248 lines
9.6 KiB
YAML
248 lines
9.6 KiB
YAML
{{- if .Values.api7.enabled }}
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: {{ include "api7ee.fullname" . }}-adc-sync
|
|
labels:
|
|
{{- include "api7ee.labels" . | nindent 4 }}
|
|
app.kubernetes.io/component: adc-sync
|
|
annotations:
|
|
"helm.sh/hook": post-install,post-upgrade
|
|
"helm.sh/hook-weight": "10"
|
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
|
spec:
|
|
backoffLimit: 3
|
|
activeDeadlineSeconds: 300
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "api7ee.selectorLabels" . | nindent 8 }}
|
|
app.kubernetes.io/component: adc-sync
|
|
spec:
|
|
restartPolicy: Never
|
|
serviceAccountName: {{ include "api7ee.serviceAccountName" . }}
|
|
{{- if .Values.api7.tls.certManager.enabled }}
|
|
initContainers:
|
|
- name: wait-for-certificate
|
|
image: busybox:1.35
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
echo "Waiting for TLS certificate to be ready..."
|
|
while [ ! -f /etc/ssl/certs/tls.crt ] || [ ! -f /etc/ssl/certs/tls.key ]; do
|
|
echo "Certificate not ready, waiting..."
|
|
sleep 5
|
|
done
|
|
echo "Certificate is ready!"
|
|
volumeMounts:
|
|
- name: tls-certs
|
|
mountPath: /etc/ssl/certs
|
|
readOnly: true
|
|
{{- end }}
|
|
containers:
|
|
- name: adc-sync
|
|
image: debian:bookworm-slim
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
set -e
|
|
echo "Starting API7 ADC configuration sync..."
|
|
|
|
# Install dependencies and ADC binary
|
|
echo "Installing curl and dependencies..."
|
|
if [ -f /etc/debian_version ]; then
|
|
# Debian/Ubuntu
|
|
apt-get update && apt-get install -y curl {{- if .Values.api7.autoPublish }} jq{{- end }}
|
|
elif [ -f /etc/alpine-release ]; then
|
|
# Alpine
|
|
apk add --no-cache curl {{- if .Values.api7.autoPublish }} jq{{- end }}
|
|
elif [ -f /etc/redhat-release ]; then
|
|
# RHEL/CentOS
|
|
yum install -y curl {{- if .Values.api7.autoPublish }} jq{{- end }}
|
|
else
|
|
echo "ERROR: Unsupported Linux distribution"
|
|
exit 1
|
|
fi
|
|
|
|
# Download and install ADC binary
|
|
echo "Downloading ADC binary..."
|
|
ADC_VERSION="v0.21.0"
|
|
curl -sL "https://github.com/api7/adc/releases/download/${ADC_VERSION}/adc_${ADC_VERSION#v}_linux_amd64.tar.gz" -o /tmp/adc.tar.gz
|
|
tar -zxf /tmp/adc.tar.gz -C /tmp/
|
|
chmod +x /tmp/adc
|
|
mv /tmp/adc /usr/local/bin/adc
|
|
rm -f /tmp/adc.tar.gz
|
|
|
|
# Verify ADC installation
|
|
if ! command -v adc &> /dev/null; then
|
|
echo "ERROR: ADC installation failed"
|
|
exit 1
|
|
fi
|
|
echo "ADC installed successfully: $(adc version 2>/dev/null || echo ${ADC_VERSION})"
|
|
|
|
# Wait for API7 Gateway to be ready
|
|
echo "Waiting for API7 Gateway to be available..."
|
|
MAX_RETRIES=30
|
|
RETRY_COUNT=0
|
|
{{- if eq .Values.api7.backend "api7ee" }}
|
|
# For API7 EE, check the version endpoint
|
|
HEALTH_ENDPOINT="${API7_ADMIN_URL}/version"
|
|
{{- else }}
|
|
# For Apache APISIX, check the admin routes endpoint
|
|
HEALTH_ENDPOINT="${API7_ADMIN_URL}/apisix/admin/routes"
|
|
{{- end }}
|
|
|
|
while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
|
|
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" ${HEALTH_ENDPOINT} \
|
|
{{- if eq .Values.api7.backend "apisix" }}
|
|
-H "X-API-KEY: ${API7_ADMIN_KEY}" \
|
|
{{- end }}
|
|
--max-time 5 || echo "000")
|
|
|
|
if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "401" ]; then
|
|
echo "API7 Gateway is ready! (HTTP $HTTP_CODE)"
|
|
break
|
|
fi
|
|
echo "API7 Gateway not ready (HTTP $HTTP_CODE), retrying... ($RETRY_COUNT/$MAX_RETRIES)"
|
|
RETRY_COUNT=$((RETRY_COUNT + 1))
|
|
sleep 10
|
|
done
|
|
|
|
if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then
|
|
echo "ERROR: API7 Gateway not ready after $MAX_RETRIES attempts"
|
|
exit 1
|
|
fi
|
|
|
|
{{- if .Values.api7.tls.certManager.enabled }}
|
|
# Copy certificates to config directory
|
|
cp /etc/ssl/certs/tls.crt /tmp/tls.crt
|
|
cp /etc/ssl/certs/tls.key /tmp/tls.key
|
|
|
|
# Update certificate paths in config
|
|
sed -i 's|/etc/ssl/certs/tls.crt|/tmp/tls.crt|g' /config/adc-config.yaml
|
|
sed -i 's|/etc/ssl/certs/tls.key|/tmp/tls.key|g' /config/adc-config.yaml
|
|
{{- end }}
|
|
|
|
adc validate -f /config/adc-config.yaml || {
|
|
echo "ERROR: Configuration validation failed"
|
|
cat /config/adc-config.yaml
|
|
exit 1
|
|
}
|
|
|
|
# Sync configuration to API7
|
|
echo "Syncing configuration to API7 Gateway..."
