demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rewrite and expand all documentation for API7EE demo platform
All checks were successful
Helm Chart Build / lint-only (push) Has been skipped
Details
Helm Chart Build / build-helm (push) Successful in 8s
Details
Build and Deploy / build-api (push) Successful in 46s
Details
Build and Deploy / build-web (push) Successful in 1m8s
Details

Browse Source
This commit is contained in:
d.viti
2025-10-07 19:09:40 +02:00
parent 118f2c051c
commit 1b31601543
4 changed files with 2852 additions and 668 deletions
Download Patch File Download Diff File Expand all files Collapse all files

880
helm/api7ee-demo-k8s/README.md
View File

@@ -1,123 +1,267 @@
# API7 Enterprise Edition Helm Chart
# API7 Enterprise Edition Demo - Helm Chart
This Helm chart deploys the API7 Enterprise Edition demo application, consisting of a Web frontend and API backend service.
A comprehensive Helm chart for deploying the API7 Enterprise Edition demo platform on Kubernetes. This chart deploys both web frontend and API backend services with full API7 Gateway integration, including automatic ADC configuration, TLS management, and advanced rate limiting.
## Prerequisites
## 📋 Overview
- Kubernetes 1.19+
- Helm 3.8.0+
- PV provisioner support in the underlying infrastructure (optional)
- Ingress controller (e.g., NGINX Ingress Controller)
This Helm chart provides:
## Installation
- **Dual Service Deployment**: Web frontend + API backend
- **API7 Gateway Integration**: Automatic ADC (API7 Declarative CLI) configuration
- **TLS/SSL Management**: cert-manager integration or custom certificates
- **Service Discovery**: Kubernetes-native service discovery
- **Rate Limiting**: Standard and AI token-based rate limiting
- **Autoscaling**: Horizontal Pod Autoscaler (HPA) support
- **High Availability**: Pod Disruption Budgets and multi-replica deployment
- **Security**: Pod Security Contexts, RBAC, and Network Policies
### Add the Helm repository (if published)
## 🎯 Features
### Deployments
- **Web Service** (apache-service): FastAPI frontend with embedded documentation
- **API Service** (nginx-service): FastAPI backend with REST API and LLM endpoints
### API7 Gateway Configuration
- **Automatic ADC Sync**: Configures routes, services, and upstreams
- **Advanced Rate Limiting**:
- Standard: 100 req/60s per IP for `/api/*`
- AI: 100 tokens/60s for `/api/llm/*`
- **Route Prioritization**: LLM (20) > API (10) > Web (1)
- **TLS/SSL**: Automatic HTTPS redirect and certificate management
- **Plugins**: CORS, Prometheus metrics, request logging, authentication
### Kubernetes Resources
- Deployments (Web and API)
- Services (ClusterIP)
- Ingress (NGINX)
- ConfigMaps (Application config and ADC config)
- Secrets (TLS certificates, API7 credentials)
- ServiceAccount and RBAC
- HorizontalPodAutoscaler
- PodDisruptionBudget
- Certificate (cert-manager)
- Job (ADC sync)
## 📦 Prerequisites
- **Kubernetes**: v1.19 or higher
- **Helm**: 3.8.0 or higher
- **API7 Enterprise Edition**: Installed and configured
- **Ingress Controller**: NGINX Ingress Controller (recommended)
- **cert-manager**: v1.0+ (optional, for automatic TLS)
## 🚀 Installation
### Add Helm Repository
```bash
# Add the Gitea Helm repository
helm repo add api7ee https://git.commandware.com/api/packages/demos/helm
# Update repositories
helm repo update
# Search for available versions
helm search repo api7ee/api7ee-demo-k8s
```
### Install the chart
### Basic Installation
```bash
# Install with default values
helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s
