Update Helm values with correct API7 cluster configuration

- Updated API7 gateway admin URL to use actual DP Manager service
- Changed hosts to api7-demo.commandware.it (matching wildcard ingress)
- Updated cert-manager issuer to cloudflare-acme-prod (existing in cluster)
- Added gatewayService reference to actual gateway service name
- Configured development values with API7 disabled for local testing
- Enhanced production values with proper domains and security settings
- Added support for multiple production domains
- Configured proper rate limits and auth for production

helm/api7ee/values-dev.yaml

@@ -62,3 +62,19 @@ securityContext:
   readOnlyRootFilesystem: false
   runAsNonRoot: false
   runAsUser: 0
+
+# API7 configuration for development
+api7:
+  enabled: false  # Disable API7 ADC in dev to simplify local testing
+  gateway:
+    adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
+    adminKey: "dev-admin-key"  # Use different key for dev
+  hosts:
+    - api7-demo-dev.commandware.it
+  tls:
+    enabled: false  # No TLS in dev
+  plugins:
+    rateLimit:
+      enabled: false  # No rate limiting in dev
+    auth:
+      enabled: false  # No auth in dev for easier testing

helm/api7ee/values-production.yaml

@@ -70,3 +70,36 @@ metrics:
 
 networkPolicy:
   enabled: true
+
+# API7 configuration for production
+api7:
+  enabled: true
+  gateway:
+    adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
+    adminKey: "${API7_ADMIN_KEY}"  # Should be provided via secret in production
+    gatewayService: gateway-0-1759393614-gateway
+  hosts:
+    - api7-demo.commandware.it
+    - api7-demo.commandware.com  # Additional production domain
+  tls:
+    enabled: true
+    certManager:
+      enabled: true
+      issuer: cloudflare-acme-prod
+  plugins:
+    rateLimit:
+      enabled: true
+      count: 1000  # Higher limits for production
+      timeWindow: 60
+      apiCount: 10000  # Much higher for API endpoints
+    cors:
+      enabled: true
+      allowOrigins: ["https://api7-demo.commandware.it", "https://api7-demo.commandware.com"]
+      allowCredentials: true
+    auth:
+      enabled: true  # Enable auth in production
+    prometheus:
+      enabled: true
+    logging:
+      enabled: true
+      endpoint: http://logging-service.monitoring:8080/logs

helm/api7ee/values.yaml

@@ -14,10 +14,10 @@ web:
   replicaCount: 2
 
   image:
-    registry: gitea.server_url  # Will be replaced with actual Gitea URL
-    repository: api7ee/web
+    registry: gitea.server_url # Will be replaced with actual Gitea URL
+    repository: demos/api7-demo/web
     pullPolicy: IfNotPresent
-    tag: "main"  # Override with specific version
+    tag: "main" # Override with specific version
 
   service:
     type: ClusterIP
@@ -68,10 +68,10 @@ api:
   replicaCount: 3
 
   image:
-    registry: gitea.server_url  # Will be replaced with actual Gitea URL
-    repository: api7ee/api
+    registry: gitea.server_url # Will be replaced with actual Gitea URL
+    repository: demos/api7-demo/api
     pullPolicy: IfNotPresent
-    tag: "main"  # Override with specific version
+    tag: "main" # Override with specific version
 
   service:
     type: ClusterIP
@@ -124,22 +124,22 @@ ingress:
   className: "nginx"
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    cert-manager.io/cluster-issuer: "cloudflare-acme-prod"
 
   hosts:
-    - host: demo.commandware.it
+    - host: api7-demo.commandware.it
       paths:
         - path: /
           pathType: Prefix
-          service: web  # Routes to web service
+          service: web # Routes to web service
         - path: /api
           pathType: Prefix
-          service: api  # Routes to API service
+          service: api # Routes to API service
 
   tls:
     - secretName: api7ee-tls
       hosts:
-        - demo.commandware.it
+        - api7-demo.commandware.it
 
 # ServiceAccount configuration
 serviceAccount:
@@ -158,7 +158,7 @@ securityContext:
   allowPrivilegeEscalation: false
   capabilities:
     drop:
-    - ALL
+      - ALL
   readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 1000
@@ -198,20 +198,23 @@ secrets:
 
 # API7 Gateway Configuration
 api7:
-  enabled: true  # Enable API7 ADC configuration
+  enabled: true # Enable API7 ADC configuration
 
   # ADC Container settings
   adc:
     image: ghcr.io/api7/adc:latest
     imagePullPolicy: IfNotPresent
     verbose: true
-    tlsSkipVerify: false  # Set to true for self-signed certificates
+    tlsSkipVerify: false # Set to true for self-signed certificates
 
   # API7 Gateway connection
   gateway:
-    adminUrl: http://api7-gateway.api7ee.svc.cluster.local:9180
-    adminKey: "edd1c9f034335f136f87ad84b625c8f1"  # Change this!
+    # Use the actual DP Manager service for admin API
+    adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
+    adminKey: "edd1c9f034335f136f87ad84b625c8f1" # Change this!
     group: default
+    # Gateway service for traffic routing
+    gatewayService: gateway-0-1759393614-gateway
 
   # Backend type (api7ee or apisix)
   backend: api7ee
@@ -219,9 +222,9 @@ api7:
   # Auto-publish routes after sync
   autoPublish: true
 
-  # Hosts for routing
+  # Hosts for routing (using wildcard domain from existing ingress)
   hosts:
-    - demo.commandware.it
+    - api7-demo.commandware.it
 
   # TLS/SSL Configuration
   tls:
@@ -229,18 +232,18 @@ api7:
     # Option 1: Use cert-manager
     certManager:
       enabled: true
-      issuer: letsencrypt-prod  # ClusterIssuer name
-      issuerKind: ClusterIssuer  # or Issuer
+      issuer: cloudflare-acme-prod # ClusterIssuer name
+      issuerKind: ClusterIssuer # or Issuer
     # Option 2: Use existing secret
-    secretName: ""  # Name of existing TLS secret
+    secretName: "" # Name of existing TLS secret
     # Option 3: Provide certificates directly (not recommended for production)
     certificate: ""
     key: ""
 
   # Service Discovery
   serviceDiscovery:
-    enabled: true  # Use Kubernetes service discovery
-    namespace: ""  # Leave empty to use release namespace
+    enabled: true # Use Kubernetes service discovery
+    namespace: "" # Leave empty to use release namespace
 
   # API7 Plugins Configuration
   plugins:
@@ -249,7 +252,7 @@ api7:
       enabled: true
       count: 100
       timeWindow: 60
-      apiCount: 1000  # Higher limit for API endpoints
+      apiCount: 1000 # Higher limit for API endpoints
 
     # CORS configuration
     cors: