Simplify adc-sync job to use ADC container and args
This commit is contained in:
d.viti
@@ -21,191 +21,26 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
serviceAccountName: {{ include "api7ee.serviceAccountName" . }}
|
serviceAccountName: {{ include "api7ee.serviceAccountName" . }}
|
||||||
{{- if .Values.api7.tls.certManager.enabled }}
|
|
||||||
initContainers:
|
|
||||||
- name: wait-for-certificate
|
|
||||||
image: busybox:1.35
|
|
||||||
command:
|
|
||||||
- sh
|
|
||||||
- -c
|
|
||||||
- |
|
|
||||||
echo "Waiting for TLS certificate to be ready..."
|
|
||||||
while [ ! -f /etc/ssl/certs/tls.crt ] || [ ! -f /etc/ssl/certs/tls.key ]; do
|
|
||||||
echo "Certificate not ready, waiting..."
|
|
||||||
sleep 5
|
|
||||||
done
|
|
||||||
echo "Certificate is ready!"
|
|
||||||
volumeMounts:
|
|
||||||
- name: tls-certs
|
|
||||||
mountPath: /etc/ssl/certs
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
|
||||||
containers:
|
containers:
|
||||||
- name: adc-sync
|
- name: adc-sync
|
||||||
image: debian:bookworm-slim
|
image: ghcr.io/api7/adc:latest
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
args:
|
||||||
- /bin/sh
|
- sync
|
||||||
- -c
|
- -f
|
||||||
- |
|
- /config/adc-config.yaml
|
||||||
set -e
|
- --backend
|
||||||
echo "Starting API7 ADC configuration sync..."
|
- {{ .Values.api7.backend | default "api7ee" }}
|
||||||
|
- --server
|
||||||
# Install dependencies and ADC binary
|
- $(API7_ADMIN_URL)
|
||||||
echo "Installing curl and dependencies..."
|
- --token
|
||||||
if [ -f /etc/debian_version ]; then
|
- $(API7_ADMIN_KEY)
|
||||||
# Debian/Ubuntu
|
- --gateway-group
|
||||||
apt-get update && apt-get install -y curl {{- if .Values.api7.autoPublish }} jq{{- end }}
|
- $(API7_GATEWAY_GROUP)
|
||||||
elif [ -f /etc/alpine-release ]; then
|
{{- if .Values.api7.adc.verbose }}
|
||||||
# Alpine
|
- --verbose
|
||||||
apk add --no-cache curl {{- if .Values.api7.autoPublish }} jq{{- end }}
|
|
||||||
elif [ -f /etc/redhat-release ]; then
|
|
||||||
# RHEL/CentOS
|
|
||||||
yum install -y curl {{- if .Values.api7.autoPublish }} jq{{- end }}
|
|
||||||
else
|
|
||||||
echo "ERROR: Unsupported Linux distribution"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Download and install ADC binary
|
|
||||||
echo "Downloading ADC binary..."
|
|
||||||
ADC_VERSION="v0.21.0"
|
|
||||||
curl -sL "https://github.com/api7/adc/releases/download/${ADC_VERSION}/adc_${ADC_VERSION#v}_linux_amd64.tar.gz" -o /tmp/adc.tar.gz
|
|
||||||
tar -zxf /tmp/adc.tar.gz -C /tmp/
|
|
||||||
chmod +x /tmp/adc
|
|
||||||
mv /tmp/adc /usr/local/bin/adc
|
|
||||||
rm -f /tmp/adc.tar.gz
|
|
||||||
|
|
||||||
# Verify ADC installation and update PATH
|
|
||||||
export PATH="/usr/local/bin:$PATH"
|
|
||||||
if ! command -v adc &> /dev/null; then
|
|
||||||
echo "ERROR: ADC installation failed"
|
|
||||||
ls -la /usr/local/bin/
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "ADC installed successfully: $(adc version 2>/dev/null || echo 'installed')"
|
|
||||||
|
|
||||||
# Wait for API7 Gateway to be ready
|
|
||||||
echo "Waiting for API7 Gateway to be available..."
|
|
||||||
MAX_RETRIES=30
|
|
||||||
RETRY_COUNT=0
|
|
||||||
{{- if eq .Values.api7.backend "api7ee" }}
|
|
||||||
# For API7 EE, check the version endpoint
|
|
||||||
HEALTH_ENDPOINT="${API7_ADMIN_URL}/version"
|
|
||||||
{{- else }}
|
|
||||||
# For Apache APISIX, check the admin routes endpoint
|
|
||||||
HEALTH_ENDPOINT="${API7_ADMIN_URL}/apisix/admin/routes"
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
|
|
||||||
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" ${HEALTH_ENDPOINT} \
|
|
||||||
{{- if eq .Values.api7.backend "apisix" }}
|
|
||||||
-H "X-API-KEY: ${API7_ADMIN_KEY}" \
|
|
||||||
{{- end }}
|
|
||||||
--max-time 5 || echo "000")
|
|
||||||
|
|
||||||
if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "401" ]; then
|
|
||||||
echo "API7 Gateway is ready! (HTTP $HTTP_CODE)"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
echo "API7 Gateway not ready (HTTP $HTTP_CODE), retrying... ($RETRY_COUNT/$MAX_RETRIES)"
|
|
||||||
RETRY_COUNT=$((RETRY_COUNT + 1))
|
|
||||||
sleep 10
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then
|
|
||||||
echo "ERROR: API7 Gateway not ready after $MAX_RETRIES attempts"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
{{- if .Values.api7.tls.certManager.enabled }}
|
|
||||||
# Copy certificates to config directory
|
|
||||||
cp /etc/ssl/certs/tls.crt /tmp/tls.crt
|
|
||||||
cp /etc/ssl/certs/tls.key /tmp/tls.key
|
|
||||||
|
|
||||||
# Update certificate paths in config
|
|
||||||
sed -i 's|/etc/ssl/certs/tls.crt|/tmp/tls.crt|g' /config/adc-config.yaml
|
|
||||||
sed -i 's|/etc/ssl/certs/tls.key|/tmp/tls.key|g' /config/adc-config.yaml
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
adc validate -f /config/adc-config.yaml || {
|
|
||||||
echo "ERROR: Configuration validation failed"
|
|
||||||
cat /config/adc-config.yaml
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Sync configuration to API7
|
|
||||||
echo "Syncing configuration to API7 Gateway..."
|
|
||||||
adc sync -f /config/adc-config.yaml \
|
|
||||||
--backend {{ .Values.api7.backend | default "api7ee" }} \
|
|
||||||
--server ${API7_ADMIN_URL} \
|
|
||||||
--token ${API7_ADMIN_KEY} \
|
|
||||||
--gateway-group ${API7_GATEWAY_GROUP} \
|
|
||||||
{{- if .Values.api7.adc.tlsSkipVerify }}
|
|
||||||
--tls-skip-verify \
|
|
||||||
{{- end }}
|
|
||||||
--verbose || {
|
|
||||||
echo "ERROR: Failed to sync configuration"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "✅ API7 configuration sync completed successfully!"
|
|
||||||
|
|
||||||
{{- if .Values.api7.autoPublish }}
|
|
||||||
# Auto-publish routes
|
|
||||||
echo "Auto-publishing routes..."
|
|
||||||
|
|
||||||
# Get list of services and routes
|
|
||||||
SERVICES=$(curl -s ${API7_ADMIN_URL}/apisix/admin/services \
|
|
||||||
-H "X-API-KEY: ${API7_ADMIN_KEY}" | jq -r '.list[].id' || echo "")
|
|
||||||
|
|
||||||
for SERVICE_ID in $SERVICES; do
|
|
||||||
echo "Publishing routes for service: $SERVICE_ID"
|
|
||||||
|
|
||||||
# Get routes for this service
|
|
||||||
ROUTES=$(curl -s ${API7_ADMIN_URL}/apisix/admin/services/${SERVICE_ID}/routes \
|
|
||||||
-H "X-API-KEY: ${API7_ADMIN_KEY}" | jq -r '.list[].id' || echo "")
|
|
||||||
|
|
||||||
for ROUTE_ID in $ROUTES; do
|
|
||||||
echo "Publishing route: $ROUTE_ID"
|
|
||||||
curl -X POST ${API7_ADMIN_URL}/apisix/admin/services/${SERVICE_ID}/routes/${ROUTE_ID}/publish \
|
|
||||||
-H "X-API-KEY: ${API7_ADMIN_KEY}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d "{\"gateway_group_id\": \"${API7_GATEWAY_GROUP}\"}" || {
|
|
||||||
echo "Warning: Failed to publish route $ROUTE_ID"
|
|
||||||
}
|
|
||||||
done
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "✅ Routes published successfully!"
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
# Display summary
|
|
||||||
echo ""
|
|
||||||
echo "=========================================="
|
|
||||||
echo "API7 Configuration Summary:"
|
|
||||||
echo "=========================================="
|
|
||||||
echo "Gateway URL: ${API7_ADMIN_URL}"
|
|
||||||
echo "Gateway Group: ${API7_GATEWAY_GROUP}"
|
|
||||||
echo "Hosts configured:"
|
|
||||||
{{- range .Values.api7.hosts }}
|
|
||||||
echo " - {{ . }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.api7.tls.enabled }}
|
|
||||||
echo "TLS: Enabled"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.api7.serviceDiscovery.enabled }}
|
|
||||||
echo "Service Discovery: Kubernetes"
|
|
||||||
{{- end }}
|
|
||||||
echo "=========================================="
|
|
||||||
echo ""
|
|
||||||
echo "Access your application at:"
|
|
||||||
{{- range .Values.api7.hosts }}
|
|
||||||
echo " {{ if $.Values.api7.tls.enabled }}https{{ else }}http{{ end }}://{{ . }}"
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
- name: ADC_VERBOSE
|
|
||||||
value: "{{ .Values.api7.adc.verbose | default true }}"
|
|
||||||
- name: API7_ADMIN_URL
|
- name: API7_ADMIN_URL
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
@@ -225,11 +60,6 @@ spec:
|
|||||||
- name: adc-config
|
- name: adc-config
|
||||||
mountPath: /config
|
mountPath: /config
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{{- if .Values.api7.tls.certManager.enabled }}
|
|
||||||
- name: tls-certs
|
|
||||||
mountPath: /etc/ssl/certs
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
@@ -241,9 +71,4 @@ spec:
|
|||||||
- name: adc-config
|
- name: adc-config
|
||||||
configMap:
|
configMap:
|
||||||
name: {{ include "api7ee.fullname" . }}-adc-config
|
name: {{ include "api7ee.fullname" . }}-adc-config
|
||||||
{{- if .Values.api7.tls.certManager.enabled }}
|
|
||||||
- name: tls-certs
|
|
||||||
secret:
|
|
||||||
secretName: {{ .Values.api7.tls.secretName | default (printf "%s-tls" (include "api7ee.fullname" .)) }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
Reference in New Issue
Block a user