helm install api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
--create-namespace
# Install in a specific namespace
helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s --namespace api7ee --create-namespace
# Check installation
helm list -n api7ee
kubectl get pods -n api7ee
```
### Installation with Custom Values
```bash
# Install with custom values file
helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s -f custom-values.yaml
helm install api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
--create-namespace \
-f custom-values.yaml
# Install with command-line overrides
helm install api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
--set web.replicaCount=3 \
--set api.replicaCount=5 \
--set api7.gateway.adminKey="your-admin-key" \
--set api7.hosts[0]="your-domain.com"
```
## Configuration
### Install from Local Chart
### API7 Gateway Integration
```bash
# Install from local directory
helm install api7ee-demo ./helm/api7ee-demo-k8s \
--namespace api7ee \
--create-namespace
This Helm chart includes automatic API7 Gateway configuration using ADC (API7 Declarative CLI). When `api7.enabled` is set to `true`, the chart will:
1. **Deploy ADC Configuration**: Creates routes, services, and upstreams for your applications
2. **Configure TLS/SSL**: Manages certificates via cert-manager or custom certificates
3. **Enable Service Discovery**: Uses Kubernetes native service discovery
4. **Apply Security Policies**: Configures rate limiting, CORS, and authentication
5. **Auto-publish Routes**: Optionally publishes routes automatically after deployment
### Key Configuration Options
| Parameter | Description | Default |
|-----------|-------------|---------|
| `web.enabled` | Enable Web component | `true` |
| `web.replicaCount` | Number of Web replicas | `2` |
| `web.image.repository` | Web image repository | `api7ee/web` |
| `web.image.tag` | Web image tag | `main` |
| `web.service.port` | Web service port | `8000` |
| `api.enabled` | Enable API component | `true` |
| `api.replicaCount` | Number of API replicas | `3` |
| `api.image.repository` | API image repository | `api7ee/api` |
| `api.image.tag` | API image tag | `main` |
| `api.service.port` | API service port | `8080` |
| `ingress.enabled` | Enable ingress | `true` |
| `ingress.hosts[0].host` | Ingress hostname | `demo.commandware.it` |
| `api7.enabled` | Enable API7 ADC configuration | `true` |
| `api7.gateway.adminUrl` | API7 Gateway Admin API URL | `http://api7-gateway.api7ee:9180` |
| `api7.hosts` | Hosts for API7 routing | `[demo.commandware.it]` |
| `api7.tls.certManager.enabled` | Use cert-manager for TLS | `true` |
| `api7.autoPublish` | Auto-publish routes | `true` |
### Custom Values Examples
#### Configure API7 Gateway:
```yaml
api7:
enabled: true
gateway:
adminUrl: http://your-api7-gateway:9180
adminKey: "your-admin-key-here"
group: production
hosts:
- api.yourdomain.com
tls:
certManager:
enabled: true
issuer: letsencrypt-prod
plugins:
rateLimit:
enabled: true
count: 1000
timeWindow: 60
auth:
enabled: true
consumers:
- username: api-client
apiKey: secure-api-key-12345
# With development values
helm install api7ee-dev ./helm/api7ee-demo-k8s \
-f ./helm/api7ee-demo-k8s/values-dev.yaml \
--namespace api7ee-dev
```
#### Using a private registry:
## ⚙️ Configuration
### Global Configuration
| Parameter | Description | Default |
| ------------------------- | ---------------------- | ------- |
| `global.imageRegistry` | Global Docker registry | `""` |
| `global.imagePullSecrets` | Image pull secrets | `[]` |
### Web Service Configuration
| Parameter | Description | Default |
| ------------------------------------------------ | --------------------- | ---------------------- |
| `web.enabled` | Enable Web component | `true` |
| `web.replicaCount` | Number of replicas | `2` |
| `web.image.registry` | Image registry | `gitea.server_url` |
| `web.image.repository` | Image repository | `gitea.repository/web` |
| `web.image.tag` | Image tag | `main` |
| `web.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `web.service.type` | Service type | `ClusterIP` |
| `web.service.port` | Service port | `8000` |
| `web.resources.limits.cpu` | CPU limit | `500m` |
| `web.resources.limits.memory` | Memory limit | `512Mi` |
| `web.resources.requests.cpu` | CPU request | `250m` |
| `web.resources.requests.memory` | Memory request | `256Mi` |
| `web.autoscaling.enabled` | Enable HPA | `false` |
| `web.autoscaling.minReplicas` | Min replicas | `2` |
| `web.autoscaling.maxReplicas` | Max replicas | `10` |
| `web.autoscaling.targetCPUUtilizationPercentage` | CPU target | `80` |
| `web.env` | Environment variables | `[]` |
### API Service Configuration
| Parameter | Description | Default |
| ------------------------------------------------ | --------------------- | ---------------------------------- |
| `api.enabled` | Enable API component | `true` |
| `api.replicaCount` | Number of replicas | `3` |
| `api.image.registry` | Image registry | `gitea.server_url` |
| `api.image.repository` | Image repository | `gitea.repository/api` |
| `api.image.tag` | Image tag | `main` |
| `api.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `api.service.type` | Service type | `ClusterIP` |
| `api.service.port` | Service port | `8080` |
| `api.resources.limits.cpu` | CPU limit | `1000m` |
| `api.resources.limits.memory` | Memory limit | `1Gi` |
| `api.resources.requests.cpu` | CPU request | `500m` |
| `api.resources.requests.memory` | Memory request | `512Mi` |
| `api.autoscaling.enabled` | Enable HPA | `true` |
| `api.autoscaling.minReplicas` | Min replicas | `3` |
| `api.autoscaling.maxReplicas` | Max replicas | `20` |
| `api.autoscaling.targetCPUUtilizationPercentage` | CPU target | `70` |
| `api.env` | Environment variables | `[{name: LOG_LEVEL, value: info}]` |
### Ingress Configuration
| Parameter | Description | Default |
| --------------------------- | ------------------- | ---------------------------- |
| `ingress.enabled` | Enable ingress | `true` |
| `ingress.className` | Ingress class | `nginx` |
| `ingress.annotations` | Ingress annotations | See values.yaml |
| `ingress.hosts[0].host` | Hostname | `api7-demo.commandware.it` |
| `ingress.tls[0].secretName` | TLS secret | `api7ee-tls` |
| `ingress.tls[0].hosts` | TLS hosts | `[api7-demo.commandware.it]` |
### API7 Gateway Configuration
| Parameter | Description | Default |
| ----------------------------- | ---------------------- | ------------------------------------ |
| `api7.enabled` | Enable API7 ADC config | `true` |
| `api7.adc.image` | ADC Docker image | `ghcr.io/api7/adc:latest` |
| `api7.adc.verbose` | Verbose logging | `true` |
| `api7.adc.tlsSkipVerify` | Skip TLS verify | `false` |
| `api7.gateway.adminUrl` | API7 Admin API URL | `http://api7ee3-0-xxx-dp-manager...` |
| `api7.gateway.adminKey` | API7 Admin API key | `edd1c9f034335f136f87ad84b625c8f1` |
| `api7.gateway.group` | Gateway group | `default` |
| `api7.gateway.gatewayService` | Gateway service name | `gateway-0-xxx-gateway` |
| `api7.backend` | Backend type | `api7ee` |
| `api7.autoPublish` | Auto-publish routes | `true` |
| `api7.hosts` | Routing hosts | `[api7-demo.commandware.it]` |
### TLS Configuration
| Parameter | Description | Default |
| --------------------------------- | ------------------- | ---------------------- |
| `api7.tls.enabled` | Enable TLS | `true` |
| `api7.tls.certManager.enabled` | Use cert-manager | `true` |
| `api7.tls.certManager.issuer` | ClusterIssuer name | `cloudflare-acme-prod` |
| `api7.tls.certManager.issuerKind` | Issuer kind | `ClusterIssuer` |
| `api7.tls.secretName` | Existing TLS secret | `""` |
| `api7.tls.certificate` | Direct certificate | `""` |
| `api7.tls.key` | Direct key | `""` |
### Rate Limiting Configuration
| Parameter | Description | Default |
| ---------------------------------------- | ----------------------------- | -------------- |
| `api7.plugins.rateLimit.enabled` | Enable standard rate limiting | `true` |
| `api7.plugins.rateLimit.count` | Request limit | `100` |
| `api7.plugins.rateLimit.timeWindow` | Time window (seconds) | `60` |
| `api7.plugins.rateLimit.keyType` | Key type | `var` |
| `api7.plugins.rateLimit.key` | Key variable | `remote_addr` |
| `api7.plugins.aiRateLimit.enabled` | Enable AI rate limiting | `true` |
| `api7.plugins.aiRateLimit.limit` | Token limit | `100` |
| `api7.plugins.aiRateLimit.timeWindow` | Time window (seconds) | `60` |
| `api7.plugins.aiRateLimit.limitStrategy` | Limit strategy | `total_tokens` |
### Additional Plugins
| Parameter | Description | Default |
| --------------------------------- | ------------------------- | ------- |
| `api7.plugins.cors.enabled` | Enable CORS | `true` |
| `api7.plugins.cors.allowOrigins` | Allowed origins | `["*"]` |
| `api7.plugins.auth.enabled` | Enable authentication | `false` |
| `api7.plugins.prometheus.enabled` | Enable Prometheus metrics | `true` |
| `api7.plugins.logging.enabled` | Enable request logging | `false` |
## 📝 Configuration Examples
### Production Deployment
```yaml
# production-values.yaml
global:
imageRegistry: my-registry.example.com
imageRegistry: "git.commandware.com"
imagePullSecrets:
- name: my-registry-secret
```
- name: registry-secret
#### Enabling autoscaling:
```yaml
web:
replicaCount: 3
image:
tag: "v1.0.0"
pullPolicy: Always
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 70
```
minReplicas: 3
maxReplicas: 15
#### Custom resource limits:
```yaml
api:
replicaCount: 5
image:
tag: "v1.0.0"
pullPolicy: Always
resources:
limits:
cpu: 2000m
@@ -125,31 +269,406 @@ api:
requests:
cpu: 1000m
memory: 1Gi
autoscaling:
enabled: true
minReplicas: 5
maxReplicas: 30
api7:
gateway:
adminKey: "${API7_ADMIN_KEY}" # Use secret
hosts:
- api7-demo.yourdomain.com
plugins:
rateLimit:
count: 1000
auth:
enabled: true
```
## Upgrading
```bash
helm install api7ee-prod api7ee/api7ee-demo-k8s \
-f production-values.yaml \
--namespace api7ee-prod \
--create-namespace
```
### Custom Domain and TLS
```yaml
# custom-domain-values.yaml
api7:
hosts:
- api.example.com
- demo.example.com
tls:
certManager:
enabled: true
issuer: letsencrypt-prod
ingress:
hosts:
- host: api.example.com
paths:
- path: /
pathType: Prefix
service: web
tls:
- secretName: example-tls
hosts:
- api.example.com
```
### High Resource Environment
```yaml
# high-resources-values.yaml
web:
replicaCount: 5
resources:
limits:
cpu: 2000m
memory: 2Gi
requests:
cpu: 1000m
memory: 1Gi
autoscaling:
enabled: true
maxReplicas: 20
api:
replicaCount: 10
resources:
limits:
cpu: 4000m
memory: 4Gi
requests:
cpu: 2000m
memory: 2Gi
autoscaling:
enabled: true
maxReplicas: 50
podDisruptionBudget:
enabled: true
minAvailable: 3
```
### Custom API7 Gateway
```yaml
# custom-gateway-values.yaml
api7:
gateway:
adminUrl: http://my-api7-gateway:9180
adminKey: "my-custom-key"
group: production
gatewayService: my-gateway-service
backend: apisix # or api7ee
autoPublish: false # Manual publish
```
### LLM Configuration
```yaml
# llm-values.yaml
api:
env:
- name: OPENAI_API_BASE
value: "http://openwebui.ai:8080/api"
- name: OPENAI_API_KEY
valueFrom:
secretKeyRef:
name: llm-secrets
key: api-key
- name: DEFAULT_LLM_MODEL
value: "videogame-expert"
api7:
plugins:
aiRateLimit:
enabled: true
limit: 200 # Higher limit
timeWindow: 60
```
### Development Environment
Use the included `values-dev.yaml`:
```bash
# Upgrade to a new version
helm upgrade my-api7ee ./helm/api7ee-demo-k8s-demo-k8s
helm install api7ee-dev ./helm/api7ee-demo-k8s \
-f ./helm/api7ee-demo-k8s/values-dev.yaml \
--namespace api7ee-dev
```
## 🔄 Upgrade and Rollback
### Upgrade Release
```bash
# Upgrade with new values
helm upgrade my-api7ee ./helm/api7ee-demo-k8s-demo-k8s --set web.replicaCount=3
helm upgrade api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
-f new-values.yaml
# Upgrade with inline values
helm upgrade api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
--reuse-values \
--set api.replicaCount=5
# Force upgrade
helm upgrade api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
--force
```
## Uninstallation
### Rollback
```bash
# Uninstall the release
helm uninstall my-api7ee
# View release history
helm history api7ee-demo -n api7ee
# Uninstall from a specific namespace
helm uninstall my-api7ee --namespace api7ee
# Rollback to previous release
helm rollback api7ee-demo -n api7ee
# Rollback to specific revision
helm rollback api7ee-demo 3 -n api7ee
```
## Monitoring
### Verify Upgrade
If metrics are enabled, the services expose Prometheus-compatible metrics:
```bash
# Check release status
helm status api7ee-demo -n api7ee
# View current values
helm get values api7ee-demo -n api7ee
# Check all resources
kubectl get all -n api7ee -l app.kubernetes.io/instance=api7ee-demo
```
## 🗑️ Uninstallation
```bash
# Uninstall release
helm uninstall api7ee-demo --namespace api7ee
# Keep release history (for rollback)
helm uninstall api7ee-demo --namespace api7ee --keep-history
# Delete namespace
kubectl delete namespace api7ee
```
## 🔍 Verification and Testing
### Check Deployment Status
```bash
# Helm release status
helm list -n api7ee
helm status api7ee-demo -n api7ee
# Kubernetes resources
kubectl get all -n api7ee
kubectl get pods -n api7ee -w
# Check specific resources
kubectl get deployments -n api7ee
kubectl get services -n api7ee
kubectl get ingress -n api7ee
kubectl get hpa -n api7ee
```
### View Logs
```bash
# Web service logs
kubectl logs -n api7ee -l app=apache-service --tail=50
# API service logs
kubectl logs -n api7ee -l app=nginx-service --tail=50
# ADC sync job logs
kubectl logs -n api7ee -l app.kubernetes.io/component=adc-sync
# All logs
kubectl logs -n api7ee -l app.kubernetes.io/instance=api7ee-demo --all-containers
```
### Test Endpoints
```bash
# Get ingress URL
INGRESS_HOST=$(kubectl get ingress -n api7ee api7ee-demo-ingress -o jsonpath='{.spec.rules[0].host}')
# Test web service
curl https://$INGRESS_HOST/
# Test API
curl https://$INGRESS_HOST/api/items
# Test health checks
curl https://$INGRESS_HOST/health
curl https://$INGRESS_HOST/api/health
# Test LLM endpoint
curl -X POST https://$INGRESS_HOST/api/llm/chat \
-H "Content-Type: application/json" \
-d '{
"prompt": "What is Zelda?",
"max_tokens": 100
}'
```
## 🔧 Troubleshooting
### Common Issues
#### 1. ADC Sync Job Fails
**Check job logs**:
```bash
kubectl logs -n api7ee -l app.kubernetes.io/component=adc-sync
