demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Helm values with correct API7 cluster configuration

Browse Source 
- Updated API7 gateway admin URL to use actual DP Manager service
- Changed hosts to api7-demo.commandware.it (matching wildcard ingress)
- Updated cert-manager issuer to cloudflare-acme-prod (existing in cluster)
- Added gatewayService reference to actual gateway service name
- Configured development values with API7 disabled for local testing
- Enhanced production values with proper domains and security settings
- Added support for multiple production domains
- Configured proper rate limits and auth for production
This commit is contained in:
d.viti
2025-10-03 02:21:33 +02:00
parent e9528217f8
commit cf2b786738
3 changed files with 79 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
helm/api7ee/values-dev.yaml
View File

@@ -62,3 +62,19 @@ securityContext:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
runAsNonRoot: false runAsNonRoot: false
runAsUser: 0 runAsUser: 0
# API7 configuration for development
api7:
enabled: false # Disable API7 ADC in dev to simplify local testing
gateway:
adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
adminKey: "dev-admin-key" # Use different key for dev
hosts:
- api7-demo-dev.commandware.it
tls:
enabled: false # No TLS in dev
plugins:
rateLimit:
enabled: false # No rate limiting in dev
auth:
enabled: false # No auth in dev for easier testing

33
helm/api7ee/values-production.yaml
View File

@@ -70,3 +70,36 @@ metrics:
networkPolicy: networkPolicy:
enabled: true enabled: true
# API7 configuration for production
api7:
enabled: true
gateway:
adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
adminKey: "${API7_ADMIN_KEY}" # Should be provided via secret in production
gatewayService: gateway-0-1759393614-gateway
hosts:
- api7-demo.commandware.it
- api7-demo.commandware.com # Additional production domain
tls:
enabled: true
certManager:
enabled: true
issuer: cloudflare-acme-prod
plugins:
rateLimit:
enabled: true
count: 1000 # Higher limits for production
timeWindow: 60
apiCount: 10000 # Much higher for API endpoints
cors:
enabled: true
allowOrigins: ["https://api7-demo.commandware.it", "https://api7-demo.commandware.com"]
allowCredentials: true
auth:
enabled: true # Enable auth in production
prometheus:
enabled: true
logging:
enabled: true
endpoint: http://logging-service.monitoring:8080/logs

51
helm/api7ee/values.yaml
View File

@@ -14,10 +14,10 @@ web:
replicaCount: 2 replicaCount: 2
image: image:
registry: gitea.server_url # Will be replaced with actual Gitea URL registry: gitea.server_url # Will be replaced with actual Gitea URL
repository: api7ee/web repository: demos/api7-demo/web
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: "main" # Override with specific version tag: "main" # Override with specific version
service: service:
type: ClusterIP type: ClusterIP
@@ -68,10 +68,10 @@ api:
replicaCount: 3 replicaCount: 3
image: image:
registry: gitea.server_url # Will be replaced with actual Gitea URL registry: gitea.server_url # Will be replaced with actual Gitea URL
repository: api7ee/api repository: demos/api7-demo/api
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: "main" # Override with specific version tag: "main" # Override with specific version
service: service:
type: ClusterIP type: ClusterIP
@@ -124,22 +124,22 @@ ingress:
className: "nginx" className: "nginx"
annotations: annotations:
nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "cloudflare-acme-prod"
hosts: hosts:
- host: demo.commandware.it - host: api7-demo.commandware.it
paths: paths:
- path: / - path: /
pathType: Prefix pathType: Prefix
service: web # Routes to web service service: web # Routes to web service
- path: /api - path: /api
pathType: Prefix pathType: Prefix
service: api # Routes to API service service: api # Routes to API service
tls: tls:
- secretName: api7ee-tls - secretName: api7ee-tls
hosts: hosts:
- demo.commandware.it - api7-demo.commandware.it
# ServiceAccount configuration # ServiceAccount configuration
serviceAccount: serviceAccount:
@@ -158,7 +158,7 @@ securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: drop:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
@@ -198,20 +198,23 @@ secrets:
# API7 Gateway Configuration # API7 Gateway Configuration
api7: api7:
enabled: true # Enable API7 ADC configuration enabled: true # Enable API7 ADC configuration
# ADC Container settings # ADC Container settings
adc: adc:
image: ghcr.io/api7/adc:latest image: ghcr.io/api7/adc:latest
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
verbose: true verbose: true
tlsSkipVerify: false # Set to true for self-signed certificates tlsSkipVerify: false # Set to true for self-signed certificates
# API7 Gateway connection # API7 Gateway connection
gateway: gateway:
adminUrl: http://api7-gateway.api7ee.svc.cluster.local:9180 # Use the actual DP Manager service for admin API
adminKey: "edd1c9f034335f136f87ad84b625c8f1" # Change this! adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
adminKey: "edd1c9f034335f136f87ad84b625c8f1" # Change this!
group: default group: default
# Gateway service for traffic routing
gatewayService: gateway-0-1759393614-gateway
# Backend type (api7ee or apisix) # Backend type (api7ee or apisix)
backend: api7ee backend: api7ee
@@ -219,9 +222,9 @@ api7:
# Auto-publish routes after sync # Auto-publish routes after sync
autoPublish: true autoPublish: true
# Hosts for routing # Hosts for routing (using wildcard domain from existing ingress)
hosts: hosts:
- demo.commandware.it - api7-demo.commandware.it
# TLS/SSL Configuration # TLS/SSL Configuration
tls: tls:
@@ -229,18 +232,18 @@ api7:
# Option 1: Use cert-manager # Option 1: Use cert-manager
certManager: certManager:
enabled: true enabled: true
issuer: letsencrypt-prod # ClusterIssuer name issuer: cloudflare-acme-prod # ClusterIssuer name
issuerKind: ClusterIssuer # or Issuer issuerKind: ClusterIssuer # or Issuer
# Option 2: Use existing secret # Option 2: Use existing secret
secretName: "" # Name of existing TLS secret secretName: "" # Name of existing TLS secret
# Option 3: Provide certificates directly (not recommended for production) # Option 3: Provide certificates directly (not recommended for production)
certificate: "" certificate: ""
key: "" key: ""
# Service Discovery # Service Discovery
serviceDiscovery: serviceDiscovery:
enabled: true # Use Kubernetes service discovery enabled: true # Use Kubernetes service discovery
namespace: "" # Leave empty to use release namespace namespace: "" # Leave empty to use release namespace
# API7 Plugins Configuration # API7 Plugins Configuration
plugins: plugins:
@@ -249,7 +252,7 @@ api7:
enabled: true enabled: true
count: 100 count: 100
timeWindow: 60 timeWindow: 60
apiCount: 1000 # Higher limit for API endpoints apiCount: 1000 # Higher limit for API endpoints
# CORS configuration # CORS configuration
cors: cors: