Rename Helm chart to api7ee-demo-k8s
- Changed chart name from api7ee to api7ee-demo-k8s in Chart.yaml
- Renamed helm/api7ee directory to helm/api7ee-demo-k8s
- Updated all references in build.yml workflow
- Updated all references in helm-release.yml workflow
- Updated main README.md with new chart name
- Updated Helm chart README with new chart name
- Verified all old references have been replaced
- Chart packages correctly as api7ee-demo-k8s-{version}.tgz
This commit is contained in:
d.viti
217
helm/api7ee-demo-k8s/README.md
Normal file
217
helm/api7ee-demo-k8s/README.md
Normal file
@@ -0,0 +1,217 @@
|
||||
# API7 Enterprise Edition Helm Chart
|
||||
|
||||
This Helm chart deploys the API7 Enterprise Edition demo application, consisting of a Web frontend and API backend service.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.19+
|
||||
- Helm 3.8.0+
|
||||
- PV provisioner support in the underlying infrastructure (optional)
|
||||
- Ingress controller (e.g., NGINX Ingress Controller)
|
||||
|
||||
## Installation
|
||||
|
||||
### Add the Helm repository (if published)
|
||||
|
||||
```bash
|
||||
helm repo add api7ee https://git.commandware.com/api/packages/demos/helm
|
||||
helm repo update
|
||||
```
|
||||
|
||||
### Install the chart
|
||||
|
||||
```bash
|
||||
# Install with default values
|
||||
helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s
|
||||
|
||||
# Install in a specific namespace
|
||||
helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s --namespace api7ee --create-namespace
|
||||
|
||||
# Install with custom values file
|
||||
helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s -f custom-values.yaml
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
### API7 Gateway Integration
|
||||
|
||||
This Helm chart includes automatic API7 Gateway configuration using ADC (API7 Declarative CLI). When `api7.enabled` is set to `true`, the chart will:
|
||||
|
||||
1. **Deploy ADC Configuration**: Creates routes, services, and upstreams for your applications
|
||||
2. **Configure TLS/SSL**: Manages certificates via cert-manager or custom certificates
|
||||
3. **Enable Service Discovery**: Uses Kubernetes native service discovery
|
||||
4. **Apply Security Policies**: Configures rate limiting, CORS, and authentication
|
||||
5. **Auto-publish Routes**: Optionally publishes routes automatically after deployment
|
||||
|
||||
### Key Configuration Options
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------|-------------|---------|
|
||||
| `web.enabled` | Enable Web component | `true` |
|
||||
| `web.replicaCount` | Number of Web replicas | `2` |
|
||||
| `web.image.repository` | Web image repository | `api7ee/web` |
|
||||
| `web.image.tag` | Web image tag | `main` |
|
||||
| `web.service.port` | Web service port | `8000` |
|
||||
| `api.enabled` | Enable API component | `true` |
|
||||
| `api.replicaCount` | Number of API replicas | `3` |
|
||||
| `api.image.repository` | API image repository | `api7ee/api` |
|
||||
| `api.image.tag` | API image tag | `main` |
|
||||
| `api.service.port` | API service port | `8080` |
|
||||
| `ingress.enabled` | Enable ingress | `true` |
|
||||
| `ingress.hosts[0].host` | Ingress hostname | `demo.commandware.it` |
|
||||
| `api7.enabled` | Enable API7 ADC configuration | `true` |
|
||||
| `api7.gateway.adminUrl` | API7 Gateway Admin API URL | `http://api7-gateway.api7ee:9180` |
|
||||
| `api7.hosts` | Hosts for API7 routing | `[demo.commandware.it]` |
|
||||
| `api7.tls.certManager.enabled` | Use cert-manager for TLS | `true` |
|
||||
| `api7.autoPublish` | Auto-publish routes | `true` |
|
||||
|
||||
### Custom Values Examples
|
||||
|
||||
#### Configure API7 Gateway:
|