# Common errors:
# - "connection refused" → Check adminUrl
# - "unauthorized" → Verify adminKey
# - "route not found" → Check backend type (api7ee vs apisix)
```
**Solution**:
```bash
# Update API7 credentials
helm upgrade api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
--reuse-values \
--set api7.gateway.adminKey="correct-admin-key"
```
#### 2. Pods Not Starting
**Check pod status**:
```bash
kubectl describe pod -n api7ee <pod-name>
# Common issues:
# - ImagePullBackOff → Check image registry credentials
# - CrashLoopBackOff → Check application logs
# - Pending → Check resources and node capacity
```
**Solution for ImagePullBackOff**:
```bash
# Create registry secret
kubectl create secret docker-registry gitea-registry \
--docker-server=git.commandware.com \
--docker-username=<USERNAME> \
--docker-password=<TOKEN> \
-n api7ee
# Update values
helm upgrade api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
--reuse-values \
--set global.imagePullSecrets[0].name=gitea-registry
```
#### 3. Routes Return 404
**Cause**: Routes not published to gateway group
**Check API7 Dashboard**:
```
Services → Select service → Routes → Check publication status
```
**Solution**:
```bash
# Enable auto-publish
helm upgrade api7ee-demo api7ee/api7ee-demo-k8s \
--namespace api7ee \
--reuse-values \
--set api7.autoPublish=true
# Or publish manually via Dashboard:
# Click "Publish" → Select "default" gateway group
```
#### 4. TLS Certificate Issues
**Check certificate status**:
```bash
kubectl get certificate -n api7ee
kubectl describe certificate -n api7ee api7ee-tls
# Check cert-manager logs
kubectl logs -n cert-manager -l app=cert-manager --tail=50
```
**Verify cert-manager configuration**:
```bash
# Check ClusterIssuer
kubectl get clusterissuer cloudflare-acme-prod
# Check challenge
kubectl get challenge -n api7ee
```
#### 5. Service Discovery Not Working
**Check services have named ports**:
```bash
kubectl get svc -n api7ee apache-service -o yaml | grep -A5 ports
# Ports must have 'name' field:
# ports:
# - port: 80
# name: http # ← Required
```
**Check endpoints**:
```bash
kubectl get endpoints -n api7ee
```
#### 6. HPA Not Scaling
**Check HPA status**:
```bash
kubectl get hpa -n api7ee
kubectl describe hpa -n api7ee <hpa-name>
```
**Verify metrics-server**:
```bash
kubectl top nodes
kubectl top pods -n api7ee
# If metrics not available, install metrics-server:
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
```
## 📊 Monitoring
### Prometheus Metrics
If Prometheus is enabled:
```yaml
metrics:
@@ -159,59 +678,150 @@ metrics:
interval: 30s
```
## Troubleshooting
### API7 ADC Sync Issues
If the ADC sync job fails:
**View metrics**:
```bash
# Check the job status
kubectl get jobs -l app.kubernetes.io/instance=my-api7ee
# Check ServiceMonitor
kubectl get servicemonitor -n api7ee
# View job logs
kubectl logs job/my-api7ee-adc-sync
# Manually run ADC sync
kubectl run adc-debug --rm -it --image=ghcr.io/api7/adc:latest -- /bin/sh
# Query Prometheus
curl http://<prometheus-server>/api/v1/query?query=up{job="api7ee"}
```
### Verify API7 Configuration
### API7 Dashboard
Access API7 Dashboard to view:
- Route traffic and statistics
- Rate limiting metrics
- Service health and upstreams
- Plugin performance
## 🔐 Security
### Security Features
- **Pod Security Context**: Runs as non-root user (UID 1000)
- **Security Context**: Drops all capabilities, prevents privilege escalation
- **Read-only Root Filesystem**: Enabled for both services
- **Network Policies**: Optional network policy support
- **RBAC**: ServiceAccount with minimal permissions
- **Secrets Management**: TLS certificates and API keys stored securely
