demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: demos:ef93f4a35fe876032dca22331736fe699472506b
Branches Tags
demos:main
...
compare: demos:e9528217f8e6fa182bf1822adf040978f2e0e536
Branches Tags
demos:main

5 Commits
ef93f4a35f ... e9528217f8

Author SHA1 Message Date
d.viti
e9528217f8 Refactor Helm workflows to trigger on main branch and streamline versioning process
Some checks failed
Helm Chart Release / release-helm (push) Failing after 29s
Details
Build and Deploy / build-web (push) Successful in 38s
Details
Build and Deploy / build-api (push) Successful in 48s
Details
Build and Deploy / build-helm (push) Failing after 7s
Details
2025-10-03 02:09:06 +02:00
d.viti
733826890e Fix Gitea workflow to use Gitea-specific variables and APIs 
- Replaced GitHub-specific variables with Gitea equivalents
- Changed GITHUB_REF to GITEA_REF_NAME for tag extraction
- Replaced github.sha with gitea.sha for commit reference
- Removed GitHub release action, using Gitea API directly
- Fixed environment variable references to use proper syntax
- Removed GITHUB_STEP_SUMMARY as it's GitHub-specific
- Updated all VERSION references to use environment variable
 2025-10-03 02:06:54 +02:00
d.viti
fd832e9b42 Add API7 ADC integration to Helm chart for automatic gateway configuration 
- Added ADC (API7 Declarative CLI) post-install job for automatic gateway setup
- Created ConfigMap with complete API7 routing and service configuration
- Integrated cert-manager for automatic TLS certificate management
- Added support for Kubernetes service discovery
- Implemented auto-publish feature for routes after deployment
- Added comprehensive API7 plugin configurations (rate limiting, CORS, auth)
- Created RBAC resources for ADC job to access cluster resources
- Secured admin credentials using Kubernetes secrets
- Updated values.yaml with extensive API7 configuration options
- Enhanced documentation with API7 setup and troubleshooting guides
 2025-10-03 02:04:35 +02:00
d.viti
d818ee6600 Add Helm chart build and publishing to Gitea workflows 
- Added Helm chart build job to main CI/CD workflow
- Created dedicated helm-release workflow for version tags
- Integrated Helm packaging with Gitea package registry
- Added automatic chart versioning and publishing
- Updated README with Helm deployment instructions
- Configured chart linting and validation steps
- Added release automation for tagged versions
 2025-10-03 01:56:36 +02:00
d.viti
ceee0dcff8 Fix domain references in Helm chart 
- Updated Helm repository URL to use git.commandware.com
- Fixed production values to use git.commandware.com as image registry
- Corrected domain references to match actual infrastructure
 2025-10-03 01:54:09 +02:00
11 changed files with 885 additions and 7 deletions
Expand all files Collapse all files

64
.gitea/workflows/build.yml
View File

@@ -79,3 +79,67 @@ jobs:
labels: ${{ steps.meta-api.outputs.labels }}
cache-from: type=registry,ref=${{ vars.PACKAGES_REGISTRY || gitea.server_url }}/${{ gitea.repository }}/api:buildcache
cache-to: type=registry,ref=${{ vars.PACKAGES_REGISTRY || gitea.server_url }}/${{ gitea.repository }}/api:buildcache,mode=max
build-helm:
runs-on: ubuntu-latest
needs: [build-web, build-api]
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history for proper versioning
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: "latest"
- name: Update Chart dependencies
run: |
cd helm/api7ee
helm dependency update
- name: Lint Helm chart
run: |
helm lint helm/api7ee/
- name: Package Helm chart
run: |
# Get version from Chart.yaml
CHART_VERSION=$(grep '^version:' helm/api7ee/Chart.yaml | awk '{print $2}')
