demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e995482bfda93ca69c4d5a0941990031e1f7dc60
api7-demo/helm/api7ee-demo-k8s/values.yaml
d.viti e995482bfd
All checks were successful
Helm Chart Build / lint-only (push) Has been skipped
Details
Helm Chart Build / build-helm (push) Successful in 9s
Details
Build and Deploy / build-api (push) Successful in 43s
Details
Build and Deploy / build-web (push) Successful in 1m1s
Details
Enable Kubernetes Service Discovery for API7 Gateway upstreams 
Configured API7 Gateway to use Kubernetes Service Discovery instead of
static upstream nodes. This enables dynamic discovery of backend Pods
through the Kubernetes API.

Benefits:
- Automatic scaling: New Pods are automatically added to upstream pool
- Health checks: Only healthy Pods receive traffic
- Zero downtime: Automatic updates during deployments and rollouts
- No manual upstream configuration needed

Changes:
- Updated configmap-adc.yaml to use discovery_type: kubernetes
- Service discovery queries Kubernetes API for Pod endpoints
- Falls back to static nodes if serviceDiscovery.enabled is false
- Added documentation in values.yaml explaining the feature

The RBAC permissions (services, endpoints watch) were already configured
in rbac-adc.yaml, so no additional permissions are needed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-09 15:24:29 +02:00

321 lines
7.3 KiB
YAML
Raw Blame History

# Default values for api7ee.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
# Global image registry to use for all images
imageRegistry: ""
# Image pull secrets for all images
imagePullSecrets: []
# Configuration for the Web component
web:
enabled: false # Disabled when using API7 Gateway routing
replicaCount: 2
image:
registry: gitea.server_url # Will be replaced with actual Gitea URL
repository: gitea.repository/web # Will be replaced with actual repository path
pullPolicy: IfNotPresent
tag: "main" # Override with specific version
service:
type: ClusterIP
port: 8000
targetPort: 8000
annotations: {}
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
# Additional environment variables
env: []
# Liveness and readiness probes
healthProbes:
enabled: true # Set to false to disable both probes
livenessProbe:
enabled: true # Set to false to disable liveness probe
httpGet:
path: /docs
port: http
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
enabled: true # Set to false to disable readiness probe
httpGet:
path: /docs
port: http
initialDelaySeconds: 10
periodSeconds: 5
# Configuration for the API component
api:
enabled: false # Disabled when using API7 Gateway routing
replicaCount: 3
image:
registry: gitea.server_url # Will be replaced with actual Gitea URL
repository: gitea.repository/api # Will be replaced with actual repository path
pullPolicy: IfNotPresent
tag: "main" # Override with specific version
service:
type: ClusterIP
port: 8080
targetPort: 8080
annotations: {}
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 20
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 75
nodeSelector: {}
tolerations: []
affinity: {}
# Additional environment variables
env:
- name: LOG_LEVEL
value: "info"
# Liveness and readiness probes
healthProbes:
enabled: true # Set to false to disable both probes
livenessProbe:
enabled: true # Set to false to disable liveness probe
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
enabled: true # Set to false to disable readiness probe
httpGet:
path: /ready
port: http
initialDelaySeconds: 10
periodSeconds: 5
# Ingress configuration
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "cloudflare-acme-prod"
hosts:
- host: commandware.it
paths:
- path: /
pathType: Prefix
# Route to API7 Gateway instead of direct service
gateway:
serviceName: gateway-0-1759393614-gateway
port: 80
# Legacy configuration (commented out - use gateway instead)
# - path: /
# pathType: Prefix
# service: web # Routes to web service
# - path: /api
# pathType: Prefix
# service: api # Routes to API service
tls:
- secretName: api7ee-tls
hosts:
- commandware.it
# ServiceAccount configuration
serviceAccount:
create: true
annotations: {}
name: ""
# Pod Security Context
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
# Security Context for containers
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
# Network Policies
networkPolicy:
enabled: false
policyTypes:
- Ingress
- Egress
ingress: []
egress: []
# Pod Disruption Budget
podDisruptionBudget:
enabled: true
minAvailable: 1
# maxUnavailable: 1
# Monitoring and metrics
metrics:
enabled: false
serviceMonitor:
enabled: false
interval: 30s
path: /metrics
labels: {}
# ConfigMap for shared configuration
configMap:
data: {}
# Secrets for sensitive data
secrets:
create: false
data: {}
# API7 Gateway Configuration
api7:
enabled: true # Enable API7 ADC configuration
# ADC Container settings
adc:
image: ghcr.io/api7/adc:latest
imagePullPolicy: IfNotPresent
verbose: true
tlsSkipVerify: true # Required for dashboard self-signed certificate
# API7 Gateway connection
gateway:
# Use the Dashboard service for API7 Enterprise admin API (HTTPS required)
adminUrl: https://api7ee3-0-1759339083-dashboard:7443
adminKey: "" # Change this!
group: default
# Gateway service for traffic routing
gatewayService: gateway-0-1759393614-gateway
# Backend type (api7ee or apisix)
backend: api7ee
# Auto-publish routes after sync
autoPublish: true
# Hosts for routing (using wildcard domain from existing ingress)
hosts:
- commandware.it
# TLS/SSL Configuration
tls:
enabled: true
# Option 1: Use cert-manager
certManager:
enabled: true
issuer: cloudflare-acme-prod # ClusterIssuer name
issuerKind: ClusterIssuer # or Issuer
# Private key configuration
privateKey:
rotationPolicy: Always # Always or Never (cert-manager >= v1.18.0 default is Always)
# Option 2: Use existing secret
secretName: "" # Name of existing TLS secret
# Option 3: Provide certificates directly (not recommended for production)
certificate: ""
key: ""
# Service Discovery
# When enabled, API7 Gateway dynamically discovers backend Pods through Kubernetes API
# instead of using static upstream nodes. This provides:
# - Automatic scaling: New Pods are automatically added to the upstream pool
# - Health checks: Only healthy Pods receive traffic
# - Zero downtime: Automatic updates during deployments and rollouts
serviceDiscovery:
enabled: true # Use Kubernetes service discovery
namespace: "" # Leave empty to use release namespace
# API7 Plugins Configuration
plugins:
# Standard Rate limiting (for /api route - per IP)
rateLimit:
enabled: true
count: 100
timeWindow: 60
rejectedCode: 429
keyType: "var"
key: "remote_addr"
# AI Rate limiting (for /api/llm route)
aiRateLimit:
enabled: true
limit: 100
timeWindow: 60
rejectedCode: 429
limitStrategy: "total_tokens"
# CORS configuration
cors:
enabled: true
allowOrigins: ["*"]
allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "PATCH"]
allowHeaders: ["*"]
exposeHeaders: ["*"]
maxAge: 3600
allowCredentials: false
# Authentication
auth:
enabled: false
header: X-API-Key
# Prometheus metrics
prometheus:
enabled: true
# Request logging
logging:
enabled: false
endpoint: http://logging-service:8080/logs
batchMaxSize: 1000
inactiveTimeout: 5
# API Consumers (for authentication)
consumers:
- username: demo-user
apiKey: demo-key-12345
- username: admin
apiKey: admin-key-67890
Reference in New Issue View Git Blame Copy Permalink