# API7 Enterprise Edition Helm Chart This Helm chart deploys the API7 Enterprise Edition demo application, consisting of a Web frontend and API backend service. ## Prerequisites - Kubernetes 1.19+ - Helm 3.8.0+ - PV provisioner support in the underlying infrastructure (optional) - Ingress controller (e.g., NGINX Ingress Controller) ## Installation ### Add the Helm repository (if published) ```bash helm repo add api7ee https://git.commandware.com/api/packages/demos/helm helm repo update ``` ### Install the chart ```bash # Install with default values helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s # Install in a specific namespace helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s --namespace api7ee --create-namespace # Install with custom values file helm install my-api7ee ./helm/api7ee-demo-k8s-demo-k8s -f custom-values.yaml ``` ## Configuration ### API7 Gateway Integration This Helm chart includes automatic API7 Gateway configuration using ADC (API7 Declarative CLI). When `api7.enabled` is set to `true`, the chart will: 1. **Deploy ADC Configuration**: Creates routes, services, and upstreams for your applications 2. **Configure TLS/SSL**: Manages certificates via cert-manager or custom certificates 3. **Enable Service Discovery**: Uses Kubernetes native service discovery 4. **Apply Security Policies**: Configures rate limiting, CORS, and authentication 5. **Auto-publish Routes**: Optionally publishes routes automatically after deployment ### Key Configuration Options | Parameter | Description | Default | |-----------|-------------|---------| | `web.enabled` | Enable Web component | `true` | | `web.replicaCount` | Number of Web replicas | `2` | | `web.image.repository` | Web image repository | `api7ee/web` | | `web.image.tag` | Web image tag | `main` | | `web.service.port` | Web service port | `8000` | | `api.enabled` | Enable API component | `true` | | `api.replicaCount` | Number of API replicas | `3` | | `api.image.repository` | API image repository | `api7ee/api` | | `api.image.tag` | API image tag | `main` | | `api.service.port` | API service port | `8080` | | `ingress.enabled` | Enable ingress | `true` | | `ingress.hosts[0].host` | Ingress hostname | `demo.commandware.it` | | `api7.enabled` | Enable API7 ADC configuration | `true` | | `api7.gateway.adminUrl` | API7 Gateway Admin API URL | `http://api7-gateway.api7ee:9180` | | `api7.hosts` | Hosts for API7 routing | `[demo.commandware.it]` | | `api7.tls.certManager.enabled` | Use cert-manager for TLS | `true` | | `api7.autoPublish` | Auto-publish routes | `true` | ### Custom Values Examples #### Configure API7 Gateway: ```yaml api7: enabled: true gateway: adminUrl: http://your-api7-gateway:9180 adminKey: "your-admin-key-here" group: production hosts: - api.yourdomain.com tls: certManager: enabled: true issuer: letsencrypt-prod plugins: rateLimit: enabled: true count: 1000 timeWindow: 60 auth: enabled: true consumers: - username: api-client apiKey: secure-api-key-12345 ``` #### Using a private registry: ```yaml global: imageRegistry: my-registry.example.com imagePullSecrets: - name: my-registry-secret ``` #### Enabling autoscaling: ```yaml web: autoscaling: enabled: true minReplicas: 2 maxReplicas: 10 targetCPUUtilizationPercentage: 70 ``` #### Custom resource limits: ```yaml api: resources: limits: cpu: 2000m memory: 2Gi requests: cpu: 1000m memory: 1Gi ``` ## Upgrading ```bash # Upgrade to a new version helm upgrade my-api7ee ./helm/api7ee-demo-k8s-demo-k8s # Upgrade with new values helm upgrade my-api7ee ./helm/api7ee-demo-k8s-demo-k8s --set web.replicaCount=3 ``` ## Uninstallation ```bash # Uninstall the release helm uninstall my-api7ee # Uninstall from a specific namespace helm uninstall my-api7ee --namespace api7ee ``` ## Monitoring If metrics are enabled, the services expose Prometheus-compatible metrics: ```yaml metrics: enabled: true serviceMonitor: enabled: true interval: 30s ``` ## Troubleshooting ### API7 ADC Sync Issues If the ADC sync job fails: ```bash # Check the job status kubectl get jobs -l app.kubernetes.io/instance=my-api7ee # View job logs kubectl logs job/my-api7ee-adc-sync # Manually run ADC sync kubectl run adc-debug --rm -it --image=ghcr.io/api7/adc:latest -- /bin/sh ``` ### Verify API7 Configuration ```bash # Check if routes are configured curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/routes # Check service discovery curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/upstreams ``` ### Check deployment status: ```bash kubectl get deployments -l app.kubernetes.io/instance=my-api7ee ``` ### View logs: ```bash # Web component logs kubectl logs -l app.kubernetes.io/instance=my-api7ee,app.kubernetes.io/component=web # API component logs kubectl logs -l app.kubernetes.io/instance=my-api7ee,app.kubernetes.io/component=api ``` ### Check HPA status: ```bash kubectl get hpa -l app.kubernetes.io/instance=my-api7ee ``` ## Security Considerations - Pod Security Context is configured to run as non-root user (UID 1000) - Security Context drops all capabilities and prevents privilege escalation - Read-only root filesystem is enabled - Network policies can be enabled to restrict traffic ## Support For issues and questions, please contact support@commandware.com or visit https://git.commandware.com/demos/api7-demo