# Update image registry in values.yaml to match Gitea registry
sed -i "s|registry: gitea.server_url|registry: ${{ gitea.server_url }}|g" helm/api7ee/values.yaml
# Package the chart
helm package helm/api7ee/ --version ${CHART_VERSION}
# Store chart filename for later use
echo "CHART_FILE=api7ee-${CHART_VERSION}.tgz" >> $GITHUB_ENV
- name: Push Helm chart to Gitea Package Registry
run: |
# Upload Helm chart to Gitea package registry
# Format: https://{gitea-server}/api/packages/{owner}/helm/api/charts
curl --fail-with-body \
-H "Authorization: token ${{ secrets.PACKAGES_PUSH_TOKEN }}" \
-X POST \
-F "chart=@${CHART_FILE}" \
https://${{ gitea.server_url }}/api/packages/${{ gitea.repository_owner }}/helm/api/charts
echo "✅ Helm chart pushed successfully to Gitea Package Registry"
echo "📦 Chart: ${CHART_FILE}"
echo "🔗 Registry URL: https://${{ gitea.server_url }}/api/packages/${{ gitea.repository_owner }}/helm"
- name: Create Helm index
if: success()
run: |
# Create or update the Helm repository index
echo "📝 Helm chart repository information:"
echo "To add this repository:"
echo " helm repo add api7ee https://${{ gitea.server_url }}/api/packages/${{ gitea.repository_owner }}/helm"
echo " helm repo update"
echo ""
echo "To install the chart:"
echo " helm install my-api7ee api7ee/api7ee"

167
.gitea/workflows/helm-release.yml Normal file
View File

@@ -0,0 +1,167 @@
name: Helm Chart Release
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
jobs:
release-helm:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: "latest"
- name: Determine version
id: version
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
VERSION="${{ github.event.inputs.version }}"
else
# Extract version from tag (remove 'v' prefix)
VERSION=${GITEA_REF_NAME#v}
fi
echo "VERSION=${VERSION}"
# Export for subsequent steps
echo "VERSION=${VERSION}" >> $GITHUB_ENV
echo "📌 Chart version: ${VERSION}"
- name: Update Chart version
run: |
# Update Chart.yaml with the new version
sed -i "s/^version:.*/version: ${VERSION}/" helm/api7ee/Chart.yaml
# Update appVersion to match
sed -i "s/^appVersion:.*/appVersion: \"${VERSION}\"/" helm/api7ee/Chart.yaml
# Update image tags in values.yaml to use this version
sed -i "s|tag: \"main\"|tag: \"v${VERSION}\"|g" helm/api7ee/values.yaml
# Update registry to Gitea URL
sed -i "s|registry: gitea.server_url|registry: ${{ gitea.server_url }}|g" helm/api7ee/values.yaml
echo "📝 Updated Chart.yaml and values.yaml with version ${VERSION}"
- name: Lint Helm chart
run: |
helm lint helm/api7ee/
- name: Package Helm chart
run: |
helm package helm/api7ee/ --version ${VERSION}
echo "CHART_FILE=api7ee-${VERSION}.tgz" >> $GITHUB_ENV
# Generate chart README with installation instructions
cat > CHART_README.md << EOF
# API7 Enterprise Edition Helm Chart v${VERSION}
## Installation
\`\`\`bash
# Add the Helm repository
helm repo add api7ee https://${{ gitea.server_url }}/api/packages/${{ gitea.repository_owner }}/helm
helm repo update
# Install the chart
helm install my-api7ee api7ee/api7ee --version ${VERSION}
# Install with custom values
helm install my-api7ee api7ee/api7ee --version ${VERSION} -f values.yaml
\`\`\`
## Upgrade
\`\`\`bash
helm upgrade my-api7ee api7ee/api7ee --version ${VERSION}
\`\`\`
## Docker Images
This chart uses the following Docker images:
- Web: \`${{ gitea.server_url }}/${{ gitea.repository }}/web:v${VERSION}\`
- API: \`${{ gitea.server_url }}/${{ gitea.repository }}/api:v${VERSION}\`
EOF
- name: Push Helm chart to Gitea Package Registry
run: |
# Upload versioned Helm chart
curl --fail-with-body \
-H "Authorization: token ${{ secrets.PACKAGES_PUSH_TOKEN }}" \
-X POST \
-F "chart=@${CHART_FILE}" \
https://${{ gitea.server_url }}/api/packages/${{ gitea.repository_owner }}/helm/api/charts
