Reorganized documentation to be part of MkDocs site with three new
comprehensive guides covering API7 Gateway configuration.
Changes:
1. Documentation Structure:
- Moved SECRET-MANAGEMENT.md from helm/ to web/docs/
- Created service-discovery.md with complete guide
- Created ingress-routing.md with routing architecture
- Moved externalsecret examples to web/docs/examples/
2. New Documentation - Service Discovery:
- How service discovery works (architecture diagram)
- Benefits vs static configuration
- Configuration examples
- RBAC requirements
- Advanced use cases (auto-scaling, rolling updates)
- Load balancing algorithms
- Monitoring and troubleshooting
- Best practices
3. New Documentation - Ingress & Routing:
- Complete traffic flow architecture
- Ingress configuration explained
- Gateway routing rules and priority
- URI matching patterns (prefix, exact, regex)
- TLS/SSL with cert-manager
- Advanced routing scenarios:
* Multiple domains
* Path-based routing
* Header-based routing
* Method-based routing
- Configuration examples (microservices, WebSocket, canary)
- Monitoring and debugging
- Troubleshooting common issues
4. MkDocs Navigation:
- Updated mkdocs.yml with new pages in Configuration section
- Added: Ingress & Routing
- Added: Service Discovery
- Added: Secret Management
5. Examples Directory:
- Created web/docs/examples/ for configuration examples
- Moved ExternalSecret examples with multiple providers:
* AWS Secrets Manager
* HashiCorp Vault
* Azure Key Vault
* GCP Secret Manager
All documentation now integrated into MkDocs site with proper
navigation, cross-references, and Material theme styling.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Enhanced secret management for API7 Gateway credentials with support
for existing Secrets and External Secrets Operator integration.
Changes:
1. Secret Configuration:
- Added api7.gateway.existingSecret parameter for using existing secrets
- Added api7.gateway.existingSecretKeys for custom key names
- Modified secret-api7.yaml to only create secret if existingSecret is empty
- Updated job-adc-sync.yaml to reference configurable secret name
2. Values.yaml Documentation:
- Added comprehensive documentation for secret configuration options
- Documented two approaches: inline config (dev) vs existing secret (prod)
- Added example kubectl command for creating secrets manually
- Included instructions for obtaining admin key from API7 EE
3. External Secrets Support:
- Created externalsecret-api7.yaml.example with complete examples
- Included examples for AWS Secrets Manager and HashiCorp Vault
- Documented SecretStore configuration patterns
4. Documentation:
- Created SECRET-MANAGEMENT.md comprehensive guide
- Covered all secret management options (inline, manual, external)
- Added security best practices and troubleshooting guide
- Included examples for External Secrets Operator setup
Benefits:
- Improved security: Secrets not stored in values.yaml
- Flexibility: Support for any secret management tool
- Production-ready: Works with External Secrets Operator
- Better practices: Clear separation of config vs secrets
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Enhanced values.yaml with comprehensive documentation and better organization:
Documentation improvements:
- Added detailed inline comments for all API7 Gateway configuration sections
- Documented Ingress routing behavior (gateway vs direct service routing)
- Explained Service Discovery benefits and requirements
- Added detailed plugin configuration documentation (rate limiting, CORS, auth)
- Included usage examples and production recommendations
Configuration enhancements:
- Added gateway.gatewayNamespace for better organization
- Added TLS certificate configuration options (duration, renewBefore, algorithm, size)
- Added ADC resource limits configuration
- Improved CORS and rate limiting documentation with parameter explanations
- Added consumer/authentication documentation
Template updates:
- Updated certificate.yaml to use configurable TLS parameters
- Updated job-adc-sync.yaml to use configurable ADC resources
The values.yaml now serves as comprehensive documentation for all
API7 Gateway features and configuration options, making it easier
for users to understand and customize their deployment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Configured API7 Gateway to use Kubernetes Service Discovery instead of
static upstream nodes. This enables dynamic discovery of backend Pods
through the Kubernetes API.
Benefits:
- Automatic scaling: New Pods are automatically added to upstream pool
- Health checks: Only healthy Pods receive traffic
- Zero downtime: Automatic updates during deployments and rollouts
- No manual upstream configuration needed
Changes:
- Updated configmap-adc.yaml to use discovery_type: kubernetes
- Service discovery queries Kubernetes API for Pod endpoints
- Falls back to static nodes if serviceDiscovery.enabled is false
- Added documentation in values.yaml explaining the feature
The RBAC permissions (services, endpoints watch) were already configured
in rbac-adc.yaml, so no additional permissions are needed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Modified Ingress configuration to route all traffic through the API7
Gateway (gateway-0-1759393614-gateway) instead of directly to application
services. This enables API7's advanced routing, rate limiting, CORS, and
other gateway features.
Changes:
- Updated ingress.yaml template to support gateway backend routing
- Modified values.yaml to route traffic to API7 Gateway service
- Disabled web and api services (now optional) as routing is handled by API7
- Removed nginx.ingress.kubernetes.io/rewrite-target annotation
- Maintained backward compatibility with legacy service-based routing
The Ingress now directs traffic to the API7 Gateway which handles all
routing logic defined in the ADC configuration.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Made the global_rules section conditional on logging being enabled.
Previously, when logging was disabled, global_rules was rendered as
an empty object (null), causing a lint error:
"Invalid input: expected record, received null at global_rules"
Now the entire global_rules section is only included when there are
actual rules to add.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed the prometheus-metrics global rule configuration which was
causing "custom plugin (prometheus-metrics) not found" error.
API7 Enterprise doesn't support prometheus as a global rule plugin
in this configuration format. Prometheus metrics can be configured
differently if needed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed CORS plugin array values to comma-separated strings:
- allow_origins: from JSON array to comma-separated string
- allow_methods: from JSON array to comma-separated string
- allow_headers: from JSON array to comma-separated string
- expose_headers: from JSON array to comma-separated string
API7 Enterprise expects string values with comma-separated items,
not JSON arrays. This fixes the validation error:
"Invalid type. Expected: string, given: array"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added conditional --tls-skip-verify flag to ADC sync job arguments.
This flag is controlled by .Values.api7.adc.tlsSkipVerify and allows
ADC to connect to API7 Enterprise dashboard with self-signed certificates.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed global_rules from array format (- id: name) to object format
(name:) to match ADC schema requirements. This fixes the lint error:
"Invalid input: expected record, received array at global_rules"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added OpenAI-compatible LLM endpoints to API backend - Introduced web
frontend with Jinja2 templates and static assets - Implemented API proxy
routes in web service - Added sample db.json data for items, users,
orders, reviews, categories, llm_requests - Updated ADC and Helm configs
for separate AI and standard rate limiting - Upgraded FastAPI, Uvicorn,
and added httpx, Jinja2, python-multipart dependencies - Added API
configuration modal and client-side JS for web app
- Changed chart name from api7ee to api7ee-demo-k8s in Chart.yaml
- Renamed helm/api7ee directory to helm/api7ee-demo-k8s
- Updated all references in build.yml workflow
- Updated all references in helm-release.yml workflow
- Updated main README.md with new chart name
- Updated Helm chart README with new chart name
- Verified all old references have been replaced
- Chart packages correctly as api7ee-demo-k8s-{version}.tgz
