Update Helm values with correct API7 cluster configuration

- Updated API7 gateway admin URL to use actual DP Manager service - Changed hosts to api7-demo.commandware.it (matching wildcard ingress) - Updated cert-manager issuer to cloudflare-acme-prod (existing in cluster) - Added gatewayService reference to actual gateway service name - Configured development values with API7 disabled for local testing - Enhanced production values with proper domains and security settings - Added support for multiple production domains - Configured proper rate limits and auth for production
2025-10-03 02:21:33 +02:00
parent e9528217f8
commit cf2b786738
3 changed files with 79 additions and 27 deletions
--- a/helm/api7ee/values-dev.yaml
+++ b/helm/api7ee/values-dev.yaml
@@ -62,3 +62,19 @@ securityContext:
  readOnlyRootFilesystem: false
  runAsNonRoot: false
  runAsUser: 0
+
+# API7 configuration for development
+api7:
+  enabled: false  # Disable API7 ADC in dev to simplify local testing
+  gateway:
+    adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
+    adminKey: "dev-admin-key"  # Use different key for dev
+  hosts:
+    - api7-demo-dev.commandware.it
+  tls:
+    enabled: false  # No TLS in dev
+  plugins:
+    rateLimit:
+      enabled: false  # No rate limiting in dev
+    auth:
+      enabled: false  # No auth in dev for easier testing
--- a/helm/api7ee/values-production.yaml
+++ b/helm/api7ee/values-production.yaml
@@ -70,3 +70,36 @@ metrics:

 networkPolicy:
  enabled: true
+
+# API7 configuration for production
+api7:
+  enabled: true
+  gateway:
+    adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
+    adminKey: "${API7_ADMIN_KEY}"  # Should be provided via secret in production
+    gatewayService: gateway-0-1759393614-gateway
+  hosts:
+    - api7-demo.commandware.it
+    - api7-demo.commandware.com  # Additional production domain
+  tls:
+    enabled: true
+    certManager:
+      enabled: true
+      issuer: cloudflare-acme-prod
+  plugins:
+    rateLimit:
+      enabled: true
+      count: 1000  # Higher limits for production
+      timeWindow: 60
+      apiCount: 10000  # Much higher for API endpoints
+    cors:
+      enabled: true
+      allowOrigins: ["https://api7-demo.commandware.it", "https://api7-demo.commandware.com"]
+      allowCredentials: true
+    auth:
+      enabled: true  # Enable auth in production
+    prometheus:
+      enabled: true
+    logging:
+      enabled: true
+      endpoint: http://logging-service.monitoring:8080/logs
--- a/helm/api7ee/values.yaml
+++ b/helm/api7ee/values.yaml
@@ -15,7 +15,7 @@ web:

  image:
    registry: gitea.server_url # Will be replaced with actual Gitea URL
-    repository: api7ee/web
+    repository: demos/api7-demo/web
    pullPolicy: IfNotPresent
    tag: "main" # Override with specific version

@@ -69,7 +69,7 @@ api:

  image:
    registry: gitea.server_url # Will be replaced with actual Gitea URL
-    repository: api7ee/api
+    repository: demos/api7-demo/api
    pullPolicy: IfNotPresent
    tag: "main" # Override with specific version

@@ -124,10 +124,10 @@ ingress:
  className: "nginx"
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "cloudflare-acme-prod"

  hosts:
-    - host: demo.commandware.it
+    - host: api7-demo.commandware.it
      paths:
        - path: /
          pathType: Prefix
@@ -139,7 +139,7 @@ ingress:
  tls:
    - secretName: api7ee-tls
      hosts:
-        - demo.commandware.it
+        - api7-demo.commandware.it

 # ServiceAccount configuration
 serviceAccount:
@@ -209,9 +209,12 @@ api7:

  # API7 Gateway connection
  gateway:
-    adminUrl: http://api7-gateway.api7ee.svc.cluster.local:9180
+    # Use the actual DP Manager service for admin API
+    adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
    adminKey: "edd1c9f034335f136f87ad84b625c8f1" # Change this!
    group: default
+    # Gateway service for traffic routing
+    gatewayService: gateway-0-1759393614-gateway

  # Backend type (api7ee or apisix)
  backend: api7ee
@@ -219,9 +222,9 @@ api7:
  # Auto-publish routes after sync
  autoPublish: true

-  # Hosts for routing
+  # Hosts for routing (using wildcard domain from existing ingress)
  hosts:
-    - demo.commandware.it
+    - api7-demo.commandware.it

  # TLS/SSL Configuration
  tls:
@@ -229,7 +232,7 @@ api7:
    # Option 1: Use cert-manager
    certManager:
      enabled: true
-      issuer: letsencrypt-prod  # ClusterIssuer name
+      issuer: cloudflare-acme-prod # ClusterIssuer name
      issuerKind: ClusterIssuer # or Issuer
    # Option 2: Use existing secret
    secretName: "" # Name of existing TLS secret