echo "✅ Helm chart v${VERSION} pushed to Gitea Package Registry"
- name: Create Release
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
run: |
# Create release using Gitea API
RELEASE_DATA=$(cat <<EOF
{
"tag_name": "v${VERSION}",
"target_commitish": "${{ gitea.sha }}",
"name": "v${VERSION}",
"body": "## Helm Chart Release v${VERSION}\n\n### Installation\n\`\`\`bash\nhelm repo add api7ee https://${{ gitea.server_url }}/api/packages/${{ gitea.repository_owner }}/helm\nhelm repo update\nhelm install my-api7ee api7ee/api7ee --version ${VERSION}\n\`\`\`\n\n### Docker Images\n- Web: \`${{ gitea.server_url }}/${{ gitea.repository }}/web:v${VERSION}\`\n- API: \`${{ gitea.server_url }}/${{ gitea.repository }}/api:v${VERSION}\`\n\n### Chart Package\n- Download: [api7ee-${VERSION}.tgz](https://${{ gitea.server_url }}/${{ gitea.repository }}/releases/download/v${VERSION}/api7ee-${VERSION}.tgz)",
"draft": false,
"prerelease": false
}
EOF
)
# Create the release
RELEASE_RESPONSE=$(curl -X POST \
-H "Authorization: token ${{ secrets.PACKAGES_PUSH_TOKEN }}" \
-H "Content-Type: application/json" \
-d "${RELEASE_DATA}" \
"https://${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases")
# Get release ID
RELEASE_ID=$(echo $RELEASE_RESPONSE | jq -r '.id')
if [ "$RELEASE_ID" != "null" ] && [ -n "$RELEASE_ID" ]; then
echo "✅ Release created with ID: $RELEASE_ID"
# Upload chart file as release asset
curl -X POST \
-H "Authorization: token ${{ secrets.PACKAGES_PUSH_TOKEN }}" \
-H "Content-Type: application/gzip" \
--data-binary "@${CHART_FILE}" \
"https://${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/${RELEASE_ID}/assets?name=api7ee-${VERSION}.tgz"
# Upload README as release asset
curl -X POST \
-H "Authorization: token ${{ secrets.PACKAGES_PUSH_TOKEN }}" \
-H "Content-Type: text/markdown" \
--data-binary "@CHART_README.md" \
"https://${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/${RELEASE_ID}/assets?name=CHART_README.md"
echo "✅ Release assets uploaded successfully"
else
echo "⚠️ Failed to create release"
echo "Response: $RELEASE_RESPONSE"
fi
- name: Summary
run: |
echo "## 🎉 Helm Chart Release Summary"
echo ""
echo "- **Version:** v${VERSION}"
echo "- **Chart:** ${CHART_FILE}"
echo "- **Registry:** https://${{ gitea.server_url }}/api/packages/${{ gitea.repository_owner }}/helm"
echo ""
echo "### Installation Commands"
echo '```bash'
echo "helm repo add api7ee https://${{ gitea.server_url }}/api/packages/${{ gitea.repository_owner }}/helm"
echo "helm repo update"
echo "helm install my-api7ee api7ee/api7ee --version ${VERSION}"
echo '```'

66
README.md
View File

@@ -93,18 +93,24 @@ The `.gitea/workflows/build.yml` pipeline automatically:
1. Builds Docker images for both applications
2. Pushes to Gitea container registry
3. Tags images with branch name
4. Implements layer caching for faster builds
4. Packages and publishes Helm chart
5. Implements layer caching for faster builds
**Triggers:**
- Any branch push
- Any branch push (Docker images)
- Push to main branch (Helm chart)
- Version tags (Helm releases)
- Manual dispatch
**Registry:** `git.commandware.com/demos/api7-demo`
**Images:**
**Docker Images:**
- `git.commandware.com/demos/api7-demo/web:<branch-name>`
- `git.commandware.com/demos/api7-demo/api:<branch-name>`
**Helm Repository:**
- `https://git.commandware.com/api/packages/$OWNER/helm`
### Setup
1. **Create `GITEA_TOKEN` secret:**
@@ -123,10 +129,62 @@ The `.gitea/workflows/build.yml` pipeline automatically:
### Prerequisites
- Kubernetes cluster (v1.19+)
- Helm 3.8.0+
- API7 Enterprise Gateway installed
- Namespace: `api7ee`
### Deployment Manifest
### Deploy with Helm
The project includes a complete Helm chart for easy deployment of both web and API components.
#### Add Helm Repository
```bash
# Add the Gitea Helm repository
helm repo add api7ee https://git.commandware.com/api/packages/$OWNER/helm
helm repo update
```
#### Install the Chart
```bash
# Install with default values
helm install my-api7ee api7ee/api7ee --namespace api7ee --create-namespace
# Install with custom values
helm install my-api7ee api7ee/api7ee -f custom-values.yaml --namespace api7ee
# Install with specific image tags
helm install my-api7ee api7ee/api7ee \
--set web.image.tag=v1.0.0 \
--set api.image.tag=v1.0.0 \
--namespace api7ee
```
#### Configuration Options
Key Helm values:
| Parameter | Description | Default |
|-----------|-------------|---------|
| `web.enabled` | Enable Web component | `true` |
| `web.replicaCount` | Number of Web replicas | `2` |
| `api.enabled` | Enable API component | `true` |
| `api.replicaCount` | Number of API replicas | `3` |
| `ingress.enabled` | Enable ingress | `true` |
| `ingress.hosts[0].host` | Ingress hostname | `demo.commandware.it` |
#### Upgrade/Uninstall
```bash
# Upgrade the release
helm upgrade my-api7ee api7ee/api7ee --namespace api7ee
# Uninstall
helm uninstall my-api7ee --namespace api7ee
```
### Manual Deployment (Alternative)
**k8s-deployments.yaml:**
```yaml

69
helm/api7ee/README.md
View File

@@ -14,7 +14,7 @@ This Helm chart deploys the API7 Enterprise Edition demo application, consisting
### Add the Helm repository (if published)
```bash
helm repo add api7ee https://charts.commandware.com
helm repo add api7ee https://git.commandware.com/api/packages/demos/helm
helm repo update
```
@@ -33,6 +33,16 @@ helm install my-api7ee ./helm/api7ee -f custom-values.yaml
## Configuration
### API7 Gateway Integration
This Helm chart includes automatic API7 Gateway configuration using ADC (API7 Declarative CLI). When `api7.enabled` is set to `true`, the chart will:
1. **Deploy ADC Configuration**: Creates routes, services, and upstreams for your applications
2. **Configure TLS/SSL**: Manages certificates via cert-manager or custom certificates
3. **Enable Service Discovery**: Uses Kubernetes native service discovery
4. **Apply Security Policies**: Configures rate limiting, CORS, and authentication
5. **Auto-publish Routes**: Optionally publishes routes automatically after deployment
### Key Configuration Options
| Parameter | Description | Default |
@@ -49,9 +59,41 @@ helm install my-api7ee ./helm/api7ee -f custom-values.yaml
| `api.service.port` | API service port | `8080` |
| `ingress.enabled` | Enable ingress | `true` |
| `ingress.hosts[0].host` | Ingress hostname | `demo.commandware.it` |
| `api7.enabled` | Enable API7 ADC configuration | `true` |
| `api7.gateway.adminUrl` | API7 Gateway Admin API URL | `http://api7-gateway.api7ee:9180` |
| `api7.hosts` | Hosts for API7 routing | `[demo.commandware.it]` |
| `api7.tls.certManager.enabled` | Use cert-manager for TLS | `true` |
| `api7.autoPublish` | Auto-publish routes | `true` |
### Custom Values Examples
#### Configure API7 Gateway:
```yaml
api7:
enabled: true
gateway:
adminUrl: http://your-api7-gateway:9180
adminKey: "your-admin-key-here"
group: production
hosts:
- api.yourdomain.com
tls:
certManager:
enabled: true
issuer: letsencrypt-prod
plugins:
rateLimit:
enabled: true
count: 1000
timeWindow: 60
auth:
enabled: true
consumers:
- username: api-client
apiKey: secure-api-key-12345
```
#### Using a private registry:
```yaml
@@ -119,6 +161,31 @@ metrics:
## Troubleshooting
### API7 ADC Sync Issues
If the ADC sync job fails:
```bash
# Check the job status
kubectl get jobs -l app.kubernetes.io/instance=my-api7ee
# View job logs
kubectl logs job/my-api7ee-adc-sync
# Manually run ADC sync
kubectl run adc-debug --rm -it --image=ghcr.io/api7/adc:latest -- /bin/sh
```
### Verify API7 Configuration
```bash
# Check if routes are configured
curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/routes
# Check service discovery
curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/upstreams
```
### Check deployment status:
```bash
kubectl get deployments -l app.kubernetes.io/instance=my-api7ee

25
helm/api7ee/templates/certificate.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if and .Values.api7.enabled .Values.api7.tls.enabled .Values.api7.tls.certManager.enabled }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "api7ee.fullname" . }}-tls
labels:
{{- include "api7ee.labels" . | nindent 4 }}
spec:
secretName: {{ .Values.api7.tls.secretName | default (printf "%s-tls" (include "api7ee.fullname" .)) }}
issuerRef:
name: {{ .Values.api7.tls.certManager.issuer }}
kind: {{ .Values.api7.tls.certManager.issuerKind | default "ClusterIssuer" }}
commonName: {{ first .Values.api7.hosts }}
dnsNames:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
usages:
- digital signature
- key encipherment
- server auth
- client auth
duration: 2160h # 90 days
renewBefore: 720h # 30 days before expiry
{{- end }}

147
helm/api7ee/templates/configmap-adc.yaml Normal file
View File

@@ -0,0 +1,147 @@
{{- if .Values.api7.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "api7ee.fullname" . }}-adc-config
labels:
{{- include "api7ee.labels" . | nindent 4 }}
app.kubernetes.io/component: adc
data:
adc-config.yaml: |
services:
{{- if .Values.web.enabled }}
- name: web-service
upstream:
name: web-upstream
scheme: http
type: roundrobin
{{- if .Values.api7.serviceDiscovery.enabled }}
discovery_type: kubernetes
service_name: {{ .Release.Namespace }}/{{ include "api7ee.fullname" . }}-web:http
{{- else }}
nodes:
- host: {{ include "api7ee.fullname" . }}-web.{{ .Release.Namespace }}.svc.cluster.local
port: {{ .Values.web.service.port }}
weight: 100
{{- end }}
routes:
- name: web-route
uris:
- /*
hosts:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
priority: 0
plugins:
{{- if .Values.api7.tls.enabled }}
redirect:
http_to_https: true
{{- end }}
{{- if .Values.api7.plugins.rateLimit.enabled }}
limit-count:
count: {{ .Values.api7.plugins.rateLimit.count }}
time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
rejected_code: 429
{{- end }}
{{- if .Values.api7.plugins.cors.enabled }}
cors:
allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | toJson }}
allow_methods: {{ .Values.api7.plugins.cors.allowMethods | toJson }}
allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | toJson }}
expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | toJson }}
max_age: {{ .Values.api7.plugins.cors.maxAge }}
allow_credentials: {{ .Values.api7.plugins.cors.allowCredentials }}
{{- end }}
{{- end }}
{{- if .Values.api.enabled }}
- name: api-service
upstream:
name: api-upstream
scheme: http
type: roundrobin
{{- if .Values.api7.serviceDiscovery.enabled }}
discovery_type: kubernetes
service_name: {{ .Release.Namespace }}/{{ include "api7ee.fullname" . }}-api:http
{{- else }}
nodes:
- host: {{ include "api7ee.fullname" . }}-api.{{ .Release.Namespace }}.svc.cluster.local
port: {{ .Values.api.service.port }}
weight: 100
{{- end }}
routes:
- name: api-route
uris:
- /api
- /api/*
hosts:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
priority: 10
