demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e995482bfda93ca69c4d5a0941990031e1f7dc60
api7-demo/helm/api7ee-demo-k8s/templates/configmap-adc.yaml
d.viti e995482bfd
All checks were successful
Helm Chart Build / lint-only (push) Has been skipped
Details
Helm Chart Build / build-helm (push) Successful in 9s
Details
Build and Deploy / build-api (push) Successful in 43s
Details
Build and Deploy / build-web (push) Successful in 1m1s
Details
Enable Kubernetes Service Discovery for API7 Gateway upstreams 
Configured API7 Gateway to use Kubernetes Service Discovery instead of
static upstream nodes. This enables dynamic discovery of backend Pods
through the Kubernetes API.

Benefits:
- Automatic scaling: New Pods are automatically added to upstream pool
- Health checks: Only healthy Pods receive traffic
- Zero downtime: Automatic updates during deployments and rollouts
- No manual upstream configuration needed

Changes:
- Updated configmap-adc.yaml to use discovery_type: kubernetes
- Service discovery queries Kubernetes API for Pod endpoints
- Falls back to static nodes if serviceDiscovery.enabled is false
- Added documentation in values.yaml explaining the feature

The RBAC permissions (services, endpoints watch) were already configured
in rbac-adc.yaml, so no additional permissions are needed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-09 15:24:29 +02:00

165 lines
6.8 KiB
YAML
Raw Blame History

{{- if .Values.api7.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "api7ee.fullname" . }}-adc-config
labels:
{{- include "api7ee.labels" . | nindent 4 }}
app.kubernetes.io/component: adc
data:
adc-config.yaml: |
services:
# Web Frontend Service
- name: {{ include "api7ee.fullname" . }}-web-service
hosts:
- {{ (first .Values.api7.hosts) | quote }}
upstream:
name: {{ include "api7ee.fullname" . }}-web-upstream
scheme: http
type: roundrobin
{{- if .Values.api7.serviceDiscovery.enabled }}
# Use Kubernetes Service Discovery
discovery_type: kubernetes
service_name: {{ include "api7ee.fullname" . }}-web
{{- if .Values.api7.serviceDiscovery.namespace }}
namespace_id: {{ .Values.api7.serviceDiscovery.namespace }}
{{- else }}
namespace_id: {{ .Release.Namespace }}
{{- end }}
{{- else }}
# Static nodes configuration
nodes:
- host: {{ include "api7ee.fullname" . }}-web.{{ .Release.Namespace }}.svc.cluster.local
port: {{ .Values.web.service.port }}
weight: 100
{{- end }}
routes:
# Route for web frontend (all paths except /api)
- name: {{ include "api7ee.fullname" . }}-web-route
uris:
- /*
vars:
- - uri
- "~~"
- "^(?!/api)"
priority: 1
plugins:
{{- if .Values.api7.tls.enabled }}
redirect:
http_to_https: true
{{- end }}
{{- if .Values.api7.plugins.cors.enabled }}
cors:
allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | join "," | quote }}
allow_methods: {{ .Values.api7.plugins.cors.allowMethods | join "," | quote }}
allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | join "," | quote }}
expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | join "," | quote }}
max_age: {{ .Values.api7.plugins.cors.maxAge }}
allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
{{- end }}
# API Backend Service
- name: {{ include "api7ee.fullname" . }}-api-service
hosts:
- {{ (first .Values.api7.hosts) | quote }}
upstream:
name: {{ include "api7ee.fullname" . }}-api-upstream
scheme: http
type: roundrobin
{{- if .Values.api7.serviceDiscovery.enabled }}
# Use Kubernetes Service Discovery
discovery_type: kubernetes
service_name: {{ include "api7ee.fullname" . }}-api
{{- if .Values.api7.serviceDiscovery.namespace }}
namespace_id: {{ .Values.api7.serviceDiscovery.namespace }}
{{- else }}
namespace_id: {{ .Release.Namespace }}
{{- end }}
{{- else }}
# Static nodes configuration
nodes:
- host: {{ include "api7ee.fullname" . }}-api.{{ .Release.Namespace }}.svc.cluster.local
port: {{ .Values.api.service.port }}
weight: 100
{{- end }}
routes:
# High priority route for LLM endpoints with AI rate limiting
- name: {{ include "api7ee.fullname" . }}-api-llm-route
uris:
- /api/llm
- /api/llm/*
priority: 20
plugins:
{{- if .Values.api7.tls.enabled }}
redirect:
http_to_https: true
{{- end }}
{{- if .Values.api7.plugins.cors.enabled }}
cors:
allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | join "," | quote }}
allow_methods: {{ .Values.api7.plugins.cors.allowMethods | join "," | quote }}
allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | join "," | quote }}
expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | join "," | quote }}
max_age: {{ .Values.api7.plugins.cors.maxAge }}
allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
{{- end }}
{{- if .Values.api7.plugins.aiRateLimit.enabled }}
ai-rate-limiting:
limit: {{ .Values.api7.plugins.aiRateLimit.limit }}
time_window: {{ .Values.api7.plugins.aiRateLimit.timeWindow }}
rejected_code: {{ .Values.api7.plugins.aiRateLimit.rejectedCode }}
limit_strategy: {{ .Values.api7.plugins.aiRateLimit.limitStrategy | quote }}
{{- end }}
# Standard API route with request rate limiting
- name: {{ include "api7ee.fullname" . }}-api-route
uris:
- /api
- /api/*
priority: 10
plugins:
{{- if .Values.api7.tls.enabled }}
redirect:
http_to_https: true
{{- end }}
{{- if .Values.api7.plugins.cors.enabled }}
cors:
allow_origins: {{ .Values.api7.plugins.cors.allowOrigins | join "," | quote }}
allow_methods: {{ .Values.api7.plugins.cors.allowMethods | join "," | quote }}
allow_headers: {{ .Values.api7.plugins.cors.allowHeaders | join "," | quote }}
expose_headers: {{ .Values.api7.plugins.cors.exposeHeaders | join "," | quote }}
max_age: {{ .Values.api7.plugins.cors.maxAge }}
allow_credential: {{ .Values.api7.plugins.cors.allowCredentials }}
{{- end }}
{{- if .Values.api7.plugins.rateLimit.enabled }}
limit-count:
count: {{ .Values.api7.plugins.rateLimit.count }}
time_window: {{ .Values.api7.plugins.rateLimit.timeWindow }}
rejected_code: {{ .Values.api7.plugins.rateLimit.rejectedCode }}
key_type: {{ .Values.api7.plugins.rateLimit.keyType | quote }}
key: {{ .Values.api7.plugins.rateLimit.key | quote }}
{{- end }}
{{- if .Values.api7.plugins.auth.enabled }}
# API Consumers for authentication
consumers:
{{- range .Values.api7.consumers }}
- username: {{ .username }}
plugins:
key-auth:
key: {{ .apiKey }}
{{- end }}
{{- end }}
{{- if .Values.api7.plugins.logging.enabled }}
# Global Rules
global_rules:
request-logging:
plugins:
http-logger:
uri: {{ .Values.api7.plugins.logging.endpoint }}
batch_max_size: {{ .Values.api7.plugins.logging.batchMaxSize | default 1000 }}
inactive_timeout: {{ .Values.api7.plugins.logging.inactiveTimeout | default 5 }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink