Enhanced secret management for API7 Gateway credentials with support
for existing Secrets and External Secrets Operator integration.
Changes:
1. Secret Configuration:
- Added api7.gateway.existingSecret parameter for using existing secrets
- Added api7.gateway.existingSecretKeys for custom key names
- Modified secret-api7.yaml to only create secret if existingSecret is empty
- Updated job-adc-sync.yaml to reference configurable secret name
2. Values.yaml Documentation:
- Added comprehensive documentation for secret configuration options
- Documented two approaches: inline config (dev) vs existing secret (prod)
- Added example kubectl command for creating secrets manually
- Included instructions for obtaining admin key from API7 EE
3. External Secrets Support:
- Created externalsecret-api7.yaml.example with complete examples
- Included examples for AWS Secrets Manager and HashiCorp Vault
- Documented SecretStore configuration patterns
4. Documentation:
- Created SECRET-MANAGEMENT.md comprehensive guide
- Covered all secret management options (inline, manual, external)
- Added security best practices and troubleshooting guide
- Included examples for External Secrets Operator setup
Benefits:
- Improved security: Secrets not stored in values.yaml
- Flexibility: Support for any secret management tool
- Production-ready: Works with External Secrets Operator
- Better practices: Clear separation of config vs secrets
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Enhanced values.yaml with comprehensive documentation and better organization:
Documentation improvements:
- Added detailed inline comments for all API7 Gateway configuration sections
- Documented Ingress routing behavior (gateway vs direct service routing)
- Explained Service Discovery benefits and requirements
- Added detailed plugin configuration documentation (rate limiting, CORS, auth)
- Included usage examples and production recommendations
Configuration enhancements:
- Added gateway.gatewayNamespace for better organization
- Added TLS certificate configuration options (duration, renewBefore, algorithm, size)
- Added ADC resource limits configuration
- Improved CORS and rate limiting documentation with parameter explanations
- Added consumer/authentication documentation
Template updates:
- Updated certificate.yaml to use configurable TLS parameters
- Updated job-adc-sync.yaml to use configurable ADC resources
The values.yaml now serves as comprehensive documentation for all
API7 Gateway features and configuration options, making it easier
for users to understand and customize their deployment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added conditional --tls-skip-verify flag to ADC sync job arguments.
This flag is controlled by .Values.api7.adc.tlsSkipVerify and allows
ADC to connect to API7 Enterprise dashboard with self-signed certificates.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Changed chart name from api7ee to api7ee-demo-k8s in Chart.yaml
- Renamed helm/api7ee directory to helm/api7ee-demo-k8s
- Updated all references in build.yml workflow
- Updated all references in helm-release.yml workflow
- Updated main README.md with new chart name
- Updated Helm chart README with new chart name
- Verified all old references have been replaced
- Chart packages correctly as api7ee-demo-k8s-{version}.tgz
