docker安装apisix2.10.2

一、相关软件清单

etcd，版本3.4.9，提供存储服务

apisix，版本2.10.2-centos，提供api网关服务

apisix-dashboard，版本2.9.0，提供api网关操作界面

二、进入服务器并切换到工作目录

cd /mysoft/apisix

注意，如果目录不存在，请执行一下命令新建目录：

mkdir -p /mysoft/apisix

三、下载并导入镜像到docker

1、使用官方的方式：

docker pull bitnami/etcd:3.4.9

docker pull apache/apisix:2.10.2-centos

docker pull apache/apisix-dashboard:2.9.0

四、安装etdc存储服务

4.1 使用镜像创建etcd容器实例

cd /mysoft/apisix
mkdir -p `pwd`/example/etcd_conf

#以下脚本会自动创建空文件
touch  `pwd`/example/etcd_conf/etcd.conf.ym

docker run -it --name etcd-server_ys_ywzx -v `pwd`/example/etcd_conf/etcd.conf.yml:/opt/bitnami/etcd/conf/etcd.conf.yml -v /etc/localtime:/etc/localtime:ro -p 2379:2379 -p 2380:2380 --network host --env ALLOW_NONE_AUTHENTICATION=yes -d bitnami/etcd:3.4.9

4.2 查看是否创建成功

docker ps -a

4.4 进入容器查看是否etdc实例是否启动成功

docker exec -it etcd-server_my_soft /bin/sh

etcdctl member list

exit

五、安装apisix网关服务

5.1 创建apisix的配置文件，用于挂载到apisix容器

cd /mysoft/apisix

mkdir -p `pwd`/example/apisix_conf

#apisix_conf的文件内容参考如下：

apisix:
  port_admin: 9180
  node_listen: 
    - 9080
    - 9081
    - 9082
  ssl:
    listen_port:
      - 9443  
  allow_admin:                  # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
    - 127.0.0.0/24              # If we don't set any IP list, then any IP access is allowed by default.
    - 192.168.1.123/24
  
  admin_key:
    -
      name: "admin"
      key: 自定义密钥#一定要自定义该值
      role: admin                 # admin: manage all configuration data
                                  # viewer: only can view configuration data
    -
      name: "adminTest"
      key: 自定义密钥 #一定要自定义该值
      role: admin                 # admin: manage all configuration data
                                  # viewer: only can view configuration data
    -
      name: "viewer"
      key: 自定义密钥 #一定要自定义该值
      role: viewer

将apisix的config.yaml配置文件上传到`pwd`/example/apisix_conf，注意，'pwd'指当前工作目录，即/mysoft/apisix

注意：一定要在config.yaml设置allow_admin和admin_key，结束时按Ctrl+d退出并保存文件。

5.2 使用镜像创建apisix容器实例

docker run --name apisix_my_soft -v `pwd`/example/apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml -v `pwd`/example/apisix_log:/usr/local/apisix/logs -v /etc/localtime:/etc/localtime:ro -p 9080:9080 -p 9443:9443 -p 9181:9181 -p 9182:9182 --network host -d apache/apisix:2.10.2-centos

5.3 启动apisix实例

docker start apisix_my_soft

5.4 检查apisix是否正常提供服务

curl http://127.0.0.1:9080/apisix/admin/routes/ -H 'X-API-KEY:这里要输入config.yaml配置的密钥'

六、安装apisix-dashboard服务

6.1 创建apisix-dashboard的配置文件，用于挂载到apisix容器

cd /mysoft/apisix

mkdir -p `pwd`/path/to

将apisix-dashboard的config.yaml配置文件上传到`pwd`/path/to，注意，'pwd'指当前工作目录，即/mysoft/apisix

注意：在config.yaml重点配置allow_list，用于配置哪些ip可以访问apisix-dashboard服务。

#config.yaml文件的参考内容如下：

conf:
  listen:
    # host: 127.0.0.1     # the address on which the `Manager API` should listen.
                          # The default value is 0.0.0.0, if want to specify, please enable it.
                          # This value accepts IPv4, IPv6, and hostname.
    port: 9000            # The port on which the `Manager API` should listen.

