ed660dce5a
- Added OpenAI-compatible LLM endpoints to API backend - Introduced web frontend with Jinja2 templates and static assets - Implemented API proxy routes in web service - Added sample db.json data for items, users, orders, reviews, categories, llm_requests - Updated ADC and Helm configs for separate AI and standard rate limiting - Upgraded FastAPI, Uvicorn, and added httpx, Jinja2, python-multipart dependencies - Added API configuration modal and client-side JS for web app
299 lines
6.2 KiB
YAML
299 lines
6.2 KiB
YAML
# Default values for api7ee.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
global:
|
|
# Global image registry to use for all images
|
|
imageRegistry: ""
|
|
# Image pull secrets for all images
|
|
imagePullSecrets: []
|
|
|
|
# Configuration for the Web component
|
|
web:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
image:
|
|
registry: gitea.server_url # Will be replaced with actual Gitea URL
|
|
repository: gitea.repository/web # Will be replaced with actual repository path
|
|
pullPolicy: IfNotPresent
|
|
tag: "main" # Override with specific version
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 8000
|
|
targetPort: 8000
|
|
annotations: {}
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 250m
|
|
memory: 256Mi
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 2
|
|
maxReplicas: 10
|
|
targetCPUUtilizationPercentage: 80
|
|
targetMemoryUtilizationPercentage: 80
|
|
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
# Additional environment variables
|
|
env: []
|
|
|
|
# Liveness and readiness probes
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /docs
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /docs
|
|
port: http
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
|
|
# Configuration for the API component
|
|
api:
|
|
enabled: true
|
|
replicaCount: 3
|
|
|
|
image:
|
|
registry: gitea.server_url # Will be replaced with actual Gitea URL
|
|
repository: gitea.repository/api # Will be replaced with actual repository path
|
|
pullPolicy: IfNotPresent
|
|
tag: "main" # Override with specific version
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
targetPort: 8080
|
|
annotations: {}
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 20
|
|
targetCPUUtilizationPercentage: 70
|
|
targetMemoryUtilizationPercentage: 75
|
|
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
# Additional environment variables
|
|
env:
|
|
- name: LOG_LEVEL
|
|
value: "info"
|
|
|
|
# Liveness and readiness probes
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: http
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
|
|
# Ingress configuration
|
|
ingress:
|
|
enabled: true
|
|
className: "nginx"
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
cert-manager.io/cluster-issuer: "cloudflare-acme-prod"
|
|
|
|
hosts:
|
|
- host: api7-demo.commandware.it
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
service: web # Routes to web service
|
|
- path: /api
|
|
pathType: Prefix
|
|
service: api # Routes to API service
|
|
|
|
tls:
|
|
- secretName: api7ee-tls
|
|
hosts:
|
|
- api7-demo.commandware.it
|
|
|
|
# ServiceAccount configuration
|
|
serviceAccount:
|
|
create: true
|
|
annotations: {}
|
|
name: ""
|
|
|
|
# Pod Security Context
|
|
podSecurityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
|
|
# Security Context for containers
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
|
|
# Network Policies
|
|
networkPolicy:
|
|
enabled: false
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress: []
|
|
egress: []
|
|
|
|
# Pod Disruption Budget
|
|
podDisruptionBudget:
|
|
enabled: true
|
|
minAvailable: 1
|
|
# maxUnavailable: 1
|
|
|
|
# Monitoring and metrics
|
|
metrics:
|
|
enabled: false
|
|
serviceMonitor:
|
|
enabled: false
|
|
interval: 30s
|
|
path: /metrics
|
|
labels: {}
|
|
|
|
# ConfigMap for shared configuration
|
|
configMap:
|
|
data: {}
|
|
|
|
# Secrets for sensitive data
|
|
secrets:
|
|
create: false
|
|
data: {}
|
|
|
|
# API7 Gateway Configuration
|
|
api7:
|
|
enabled: true # Enable API7 ADC configuration
|
|
|
|
# ADC Container settings
|
|
adc:
|
|
image: ghcr.io/api7/adc:latest
|
|
imagePullPolicy: IfNotPresent
|
|
verbose: true
|
|
tlsSkipVerify: false # Set to true for self-signed certificates
|
|
|
|
# API7 Gateway connection
|
|
gateway:
|
|
# Use the actual DP Manager service for admin API
|
|
adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
|
|
adminKey: "edd1c9f034335f136f87ad84b625c8f1" # Change this!
|
|
group: default
|
|
# Gateway service for traffic routing
|
|
gatewayService: gateway-0-1759393614-gateway
|
|
|
|
# Backend type (api7ee or apisix)
|
|
backend: api7ee
|
|
|
|
# Auto-publish routes after sync
|
|
autoPublish: true
|
|
|
|
# Hosts for routing (using wildcard domain from existing ingress)
|
|
hosts:
|
|
- api7-demo.commandware.it
|
|
|
|
# TLS/SSL Configuration
|
|
tls:
|
|
enabled: true
|
|
# Option 1: Use cert-manager
|
|
certManager:
|
|
enabled: true
|
|
issuer: cloudflare-acme-prod # ClusterIssuer name
|
|
issuerKind: ClusterIssuer # or Issuer
|
|
# Option 2: Use existing secret
|
|
secretName: "" # Name of existing TLS secret
|
|
# Option 3: Provide certificates directly (not recommended for production)
|
|
certificate: ""
|
|
key: ""
|
|
|
|
# Service Discovery
|
|
serviceDiscovery:
|
|
enabled: true # Use Kubernetes service discovery
|
|
namespace: "" # Leave empty to use release namespace
|
|
|
|
# API7 Plugins Configuration
|
|
plugins:
|
|
# Standard Rate limiting (for /api route - per IP)
|
|
rateLimit:
|
|
enabled: true
|
|
count: 100
|
|
timeWindow: 60
|
|
rejectedCode: 429
|
|
keyType: "var"
|
|
key: "remote_addr"
|
|
|
|
# AI Rate limiting (for /api/llm route)
|
|
aiRateLimit:
|
|
enabled: true
|
|
limit: 100
|
|
timeWindow: 60
|
|
rejectedCode: 429
|
|
limitStrategy: "total_tokens"
|
|
|
|
# CORS configuration
|
|
cors:
|
|
enabled: true
|
|
allowOrigins: ["*"]
|
|
allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "PATCH"]
|
|
allowHeaders: ["*"]
|
|
exposeHeaders: ["*"]
|
|
maxAge: 3600
|
|
allowCredentials: false
|
|
|
|
# Authentication
|
|
auth:
|
|
enabled: false
|
|
header: X-API-Key
|
|
|
|
# Prometheus metrics
|
|
prometheus:
|
|
enabled: true
|
|
|
|
# Request logging
|
|
logging:
|
|
enabled: false
|
|
endpoint: http://logging-service:8080/logs
|
|
batchMaxSize: 1000
|
|
inactiveTimeout: 5
|
|
|
|
# API Consumers (for authentication)
|
|
consumers:
|
|
- username: demo-user
|
|
apiKey: demo-key-12345
|
|
- username: admin
|
|
apiKey: admin-key-67890
|