cf2b786738
- Updated API7 gateway admin URL to use actual DP Manager service - Changed hosts to api7-demo.commandware.it (matching wildcard ingress) - Updated cert-manager issuer to cloudflare-acme-prod (existing in cluster) - Added gatewayService reference to actual gateway service name - Configured development values with API7 disabled for local testing - Enhanced production values with proper domains and security settings - Added support for multiple production domains - Configured proper rate limits and auth for production
API7 Enterprise Edition Helm Chart
This Helm chart deploys the API7 Enterprise Edition demo application, consisting of a Web frontend and API backend service.
Prerequisites
- Kubernetes 1.19+
- Helm 3.8.0+
- PV provisioner support in the underlying infrastructure (optional)
- Ingress controller (e.g., NGINX Ingress Controller)
Installation
Add the Helm repository (if published)
helm repo add api7ee https://git.commandware.com/api/packages/demos/helm
helm repo update
Install the chart
# Install with default values
helm install my-api7ee ./helm/api7ee
# Install in a specific namespace
helm install my-api7ee ./helm/api7ee --namespace api7ee --create-namespace
# Install with custom values file
helm install my-api7ee ./helm/api7ee -f custom-values.yaml
Configuration
API7 Gateway Integration
This Helm chart includes automatic API7 Gateway configuration using ADC (API7 Declarative CLI). When api7.enabled is set to true, the chart will:
- Deploy ADC Configuration: Creates routes, services, and upstreams for your applications
- Configure TLS/SSL: Manages certificates via cert-manager or custom certificates
- Enable Service Discovery: Uses Kubernetes native service discovery
- Apply Security Policies: Configures rate limiting, CORS, and authentication
- Auto-publish Routes: Optionally publishes routes automatically after deployment
Key Configuration Options
| Parameter | Description | Default |
|---|---|---|
web.enabled |
Enable Web component | true |
web.replicaCount |
Number of Web replicas | 2 |
web.image.repository |
Web image repository | api7ee/web |
web.image.tag |
Web image tag | main |
web.service.port |
Web service port | 8000 |
api.enabled |
Enable API component | true |
api.replicaCount |
Number of API replicas | 3 |
api.image.repository |
API image repository | api7ee/api |
api.image.tag |
API image tag | main |
api.service.port |
API service port | 8080 |
ingress.enabled |
Enable ingress | true |
ingress.hosts[0].host |
Ingress hostname | demo.commandware.it |
api7.enabled |
Enable API7 ADC configuration | true |
api7.gateway.adminUrl |
API7 Gateway Admin API URL | http://api7-gateway.api7ee:9180 |
api7.hosts |
Hosts for API7 routing | [demo.commandware.it] |
api7.tls.certManager.enabled |
Use cert-manager for TLS | true |
api7.autoPublish |
Auto-publish routes | true |
Custom Values Examples
Configure API7 Gateway:
api7:
enabled: true
gateway:
adminUrl: http://your-api7-gateway:9180
adminKey: "your-admin-key-here"
group: production
hosts:
- api.yourdomain.com
tls:
certManager:
enabled: true
issuer: letsencrypt-prod
plugins:
rateLimit:
enabled: true
count: 1000
timeWindow: 60
auth:
enabled: true
consumers:
- username: api-client
apiKey: secure-api-key-12345
Using a private registry:
global:
imageRegistry: my-registry.example.com
imagePullSecrets:
- name: my-registry-secret
Enabling autoscaling:
web:
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 70
Custom resource limits:
api:
resources:
limits:
cpu: 2000m
memory: 2Gi
requests:
cpu: 1000m
memory: 1Gi
Upgrading
# Upgrade to a new version
helm upgrade my-api7ee ./helm/api7ee
# Upgrade with new values
helm upgrade my-api7ee ./helm/api7ee --set web.replicaCount=3
Uninstallation
# Uninstall the release
helm uninstall my-api7ee
# Uninstall from a specific namespace
helm uninstall my-api7ee --namespace api7ee
Monitoring
If metrics are enabled, the services expose Prometheus-compatible metrics:
metrics:
enabled: true
serviceMonitor:
enabled: true
interval: 30s
Troubleshooting
API7 ADC Sync Issues
If the ADC sync job fails:
# Check the job status
kubectl get jobs -l app.kubernetes.io/instance=my-api7ee
# View job logs
kubectl logs job/my-api7ee-adc-sync
# Manually run ADC sync
kubectl run adc-debug --rm -it --image=ghcr.io/api7/adc:latest -- /bin/sh
Verify API7 Configuration
# Check if routes are configured
curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/routes
# Check service discovery
curl -H "X-API-KEY: your-admin-key" http://api7-gateway:9180/apisix/admin/upstreams
Check deployment status:
kubectl get deployments -l app.kubernetes.io/instance=my-api7ee
View logs:
# Web component logs
kubectl logs -l app.kubernetes.io/instance=my-api7ee,app.kubernetes.io/component=web
# API component logs
kubectl logs -l app.kubernetes.io/instance=my-api7ee,app.kubernetes.io/component=api
Check HPA status:
kubectl get hpa -l app.kubernetes.io/instance=my-api7ee
Security Considerations
- Pod Security Context is configured to run as non-root user (UID 1000)
- Security Context drops all capabilities and prevents privilege escalation
- Read-only root filesystem is enabled
- Network policies can be enabled to restrict traffic
Support
For issues and questions, please contact support@commandware.com or visit https://git.commandware.com/demos/api7-demo