cf2b786738
- Updated API7 gateway admin URL to use actual DP Manager service - Changed hosts to api7-demo.commandware.it (matching wildcard ingress) - Updated cert-manager issuer to cloudflare-acme-prod (existing in cluster) - Added gatewayService reference to actual gateway service name - Configured development values with API7 disabled for local testing - Enhanced production values with proper domains and security settings - Added support for multiple production domains - Configured proper rate limits and auth for production
105 lines
2.2 KiB
YAML
105 lines
2.2 KiB
YAML
# Production environment values for api7ee
|
|
# This file contains production-specific configuration overrides
|
|
|
|
global:
|
|
imageRegistry: "git.commandware.com"
|
|
imagePullSecrets:
|
|
- name: registry-secret
|
|
|
|
web:
|
|
replicaCount: 3
|
|
|
|
image:
|
|
tag: "v1.0.0" # Use specific version in production
|
|
pullPolicy: Always
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 15
|
|
|
|
api:
|
|
replicaCount: 5
|
|
|
|
image:
|
|
tag: "v1.0.0" # Use specific version in production
|
|
pullPolicy: Always
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 2000m
|
|
memory: 2Gi
|
|
requests:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 5
|
|
maxReplicas: 30
|
|
|
|
env:
|
|
- name: LOG_LEVEL
|
|
value: "warn"
|
|
- name: ENVIRONMENT
|
|
value: "production"
|
|
|
|
ingress:
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rate-limit: "100"
|
|
nginx.ingress.kubernetes.io/ssl-protocols: "TLSv1.2 TLSv1.3"
|
|
nginx.ingress.kubernetes.io/ssl-ciphers: "HIGH:!aNULL:!MD5"
|
|
|
|
podDisruptionBudget:
|
|
enabled: true
|
|
minAvailable: 2
|
|
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
interval: 15s
|
|
|
|
networkPolicy:
|
|
enabled: true
|
|
|
|
# API7 configuration for production
|
|
api7:
|
|
enabled: true
|
|
gateway:
|
|
adminUrl: http://api7ee3-0-1759339083-dp-manager.api7ee.svc.cluster.local:7900
|
|
adminKey: "${API7_ADMIN_KEY}" # Should be provided via secret in production
|
|
gatewayService: gateway-0-1759393614-gateway
|
|
hosts:
|
|
- api7-demo.commandware.it
|
|
- api7-demo.commandware.com # Additional production domain
|
|
tls:
|
|
enabled: true
|
|
certManager:
|
|
enabled: true
|
|
issuer: cloudflare-acme-prod
|
|
plugins:
|
|
rateLimit:
|
|
enabled: true
|
|
count: 1000 # Higher limits for production
|
|
timeWindow: 60
|
|
apiCount: 10000 # Much higher for API endpoints
|
|
cors:
|
|
enabled: true
|
|
allowOrigins: ["https://api7-demo.commandware.it", "https://api7-demo.commandware.com"]
|
|
allowCredentials: true
|
|
auth:
|
|
enabled: true # Enable auth in production
|
|
prometheus:
|
|
enabled: true
|
|
logging:
|
|
enabled: true
|
|
endpoint: http://logging-service.monitoring:8080/logs |