hostname: nacos1
image: nacos/nacos-server:1.4.1
env_file:
- ci/pod/nacos/env/common.env
environment:
NACOS_AUTH_ENABLE: "true"
restart: unless-stopped
ports:
- "8848:8848"
networks:
nacos_net:
nacos_no_auth:
hostname: nacos2
image: nacos/nacos-server:1.4.1
env_file:
- ci/pod/nacos/env/common.env
restart: unless-stopped
ports:
- "8858:8848"
networks:
nacos_net:
nacos_server_health_check:
build:
context: ci/pod/nacos/healthcheck
dockerfile: Dockerfile
environment:
CHECK_URI: "http://nacos2:8848/nacos/v1/ns/service/list?pageNo=1&pageSize=2"
tty: true
# debug healthcheck script
# volumes:
# - ./ci/pod/nacos/healthcheck/nacos-server-healthcheck.sh:/nacos-server-healthcheck.sh
healthcheck:
test: [ "CMD", "bash", "/nacos-server-healthcheck.sh" ]
interval: 5s
timeout: 5s
retries: 60
start_period: 10s
networks:
nacos_net:
nacos_service_health_check:
build:
context: ci/pod/nacos/healthcheck
dockerfile: Dockerfile
# debug healthcheck script
# volumes:
# - ./ci/pod/nacos/healthcheck/nacos-service-healthcheck.sh:/nacos-service-healthcheck.sh
tty: true
healthcheck:
test: [ "CMD", "bash", "/nacos-service-healthcheck.sh" ]
interval: 5s
timeout: 30s
retries: 60
start_period: 10s
networks:
nacos_net:
### Nacos services
nacos-service1:
build:
context: ci/pod/nacos/service
dockerfile: Dockerfile
env_file:
- ci/pod/nacos/env/service.env
environment:
SUFFIX_NUM: 1
restart: unless-stopped
ports:
- "18001:18001"
depends_on:
nacos_server_health_check:
condition: service_healthy
networks:
nacos_net:
nacos-service2:
build:
context: ci/pod/nacos/service
dockerfile: Dockerfile
env_file:
- ci/pod/nacos/env/service.env
environment:
SUFFIX_NUM: 2
restart: unless-stopped
ports:
- "18002:18001"
depends_on:
nacos_server_health_check:
condition: service_healthy
networks:
nacos_net:
nacos-service3:
build:
context: ci/pod/nacos/service
dockerfile: Dockerfile
env_file:
- ci/pod/nacos/env/service.env
environment:
SUFFIX_NUM: 1
NAMESPACE: test_ns
restart: unless-stopped
ports:
- "18003:18001"
depends_on:
nacos_server_health_check:
condition: service_healthy
networks:
nacos_net:
nacos-service4:
build:
context: ci/pod/nacos/service
dockerfile: Dockerfile
env_file:
- ci/pod/nacos/env/service.env
environment:
SUFFIX_NUM: 1
GROUP: test_group
restart: unless-stopped
ports:
- "18004:18001"
depends_on:
nacos_server_health_check:
condition: service_healthy
networks:
nacos_net:
nacos-service5:
build:
context: ci/pod/nacos/service
dockerfile: Dockerfile
env_file:
- ci/pod/nacos/env/service.env
environment:
SUFFIX_NUM: 1
GROUP: test_group
NAMESPACE: test_ns
restart: unless-stopped
ports:
- "18005:18001"
depends_on:
nacos_server_health_check:
condition: service_healthy
networks:
nacos_net:
nacos-service6:
build:
context: ci/pod/nacos/service
dockerfile: Dockerfile
env_file:
- ci/pod/nacos/env/service.env
environment:
SUFFIX_NUM: 3
GROUP: test_group2
NAMESPACE: test_ns
restart: unless-stopped
ports:
- "18006:18001"
depends_on:
nacos_server_health_check:
condition: service_healthy
networks:
nacos_net:
nacos-service7:
build:
context: ci/pod/nacos/service
dockerfile: Dockerfile
env_file:
- ci/pod/nacos/env/service.env
environment:
SUFFIX_NUM: 4
GROUP: test_group
NAMESPACE: test_ns2
restart: unless-stopped
ports:
- "18007:18001"
depends_on:
nacos_server_health_check:
condition: service_healthy
networks:
nacos_net:
networks:
consul_cluster_net:
consul_net:
nacos_net:

97
CloudronPackages/APISIX/apisix-source/ci/pod/docker-compose.last.yml Normal file
View File

@@ -0,0 +1,97 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
version: "3.8"
services:
## Redis
apisix_redis:
# The latest image is the latest stable version
image: redis:latest
restart: unless-stopped
ports:
- "6379:6379"
networks:
apisix_net:
## kafka-cluster
zookeeper-server1:
image: bitnami/zookeeper:3.6.0
env_file:
- ci/pod/kafka/zookeeper-server/env/common.env
restart: unless-stopped
ports:
- "2181:2181"
networks:
kafka_net:
zookeeper-server2:
image: bitnami/zookeeper:3.6.0
env_file:
- ci/pod/kafka/zookeeper-server/env/common.env
restart: unless-stopped
ports:
- "12181:12181"
networks:
kafka_net:
kafka-server1:
image: bitnami/kafka:2.8.1
env_file:
- ci/pod/kafka/kafka-server/env/last.env
environment:
KAFKA_CFG_ZOOKEEPER_CONNECT: zookeeper-server1:2181
restart: unless-stopped
ports:
- "9092:9092"
- "9093:9093"
- "9094:9094"
depends_on:
- zookeeper-server1
- zookeeper-server2
networks:
kafka_net:
volumes:
- ./ci/pod/kafka/kafka-server/kafka_jaas.conf:/opt/bitnami/kafka/config/kafka_jaas.conf:ro
- ./ci/pod/kafka/kafka-server/selfsigned.jks:/opt/bitnami/kafka/config/certs/kafka.keystore.jks:ro
- ./ci/pod/kafka/kafka-server/selfsigned.jks:/opt/bitnami/kafka/config/certs/kafka.truststore.jks:ro
kafka-server2:
image: bitnami/kafka:2.8.1
env_file:
- ci/pod/kafka/kafka-server/env/last.env
environment:
KAFKA_CFG_ZOOKEEPER_CONNECT: zookeeper-server2:2181
restart: unless-stopped
ports:
- "19092:9092"
- "19093:9093"
- "19094:9094"
depends_on:
- zookeeper-server1
- zookeeper-server2
networks:
kafka_net:
volumes:
- ./ci/pod/kafka/kafka-server/kafka_jaas.conf:/opt/bitnami/kafka/config/kafka_jaas.conf:ro
- ./ci/pod/kafka/kafka-server/selfsigned.jks:/opt/bitnami/kafka/config/certs/kafka.keystore.jks:ro
- ./ci/pod/kafka/kafka-server/selfsigned.jks:/opt/bitnami/kafka/config/certs/kafka.truststore.jks:ro
networks:
apisix_net:
kafka_net:

