Add support for APISIX Dashboard

This commit is contained in:
Slavi Pantaleev 2024-01-23 15:08:31 +02:00
parent 395994ebc1
commit 71b167a4bc
5 changed files with 132 additions and 0 deletions

View file

@ -0,0 +1,63 @@
# APISIX Dashboard
[APISIX Dashboard](https://apisix.apache.org/docs/dashboard/USER_GUIDE/) is a web UI for [APISIX Gateway](./apisix-gateway.md).
It works by directly editing the [etcd](./etcd.md) database that APISIX Gateway stores its data in.
## Dependencies
This service requires the following other services:
- a [Traefik](traefik.md) reverse-proxy server
- an [etcd](etcd.md) key-value store
- (optional) [APISIX Gateway](./apisix-gateway.md) - there's no point in administrating APISIX Gateway configuration stored in etcd without having an APISIX Gateway instance to initialize and consume it
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# apisix_dashboard #
# #
########################################################################
apisix_dashboard_enabled: true
apisix_dashboard_hostname: dashboard.api.example.com
# A strong secret for JWT authentication
apisix_dashboard_config_authentication_secret: ''
apisix_dashboard_config_authentication_users:
- username: admin
password: password-here
########################################################################
# #
# /apisix_dashboard #
# #
########################################################################
```
If you'd like to do something more advanced, the [`ansible-role-apisix-dashboard` Ansible role](https://github.com/mother-of-all-self-hosting/ansible-role-apisix-dashboard) is very configurable and should not get in your way of exposing ports or configuring arbitrary settings.
Take a look at [its `default/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-apisix-dashboard/blob/main/defaults/main.yml) for available Ansible variables you can use in your own `vars.yml` configuration file.
### URL
In the example configuration above, we configure APISIX Dashboard to expose itself at: `https://dashboard.api.example.com`
### Authentication
The example above uses the built-in login page of APISIX Dashboard with a list of users is defined via `apisix_dashboard_config_authentication_users`.
APISIX Dashboard also supports OpenID Connect providers. It can be enabled and configured via various `apisix_dashboard_config_oidc_*` Ansible variables.
## Usage
After installation, you can visit the APISIX Dashboard URL and authenticate with a credential as specified in `apisix_dashboard_config_authentication_users`. If you've enabled OpenID Connect, you may also be able to authenticate with that.

View file

@ -4,6 +4,7 @@
| ------------------------------ | ------------------------------------- | ------------- | | ------------------------------ | ------------------------------------- | ------------- |
| [AUX](https://github.com/mother-of-all-self-hosting/ansible-role-aux) | Auxiliary file/directory management on your server via Ansible | [Link](services/auxiliary.md) | | [AUX](https://github.com/mother-of-all-self-hosting/ansible-role-aux) | Auxiliary file/directory management on your server via Ansible | [Link](services/auxiliary.md) |
| [AdGuard Home](https://adguard.com/en/adguard-home/overview.html/) | A network-wide DNS software for blocking ads & tracking | [Link](services/adguard-home.md) | | [AdGuard Home](https://adguard.com/en/adguard-home/overview.html/) | A network-wide DNS software for blocking ads & tracking | [Link](services/adguard-home.md) |
| [APISIX Dashboard](https://apisix.apache.org/docs/dashboard/USER_GUIDE/) | A web UI for [APISIX Gateway](services/apisix-gateway.md) | [Link](services/apisix-dashboard.md) |
| [APISIX Gateway](https://apisix.apache.org/docs/apisix/getting-started/README/) | An API Gateway, Ingress Controller, etc | [Link](services/apisix-gateway.md) | | [APISIX Gateway](https://apisix.apache.org/docs/apisix/getting-started/README/) | An API Gateway, Ingress Controller, etc | [Link](services/apisix-gateway.md) |
| [Appsmith](https://www.appsmith.com/) | Platform for building and deploying custom internal tools and applications without writing code | [Link](services/appsmith.md) | | [Appsmith](https://www.appsmith.com/) | Platform for building and deploying custom internal tools and applications without writing code | [Link](services/appsmith.md) |
