Refactor Helm chart for API7EE: clarify gateway requirements, improve

ADC config templating, and enhance gateway health checks
2025-10-08 13:44:01 +02:00
parent c0832ff59b
commit b2e0d5bd10
4 changed files with 106 additions and 21 deletions
--- a/helm/api7ee-demo-k8s/templates/configmap-adc.yaml
+++ b/helm/api7ee-demo-k8s/templates/configmap-adc.yaml
@@ -9,19 +9,21 @@ metadata:
 data:
  adc-config.yaml: |
    services:
-      - name: apache-service
+      # Web Frontend Service
+      - name: {{ include "api7ee.fullname" . }}-web-service
        hosts:
          - {{ (first .Values.api7.hosts) | quote }}
        upstream:
-          name: apache-upstream
+          name: {{ include "api7ee.fullname" . }}-web-upstream
          scheme: http
          type: roundrobin
          nodes:
-            - host: apache-service.{{ .Release.Namespace }}.svc.cluster.local
-              port: 80
+            - host: {{ include "api7ee.fullname" . }}-web.{{ .Release.Namespace }}.svc.cluster.local
+              port: {{ .Values.web.service.port }}
              weight: 100
        routes:
-          - name: apache-route
+          # Route for web frontend (all paths except /api)
+          - name: {{ include "api7ee.fullname" . }}-web-route
            uris:
              - /*
            vars:
@@ -34,20 +36,31 @@ data:
              redirect:
                http_to_https: true
              {{- end }}
+              {{- if .Values.api7.plugins.cors.enabled }}
+              cors:
+                allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
+                allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
+                allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
+                expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
+                max_age: {{ .Values.api7.plugins.cors.maxAge }}
+                allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
+              {{- end }}

-      - name: nginx-api-service
+      # API Backend Service
+      - name: {{ include "api7ee.fullname" . }}-api-service
        hosts:
          - {{ (first .Values.api7.hosts) | quote }}
        upstream:
-          name: nginx-upstream
+          name: {{ include "api7ee.fullname" . }}-api-upstream
          scheme: http
          type: roundrobin
          nodes:
-            - host: nginx-service.{{ .Release.Namespace }}.svc.cluster.local
-              port: 80
+            - host: {{ include "api7ee.fullname" . }}-api.{{ .Release.Namespace }}.svc.cluster.local
+              port: {{ .Values.api.service.port }}
              weight: 100
        routes:
-          - name: nginx-api-llm-route
+          # High priority route for LLM endpoints with AI rate limiting
+          - name: {{ include "api7ee.fullname" . }}-api-llm-route
            uris:
              - /api/llm
              - /api/llm/*
@@ -57,6 +70,15 @@ data:
              redirect:
                http_to_https: true
              {{- end }}
+              {{- if .Values.api7.plugins.cors.enabled }}
+              cors:
+                allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
+                allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
+                allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
+                expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
+                max_age: {{ .Values.api7.plugins.cors.maxAge }}
+                allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
+              {{- end }}
              {{- if .Values.api7.plugins.aiRateLimit.enabled }}
              ai-rate-limiting:
                limit: {{ .Values.api7.plugins.aiRateLimit.limit }}
@@ -65,7 +87,8 @@ data:
                limit_strategy: {{ .Values.api7.plugins.aiRateLimit.limitStrategy | quote }}
              {{- end }}

-          - name: nginx-api-route
+          # Standard API route with request rate limiting
+          - name: {{ include "api7ee.fullname" . }}-api-route
            uris:
              - /api
              - /api/*
@@ -75,6 +98,15 @@ data:
              redirect:
                http_to_https: true
              {{- end }}
+              {{- if .Values.api7.plugins.cors.enabled }}
+              cors:
+                allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
+                allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
+                allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
+                expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
+                max_age: {{ .Values.api7.plugins.cors.maxAge }}
+                allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
+              {{- end }}
              {{- if .Values.api7.plugins.rateLimit.enabled }}
              limit-count:
                count: {{ .Values.api7.plugins.rateLimit.count }}
@@ -85,6 +117,7 @@ data:
              {{- end }}

    {{- if .Values.api7.plugins.auth.enabled }}
+    # API Consumers for authentication
    consumers:
      {{- range .Values.api7.consumers }}
      - username: {{ .username }}
@@ -94,6 +127,7 @@ data:
      {{- end }}
    {{- end }}

+    # Global Rules
    global_rules:
      {{- if .Values.api7.plugins.prometheus.enabled }}
      - id: prometheus-metrics