From 104f7a21ff20e0034afbf110e8c4a482111f5712 Mon Sep 17 00:00:00 2001 From: "d.viti" Date: Wed, 8 Oct 2025 16:05:27 +0200 Subject: [PATCH] Simplify adc-sync job to use ADC container and args --- .../templates/job-adc-sync.yaml | 207 ++---------------- 1 file changed, 16 insertions(+), 191 deletions(-) diff --git a/helm/api7ee-demo-k8s/templates/job-adc-sync.yaml b/helm/api7ee-demo-k8s/templates/job-adc-sync.yaml index 0e97521..24e2929 100644 --- a/helm/api7ee-demo-k8s/templates/job-adc-sync.yaml +++ b/helm/api7ee-demo-k8s/templates/job-adc-sync.yaml @@ -21,191 +21,26 @@ spec: spec: restartPolicy: Never serviceAccountName: {{ include "api7ee.serviceAccountName" . }} - {{- if .Values.api7.tls.certManager.enabled }} - initContainers: - - name: wait-for-certificate - image: busybox:1.35 - command: - - sh - - -c - - | - echo "Waiting for TLS certificate to be ready..." - while [ ! -f /etc/ssl/certs/tls.crt ] || [ ! -f /etc/ssl/certs/tls.key ]; do - echo "Certificate not ready, waiting..." - sleep 5 - done - echo "Certificate is ready!" - volumeMounts: - - name: tls-certs - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} containers: - name: adc-sync - image: debian:bookworm-slim + image: ghcr.io/api7/adc:latest imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - | - set -e - echo "Starting API7 ADC configuration sync..." - - # Install dependencies and ADC binary - echo "Installing curl and dependencies..." - if [ -f /etc/debian_version ]; then - # Debian/Ubuntu - apt-get update && apt-get install -y curl {{- if .Values.api7.autoPublish }} jq{{- end }} - elif [ -f /etc/alpine-release ]; then - # Alpine - apk add --no-cache curl {{- if .Values.api7.autoPublish }} jq{{- end }} - elif [ -f /etc/redhat-release ]; then - # RHEL/CentOS - yum install -y curl {{- if .Values.api7.autoPublish }} jq{{- end }} - else - echo "ERROR: Unsupported Linux distribution" - exit 1 - fi - - # Download and install ADC binary - echo "Downloading ADC binary..." - ADC_VERSION="v0.21.0" - curl -sL "https://github.com/api7/adc/releases/download/${ADC_VERSION}/adc_${ADC_VERSION#v}_linux_amd64.tar.gz" -o /tmp/adc.tar.gz - tar -zxf /tmp/adc.tar.gz -C /tmp/ - chmod +x /tmp/adc - mv /tmp/adc /usr/local/bin/adc - rm -f /tmp/adc.tar.gz - - # Verify ADC installation and update PATH - export PATH="/usr/local/bin:$PATH" - if ! command -v adc &> /dev/null; then - echo "ERROR: ADC installation failed" - ls -la /usr/local/bin/ - exit 1 - fi - echo "ADC installed successfully: $(adc version 2>/dev/null || echo 'installed')" - - # Wait for API7 Gateway to be ready - echo "Waiting for API7 Gateway to be available..." - MAX_RETRIES=30 - RETRY_COUNT=0 - {{- if eq .Values.api7.backend "api7ee" }} - # For API7 EE, check the version endpoint - HEALTH_ENDPOINT="${API7_ADMIN_URL}/version" - {{- else }} - # For Apache APISIX, check the admin routes endpoint - HEALTH_ENDPOINT="${API7_ADMIN_URL}/apisix/admin/routes" - {{- end }} - - while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do - HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" ${HEALTH_ENDPOINT} \ - {{- if eq .Values.api7.backend "apisix" }} - -H "X-API-KEY: ${API7_ADMIN_KEY}" \ - {{- end }} - --max-time 5 || echo "000") - - if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "401" ]; then - echo "API7 Gateway is ready! (HTTP $HTTP_CODE)" - break - fi - echo "API7 Gateway not ready (HTTP $HTTP_CODE), retrying... ($RETRY_COUNT/$MAX_RETRIES)" - RETRY_COUNT=$((RETRY_COUNT + 1)) - sleep 10 - done - - if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then - echo "ERROR: API7 Gateway not ready after $MAX_RETRIES attempts" - exit 1 - fi - - {{- if .Values.api7.tls.certManager.enabled }} - # Copy certificates to config directory - cp /etc/ssl/certs/tls.crt /tmp/tls.crt - cp /etc/ssl/certs/tls.key /tmp/tls.key - - # Update certificate paths in config - sed -i 's|/etc/ssl/certs/tls.crt|/tmp/tls.crt|g' /config/adc-config.yaml - sed -i 's|/etc/ssl/certs/tls.key|/tmp/tls.key|g' /config/adc-config.yaml - {{- end }} - - adc validate -f /config/adc-config.yaml || { - echo "ERROR: Configuration validation failed" - cat /config/adc-config.yaml - exit 1 - } - - # Sync configuration to API7 - echo "Syncing configuration to API7 Gateway..." - adc sync -f /config/adc-config.yaml \ - --backend {{ .Values.api7.backend | default "api7ee" }} \ - --server ${API7_ADMIN_URL} \ - --token ${API7_ADMIN_KEY} \ - --gateway-group ${API7_GATEWAY_GROUP} \ - {{- if .Values.api7.adc.tlsSkipVerify }} - --tls-skip-verify \ - {{- end }} - --verbose || { - echo "ERROR: Failed to sync configuration" - exit 1 - } - - echo "✅ API7 configuration sync completed successfully!" - - {{- if .Values.api7.autoPublish }} - # Auto-publish routes - echo "Auto-publishing routes..." - - # Get list of services and routes - SERVICES=$(curl -s ${API7_ADMIN_URL}/apisix/admin/services \ - -H "X-API-KEY: ${API7_ADMIN_KEY}" | jq -r '.list[].id' || echo "") - - for SERVICE_ID in $SERVICES; do - echo "Publishing routes for service: $SERVICE_ID" - - # Get routes for this service - ROUTES=$(curl -s ${API7_ADMIN_URL}/apisix/admin/services/${SERVICE_ID}/routes \ - -H "X-API-KEY: ${API7_ADMIN_KEY}" | jq -r '.list[].id' || echo "") - - for ROUTE_ID in $ROUTES; do - echo "Publishing route: $ROUTE_ID" - curl -X POST ${API7_ADMIN_URL}/apisix/admin/services/${SERVICE_ID}/routes/${ROUTE_ID}/publish \ - -H "X-API-KEY: ${API7_ADMIN_KEY}" \ - -H "Content-Type: application/json" \ - -d "{\"gateway_group_id\": \"${API7_GATEWAY_GROUP}\"}" || { - echo "Warning: Failed to publish route $ROUTE_ID" - } - done - done - - echo "✅ Routes published successfully!" - {{- end }} - - # Display summary - echo "" - echo "==========================================" - echo "API7 Configuration Summary:" - echo "==========================================" - echo "Gateway URL: ${API7_ADMIN_URL}" - echo "Gateway Group: ${API7_GATEWAY_GROUP}" - echo "Hosts configured:" - {{- range .Values.api7.hosts }} - echo " - {{ . }}" - {{- end }} - {{- if .Values.api7.tls.enabled }} - echo "TLS: Enabled" - {{- end }} - {{- if .Values.api7.serviceDiscovery.enabled }} - echo "Service Discovery: Kubernetes" - {{- end }} - echo "==========================================" - echo "" - echo "Access your application at:" - {{- range .Values.api7.hosts }} - echo " {{ if $.Values.api7.tls.enabled }}https{{ else }}http{{ end }}://{{ . }}" - {{- end }} + args: + - sync + - -f + - /config/adc-config.yaml + - --backend + - {{ .Values.api7.backend | default "api7ee" }} + - --server + - $(API7_ADMIN_URL) + - --token + - $(API7_ADMIN_KEY) + - --gateway-group + - $(API7_GATEWAY_GROUP) + {{- if .Values.api7.adc.verbose }} + - --verbose + {{- end }} env: - - name: ADC_VERBOSE - value: "{{ .Values.api7.adc.verbose | default true }}" - name: API7_ADMIN_URL valueFrom: secretKeyRef: @@ -225,11 +60,6 @@ spec: - name: adc-config mountPath: /config readOnly: true - {{- if .Values.api7.tls.certManager.enabled }} - - name: tls-certs - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} resources: limits: cpu: 500m @@ -241,9 +71,4 @@ spec: - name: adc-config configMap: name: {{ include "api7ee.fullname" . }}-adc-config - {{- if .Values.api7.tls.certManager.enabled }} - - name: tls-certs - secret: - secretName: {{ .Values.api7.tls.secretName | default (printf "%s-tls" (include "api7ee.fullname" .)) }} - {{- end }} {{- end }}