Service discovery requires Service Registry to be configured in
API7 Enterprise Dashboard first. Until the registry is configured,
ADC sync fails with: 'service registry not found'
Disabling service discovery to use static upstream nodes instead.
To re-enable:
1. Configure Service Registry in API7 Dashboard
2. Set api7.serviceDiscovery.enabled: true
3. Redeploy
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Enhanced secret management for API7 Gateway credentials with support
for existing Secrets and External Secrets Operator integration.
Changes:
1. Secret Configuration:
- Added api7.gateway.existingSecret parameter for using existing secrets
- Added api7.gateway.existingSecretKeys for custom key names
- Modified secret-api7.yaml to only create secret if existingSecret is empty
- Updated job-adc-sync.yaml to reference configurable secret name
2. Values.yaml Documentation:
- Added comprehensive documentation for secret configuration options
- Documented two approaches: inline config (dev) vs existing secret (prod)
- Added example kubectl command for creating secrets manually
- Included instructions for obtaining admin key from API7 EE
3. External Secrets Support:
- Created externalsecret-api7.yaml.example with complete examples
- Included examples for AWS Secrets Manager and HashiCorp Vault
- Documented SecretStore configuration patterns
4. Documentation:
- Created SECRET-MANAGEMENT.md comprehensive guide
- Covered all secret management options (inline, manual, external)
- Added security best practices and troubleshooting guide
- Included examples for External Secrets Operator setup
Benefits:
- Improved security: Secrets not stored in values.yaml
- Flexibility: Support for any secret management tool
- Production-ready: Works with External Secrets Operator
- Better practices: Clear separation of config vs secrets
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Enhanced values.yaml with comprehensive documentation and better organization:
Documentation improvements:
- Added detailed inline comments for all API7 Gateway configuration sections
- Documented Ingress routing behavior (gateway vs direct service routing)
- Explained Service Discovery benefits and requirements
- Added detailed plugin configuration documentation (rate limiting, CORS, auth)
- Included usage examples and production recommendations
Configuration enhancements:
- Added gateway.gatewayNamespace for better organization
- Added TLS certificate configuration options (duration, renewBefore, algorithm, size)
- Added ADC resource limits configuration
- Improved CORS and rate limiting documentation with parameter explanations
- Added consumer/authentication documentation
Template updates:
- Updated certificate.yaml to use configurable TLS parameters
- Updated job-adc-sync.yaml to use configurable ADC resources
The values.yaml now serves as comprehensive documentation for all
API7 Gateway features and configuration options, making it easier
for users to understand and customize their deployment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Configured API7 Gateway to use Kubernetes Service Discovery instead of
static upstream nodes. This enables dynamic discovery of backend Pods
through the Kubernetes API.
Benefits:
- Automatic scaling: New Pods are automatically added to upstream pool
- Health checks: Only healthy Pods receive traffic
- Zero downtime: Automatic updates during deployments and rollouts
- No manual upstream configuration needed
Changes:
- Updated configmap-adc.yaml to use discovery_type: kubernetes
- Service discovery queries Kubernetes API for Pod endpoints
- Falls back to static nodes if serviceDiscovery.enabled is false
- Added documentation in values.yaml explaining the feature
The RBAC permissions (services, endpoints watch) were already configured
in rbac-adc.yaml, so no additional permissions are needed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Modified Ingress configuration to route all traffic through the API7
Gateway (gateway-0-1759393614-gateway) instead of directly to application
services. This enables API7's advanced routing, rate limiting, CORS, and
other gateway features.
Changes:
- Updated ingress.yaml template to support gateway backend routing
- Modified values.yaml to route traffic to API7 Gateway service
- Disabled web and api services (now optional) as routing is handled by API7
- Removed nginx.ingress.kubernetes.io/rewrite-target annotation
- Maintained backward compatibility with legacy service-based routing
The Ingress now directs traffic to the API7 Gateway which handles all
routing logic defined in the ADC configuration.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed adminUrl to use HTTPS instead of HTTP:
- Before: http://api7ee3-0-1759339083-dashboard:7080
- After: https://api7ee3-0-1759339083-dashboard:7443
Also enabled tlsSkipVerify for the dashboard's self-signed certificate.
Testing revealed that:
- Port 7080 HTTP doesn't work (pod listens on 7081 localhost only)
- Port 7443 HTTPS is the correct admin API endpoint
- Self-signed certificate requires TLS verification skip
This fixes the ADC sync job 404 errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed adminUrl from dp-manager:7900 to dashboard:7080 for API7
Enterprise backend. The dp-manager service is for APISIX, while
API7EE requires the dashboard service which exposes the admin API.
This fixes the 404 errors when ADC tries to fetch configuration:
- GET /api/version
- GET /api/gateway_groups
- GET /api/schema/core
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added OpenAI-compatible LLM endpoints to API backend - Introduced web
frontend with Jinja2 templates and static assets - Implemented API proxy
routes in web service - Added sample db.json data for items, users,
orders, reviews, categories, llm_requests - Updated ADC and Helm configs
for separate AI and standard rate limiting - Upgraded FastAPI, Uvicorn,
and added httpx, Jinja2, python-multipart dependencies - Added API
configuration modal and client-side JS for web app
- Changed chart name from api7ee to api7ee-demo-k8s in Chart.yaml
- Renamed helm/api7ee directory to helm/api7ee-demo-k8s
- Updated all references in build.yml workflow
- Updated all references in helm-release.yml workflow
- Updated main README.md with new chart name
- Updated Helm chart README with new chart name
- Verified all old references have been replaced
- Chart packages correctly as api7ee-demo-k8s-{version}.tgz
