Add API7 ADC integration to Helm chart for automatic gateway configuration

- Added ADC (API7 Declarative CLI) post-install job for automatic gateway setup - Created ConfigMap with complete API7 routing and service configuration - Integrated cert-manager for automatic TLS certificate management - Added support for Kubernetes service discovery - Implemented auto-publish feature for routes after deployment - Added comprehensive API7 plugin configurations (rate limiting, CORS, auth) - Created RBAC resources for ADC job to access cluster resources - Secured admin credentials using Kubernetes secrets - Updated values.yaml with extensive API7 configuration options - Enhanced documentation with API7 setup and troubleshooting guides
2025-10-03 02:04:35 +02:00
parent d818ee6600
commit fd832e9b42
7 changed files with 590 additions and 1 deletions
--- a/helm/api7ee/README.md
+++ b/helm/api7ee/README.md
@@ -33,6 +33,16 @@ helm install my-api7ee ./helm/api7ee -f custom-values.yaml

 ## Configuration

+### API7 Gateway Integration
+
+This Helm chart includes automatic API7 Gateway configuration using ADC (API7 Declarative CLI). When `api7.enabled` is set to `true`, the chart will:
+
+1. **Deploy ADC Configuration**: Creates routes, services, and upstreams for your applications
+2. **Configure TLS/SSL**: Manages certificates via cert-manager or custom certificates
+3. **Enable Service Discovery**: Uses Kubernetes native service discovery
+4. **Apply Security Policies**: Configures rate limiting, CORS, and authentication
+5. **Auto-publish Routes**: Optionally publishes routes automatically after deployment
+
 ### Key Configuration Options

 | Parameter | Description | Default |
@@ -49,9 +59,41 @@ helm install my-api7ee ./helm/api7ee -f custom-values.yaml
 | `api.service.port` | API service port | `8080` |
 | `ingress.enabled` | Enable ingress | `true` |
 | `ingress.hosts[0].host` | Ingress hostname | `demo.commandware.it` |
+| `api7.enabled` | Enable API7 ADC configuration | `true` |
+| `api7.gateway.adminUrl` | API7 Gateway Admin API URL | `http://api7-gateway.api7ee:9180` |
+| `api7.hosts` | Hosts for API7 routing | `[demo.commandware.it]` |
+| `api7.tls.certManager.enabled` | Use cert-manager for TLS | `true` |
+| `api7.autoPublish` | Auto-publish routes | `true` |

 ### Custom Values Examples

+#### Configure API7 Gateway:
+
+```yaml
+api7:
+  enabled: true
+  gateway:
+    adminUrl: http://your-api7-gateway:9180
+    adminKey: "your-admin-key-here"
+    group: production
+  hosts:
+    - api.yourdomain.com
+  tls:
+    certManager:
+      enabled: true
+      issuer: letsencrypt-prod
+  plugins:
+    rateLimit:
+      enabled: true
+      count: 1000
+      timeWindow: 60
+    auth:
+      enabled: true
+  consumers:
+    - username: api-client
+      apiKey: secure-api-key-12345
+```
+
 #### Using a private registry:

 ```yaml
@@ -119,6 +161,31 @@ metrics:

 ## Troubleshooting

+### API7 ADC Sync Issues
+
+If the ADC sync job fails:
+
+```bash
+# Check the job status
+kubectl get jobs -l app.kubernetes.io/instance=my-api7ee
+
+# View job logs
+kubectl logs job/my-api7ee-adc-sync
+
+# Manually run ADC sync
+kubectl run adc-debug --rm -it --image=ghcr.io/api7/adc:latest -- /bin/sh
+```
+
+### Verify API7 Configuration
+
+```bash
+# Check if routes are configured
+curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/routes
+
+# Check service discovery
+curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/upstreams
+```
+
 ### Check deployment status:
 ```bash
 kubectl get deployments -l app.kubernetes.io/instance=my-api7ee