diff --git a/helm/api7ee/values-dev.yaml b/helm/api7ee/values-dev.yaml index 08fa527..a3a8a94 100644 --- a/helm/api7ee/values-dev.yaml +++ b/helm/api7ee/values-dev.yaml @@ -61,4 +61,20 @@ securityContext: allowPrivilegeEscalation: true readOnlyRootFilesystem: false runAsNonRoot: false - runAsUser: 0 \ No newline at end of file + runAsUser: 0 + +# API7 configuration for development +api7: + enabled: false # Disable API7 ADC in dev to simplify local testing + gateway: + adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900 + adminKey: "dev-admin-key" # Use different key for dev + hosts: + - api7-demo-dev.commandware.it + tls: + enabled: false # No TLS in dev + plugins: + rateLimit: + enabled: false # No rate limiting in dev + auth: + enabled: false # No auth in dev for easier testing \ No newline at end of file diff --git a/helm/api7ee/values-production.yaml b/helm/api7ee/values-production.yaml index 2c13ec5..fd41cd5 100644 --- a/helm/api7ee/values-production.yaml +++ b/helm/api7ee/values-production.yaml @@ -69,4 +69,37 @@ metrics: interval: 15s networkPolicy: - enabled: true \ No newline at end of file + enabled: true + +# API7 configuration for production +api7: + enabled: true + gateway: + adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900 + adminKey: "${API7_ADMIN_KEY}" # Should be provided via secret in production + gatewayService: gateway-0-1759393614-gateway + hosts: + - api7-demo.commandware.it + - api7-demo.commandware.com # Additional production domain + tls: + enabled: true + certManager: + enabled: true + issuer: cloudflare-acme-prod + plugins: + rateLimit: + enabled: true + count: 1000 # Higher limits for production + timeWindow: 60 + apiCount: 10000 # Much higher for API endpoints + cors: + enabled: true + allowOrigins: ["https://api7-demo.commandware.it", "https://api7-demo.commandware.com"] + allowCredentials: true + auth: + enabled: true # Enable auth in production + prometheus: + enabled: true + logging: + enabled: true + endpoint: http://logging-service.monitoring:8080/logs \ No newline at end of file diff --git a/helm/api7ee/values.yaml b/helm/api7ee/values.yaml index 75ef92c..37d1739 100644 --- a/helm/api7ee/values.yaml +++ b/helm/api7ee/values.yaml @@ -14,10 +14,10 @@ web: replicaCount: 2 image: - registry: gitea.server_url # Will be replaced with actual Gitea URL - repository: api7ee/web + registry: gitea.server_url # Will be replaced with actual Gitea URL + repository: demos/api7-demo/web pullPolicy: IfNotPresent - tag: "main" # Override with specific version + tag: "main" # Override with specific version service: type: ClusterIP @@ -68,10 +68,10 @@ api: replicaCount: 3 image: - registry: gitea.server_url # Will be replaced with actual Gitea URL - repository: api7ee/api + registry: gitea.server_url # Will be replaced with actual Gitea URL + repository: demos/api7-demo/api pullPolicy: IfNotPresent - tag: "main" # Override with specific version + tag: "main" # Override with specific version service: type: ClusterIP @@ -124,22 +124,22 @@ ingress: className: "nginx" annotations: nginx.ingress.kubernetes.io/rewrite-target: / - cert-manager.io/cluster-issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "cloudflare-acme-prod" hosts: - - host: demo.commandware.it + - host: api7-demo.commandware.it paths: - path: / pathType: Prefix - service: web # Routes to web service + service: web # Routes to web service - path: /api pathType: Prefix - service: api # Routes to API service + service: api # Routes to API service tls: - secretName: api7ee-tls hosts: - - demo.commandware.it + - api7-demo.commandware.it # ServiceAccount configuration serviceAccount: @@ -158,7 +158,7 @@ securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 @@ -198,20 +198,23 @@ secrets: # API7 Gateway Configuration api7: - enabled: true # Enable API7 ADC configuration + enabled: true # Enable API7 ADC configuration # ADC Container settings adc: image: ghcr.io/api7/adc:latest imagePullPolicy: IfNotPresent verbose: true - tlsSkipVerify: false # Set to true for self-signed certificates + tlsSkipVerify: false # Set to true for self-signed certificates # API7 Gateway connection gateway: - adminUrl: http://api7-gateway.api7ee.svc.cluster.local:9180 - adminKey: "edd1c9f034335f136f87ad84b625c8f1" # Change this! + # Use the actual DP Manager service for admin API + adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900 + adminKey: "edd1c9f034335f136f87ad84b625c8f1" # Change this! group: default + # Gateway service for traffic routing + gatewayService: gateway-0-1759393614-gateway # Backend type (api7ee or apisix) backend: api7ee @@ -219,9 +222,9 @@ api7: # Auto-publish routes after sync autoPublish: true - # Hosts for routing + # Hosts for routing (using wildcard domain from existing ingress) hosts: - - demo.commandware.it + - api7-demo.commandware.it # TLS/SSL Configuration tls: @@ -229,18 +232,18 @@ api7: # Option 1: Use cert-manager certManager: enabled: true - issuer: letsencrypt-prod # ClusterIssuer name - issuerKind: ClusterIssuer # or Issuer + issuer: cloudflare-acme-prod # ClusterIssuer name + issuerKind: ClusterIssuer # or Issuer # Option 2: Use existing secret - secretName: "" # Name of existing TLS secret + secretName: "" # Name of existing TLS secret # Option 3: Provide certificates directly (not recommended for production) certificate: "" key: "" # Service Discovery serviceDiscovery: - enabled: true # Use Kubernetes service discovery - namespace: "" # Leave empty to use release namespace + enabled: true # Use Kubernetes service discovery + namespace: "" # Leave empty to use release namespace # API7 Plugins Configuration plugins: @@ -249,7 +252,7 @@ api7: enabled: true count: 100 timeWindow: 60 - apiCount: 1000 # Higher limit for API endpoints + apiCount: 1000 # Higher limit for API endpoints # CORS configuration cors: @@ -282,4 +285,4 @@ api7: - username: demo-user apiKey: demo-key-12345 - username: admin - apiKey: admin-key-67890 \ No newline at end of file + apiKey: admin-key-67890