Move documentation to MkDocs and add comprehensive guides
Reorganized documentation to be part of MkDocs site with three new
comprehensive guides covering API7 Gateway configuration.
Changes:
1. Documentation Structure:
- Moved SECRET-MANAGEMENT.md from helm/ to web/docs/
- Created service-discovery.md with complete guide
- Created ingress-routing.md with routing architecture
- Moved externalsecret examples to web/docs/examples/
2. New Documentation - Service Discovery:
- How service discovery works (architecture diagram)
- Benefits vs static configuration
- Configuration examples
- RBAC requirements
- Advanced use cases (auto-scaling, rolling updates)
- Load balancing algorithms
- Monitoring and troubleshooting
- Best practices
3. New Documentation - Ingress & Routing:
- Complete traffic flow architecture
- Ingress configuration explained
- Gateway routing rules and priority
- URI matching patterns (prefix, exact, regex)
- TLS/SSL with cert-manager
- Advanced routing scenarios:
* Multiple domains
* Path-based routing
* Header-based routing
* Method-based routing
- Configuration examples (microservices, WebSocket, canary)
- Monitoring and debugging
- Troubleshooting common issues
4. MkDocs Navigation:
- Updated mkdocs.yml with new pages in Configuration section
- Added: Ingress & Routing
- Added: Service Discovery
- Added: Secret Management
5. Examples Directory:
- Created web/docs/examples/ for configuration examples
- Moved ExternalSecret examples with multiple providers:
* AWS Secrets Manager
* HashiCorp Vault
* Azure Key Vault
* GCP Secret Manager
All documentation now integrated into MkDocs site with proper
navigation, cross-references, and Material theme styling.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
d.viti
120
web/docs/examples/externalsecret-api7.yaml
Normal file
120
web/docs/examples/externalsecret-api7.yaml
Normal file
@@ -0,0 +1,120 @@
|
||||
# Example ExternalSecret for API7 Gateway credentials
|
||||
# This file demonstrates how to use External Secrets Operator with API7 Gateway
|
||||
#
|
||||
# Documentation: https://external-secrets.io/
|
||||
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: api7-gateway-credentials
|
||||
namespace: api7ee
|
||||
labels:
|
||||
app.kubernetes.io/name: api7ee-demo
|
||||
app.kubernetes.io/component: api7
|
||||
spec:
|
||||
# Refresh interval for fetching secrets from external provider
|
||||
refreshInterval: 1h
|
||||
|
||||
# Reference to SecretStore
|
||||
secretStoreRef:
|
||||
name: vault-backend # Name of your SecretStore
|
||||
kind: SecretStore # or ClusterSecretStore
|
||||
|
||||
# Target Secret configuration
|
||||
target:
|
||||
name: api7-credentials
|
||||
creationPolicy: Owner
|
||||
template:
|
||||
type: Opaque
|
||||
data:
|
||||
# Map external secret keys to Kubernetes secret keys
|
||||
admin-url: "{{ .adminUrl }}"
|
||||
admin-key: "{{ .adminKey }}"
|
||||
gateway-group: "{{ .group }}"
|
||||
|
||||
# Data to fetch from external provider
|
||||
data:
|
||||
- secretKey: adminUrl
|
||||
remoteRef:
|
||||
key: api7/gateway # Path in external secret store
|
||||
property: admin_url # Property name
|
||||
|
||||
- secretKey: adminKey
|
||||
remoteRef:
|
||||
key: api7/gateway
|
||||
property: admin_key
|
||||
|
||||
- secretKey: group
|
||||
remoteRef:
|
||||
key: api7/gateway
|
||||
property: gateway_group
|
||||
|
||||
---
|
||||
# Example SecretStore for AWS Secrets Manager
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: SecretStore
|
||||
metadata:
|
||||
name: aws-secretsmanager
|
||||
namespace: api7ee
|
||||
spec:
|
||||
provider:
|
||||
aws:
|
||||
service: SecretsManager
|
||||
region: us-east-1
|
||||
auth:
|
||||
jwt:
|
||||
serviceAccountRef:
|
||||
name: external-secrets-sa
|
||||
|
||||
---
|
||||
# Example SecretStore for HashiCorp Vault
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: SecretStore
|
||||
metadata:
|
||||
name: vault-backend
|
||||
namespace: api7ee
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: "https://vault.example.com"
|
||||
path: "secret"
|
||||
version: "v2"
|
||||
auth:
|
||||
kubernetes:
|
||||
mountPath: "kubernetes"
|
||||
role: "api7-role"
|
||||
serviceAccountRef:
|
||||
name: api7ee-demo-api7ee-demo-k8s
|
||||
|
||||
---
|
||||
# Example SecretStore for Azure Key Vault
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: SecretStore
|
||||
metadata:
|
||||
name: azure-keyvault
|
||||
namespace: api7ee
|
||||
spec:
|
||||
provider:
|
||||
azurekv:
|
||||
vaultUrl: "https://my-vault.vault.azure.net"
|
||||
authType: WorkloadIdentity
|
||||
serviceAccountRef:
|
||||
name: api7ee-demo-api7ee-demo-k8s
|
||||
|
||||
---
|
||||
# Example SecretStore for GCP Secret Manager
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: SecretStore
|
||||
metadata:
|
||||
name: gcp-secretmanager
|
||||
namespace: api7ee
|
||||
spec:
|
||||
provider:
|
||||
gcpsm:
|
||||
projectID: "my-project"
|
||||
auth:
|
||||
workloadIdentity:
|
||||
clusterLocation: us-central1
|
||||
clusterName: my-cluster
|
||||
serviceAccountRef:
|
||||
name: api7ee-demo-api7ee-demo-k8s
|
||||
Reference in New Issue
Block a user