400
CloudronPackages/APISIX/apisix-source/ci/pod/docker-compose.plugin.yml Normal file
View File

@@ -0,0 +1,400 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
version: "3.8"
services:
## Redis
apisix_redis:
# The latest image is the latest stable version
image: redis:latest
restart: unless-stopped
volumes:
- ./t/certs:/certs
command: "--tls-port 6380 \
--tls-cert-file /certs/mtls_server.crt \
--tls-key-file /certs/mtls_server.key \
--tls-ca-cert-file /certs/mtls_ca.crt \
--tls-auth-clients no \
--user alice on +@all ~* \\&* \\>somepassword"
ports:
- "6379:6379"
- "6380:6380"
networks:
apisix_net:
## keycloak
apisix_keycloak:
container_name: apisix_keycloak
image: quay.io/keycloak/keycloak:18.0.2
# use host network because in CAS auth,
# keycloak needs to send back-channel POST to apisix.
network_mode: host
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/conf/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/conf/server.key.pem
restart: unless-stopped
command: ["start-dev"]
volumes:
- /opt/keycloak-protocol-cas-18.0.2.jar:/opt/keycloak/providers/keycloak-protocol-cas-18.0.2.jar
- ./ci/pod/keycloak/server.crt.pem:/opt/keycloak/conf/server.crt.pem
- ./ci/pod/keycloak/server.key.pem:/opt/keycloak/conf/server.key.pem
- ./ci/pod/keycloak/kcadm_configure_cas.sh:/tmp/kcadm_configure_cas.sh
- ./ci/pod/keycloak/kcadm_configure_university.sh:/tmp/kcadm_configure_university.sh
- ./ci/pod/keycloak/kcadm_configure_basic.sh:/tmp/kcadm_configure_basic.sh
## kafka-cluster
zookeeper-server1:
image: bitnami/zookeeper:3.6.0
env_file:
- ci/pod/kafka/zookeeper-server/env/common.env
restart: unless-stopped
ports:
- "2181:2181"
networks:
kafka_net:
zookeeper-server2:
image: bitnami/zookeeper:3.6.0
env_file:
- ci/pod/kafka/zookeeper-server/env/common.env
restart: unless-stopped
ports:
- "12181:12181"
networks:
kafka_net:
kafka-server1:
image: bitnami/kafka:2.8.1
env_file:
- ci/pod/kafka/kafka-server/env/common.env
environment:
KAFKA_CFG_ZOOKEEPER_CONNECT: zookeeper-server1:2181
restart: unless-stopped
ports:
- "9092:9092"
depends_on:
- zookeeper-server1
- zookeeper-server2
networks:
kafka_net:
kafka-server2:
image: bitnami/kafka:2.8.1
env_file:
- ci/pod/kafka/kafka-server/env/common2.env
environment:
KAFKA_CFG_ZOOKEEPER_CONNECT: zookeeper-server2:2181
restart: unless-stopped
ports:
- "19092:19092"
- "19094:19094"
depends_on:
- zookeeper-server1
- zookeeper-server2
networks:
kafka_net:
volumes:
- ./ci/pod/kafka/kafka-server/kafka_jaas.conf:/opt/bitnami/kafka/config/kafka_jaas.conf:ro
## SkyWalking
skywalking:
image: apache/skywalking-oap-server:8.7.0-es6
restart: unless-stopped
ports:
- "1234:1234"
- "11800:11800"
- "12800:12800"
networks:
skywalk_net:
## OpenLDAP
openldap:
image: bitnami/openldap:2.5.8
environment:
- LDAP_ADMIN_USERNAME=amdin
- LDAP_ADMIN_PASSWORD=adminpassword
- LDAP_USERS=user01,user02
- LDAP_PASSWORDS=password1,password2
- LDAP_ENABLE_TLS=yes
- LDAP_TLS_CERT_FILE=/certs/localhost_slapd_cert.pem
- LDAP_TLS_KEY_FILE=/certs/localhost_slapd_key.pem
- LDAP_TLS_CA_FILE=/certs/apisix.crt
ports:
- "1389:1389"
- "1636:1636"
volumes:
- ./t/certs:/certs
## Grafana Loki
loki:
image: grafana/loki:2.8.0
command: -config.file=/etc/loki/local-config.yaml -auth.enabled -querier.multi-tenant-queries-enabled
ports:
- "3100:3100"
networks:
- loki_net
rocketmq_namesrv:
image: apacherocketmq/rocketmq:4.6.0
container_name: rmqnamesrv
restart: unless-stopped
ports:
- "9876:9876"
command: sh mqnamesrv
networks:
rocketmq_net:
rocketmq_broker:
image: apacherocketmq/rocketmq:4.6.0
container_name: rmqbroker
restart: unless-stopped
ports:
- "10909:10909"
- "10911:10911"
- "10912:10912"
depends_on:
- rocketmq_namesrv
command: sh mqbroker -n rocketmq_namesrv:9876 -c ../conf/broker.conf
networks:
rocketmq_net:
# Open Policy Agent
opa:
image: openpolicyagent/opa:0.35.0
restart: unless-stopped
ports:
- 8181:8181
command: run -s /example.rego /echo.rego /data.json /with_route.rego
volumes:
- type: bind
source: ./ci/pod/opa/with_route.rego
target: /with_route.rego
- type: bind
source: ./ci/pod/opa/example.rego
target: /example.rego
- type: bind
source: ./ci/pod/opa/echo.rego
target: /echo.rego
- type: bind
source: ./ci/pod/opa/data.json
target: /data.json
networks:
opa_net:
# Elasticsearch Logger Service
elasticsearch-noauth:
image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0
restart: unless-stopped
ports:
- "9200:9200"
- "9300:9300"
environment:
ES_JAVA_OPTS: -Xms512m -Xmx512m
discovery.type: single-node
xpack.security.enabled: 'false'
elasticsearch-auth:
image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0
restart: unless-stopped
ports:
- "9201:9201"
environment:
ES_JAVA_OPTS: -Xms512m -Xmx512m
discovery.type: single-node
ELASTIC_USERNAME: elastic
ELASTIC_PASSWORD: 123456
http.port: 9201
xpack.security.enabled: 'true'
elasticsearch-auth-2:
image: docker.elastic.co/elasticsearch/elasticsearch:9.0.2
restart: unless-stopped
ports:
- "9301:9201"
environment:
ES_JAVA_OPTS: -Xms512m -Xmx512m
discovery.type: single-node
ELASTIC_USERNAME: elastic
ELASTIC_PASSWORD: 123456
http.port: 9201
xpack.security.enabled: 'true'
elasticsearch-auth-3:
image: docker.elastic.co/elasticsearch/elasticsearch:7.0.0
restart: unless-stopped
ports:
- "9401:9201"
environment:
ES_JAVA_OPTS: -Xms512m -Xmx512m
discovery.type: single-node
ELASTIC_USERNAME: elastic
ELASTIC_PASSWORD: 123456
http.port: 9201
xpack.security.enabled: 'true'
elasticsearch-auth-4:
image: docker.elastic.co/elasticsearch/elasticsearch:6.7.0
restart: unless-stopped
ports:
- "9501:9201"
environment:
ES_JAVA_OPTS: -Xms512m -Xmx512m
discovery.type: single-node
ELASTIC_USERNAME: elastic
ELASTIC_PASSWORD: 123456
http.port: 9201
xpack.security.enabled: 'true'
# The function services of OpenFunction
test-header:
image: test-header-image:latest
restart: unless-stopped
ports:
- "30583:8080"
environment:
CONTEXT_MODE: "self-host"
FUNC_CONTEXT: "{\"name\":\"HelloWorld\",\"version\":\"v1.0.0\",\"port\":\"8080\",\"runtime\":\"Knative\"}"
test-uri:
image: test-uri-image:latest
restart: unless-stopped
ports:
- "30584:8080"
environment:
CONTEXT_MODE: "self-host"
FUNC_CONTEXT: "{\"name\":\"HelloWorld\",\"version\":\"v1.0.0\",\"port\":\"8080\",\"runtime\":\"Knative\"}"
test-body:
image: test-body-image:latest
restart: unless-stopped
ports:
- "30585:8080"
environment:
CONTEXT_MODE: "self-host"
FUNC_CONTEXT: "{\"name\":\"HelloWorld\",\"version\":\"v1.0.0\",\"port\":\"8080\",\"runtime\":\"Knative\"}"
## RedisCluster Enable TLS
redis-node-0:
image: docker.io/bitnami/redis-cluster:7.0
volumes:
- ./t/certs:/certs
environment:
- 'ALLOW_EMPTY_PASSWORD=yes'
- 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2'
- 'REDIS_TLS_ENABLED=yes'
- 'REDIS_TLS_CERT_FILE=/certs/mtls_server.crt'
- 'REDIS_TLS_KEY_FILE=/certs/mtls_server.key'
- 'REDIS_TLS_CA_FILE=/certs/mtls_ca.crt'
- 'REDIS_TLS_AUTH_CLIENTS=no'
ports:
- '7000:6379'
redis-node-1:
image: docker.io/bitnami/redis-cluster:7.0
volumes:
- ./t/certs:/certs
environment:
- 'ALLOW_EMPTY_PASSWORD=yes'
- 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2'
- 'REDIS_TLS_ENABLED=yes'
- 'REDIS_TLS_CERT_FILE=/certs/mtls_server.crt'
- 'REDIS_TLS_KEY_FILE=/certs/mtls_server.key'
- 'REDIS_TLS_CA_FILE=/certs/mtls_ca.crt'
- 'REDIS_TLS_AUTH_CLIENTS=no'
ports:
- '7001:6379'
redis-node-2:
image: docker.io/bitnami/redis-cluster:7.0
volumes:
- ./t/certs:/certs
depends_on:
- redis-node-0
- redis-node-1
environment:
- 'ALLOW_EMPTY_PASSWORD=yes'
- 'REDIS_CLUSTER_REPLICAS=0'
- 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2'
- 'REDIS_CLUSTER_CREATOR=yes'
- 'REDIS_TLS_ENABLED=yes'
- 'REDIS_TLS_CERT_FILE=/certs/mtls_server.crt'
- 'REDIS_TLS_KEY_FILE=/certs/mtls_server.key'
- 'REDIS_TLS_CA_FILE=/certs/mtls_ca.crt'
- 'REDIS_TLS_AUTH_CLIENTS=no'
ports:
- '7002:6379'
graphql-demo:
# the owner doesn't provide a semver tag
image: npalm/graphql-java-demo:latest
ports:
- '8888:8080'
vector:
image: timberio/vector:0.29.1-debian
container_name: vector
volumes:
- ./ci/pod/vector:/etc/vector/
- ./t/certs:/certs
ports:
- '3000:3000' #tcp logger
- '8127:8127/udp'
- '43000:43000'
- '5140:5140'
- "18088:18088" # For splunk logging tests
- '5150:5150/udp'
- "3001:3001" #http logger
networks:
vector_net:
clickhouse:
image: clickhouse/clickhouse-server:23.4.2-alpine
container_name: clickhouse
ports:
- '8123:8123'
networks:
clickhouse_net:
clickhouse2:
image: clickhouse/clickhouse-server:23.4.2-alpine
container_name: clickhouse2
ports:
- '8124:8123'
networks:
clickhouse_net:
otel-collector:
image: otel/opentelemetry-collector-contrib
volumes:
- ./ci/pod/otelcol-contrib:/etc/otelcol-contrib:rw
ports:
- '4318:4318'
networks:
apisix_net:
kafka_net:
skywalk_net:
rocketmq_net:
opa_net:
vector_net:
clickhouse_net:
loki_net:

1
CloudronPackages/APISIX/apisix-source/ci/pod/etcd/env/common.env vendored Normal file
View File

@@ -0,0 +1 @@
ALLOW_NONE_AUTHENTICATION=yes

7
CloudronPackages/APISIX/apisix-source/ci/pod/eureka/env/common.env vendored Normal file
View File

@@ -0,0 +1,7 @@
ENVIRONMENT=apisix
spring.application.name=apisix-eureka
server.port=8761
eureka.instance.ip-address=127.0.0.1
eureka.client.registerWithEureka=true
eureka.client.fetchRegistry=false
eureka.client.serviceUrl.defaultZone=http://127.0.0.1:8761/eureka/

3
CloudronPackages/APISIX/apisix-source/ci/pod/kafka/kafka-server/env/common.env vendored Normal file
View File

@@ -0,0 +1,3 @@
ALLOW_PLAINTEXT_LISTENER=yes
KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true
KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092

8
CloudronPackages/APISIX/apisix-source/ci/pod/kafka/kafka-server/env/common2.env vendored Normal file
View File

@@ -0,0 +1,8 @@
ALLOW_PLAINTEXT_LISTENER=yes
KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=false
KAFKA_CFG_LISTENERS=PLAINTEXT://0.0.0.0:19092,SASL_PLAINTEXT://0.0.0.0:19094
KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:19092,SASL_PLAINTEXT://127.0.0.1:19094
KAFKA_CFG_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=
KAFKA_CFG_SSL_KEYSTORE_LOCATION=/opt/bitnami/kafka/config/certs/kafka.keystore.jks
KAFKA_CFG_SSL_KEYSTORE_PASSWORD=changeit
KAFKA_CFG_SSL_KEY_PASSWORD=changeit

8
CloudronPackages/APISIX/apisix-source/ci/pod/kafka/kafka-server/env/last.env vendored Normal file
View File

@@ -0,0 +1,8 @@
ALLOW_PLAINTEXT_LISTENER=yes
KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=false
KAFKA_CFG_LISTENERS=PLAINTEXT://0.0.0.0:9092,SSL://0.0.0.0:9093,SASL_PLAINTEXT://0.0.0.0:9094
KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092,SSL://127.0.0.1:9093,SASL_PLAINTEXT://127.0.0.1:9094
KAFKA_CFG_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=
KAFKA_CFG_SSL_KEYSTORE_LOCATION=/opt/bitnami/kafka/config/certs/kafka.keystore.jks
KAFKA_CFG_SSL_KEYSTORE_PASSWORD=changeit
KAFKA_CFG_SSL_KEY_PASSWORD=changeit

23
CloudronPackages/APISIX/apisix-source/ci/pod/kafka/kafka-server/kafka_jaas.conf Normal file
View File

@@ -0,0 +1,23 @@
//
// Licensed to the Apache Software Foundation (ASF) under one or more
// contributor license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright ownership.
// The ASF licenses this file to You under the Apache License, Version 2.0
// (the "License"); you may not use this file except in compliance with
// the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};

1
CloudronPackages/APISIX/apisix-source/ci/pod/kafka/zookeeper-server/env/common.env vendored Normal file
View File

@@ -0,0 +1 @@
ALLOW_ANONYMOUS_LOGIN=yes

85
CloudronPackages/APISIX/apisix-source/ci/pod/keycloak/kcadm_configure_basic.sh Executable file
View File

@@ -0,0 +1,85 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
export PATH=/opt/keycloak/bin:$PATH
kcadm.sh config credentials --server http://127.0.0.1:8080 --realm master --user admin --password admin
# create realm
kcadm.sh create realms -s realm=basic -s enabled=true
# set realm keys with specific private key, reuse tls cert and key
PRIVATE_KEY=$(awk 'NF {sub(/\r/, ""); printf "%s\\n", $0}' /opt/keycloak/conf/server.key.pem)
CERTIFICATE=$(awk 'NF {sub(/\r/, ""); printf "%s\\n", $0}' /opt/keycloak/conf/server.crt.pem)
kcadm.sh create components -r basic -s name=rsa-apisix -s providerId=rsa \
-s providerType=org.keycloak.keys.KeyProvider \
-s 'config.priority=["1000"]' \
-s 'config.enabled=["true"]' \
-s 'config.active=["true"]' \
-s "config.privateKey=[\"$PRIVATE_KEY\"]" \
-s "config.certificate=[\"$CERTIFICATE\"]" \
-s 'config.algorithm=["RS256"]'
# create client apisix
kcadm.sh create clients \
-r basic \
-s clientId=apisix \
-s enabled=true \
-s clientAuthenticatorType=client-secret \
-s secret=secret \
-s 'redirectUris=["*"]' \
-s 'directAccessGrantsEnabled=true'
# add audience to client apisix, so that the access token will contain the client id ("apisix") as audience
APISIX_CLIENT_UUID=$(kcadm.sh get clients -r basic -q clientId=apisix | jq -r '.[0].id')
kcadm.sh create clients/$APISIX_CLIENT_UUID/protocol-mappers/models \
-r basic \
-s protocol=openid-connect \
-s name=aud \
-s protocolMapper=oidc-audience-mapper \
-s 'config."id.token.claim"=false' \
-s 'config."access.token.claim"=true' \
-s 'config."included.client.audience"=apisix'
# create client apisix
kcadm.sh create clients \
-r basic \
-s clientId=apisix \
-s enabled=true \
-s clientAuthenticatorType=client-secret \
-s secret=secret \
-s 'redirectUris=["*"]' \
-s 'directAccessGrantsEnabled=true'
# create client apisix-no-aud, without client id audience
# according to Keycloak's default implementation, when unconfigured,
# only the account is listed as an audience, not the client id
kcadm.sh create clients \
-r basic \
-s clientId=apisix-no-aud \
-s enabled=true \
-s clientAuthenticatorType=client-secret \
-s secret=secret \
-s 'redirectUris=["*"]' \
-s 'directAccessGrantsEnabled=true'
# create user jack
kcadm.sh create users -r basic -s username=jack -s enabled=true
kcadm.sh set-password -r basic --username jack --new-password jack

37
CloudronPackages/APISIX/apisix-source/ci/pod/keycloak/kcadm_configure_cas.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
set -ex
export PATH=/opt/keycloak/bin:$PATH
kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
kcadm.sh create realms -s realm=test -s enabled=true
kcadm.sh create users -r test -s username=test -s enabled=true
kcadm.sh set-password -r test --username test --new-password test
clients=("cas1" "cas2")
rootUrls=("http://127.0.0.1:1984" "http://127.0.0.2:1984")
for i in ${!clients[@]}; do
kcadm.sh create clients -r test -s clientId=${clients[$i]} -s enabled=true \
-s protocol=cas -s frontchannelLogout=false -s rootUrl=${rootUrls[$i]} -s 'redirectUris=["/*"]'
done