| [Authelia](https://www.authelia.com/) | An open-source authentication and authorization server that can work as a companion to [common reverse proxies](https://www.authelia.com/overview/prologue/supported-proxies/) (like [Traefik](traefik.md) frequently used by this playbook) | [Link](services/authelia.md) | | [Authelia](https://www.authelia.com/) | An open-source authentication and authorization server that can work as a companion to [common reverse proxies](https://www.authelia.com/overview/prologue/supported-proxies/) (like [Traefik](traefik.md) frequently used by this playbook) | [Link](services/authelia.md) |

View file

@ -159,6 +159,11 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
{{ ({'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']} if adguard_home_enabled else omit) }} {{ ({'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']} if adguard_home_enabled else omit) }}
# /role-specific:adguard_home # /role-specific:adguard_home
# role-specific:apisix_dashboard
- |-
{{ ({'name': (apisix_dashboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-dashboard']} if apisix_dashboard_enabled else omit) }}
# /role-specific:apisix_dashboard
# role-specific:apisix_gateway # role-specific:apisix_gateway
- |- - |-
{{ ({'name': (apisix_gateway_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-gateway']} if apisix_gateway_enabled else omit) }} {{ ({'name': (apisix_gateway_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-gateway']} if apisix_gateway_enabled else omit) }}
@ -1101,6 +1106,61 @@ adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_cert
# role-specific:apisix_dashboard
########################################################################
# #
# apisix_dashboard #
# #
########################################################################
apisix_dashboard_enabled: false
apisix_dashboard_identifier: "{{ mash_playbook_service_identifier_prefix }}apisix-dashboard"
apisix_dashboard_uid: "{{ mash_playbook_uid }}"
apisix_dashboard_gid: "{{ mash_playbook_gid }}"
apisix_dashboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}apisix-dashboard"
apisix_dashboard_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if (mash_playbook_reverse_proxyable_services_additional_network and apisix_dashboard_container_labels_traefik_enabled) else [])
}}
apisix_dashboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
apisix_dashboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
apisix_dashboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
apisix_dashboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# role-specific:etcd
apisix_dashboard_config_conf_etcd_endpoints: |
{{
([(etcd_identifier + ':2379')] if etcd_enabled else [])
}}
apisix_dashboard_config_conf_etcd_username: "{{ ('root' if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}"
apisix_dashboard_config_conf_etcd_password: "{{ (etcd_environment_variable_etcd_root_password if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}"
apisix_dashboard_container_additional_networks_custom: |
{{
([etcd_container_network] if etcd_enabled else [])
}}
apisix_dashboard_systemd_required_systemd_services_list_auto: |
{{
([(etcd_identifier + '.service')] if etcd_enabled else [])
}}
# /role-specific:etcd
########################################################################
# #
# /apisix_dashboard #
# #
########################################################################
# /role-specific:apisix_dashboard
# role-specific:apisix_gateway # role-specific:apisix_gateway
######################################################################## ########################################################################
# # # #

View file

@ -8,6 +8,10 @@
version: v1.9.50-0 version: v1.9.50-0
name: appsmith name: appsmith
activation_prefix: appsmith_ activation_prefix: appsmith_
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-apisix-dashboard.git
version: v3.0.1-0
name: apisix_dashboard
activation_prefix: apisix_dashboard_
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-apisix-gateway.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-apisix-gateway.git
version: v3.8.0-0 version: v3.8.0-0
name: apisix_gateway name: apisix_gateway

View file

@ -98,6 +98,10 @@
- role: galaxy/appsmith - role: galaxy/appsmith
# /role-specific:appsmith # /role-specific:appsmith
# role-specific:apisix_dashboard
- role: galaxy/apisix_dashboard
# /role-specific:apisix_dashboard
# role-specific:apisix_gateway # role-specific:apisix_gateway
- role: galaxy/apisix_gateway - role: galaxy/apisix_gateway
# /role-specific:apisix_gateway # /role-specific:apisix_gateway