### Enable Network Policies
```yaml
networkPolicy:
enabled: true
ingress:
- from:
- namespaceSelector:
matchLabels:
name: api7ee
ports:
- protocol: TCP
port: 8000
```
### Secrets Management
**Create secrets before installation**:
```bash
# Check if routes are configured
curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/routes
# API7 admin key
kubectl create secret generic api7-admin-key \
--from-literal=adminKey='your-admin-key' \
-n api7ee
# Check service discovery
curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/upstreams
# LLM API key
kubectl create secret generic llm-secrets \
--from-literal=api-key='your-llm-api-key' \
-n api7ee
# Image pull secret
kubectl create secret docker-registry gitea-registry \
--docker-server=git.commandware.com \
--docker-username=<user> \
--docker-password=<token> \
-n api7ee
```
### Check deployment status:
```bash
kubectl get deployments -l app.kubernetes.io/instance=my-api7ee
**Reference in values**:
```yaml
api7:
gateway:
adminKey: "${API7_ADMIN_KEY}"
api:
env:
- name: OPENAI_API_KEY
valueFrom:
secretKeyRef:
name: llm-secrets
key: api-key
```
### View logs:
```bash
# Web component logs
kubectl logs -l app.kubernetes.io/instance=my-api7ee,app.kubernetes.io/component=web
## 📚 Chart Structure
# API component logs
kubectl logs -l app.kubernetes.io/instance=my-api7ee,app.kubernetes.io/component=api
```
helm/api7ee-demo-k8s/
├── Chart.yaml # Chart metadata
├── values.yaml # Default values
├── values-dev.yaml # Development overrides
├── values-production.yaml # Production overrides
├── templates/
│ ├── NOTES.txt # Post-install notes
│ ├── _helpers.tpl # Template helpers
│ ├── deployment-web.yaml # Web deployment
│ ├── deployment-api.yaml # API deployment
│ ├── service-web.yaml # Web service
│ ├── service-api.yaml # API service
│ ├── ingress.yaml # Ingress resource
│ ├── configmap.yaml # Application config
│ ├── configmap-adc.yaml # API7 ADC config
│ ├── job-adc-sync.yaml # ADC sync job
│ ├── secret.yaml # Application secrets
│ ├── secret-api7.yaml # API7 secrets
│ ├── certificate.yaml # cert-manager certificate
│ ├── serviceaccount.yaml # ServiceAccount
│ ├── rbac-adc.yaml # RBAC for ADC
│ ├── hpa-web.yaml # Web HPA
│ ├── hpa-api.yaml # API HPA
│ └── poddisruptionbudget.yaml # PDB
└── README.md # This file
```
### Check HPA status:
```bash
kubectl get hpa -l app.kubernetes.io/instance=my-api7ee
```
## 📦 Chart Information
## Security Considerations
- **Name**: api7ee-demo-k8s
- **Version**: 0.1.0
- **App Version**: 1.0.0
- **Type**: application
- **Keywords**: api7, api-gateway, web, api
- **Home**: https://demo.commandware.it
- **Sources**: https://git.commandware.com/demos/api7-demo
- Pod Security Context is configured to run as non-root user (UID 1000)
- Security Context drops all capabilities and prevents privilege escalation
- Read-only root filesystem is enabled
- Network policies can be enabled to restrict traffic
## 📄 Resources
## Support
### Documentation
For issues and questions, please contact support@commandware.com or visit https://git.commandware.com/demos/api7-demo
- **Helm**: https://helm.sh/docs/
- **API7 Enterprise**: https://docs.api7.ai/
- **Kubernetes**: https://kubernetes.io/docs/
### Related
- [Main README](../../README.md)
- [Web Application README](../../web/README.md)
- [API Application README](../../api/README.md)
## 🤝 Support
- **Issues**: https://git.commandware.com/demos/api7-demo/issues
- **Email**: support@commandware.com
- **Repository**: https://git.commandware.com/demos/api7-demo
---
**Chart Version**: 0.1.0 | **Maintainer**: CommandWare | **License**: Demo Project