|
|
adc sync -f /config/adc-config.yaml \
|
|
--backend {{ .Values.api7.backend | default "api7ee" }} \
|
|
--server ${API7_ADMIN_URL} \
|
|
--token ${API7_ADMIN_KEY} \
|
|
--gateway-group ${API7_GATEWAY_GROUP} \
|
|
{{- if .Values.api7.adc.tlsSkipVerify }}
|
|
--tls-skip-verify \
|
|
{{- end }}
|
|
--verbose || {
|
|
echo "ERROR: Failed to sync configuration"
|
|
exit 1
|
|
}
|
|
|
|
echo "✅ API7 configuration sync completed successfully!"
|
|
|
|
{{- if .Values.api7.autoPublish }}
|
|
# Auto-publish routes
|
|
echo "Auto-publishing routes..."
|
|
|
|
# Get list of services and routes
|
|
SERVICES=$(curl -s ${API7_ADMIN_URL}/apisix/admin/services \
|
|
-H "X-API-KEY: ${API7_ADMIN_KEY}" | jq -r '.list[].id' || echo "")
|
|
|
|
for SERVICE_ID in $SERVICES; do
|
|
echo "Publishing routes for service: $SERVICE_ID"
|
|
|
|
# Get routes for this service
|
|
ROUTES=$(curl -s ${API7_ADMIN_URL}/apisix/admin/services/${SERVICE_ID}/routes \
|
|
-H "X-API-KEY: ${API7_ADMIN_KEY}" | jq -r '.list[].id' || echo "")
|
|
|
|
for ROUTE_ID in $ROUTES; do
|
|
echo "Publishing route: $ROUTE_ID"
|
|
curl -X POST ${API7_ADMIN_URL}/apisix/admin/services/${SERVICE_ID}/routes/${ROUTE_ID}/publish \
|
|
-H "X-API-KEY: ${API7_ADMIN_KEY}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"gateway_group_id\": \"${API7_GATEWAY_GROUP}\"}" || {
|
|
echo "Warning: Failed to publish route $ROUTE_ID"
|
|
}
|
|
done
|
|
done
|
|
|
|
echo "✅ Routes published successfully!"
|
|
{{- end }}
|
|
|
|
# Display summary
|
|
echo ""
|
|
echo "=========================================="
|
|
echo "API7 Configuration Summary:"
|
|
echo "=========================================="
|
|
echo "Gateway URL: ${API7_ADMIN_URL}"
|
|
echo "Gateway Group: ${API7_GATEWAY_GROUP}"
|
|
echo "Hosts configured:"
|
|
{{- range .Values.api7.hosts }}
|
|
echo " - {{ . }}"
|
|
{{- end }}
|
|
{{- if .Values.api7.tls.enabled }}
|
|
echo "TLS: Enabled"
|
|
{{- end }}
|
|
{{- if .Values.api7.serviceDiscovery.enabled }}
|
|
echo "Service Discovery: Kubernetes"
|
|
{{- end }}
|
|
echo "=========================================="
|
|
echo ""
|
|
echo "Access your application at:"
|
|
{{- range .Values.api7.hosts }}
|
|
echo " {{ if $.Values.api7.tls.enabled }}https{{ else }}http{{ end }}://{{ . }}"
|
|
{{- end }}
|
|
env:
|
|
- name: ADC_VERBOSE
|
|
value: "{{ .Values.api7.adc.verbose | default true }}"
|
|
- name: API7_ADMIN_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "api7ee.fullname" . }}-api7-admin
|
|
key: admin-url
|
|
- name: API7_ADMIN_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "api7ee.fullname" . }}-api7-admin
|
|
key: admin-key
|
|
- name: API7_GATEWAY_GROUP
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "api7ee.fullname" . }}-api7-admin
|
|
key: gateway-group
|
|
volumeMounts:
|
|
- name: adc-config
|
|
mountPath: /config
|
|
readOnly: true
|
|
{{- if .Values.api7.tls.certManager.enabled }}
|
|
- name: tls-certs
|
|
mountPath: /etc/ssl/certs
|
|
readOnly: true
|
|
{{- end }}
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
volumes:
|
|
- name: adc-config
|
|
configMap:
|
|
name: {{ include "api7ee.fullname" . }}-adc-config
|
|
{{- if .Values.api7.tls.certManager.enabled }}
|
|
- name: tls-certs
|
|
secret:
|
|
secretName: {{ .Values.api7.tls.secretName | default (printf "%s-tls" (include "api7ee.fullname" .)) }}
|
|
{{- end }}
|
|
{{- end }}
|