||||
|
||||
```yaml
|
||||
api7:
|
||||
enabled: true
|
||||
gateway:
|
||||
adminUrl: http://your-api7-gateway:9180
|
||||
adminKey: "your-admin-key-here"
|
||||
group: production
|
||||
hosts:
|
||||
- api.yourdomain.com
|
||||
tls:
|
||||
certManager:
|
||||
enabled: true
|
||||
issuer: letsencrypt-prod
|
||||
plugins:
|
||||
rateLimit:
|
||||
enabled: true
|
||||
count: 1000
|
||||
timeWindow: 60
|
||||
auth:
|
||||
enabled: true
|
||||
consumers:
|
||||
- username: api-client
|
||||
apiKey: secure-api-key-12345
|
||||
```
|
||||
|
||||
#### Using a private registry:
|
||||
|
||||
```yaml
|
||||
global:
|
||||
imageRegistry: my-registry.example.com
|
||||
imagePullSecrets:
|
||||
- name: my-registry-secret
|
||||
```
|
||||
|
||||
#### Enabling autoscaling:
|
||||
|
||||
```yaml
|
||||
web:
|
||||
autoscaling:
|
||||
enabled: true
|
||||
minReplicas: 2
|
||||
maxReplicas: 10
|
||||
targetCPUUtilizationPercentage: 70
|
||||
```
|
||||
|
||||
#### Custom resource limits:
|
||||
|
||||
```yaml
|
||||
api:
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 2Gi
|
||||
requests:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
```
|
||||
|
||||
## Upgrading
|
||||
|
||||
```bash
|
||||
# Upgrade to a new version
|
||||
helm upgrade my-api7ee ./helm/api7ee-demo-k8s-demo-k8s
|
||||
|
||||
# Upgrade with new values
|
||||
helm upgrade my-api7ee ./helm/api7ee-demo-k8s-demo-k8s --set web.replicaCount=3
|
||||
```
|
||||
|
||||
## Uninstallation
|
||||
|
||||
```bash
|
||||
# Uninstall the release
|
||||
helm uninstall my-api7ee
|
||||
|
||||
# Uninstall from a specific namespace
|
||||
helm uninstall my-api7ee --namespace api7ee
|
||||
```
|
||||
|
||||
## Monitoring
|
||||
|
||||
If metrics are enabled, the services expose Prometheus-compatible metrics:
|
||||
|
||||
```yaml
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
interval: 30s
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### API7 ADC Sync Issues
|
||||
|
||||
If the ADC sync job fails:
|
||||
|
||||
```bash
|
||||
# Check the job status
|
||||
kubectl get jobs -l app.kubernetes.io/instance=my-api7ee
|
||||
|
||||
# View job logs
|
||||
kubectl logs job/my-api7ee-adc-sync
|
||||
|
||||
# Manually run ADC sync
|
||||
kubectl run adc-debug --rm -it --image=ghcr.io/api7/adc:latest -- /bin/sh
|
||||
```
|
||||
|
||||
### Verify API7 Configuration
|
||||
|
||||
```bash
|
||||
# Check if routes are configured
|
||||
curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/routes
|
||||
|
||||
# Check service discovery
|
||||
curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/upstreams
|
||||
```
|
||||
|
||||
### Check deployment status:
|
||||
```bash
|
||||
kubectl get deployments -l app.kubernetes.io/instance=my-api7ee
|
||||
```
|
||||
|
||||
### View logs:
|
||||
```bash
|
||||
# Web component logs
|
||||
kubectl logs -l app.kubernetes.io/instance=my-api7ee,app.kubernetes.io/component=web
|
||||
|
||||
# API component logs
|
||||
kubectl logs -l app.kubernetes.io/instance=my-api7ee,app.kubernetes.io/component=api
|
||||
```
|
||||
|
||||
### Check HPA status:
|
||||
```bash
|
||||
kubectl get hpa -l app.kubernetes.io/instance=my-api7ee
|
||||
```
|
||||
|
||||
## Security Considerations
|
||||
|
||||
- Pod Security Context is configured to run as non-root user (UID 1000)
|
||||
- Security Context drops all capabilities and prevents privilege escalation
|
||||
- Read-only root filesystem is enabled
|
||||
- Network policies can be enabled to restrict traffic
|
||||
|
||||
## Support
|
||||
|
||||
For issues and questions, please contact support@commandware.com or visit https://git.commandware.com/demos/api7-demo
|
||||
Reference in New Issue
Block a user