  # ssl:
  #   host: 127.0.0.1     # the address on which the `Manager API` should listen for HTTPS.
                          # The default value is 0.0.0.0, if want to specify, please enable it.
  #   port: 9001            # The port on which the `Manager API` should listen for HTTPS.
  #   cert: "/tmp/cert/example.crt" # Path of your SSL cert.
  #   key:  "/tmp/cert/example.key"  # Path of your SSL key.

  allow_list:             # If we don't set any IP list, then any IP access is allowed by default.
    - 127.0.0.1           # The rules are checked in sequence until the first match is found.
    - 192.168.1.0/24
    - 192.168.11.123/24
    
    - ::1                 # In this example, access is allowed only for IPv4 network 127.0.0.1, and for IPv6 network ::1.
                          # It also support CIDR like 192.168.1.0/24 and 2001:0db8::/32
  etcd:
    endpoints:            # supports defining multiple etcd host addresses for an etcd cluster
      - 127.0.0.1:2379
                          # yamllint disable rule:comments-indentation
                          # etcd basic auth info
    # username: "root"    # ignore etcd username if not enable etcd auth
    # password: "123456"  # ignore etcd password if not enable etcd auth
    mtls:
      key_file: ""          # Path of your self-signed client side key
      cert_file: ""         # Path of your self-signed client side cert
      ca_file: ""           # Path of your self-signed ca cert, the CA is used to sign callers' certificates
    # prefix: /apisix       # apisix config's prefix in etcd, /apisix by default
  log:
    error_log:
      level: warn       # supports levels, lower to higher: debug, info, warn, error, panic, fatal
      file_path:
        logs/error.log  # supports relative path, absolute path, standard output
                        # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
    access_log:
      file_path:
        logs/access.log  # supports relative path, absolute path, standard output
                         # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr
                         # log example: 2020-12-09T16:38:09.039+0800	INFO	filter/logging.go:46	/apisix/admin/routes/r1	{"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
  max_cpu: 0             # supports tweaking with the number of OS threads are going to be used for parallelism. Default value: 0 [will use max number of available cpu cores considering hyperthreading (if any)]. If the value is negative, is will not touch the existing parallelism profile.

authentication:
  secret:
    secret              # secret for jwt token generation.
                        # NOTE: Highly recommended to modify this value to protect `manager api`.
                        # if it's default value, when `manager api` start, it will generate a random string to replace it.
  expire_time: 3600     # jwt token expire time, in second
  users:                # yamllint enable rule:comments-indentation
    - username: 自定义用户名   # username and password for login `manager api`
      password: 自定义密码
    - username: 自定义用户名
      password: 自定义密码

plugins:                          # plugin list (sorted in alphabetical order)
  - api-breaker
  - authz-keycloak
  - basic-auth
  - batch-requests
  - consumer-restriction
  - cors
  # - dubbo-proxy
  - echo
  # - error-log-logger
  # - example-plugin
  - fault-injection
  - grpc-transcode
  - hmac-auth
  - http-logger
  - ip-restriction
  - jwt-auth
  - kafka-logger
  - key-auth
  - limit-conn
  - limit-count
  - limit-req
  # - log-rotate
  # - node-status
  - openid-connect
  - prometheus
  - proxy-cache
  - proxy-mirror
  - proxy-rewrite
  - redirect
  - referer-restriction
  - request-id
  - request-validation
  - response-rewrite
  - serverless-post-function
  - serverless-pre-function
  # - skywalking
  - sls-logger
  - syslog
  - tcp-logger
  - udp-logger
  - uri-blocker
  - wolf-rbac
  - zipkin
  - server-info
  - traffic-split

6.2 使用镜像创建apisix-dashboard容器实例

docker run -d -p 9000:9000 --network host -v `pwd`/path/to/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml -v /etc/localtime:/etc/localtime:ro --name apisix-dashboard_my_soft apache/apisix-dashboard:2.9.0

6.3 启动apisix-dashboard实例

docker start apisix-dashboard_my_soft

6.4 检查apisix dashboard是否正常提供服务

curl http://127.0.0.1:9000

七、开通网络策略（如果需要apisix的管理api提供外部使用时才开通）

firewall-cmd --zone=public --add-port=9080/tcp --permanent

firewall-cmd --zone=public --add-port=9000/tcp --permanent

firewall-cmd --reload