plugins:
{{- if .Values.api7.tls.enabled }}
redirect:
http_to_https: true
{{- end }}
proxy-rewrite:
regex_uri:
- ^/api/(.*)
- /$1
{{- if .Values.api7.plugins.rateLimit.enabled }}
limit-count:
count: {{ .Values.api7.plugins.rateLimit.apiCount | default .Values.api7.plugins.rateLimit.count }}
time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
rejected_code: 429
{{- end }}
{{- if .Values.api7.plugins.auth.enabled }}
key-auth:
header: {{ .Values.api7.plugins.auth.header | default "X-API-Key" }}
{{- end }}
{{- end }}
{{- if .Values.api7.tls.enabled }}
ssls:
- snis:
{{- range .Values.api7.hosts }}
- {{ . | quote }}
{{- end }}
certificates:
{{- if .Values.api7.tls.certManager.enabled }}
- certificate: /etc/ssl/certs/tls.crt
key: /etc/ssl/certs/tls.key
{{- else if .Values.api7.tls.certificate }}
- certificate: |
{{ .Values.api7.tls.certificate | nindent 14 }}
key: |
{{ .Values.api7.tls.key | nindent 14 }}
{{- end }}
{{- end }}
{{- if .Values.api7.plugins.auth.enabled }}
consumers:
{{- range .Values.api7.consumers }}
- username: {{ .username }}
plugins:
key-auth:
key: {{ .apiKey }}
{{- end }}
{{- end }}
global_rules:
{{- if .Values.api7.plugins.prometheus.enabled }}
- id: prometheus-metrics
plugins:
prometheus:
prefer_name: true
{{- end }}
{{- if .Values.api7.plugins.logging.enabled }}
- id: request-logging
plugins:
http-logger:
uri: {{ .Values.api7.plugins.logging.endpoint }}
batch_max_size: {{ .Values.api7.plugins.logging.batchMaxSize | default 1000 }}
inactive_timeout: {{ .Values.api7.plugins.logging.inactiveTimeout | default 5 }}
{{- end }}
{{- end }}

212
helm/api7ee/templates/job-adc-sync.yaml Normal file
View File

@@ -0,0 +1,212 @@
{{- if .Values.api7.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "api7ee.fullname" . }}-adc-sync
labels:
{{- include "api7ee.labels" . | nindent 4 }}
app.kubernetes.io/component: adc-sync
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "10"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
backoffLimit: 3
activeDeadlineSeconds: 300
template:
metadata:
labels:
{{- include "api7ee.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: adc-sync
spec:
restartPolicy: Never
serviceAccountName: {{ include "api7ee.serviceAccountName" . }}
{{- if .Values.api7.tls.certManager.enabled }}
initContainers:
- name: wait-for-certificate
image: busybox:1.35
command:
- sh
- -c
- |
echo "Waiting for TLS certificate to be ready..."
while [ ! -f /etc/ssl/certs/tls.crt ] || [ ! -f /etc/ssl/certs/tls.key ]; do
echo "Certificate not ready, waiting..."
sleep 5
done
echo "Certificate is ready!"
volumeMounts:
- name: tls-certs
mountPath: /etc/ssl/certs
readOnly: true
{{- end }}
containers:
- name: adc-sync
image: {{ .Values.api7.adc.image | default "ghcr.io/api7/adc:latest" }}
imagePullPolicy: {{ .Values.api7.adc.imagePullPolicy | default "IfNotPresent" }}
command:
- /bin/sh
- -c
- |
set -e
echo "Starting API7 ADC configuration sync..."
# Install jq if needed for auto-publish feature
{{- if .Values.api7.autoPublish }}
if ! command -v jq &> /dev/null; then
echo "Installing jq..."
apk add --no-cache jq curl || apt-get update && apt-get install -y jq curl || yum install -y jq curl
fi
{{- end }}
# Wait for API7 Gateway to be ready
echo "Waiting for API7 Gateway to be available..."
MAX_RETRIES=30
RETRY_COUNT=0
while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
if curl -s -o /dev/null -w "%{http_code}" ${API7_ADMIN_URL}/apisix/admin/routes \
-H "X-API-KEY: ${API7_ADMIN_KEY}" | grep -q "200\|401"; then
echo "API7 Gateway is ready!"
break
fi
echo "API7 Gateway not ready, retrying... ($RETRY_COUNT/$MAX_RETRIES)"
RETRY_COUNT=$((RETRY_COUNT + 1))
sleep 10
done
if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then
echo "ERROR: API7 Gateway not ready after $MAX_RETRIES attempts"
exit 1
fi
{{- if .Values.api7.tls.certManager.enabled }}
# Copy certificates to config directory
cp /etc/ssl/certs/tls.crt /tmp/tls.crt
cp /etc/ssl/certs/tls.key /tmp/tls.key
# Update certificate paths in config
sed -i 's|/etc/ssl/certs/tls.crt|/tmp/tls.crt|g' /config/adc-config.yaml
sed -i 's|/etc/ssl/certs/tls.key|/tmp/tls.key|g' /config/adc-config.yaml
{{- end }}
# Validate configuration
echo "Validating ADC configuration..."
adc validate -f /config/adc-config.yaml || {
echo "ERROR: Configuration validation failed"
cat /config/adc-config.yaml
exit 1
}
# Sync configuration to API7
echo "Syncing configuration to API7 Gateway..."
adc sync -f /config/adc-config.yaml \
--backend {{ .Values.api7.backend | default "api7ee" }} \
--server ${API7_ADMIN_URL} \
--token ${API7_ADMIN_KEY} \
--gateway-group ${API7_GATEWAY_GROUP} \
{{- if .Values.api7.adc.tlsSkipVerify }}
--tls-skip-verify \
{{- end }}
--verbose || {
echo "ERROR: Failed to sync configuration"
exit 1
}
echo "✅ API7 configuration sync completed successfully!"
{{- if .Values.api7.autoPublish }}
# Auto-publish routes
echo "Auto-publishing routes..."
# Get list of services and routes
SERVICES=$(curl -s ${API7_ADMIN_URL}/apisix/admin/services \
-H "X-API-KEY: ${API7_ADMIN_KEY}" | jq -r '.list[].id' || echo "")
for SERVICE_ID in $SERVICES; do
echo "Publishing routes for service: $SERVICE_ID"
# Get routes for this service
ROUTES=$(curl -s ${API7_ADMIN_URL}/apisix/admin/services/${SERVICE_ID}/routes \
-H "X-API-KEY: ${API7_ADMIN_KEY}" | jq -r '.list[].id' || echo "")
for ROUTE_ID in $ROUTES; do
echo "Publishing route: $ROUTE_ID"
curl -X POST ${API7_ADMIN_URL}/apisix/admin/services/${SERVICE_ID}/routes/${ROUTE_ID}/publish \
-H "X-API-KEY: ${API7_ADMIN_KEY}" \
-H "Content-Type: application/json" \
-d "{\"gateway_group_id\": \"${API7_GATEWAY_GROUP}\"}" || {
echo "Warning: Failed to publish route $ROUTE_ID"
}
done
done
echo "✅ Routes published successfully!"
{{- end }}
# Display summary
echo ""
echo "=========================================="
echo "API7 Configuration Summary:"
echo "=========================================="
echo "Gateway URL: ${API7_ADMIN_URL}"
echo "Gateway Group: ${API7_GATEWAY_GROUP}"
echo "Hosts configured:"
{{- range .Values.api7.hosts }}
echo " - {{ . }}"
{{- end }}
{{- if .Values.api7.tls.enabled }}
echo "TLS: Enabled"
{{- end }}
{{- if .Values.api7.serviceDiscovery.enabled }}
echo "Service Discovery: Kubernetes"
{{- end }}
echo "=========================================="
echo ""
echo "Access your application at:"
{{- range .Values.api7.hosts }}
echo " {{ if $.Values.api7.tls.enabled }}https{{ else }}http{{ end }}://{{ . }}"
{{- end }}
env:
- name: ADC_VERBOSE
value: "{{ .Values.api7.adc.verbose | default true }}"
- name: API7_ADMIN_URL
valueFrom:
secretKeyRef:
name: {{ include "api7ee.fullname" . }}-api7-admin
key: admin-url
- name: API7_ADMIN_KEY
valueFrom:
secretKeyRef:
name: {{ include "api7ee.fullname" . }}-api7-admin
key: admin-key
- name: API7_GATEWAY_GROUP
valueFrom:
secretKeyRef:
name: {{ include "api7ee.fullname" . }}-api7-admin
key: gateway-group
volumeMounts:
- name: adc-config
mountPath: /config
readOnly: true
{{- if .Values.api7.tls.certManager.enabled }}
- name: tls-certs
mountPath: /etc/ssl/certs
readOnly: true
{{- end }}
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
volumes:
- name: adc-config
configMap:
name: {{ include "api7ee.fullname" . }}-adc-config
{{- if .Values.api7.tls.certManager.enabled }}
- name: tls-certs
secret:
secretName: {{ .Values.api7.tls.secretName | default (printf "%s-tls" (include "api7ee.fullname" .)) }}
{{- end }}
{{- end }}

36
helm/api7ee/templates/rbac-adc.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if and .Values.api7.enabled .Values.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "api7ee.fullname" . }}-adc
labels:
{{- include "api7ee.labels" . | nindent 4 }}
rules:
# Allow reading secrets (for certificates)
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
# Allow reading services and endpoints for service discovery
- apiGroups: [""]
resources: ["services", "endpoints"]
verbs: ["get", "list", "watch"]
# Allow reading pods for health checks
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "api7ee.fullname" . }}-adc
labels:
{{- include "api7ee.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "api7ee.fullname" . }}-adc
subjects:
- kind: ServiceAccount
name: {{ include "api7ee.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

14
helm/api7ee/templates/secret-api7.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.api7.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "api7ee.fullname" . }}-api7-admin
labels:
{{- include "api7ee.labels" . | nindent 4 }}
app.kubernetes.io/component: api7
type: Opaque
stringData:
admin-key: {{ .Values.api7.gateway.adminKey | quote }}
admin-url: {{ .Values.api7.gateway.adminUrl | quote }}
gateway-group: {{ .Values.api7.gateway.group | default "default" | quote }}
{{- end }}

2
helm/api7ee/values-production.yaml
View File

@@ -2,7 +2,7 @@
# This file contains production-specific configuration overrides
global:
imageRegistry: "registry.commandware.com"
imageRegistry: "git.commandware.com"
imagePullSecrets:
- name: registry-secret

88
helm/api7ee/values.yaml
View File

@@ -195,3 +195,91 @@ configMap:
secrets:
create: false
data: {}
# API7 Gateway Configuration
api7:
enabled: true # Enable API7 ADC configuration
# ADC Container settings
adc:
image: ghcr.io/api7/adc:latest
imagePullPolicy: IfNotPresent
verbose: true
tlsSkipVerify: false # Set to true for self-signed certificates
# API7 Gateway connection
gateway:
adminUrl: http://api7-gateway.api7ee.svc.cluster.local:9180
adminKey: "edd1c9f034335f136f87ad84b625c8f1" # Change this!
group: default
# Backend type (api7ee or apisix)
backend: api7ee
# Auto-publish routes after sync
autoPublish: true
# Hosts for routing
hosts:
- demo.commandware.it
# TLS/SSL Configuration
tls:
enabled: true
# Option 1: Use cert-manager
certManager:
enabled: true
issuer: letsencrypt-prod # ClusterIssuer name
issuerKind: ClusterIssuer # or Issuer
# Option 2: Use existing secret
secretName: "" # Name of existing TLS secret
# Option 3: Provide certificates directly (not recommended for production)
certificate: ""
key: ""
# Service Discovery
serviceDiscovery:
enabled: true # Use Kubernetes service discovery
namespace: "" # Leave empty to use release namespace
# API7 Plugins Configuration
plugins:
# Rate limiting
rateLimit:
enabled: true
count: 100
timeWindow: 60
apiCount: 1000 # Higher limit for API endpoints
# CORS configuration
cors:
enabled: true
allowOrigins: ["*"]
allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "PATCH"]
allowHeaders: ["*"]
exposeHeaders: ["*"]
maxAge: 3600
allowCredentials: false
# Authentication
auth:
enabled: false
header: X-API-Key
# Prometheus metrics
prometheus:
enabled: true
# Request logging
logging:
enabled: false
endpoint: http://logging-service:8080/logs
batchMaxSize: 1000
inactiveTimeout: 5
# API Consumers (for authentication)
consumers:
- username: demo-user
apiKey: demo-key-12345
- username: admin
apiKey: admin-key-67890