demos/api7-demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f04862f6f7ecaa5ee21517ab2a9aa36993815472
api7-demo/helm/api7ee-demo-k8s/values.yaml
d.viti f04862f6f7
All checks were successful
Helm Chart Build / lint-only (push) Has been skipped
Details
Helm Chart Build / build-helm (push) Successful in 8s
Details
Build and Deploy / build-api (push) Successful in 46s
Details
Build and Deploy / build-web (push) Successful in 1m7s
Details
Configure Ingress to route traffic through API7 Gateway 
Modified Ingress configuration to route all traffic through the API7
Gateway (gateway-0-1759393614-gateway) instead of directly to application
services. This enables API7's advanced routing, rate limiting, CORS, and
other gateway features.

Changes:
- Updated ingress.yaml template to support gateway backend routing
- Modified values.yaml to route traffic to API7 Gateway service
- Disabled web and api services (now optional) as routing is handled by API7
- Removed nginx.ingress.kubernetes.io/rewrite-target annotation
- Maintained backward compatibility with legacy service-based routing

The Ingress now directs traffic to the API7 Gateway which handles all
routing logic defined in the ADC configuration.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-09 15:18:51 +02:00

316 lines
7.0 KiB
YAML
Raw Blame History

# Default values for api7ee.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
# Global image registry to use for all images
imageRegistry: ""
# Image pull secrets for all images
imagePullSecrets: []
# Configuration for the Web component
web:
enabled: false # Disabled when using API7 Gateway routing
replicaCount: 2
image:
registry: gitea.server_url # Will be replaced with actual Gitea URL
repository: gitea.repository/web # Will be replaced with actual repository path
pullPolicy: IfNotPresent
tag: "main" # Override with specific version
service:
type: ClusterIP
port: 8000
targetPort: 8000
annotations: {}
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
# Additional environment variables
env: []
# Liveness and readiness probes
healthProbes:
enabled: true # Set to false to disable both probes
livenessProbe:
enabled: true # Set to false to disable liveness probe
httpGet:
path: /docs
port: http
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
enabled: true # Set to false to disable readiness probe
httpGet:
path: /docs
port: http
initialDelaySeconds: 10
periodSeconds: 5
# Configuration for the API component
api:
enabled: false # Disabled when using API7 Gateway routing
replicaCount: 3
image:
registry: gitea.server_url # Will be replaced with actual Gitea URL
repository: gitea.repository/api # Will be replaced with actual repository path
pullPolicy: IfNotPresent
tag: "main" # Override with specific version
service:
type: ClusterIP
port: 8080
targetPort: 8080
annotations: {}
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 20
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 75
nodeSelector: {}
tolerations: []
affinity: {}
# Additional environment variables
env:
- name: LOG_LEVEL
value: "info"
# Liveness and readiness probes
healthProbes:
enabled: true # Set to false to disable both probes
livenessProbe:
enabled: true # Set to false to disable liveness probe
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
enabled: true # Set to false to disable readiness probe
httpGet:
path: /ready
port: http
initialDelaySeconds: 10
periodSeconds: 5
# Ingress configuration
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "cloudflare-acme-prod"
hosts:
- host: commandware.it
paths:
- path: /
pathType: Prefix
# Route to API7 Gateway instead of direct service
gateway:
serviceName: gateway-0-1759393614-gateway
port: 80
# Legacy configuration (commented out - use gateway instead)
# - path: /
# pathType: Prefix
# service: web # Routes to web service
# - path: /api
# pathType: Prefix
# service: api # Routes to API service
tls:
- secretName: api7ee-tls
hosts:
- commandware.it
# ServiceAccount configuration
serviceAccount:
create: true
annotations: {}
name: ""
# Pod Security Context
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
# Security Context for containers
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
# Network Policies
networkPolicy:
enabled: false
policyTypes:
- Ingress
- Egress
ingress: []
egress: []
# Pod Disruption Budget
podDisruptionBudget:
enabled: true
minAvailable: 1
# maxUnavailable: 1
# Monitoring and metrics
metrics:
enabled: false
serviceMonitor:
enabled: false
interval: 30s
path: /metrics
labels: {}
# ConfigMap for shared configuration
configMap:
data: {}
# Secrets for sensitive data
secrets:
create: false
data: {}
# API7 Gateway Configuration
api7:
enabled: true # Enable API7 ADC configuration
# ADC Container settings
adc:
image: ghcr.io/api7/adc:latest
imagePullPolicy: IfNotPresent
verbose: true
tlsSkipVerify: true # Required for dashboard self-signed certificate
# API7 Gateway connection
gateway:
# Use the Dashboard service for API7 Enterprise admin API (HTTPS required)
adminUrl: https://api7ee3-0-1759339083-dashboard:7443
adminKey: "" # Change this!
group: default
# Gateway service for traffic routing
gatewayService: gateway-0-1759393614-gateway
# Backend type (api7ee or apisix)
backend: api7ee
# Auto-publish routes after sync
autoPublish: true
# Hosts for routing (using wildcard domain from existing ingress)
hosts:
- commandware.it
# TLS/SSL Configuration
tls:
enabled: true
# Option 1: Use cert-manager
certManager:
enabled: true
issuer: cloudflare-acme-prod # ClusterIssuer name
issuerKind: ClusterIssuer # or Issuer
# Private key configuration
privateKey:
rotationPolicy: Always # Always or Never (cert-manager >= v1.18.0 default is Always)
# Option 2: Use existing secret
secretName: "" # Name of existing TLS secret
# Option 3: Provide certificates directly (not recommended for production)
certificate: ""
key: ""
# Service Discovery
serviceDiscovery:
enabled: true # Use Kubernetes service discovery
namespace: "" # Leave empty to use release namespace
# API7 Plugins Configuration
plugins:
# Standard Rate limiting (for /api route - per IP)
rateLimit:
enabled: true
count: 100
timeWindow: 60
rejectedCode: 429
keyType: "var"
key: "remote_addr"
# AI Rate limiting (for /api/llm route)
aiRateLimit:
enabled: true
limit: 100
timeWindow: 60
rejectedCode: 429
limitStrategy: "total_tokens"
# CORS configuration
cors:
enabled: true
allowOrigins: ["*"]
allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "PATCH"]
allowHeaders: ["*"]
exposeHeaders: ["*"]
maxAge: 3600
allowCredentials: false
# Authentication
auth:
enabled: false
header: X-API-Key
# Prometheus metrics
prometheus:
enabled: true
# Request logging
logging:
enabled: false
endpoint: http://logging-service:8080/logs
batchMaxSize: 1000
inactiveTimeout: 5
# API Consumers (for authentication)
consumers:
- username: demo-user
apiKey: demo-key-12345
- username: admin
apiKey: admin-key-67890
Reference in New Issue View Git Blame Copy Permalink