90
CloudronPackages/APISIX/apisix-source/ci/pod/keycloak/kcadm_configure_university.sh Normal file
View File

@@ -0,0 +1,90 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
export PATH=/opt/keycloak/bin:$PATH
kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
# create realm University
kcadm.sh create realms -s realm=University -s enabled=true
# create roles `Teacher, Student`
kcadm.sh create roles -r University -s name=Teacher
kcadm.sh create roles -r University -s name=Student
# create users `teacher@gmail.com, student@gmail.com`
kcadm.sh create users -r University -s username=teacher@gmail.com -s enabled=true
kcadm.sh create users -r University -s username=student@gmail.com -s enabled=true
# set password
kcadm.sh set-password -r University --username teacher@gmail.com --new-password 123456
kcadm.sh set-password -r University --username student@gmail.com --new-password 123456
# bind roles to users
kcadm.sh add-roles -r University --uusername teacher@gmail.com --rolename Teacher
kcadm.sh add-roles -r University --uusername student@gmail.com --rolename Student
# create client course_management
kcadm.sh create clients -r University -s clientId=course_management -s enabled=true -s clientAuthenticatorType=client-secret -s secret=d1ec69e9-55d2-4109-a3ea-befa071579d5
client_id=$(kcadm.sh get clients -r University --fields id,clientId 2>/dev/null | jq -r '.[] | select(.clientId=='\"course_management\"') | .id')
teacher_id=$(kcadm.sh get roles -r University --fields id,name 2>/dev/null | jq -r '.[] | select(.name=='\"Teacher\"') | .id')
student_id=$(kcadm.sh get roles -r University --fields id,name 2>/dev/null | jq -r '.[] | select(.name=='\"Student\"') | .id')
# update client course_management
kcadm.sh update clients/${client_id} -r University -s protocol=openid-connect -s standardFlowEnabled=true \
-s implicitFlowEnabled=true -s directAccessGrantsEnabled=true -s serviceAccountsEnabled=true \
-s authorizationServicesEnabled=true -s 'redirectUris=["*"]' -s 'webOrigins=["*"]'
kcadm.sh update clients/${client_id}/authz/resource-server -r University -s allowRemoteResourceManagement=false -s policyEnforcementMode="ENFORCING"
# create authz-resource with name `course_resource`, uri `/course/*`, scope `DELETE, delete, view, GET`
kcadm.sh create clients/${client_id}/authz/resource-server/resource -r University -s name=course_resource \
-s ownerManagedAccess=false -s uris='["/course/*"]' -s scopes='[{"name": "DELETE"},{"name": "view"},{"name": "GET"},{"name": "delete"}]'
course_resource_id=$(kcadm.sh get clients/${client_id}/authz/resource-server/resource -r University --fields _id,name 2>/dev/null | jq -r '.[] | select(.name=='\"course_resource\"') | ._id')
DELETE_scope_id=$(kcadm.sh get clients/${client_id}/authz/resource-server/scope -r University --fields id,name 2>/dev/null | jq -r '.[] | select(.name=='\"DELETE\"') | .id')
delete_scope_id=$(kcadm.sh get clients/${client_id}/authz/resource-server/scope -r University --fields id,name 2>/dev/null | jq -r '.[] | select(.name=='\"delete\"') | .id')
GET_scope_id=$(kcadm.sh get clients/${client_id}/authz/resource-server/scope -r University --fields id,name 2>/dev/null | jq -r '.[] | select(.name=='\"GET\"') | .id')
view_scope_id=$(kcadm.sh get clients/${client_id}/authz/resource-server/scope -r University --fields id,name 2>/dev/null | jq -r '.[] | select(.name=='\"view\"') | .id')
# create authz-policy `AllowTeacherPolicy, AllowStudentPolicy`
kcadm.sh create clients/${client_id}/authz/resource-server/policy/role -r University \
-s name="AllowTeacherPolicy" -s logic="POSITIVE" -s decisionStrategy="UNANIMOUS" \
-s roles='[{"id": '\"${teacher_id}\"'}]'
kcadm.sh create clients/${client_id}/authz/resource-server/policy/role -r University \
-s name="AllowStudentPolicy" -s logic="POSITIVE" -s decisionStrategy="UNANIMOUS" \
-s roles='[{"id": '\"${student_id}\"'}]'
allow_teacher_policy_id=$(kcadm.sh get clients/${client_id}/authz/resource-server/policy -r University --fields id,name 2>/dev/null | jq -r '.[] | select(.name=='\"AllowTeacherPolicy\"') | .id')
allow_student_policy_id=$(kcadm.sh get clients/${client_id}/authz/resource-server/policy -r University --fields id,name 2>/dev/null | jq -r '.[] | select(.name=='\"AllowStudentPolicy\"') | .id')
# create authz-permission `Delete Course Permission` and `View Course Permission`
kcadm.sh create clients/${client_id}/authz/resource-server/permission/scope -r University \
-s name="Delete Course Permission" -s logic="POSITIVE" -s decisionStrategy="UNANIMOUS" \
-s policies='['\"${allow_teacher_policy_id}\"']' \
-s scopes='['\"${DELETE_scope_id}\"', '\"${delete_scope_id}\"']' \
-s resources='['\"${course_resource_id}\"']'
kcadm.sh create clients/${client_id}/authz/resource-server/permission/scope -r University \
-s name="View Course Permission" -s logic="POSITIVE" -s decisionStrategy="AFFIRMATIVE" \
-s policies='['\"${allow_teacher_policy_id}\"', '\"${allow_student_policy_id}\"']' \
-s scopes='['\"${GET_scope_id}\"', '\"${view_scope_id}\"']' \
-s resources='['\"${course_resource_id}\"']'

21
CloudronPackages/APISIX/apisix-source/ci/pod/keycloak/server.crt.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUbZfnhty/ZiHPz5Aq8kK5Kr8kcSQwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA0MTgxMTQzNDJaFw0zMzA0
MTUxMTQzNDJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC/F4wK7eMTVAKGDMLCXE+Y6REdA5GU6/AakJf3NEKQ
wCrtrqO+VBPIz445+edf3EEXhjFFGPdU6p0EkF0SMLaMsVBQQJ2qcP6FloIYiyT3
WCs/gbtdoWq53ucAfWueIyHWsovLc0VhOXm0rhTYg88nMjJ7y6vYkfLMT6qlwASn
9Tozgjat09fWATbN7yBi4ivVVsKDo2S3jkOyVnYYMjzZO3CSkyUSMl+ZsSesseSK
A9c2zogfKIU833njraA8blMFfdinEMI/9yceEx57IUjnpY1iWHLSItiZF+LKEpeL
vp9gpr88ghR85ISusqAqwcmnsdAqjjw7gbPm1DIvUgVBAgMBAAGjUzBRMB0GA1Ud
DgQWBBRvlz5ZiE2fD9ikPRqpYwsVrxZfxTAfBgNVHSMEGDAWgBRvlz5ZiE2fD9ik
PRqpYwsVrxZfxTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCX
5fOeFnX67eHI5dJB8p3U2GS21qykDVLV5ZV+JZfZwXJEygIvr/T9vs772EPxv+0/
TO0+pGdcVswXq/6BoUFCV0rWWTDP5wTS3sV1ZsSSHil5zEutXuAI1LQGlit6w5xn
iDURFZw3ZmOFytXKXNbca1ma4yaCZtOwVe3O36GZeOiZFzBYE2DELqy77Nz1E5+3
jZaDnx0vonV8/hhX6FAPRPQnIXkaEH3BnVQZGD1jxipbFQQtmeeNPELy18MQo30N
W1wOsbMMouniKUjdT16tdtzJzC+l9pVqRC+8df5PJfN56Uv9Ed6pjytkSF1SvHyJ
iTWmyxJL9AonUkc5Oiri
-----END CERTIFICATE-----

28
CloudronPackages/APISIX/apisix-source/ci/pod/keycloak/server.key.pem Executable file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/F4wK7eMTVAKG
DMLCXE+Y6REdA5GU6/AakJf3NEKQwCrtrqO+VBPIz445+edf3EEXhjFFGPdU6p0E
kF0SMLaMsVBQQJ2qcP6FloIYiyT3WCs/gbtdoWq53ucAfWueIyHWsovLc0VhOXm0
rhTYg88nMjJ7y6vYkfLMT6qlwASn9Tozgjat09fWATbN7yBi4ivVVsKDo2S3jkOy
VnYYMjzZO3CSkyUSMl+ZsSesseSKA9c2zogfKIU833njraA8blMFfdinEMI/9yce
Ex57IUjnpY1iWHLSItiZF+LKEpeLvp9gpr88ghR85ISusqAqwcmnsdAqjjw7gbPm
1DIvUgVBAgMBAAECggEBAKUrrkGYI2mGePPzPbiP38E02zTv67sEQLJFfwUOp+bE
I5b0F9agh8VQGghkyKgkEiNKO3YVQVuluvjB66CYeIGdleT4JQ+4wVcoo+ShCN++
1wr6kMA6kKx+Tb8vqYCzr0ELbSf6x+Jksp0Ixz3qmHixu88jWbNFW89boQ3JrnyZ
TUgRSRdPoXcxspwcbhy6mMhwUfUSy8Zcck81dBEAjokvzbYh4jtFYMipWqro66KJ
B9uqQme2J/rN/2PSrA6chI85Wa+JaGOSPDaGNp+DrADjoVZf1tXgzGCsA/lmVtQ0
8YN4Dh21EjLxz4Dj5GE7RWET4Ejvv1XEih1p+zKne00CgYEA327raCD5Fnr1nGTb
Q4ZWkcDR6EGSD6JGD0ur+UqqJhirM/5b4iGcsVK5uufb5dwk9+9z0EucXOVq/il0
vgG2FbgRYM8kx3CDLvMYAqKJ8e5NsGJWwJVq6DsmsO1SaEId+SVFH83RHfG5/ksq
/DgRg0Wl9FoL7sHchuSIP2QiLrMCgYEA2vHcKsMZk/KGMBHVffY3PUckirIM6vLa
idMmm0T0HSAdviZRxQGyOnjd93ZhMqFJPTrmHOq0uAxfdFt+oRoHk/pGarBCv76L
NnPrSnVe1pJOh7Mm7LHLgrAgeM2WW7xz6jZwc8On+9qHK97I/wAnJB8J7DvQJ2hR
sWCDSbfKtjsCgYEAnVE77tVIjMuGo9dfiuvLiFR7d0yzys43Bg4ByEUKCEjWQoWV
rGJ+MVxN6YvXCME4RloS8VZLgh0GeG44BJCv5Br2IXO4MbTGqQgAn9pRxkZD7S1Q
Z8jMvTboxypSG5ZyBDp5sSr5Ulwg2SuT2IKh0gv4DVRZkoJtA41lYTzf1IECgYBd
3NJGgt20T4S3lu2v0p5b5uQDkdF36CVIcP1cE3OUCPC3VDY5/0ApUSfXryh8TCjZ
1yZPv086mBNUDuV6q24UQndtxaLYERgdgBSfFzJRSuffxS4qyw40OM2y/HA5Y9FN
14jeGEMr9cN9S0VgDPC6y5O1cu8J9e8P3BBsyh5dgQKBgHMlIhOJDO/neVnax79X
d3+5GaiggUnkd27OkYC4LhXEc/QWeHE0ByA0bDhhnsE7IVK2CVC18axOLmEJVy2g
F6ZtxcpNrlVtF4YaOiRVUcDNnz9gX48efrpdoX2iBSFEd1NRDo/bjkVXI1L08LNf
BbMB104PadChoGpl5R3NQQsP
-----END PRIVATE KEY-----

6
CloudronPackages/APISIX/apisix-source/ci/pod/nacos/env/common.env vendored Normal file
View File

@@ -0,0 +1,6 @@
EMBEDDED_STORAGE=embedded
PREFER_HOST_MODE=hostname
MODE=cluster
NACOS_SERVERS="nacos1:8848 nacos2:8848"
JVM_XMS=512m
JVM_XMX=512m

2
CloudronPackages/APISIX/apisix-source/ci/pod/nacos/env/service.env vendored Normal file
View File

@@ -0,0 +1,2 @@
SERVICE_NAME=APISIX-NACOS
NACOS_ADDR=nacos2:8848

30
CloudronPackages/APISIX/apisix-source/ci/pod/nacos/healthcheck/Dockerfile Normal file
View File

@@ -0,0 +1,30 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
FROM alpine:latest
# change workdir to /
WORKDIR /
# install curl
RUN apk --no-cache add bash curl
# add healthcheck script
COPY *.sh /
# add hosted process
CMD ["cat"]

27
CloudronPackages/APISIX/apisix-source/ci/pod/nacos/healthcheck/nacos-server-healthcheck.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
set -ex
# nacos server healthcheck
REQ_STATUS=$(curl -s -o /dev/null -w '%{http_code}' "${CHECK_URI}")
if [ "${REQ_STATUS}" -ne "200" ]; then
exit 1;
fi

43
CloudronPackages/APISIX/apisix-source/ci/pod/nacos/healthcheck/nacos-service-healthcheck.sh Normal file
View File

@@ -0,0 +1,43 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
set -ex
# nacos service healthcheck
URI_LIST=(
"http://nacos2:8848/nacos/v1/ns/service/list?pageNo=1&pageSize=2"
"http://nacos2:8848/nacos/v1/ns/service/list?groupName=test_group&pageNo=1&pageSize=2"
"http://nacos2:8848/nacos/v1/ns/service/list?groupName=DEFAULT_GROUP&namespaceId=test_ns&pageNo=1&pageSize=2"
"http://nacos2:8848/nacos/v1/ns/service/list?groupName=test_group&namespaceId=test_ns&pageNo=1&pageSize=2"
)
for URI in "${URI_LIST[@]}"; do
if [[ $(curl -s "${URI}" | grep "APISIX-NACOS") ]]; then
continue
else
exit 1;
fi
done
for IDX in {1..7..1}; do
REQ_STATUS=$(curl -s -o /dev/null -w '%{http_code}' "http://nacos-service${IDX}:18001/hello")
if [ "${REQ_STATUS}" -ne "200" ]; then
exit 1;
fi
done

32
CloudronPackages/APISIX/apisix-source/ci/pod/nacos/service/Dockerfile Normal file
View File

@@ -0,0 +1,32 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
FROM eclipse-temurin:8
ENV SUFFIX_NUM=${SUFFIX_NUM:-1}
ENV NACOS_ADDR=${NACOS_ADDR:-127.0.0.1:8848}
ENV SERVICE_NAME=${SERVICE_NAME:-gateway-service}
ENV NAMESPACE=${NAMESPACE}
ENV GROUP=${GROUP:-DEFAULT_GROUP}
ADD https://raw.githubusercontent.com/api7/nacos-test-service/main/spring-nacos-1.0-SNAPSHOT.jar /app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar",\
"--suffix.num=${SUFFIX_NUM}","--spring.cloud.nacos.discovery.server-addr=${NACOS_ADDR}",\
"--spring.application.name=${SERVICE_NAME}","--spring.cloud.nacos.discovery.group=${GROUP}",\
"--spring.cloud.nacos.discovery.namespace=${NAMESPACE}"]
EXPOSE 18001

30
CloudronPackages/APISIX/apisix-source/ci/pod/opa/data.json Normal file
View File

@@ -0,0 +1,30 @@
{
"users": {
"alice": {
"headers": {
"Location": "http://example.com/auth"
},
"status_code": 302
},
"bob": {
"headers": {
"test": "abcd",
"abcd": "test"
}
},
"carla": {
"reason": "Give you a string reason"
},
"dylon": {
"reason": {
"code": 40001,
"desc": "Give you a object reason"
}
},
"elisa": {
"reason": {
"info": []
}
}
}
}

20
CloudronPackages/APISIX/apisix-source/ci/pod/opa/echo.rego Normal file
View File

@@ -0,0 +1,20 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package echo
allow = false
reason = input

55
CloudronPackages/APISIX/apisix-source/ci/pod/opa/example.rego Normal file
View File

@@ -0,0 +1,55 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package example
import input.request
import data.users
default allow = false
allow {
request.headers["test-header"] == "only-for-test"
request.method == "GET"
startswith(request.path, "/hello")
request.query["test"] != "abcd"
request.query["user"]
}
allow {
request.method == "GET"
startswith(request.path, "/echo")
}
reason = users[request.query["user"]].reason {
not allow
request.query["user"]
}
headers = users[request.query["user"]].headers {
not allow
request.query["user"]
}
headers = {"user": request.query["user"]} {
allow
request.query["user"]
}
status_code = users[request.query["user"]].status_code {
not allow
request.query["user"]
}

24
CloudronPackages/APISIX/apisix-source/ci/pod/opa/with_route.rego Normal file
View File

@@ -0,0 +1,24 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package with_route
default allow = false
allow {
input.route.name == "valid"
}
status_code = 403 {not allow}

28
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/build-function-image.sh Executable file
View File

@@ -0,0 +1,28 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
set -xeuo pipefail
if [ ! -f "./pack" ]; then
wget -q https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-linux.tgz
tar -zxvf pack-v0.27.0-linux.tgz
fi
# please update function-example/*/hello.go if you want to update function
./pack build test-uri-image --path ./ci/pod/openfunction/function-example/test-uri --builder openfunction/builder-go:v2.4.0-1.17 --env FUNC_NAME="HelloWorld" --env FUNC_CLEAR_SOURCE=true --env FUNC_GOPROXY="https://proxy.golang.org"
./pack build test-body-image --path ./ci/pod/openfunction/function-example/test-body --builder openfunction/builder-go:v2.4.0-1.17 --env FUNC_NAME="HelloWorld" --env FUNC_CLEAR_SOURCE=true --env FUNC_GOPROXY="https://proxy.golang.org"
./pack build test-header-image --path ./ci/pod/openfunction/function-example/test-header --builder openfunction/builder-go:v2.4.0-1.17 --env FUNC_NAME="HelloWorld" --env FUNC_CLEAR_SOURCE=true --env FUNC_GOPROXY="https://proxy.golang.org"

31
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/function-example/test-body/go.mod Normal file
View File

@@ -0,0 +1,31 @@
module example.com/hello
go 1.17
require github.com/OpenFunction/functions-framework-go v0.3.0
require (
github.com/SkyAPM/go2sky v1.4.1 // indirect
github.com/cloudevents/sdk-go/v2 v2.4.1 // indirect
github.com/dapr/dapr v1.6.0 // indirect
github.com/dapr/go-sdk v1.3.1 // indirect
github.com/go-logr/logr v1.2.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/json-iterator/go v1.1.11 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.7.0 // indirect
go.uber.org/zap v1.19.1 // indirect
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f // indirect
golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 // indirect
golang.org/x/text v0.3.7 // indirect
google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect
google.golang.org/grpc v1.40.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/yaml.v3 v3.0.0 // indirect
k8s.io/klog/v2 v2.30.0 // indirect
skywalking.apache.org/repo/goapi v0.0.0-20220401015832-2c9eee9481eb // indirect
)

1760
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/function-example/test-body/go.sum Normal file
View File

File diff suppressed because it is too large Load Diff

37
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/function-example/test-body/hello.go Normal file
View File

@@ -0,0 +1,37 @@
/*
* Copyright 2022 The OpenFunction Authors.
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package hello
import (
"fmt"
"io"
"net/http"
"github.com/OpenFunction/functions-framework-go/functions"
)
func init() {
functions.HTTP("HelloWorld", HelloWorld)
}
func HelloWorld(w http.ResponseWriter, r *http.Request) {
body, _ := io.ReadAll(r.Body)
fmt.Fprintf(w, "Hello, %s!\n", string(body))
}

3
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/function-example/test-header/go.mod Normal file
View File

@@ -0,0 +1,3 @@
module example.com/hello
go 1.17

30
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/function-example/test-header/hello.go Normal file
View File

@@ -0,0 +1,30 @@
/*
* Copyright 2022 The OpenFunction Authors.
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package hello
import (
"fmt"
"net/http"
)
func HelloWorld(w http.ResponseWriter, r *http.Request) {
header := r.Header
fmt.Fprintf(w, "%s", header["Authorization"])
}

32
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/function-example/test-uri/go.mod Normal file
View File

@@ -0,0 +1,32 @@
module example.com/hello
go 1.17
require github.com/OpenFunction/functions-framework-go v0.4.0
require (
github.com/SkyAPM/go2sky v1.4.1 // indirect
github.com/cloudevents/sdk-go/v2 v2.4.1 // indirect
github.com/dapr/dapr v1.8.3 // indirect
github.com/dapr/go-sdk v1.5.0 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.7.0 // indirect
go.uber.org/zap v1.21.0 // indirect
golang.org/x/net v0.0.0-20220621193019-9d032be2e588 // indirect
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
golang.org/x/text v0.3.7 // indirect
google.golang.org/genproto v0.0.0-20220622171453-ea41d75dfa0f // indirect
google.golang.org/grpc v1.47.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.30.0 // indirect
skywalking.apache.org/repo/goapi v0.0.0-20220401015832-2c9eee9481eb // indirect
)

2615
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/function-example/test-uri/go.sum Normal file
View File

File diff suppressed because it is too large Load Diff

38
CloudronPackages/APISIX/apisix-source/ci/pod/openfunction/function-example/test-uri/hello.go Normal file
View File

@@ -0,0 +1,38 @@
/*
* Copyright 2022 The OpenFunction Authors.
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package hello
import (
"fmt"
ofctx "github.com/OpenFunction/functions-framework-go/context"
"net/http"
"github.com/OpenFunction/functions-framework-go/functions"
)
func init() {
functions.HTTP("HelloWorld", HelloWorld,
functions.WithFunctionPath("/{greeting}"))
}
func HelloWorld(w http.ResponseWriter, r *http.Request) {
vars := ofctx.VarsFromCtx(r.Context())
fmt.Fprintf(w, "Hello, %s!\n", vars["greeting"])
}

32
CloudronPackages/APISIX/apisix-source/ci/pod/otelcol-contrib/config.yaml Normal file
View File

@@ -0,0 +1,32 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
exporters:
file:
path: /etc/otelcol-contrib/data-otlp.json
service:
pipelines:
traces:
receivers: [otlp]
exporters: [file]

111
CloudronPackages/APISIX/apisix-source/ci/pod/vector/vector.toml Normal file
View File

@@ -0,0 +1,111 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[sources.log-from-tcp]
type = "socket"
address = "0.0.0.0:3000"
host_key = "host"
mode = "tcp"
port_key = "port"
shutdown_timeout_secs = 30
socket_file_mode = 511
[sources.log-from-http]
type = "http_server"
address = "0.0.0.0:3001"
[sources.log-from-udp]
type = "socket"
address = "0.0.0.0:8127"
host_key = "host"
mode = "udp"
port_key = "port"
[sources.log-from-tls]
type = "socket"
address = "0.0.0.0:43000"
host_key = "host"
mode = "tcp"
port_key = "port"
tls.enabled = true
tls.verify = true
tls.ca_file = "/certs/vector_logs_ca.crt"
tls.crt_file = "/certs/vector_logs_server.crt"
tls.key_file = "/certs/vector_logs_server.key"
[sources.log-from-syslog-tcp]
type = "syslog"
address = "0.0.0.0:5140"
mode = "tcp"
[sources.log-from-syslog-udp]
type = "syslog"
address = "0.0.0.0:5150"
mode = "udp"
[sources.log-from-splunk]
type = "splunk_hec"
address = "0.0.0.0:18088"
valid_tokens = [
"BD274822-96AA-4DA6-90EC-18940FB2414C"
]
[sinks.log-2-console]
inputs = [ "log-from-tcp", "log-from-tls", "log-from-syslog-tcp", "log-from-syslog-udp", "log-from-udp", "log-from-splunk", "log-from-http"]
type = "console"
encoding.codec = "json"
[sinks.log-2-tcp-file]
inputs = [ "log-from-tcp" ]
type = "file"
encoding.codec = "text"
path = "/etc/vector/tcp.log"
[sinks.log-2-http-file]
inputs = [ "log-from-http" ]
type = "file"
encoding.codec = "text"
path = "/etc/vector/http.log"
[sinks.log-2-udp-file]
inputs = [ "log-from-udp" ]
type = "file"
encoding.codec = "json"
path = "/etc/vector/udp.log"
[sinks.tls-log-2-file]
inputs = [ "log-from-tls" ]
type = "file"
encoding.codec = "json"
path = "/etc/vector/tls-datas.log"
[sinks.log-2-syslog-tcp-file]
inputs = [ "log-from-syslog-tcp" ]
type = "file"
encoding.codec = "text"
path = "/etc/vector/syslog-tcp.log"
[sinks.log-2-splunk-file]
inputs = [ "log-from-splunk" ]
type = "file"
encoding.codec = "json"
path = "/etc/vector/splunk.log"
[sinks.log-2-syslog-udp-file]
inputs = [ "log-from-syslog-udp" ]
type = "file"
encoding.codec = "text"
path = "/etc/vector/syslog-udp.log"

116
CloudronPackages/APISIX/apisix-source/ci/redhat-ci.sh Executable file
View File

@@ -0,0 +1,116 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./ci/common.sh
install_dependencies() {
export_version_info
export_or_prefix
# install build & runtime deps
yum install -y --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms \
wget tar gcc gcc-c++ automake autoconf libtool make unzip git sudo openldap-devel hostname patch \
which ca-certificates pcre pcre-devel xz \
openssl-devel
yum install -y libyaml-devel
yum install -y --disablerepo=* --enablerepo=ubi-8-appstream-rpms --enablerepo=ubi-8-baseos-rpms cpanminus perl
# install newer curl
yum makecache
yum install -y xz
install_curl
# install apisix-runtime to make apisix's rpm test work
yum install -y yum-utils && yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo
yum install -y openresty-pcre-devel openresty-zlib-devel
install_apisix_runtime
curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \
https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/conf/openssl3/openssl.cnf
# patch lua-resty-events
sed -i 's/log(ERR, "event worker failed: ", perr)/log(ngx.WARN, "event worker failed: ", perr)/' /usr/local/openresty/lualib/resty/events/worker.lua
# install luarocks
./utils/linux-install-luarocks.sh
# install etcdctl
./ci/linux-install-etcd-client.sh
# install vault cli capabilities
install_vault_cli
# install brotli
yum install -y cmake3
install_brotli
# install test::nginx
cpanm --notest Test::Nginx IPC::Run > build.log 2>&1 || (cat build.log && exit 1)
# add go1.15 binary to the path
mkdir build-cache
pushd build-cache/
# Go is required inside the container.
wget -q https://golang.org/dl/go1.17.linux-amd64.tar.gz && tar -xf go1.17.linux-amd64.tar.gz
export PATH=$PATH:$(pwd)/go/bin
popd
# install and start grpc_server_example
pushd t/grpc_server_example
CGO_ENABLED=0 go build
popd
yum install -y iproute procps
start_grpc_server_example
start_sse_server_example
# installing grpcurl
install_grpcurl
# install nodejs
install_nodejs
# grpc-web server && client
pushd t/plugin/grpc-web
./setup.sh
# back to home directory
popd
# install dependencies
git clone https://github.com/openresty/test-nginx.git test-nginx
create_lua_deps
}
run_case() {
export_or_prefix
make init
set_coredns
# run test cases
FLUSH_ETCD=1 TEST_EVENTS_MODULE=$TEST_EVENTS_MODULE prove --timer -Itest-nginx/lib -I./ -r ${TEST_FILE_SUB_DIR} | tee /tmp/test.result
rerun_flaky_tests /tmp/test.result
}
case_opt=$1
case $case_opt in
(install_dependencies)
install_dependencies
;;
(run_case)
run_case
;;
esac

33
CloudronPackages/APISIX/apisix-source/ci/tars-ci.sh Executable file
View File

@@ -0,0 +1,33 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./ci/common.sh
run_case() {
export_or_prefix
export PERL5LIB=.:$PERL5LIB
prove -Itest-nginx/lib -I./ -r t/tars | tee test-result
rerun_flaky_tests test-result
}
case_opt=$1
case $case_opt in
(run_case)
run_case
;;
esac