feat: Add independent Helm chart for API7 Developer Portal Frontend

[Claude]

Implements a standalone Helm chart for the API7 Developer Portal Frontend (Next.js app), separating it from the api7 umbrella chart. The frontend has its own PostgreSQL database for Better Auth user management and connects to the existing Portal API backend via URL + token.

Chart Structure

• Chart metadata: developer-portal-fe v0.1.0 (appVersion 0.5.7) with PostgreSQL 12.12.10 dependency
• Templates: Following api7 chart conventions with deployment, service, ingress, serviceaccount, configmap, and secret
• Helper functions: Standard naming, labeling, and template rendering utilities

Configuration Strategy

Environment variables injected via Kubernetes Secrets, referenced in config.yaml using ${VAR} placeholders:

# configmap.yaml - config file with placeholders
portal:
  url: "https://api7-developer-portal:4321"
  token: ${PORTAL_TOKEN}
db:
  url: ${DB_URL}
auth:
  secret: ${AUTH_SECRET}

# deployment.yaml - secrets mounted as env vars
env:
  - name: PORTAL_TOKEN
    valueFrom:
      secretKeyRef:
        name: {{ include "developer-portal-fe.secretName" . }}
        key: portal-token

Key Features

• Secrets management: Supports both inline values and existingSecret references for production use
• PostgreSQL: Optional built-in PostgreSQL 16 (10Gi storage) with easy external DB configuration
• TLS control: tlsRejectUnauthorized flag for development with self-signed certificates
• Health probes: HTTP checks on /healthz with configurable delays
• Ingress: Multi-version Kubernetes support (1.14+ to 1.19+)
• Flexibility: Extra env vars, volumes, topology spread constraints, resource overrides

Architecture

┌─────────────────────────────┐
│ api7 umbrella chart         │
│  ┌──────────────┐           │
│  │ Portal API   │           │
│  │ (backend)    │           │
│  │ :4321        │◄──────────┼─── portal.url + token
│  └──────────────┘           │
│  PostgreSQL (api7ee)        │
└─────────────────────────────┘

┌─────────────────────────────┐
│ developer-portal-fe chart   │
│  ┌──────────────┐           │
│  │ Frontend FE  │           │
│  │ (Next.js)    │           │
│  │ :3001        │           │
│  └──────────────┘           │
│  PostgreSQL (Better Auth)   │
└─────────────────────────────┘

Chart validates with helm lint and renders 10 Kubernetes resources with test values.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• charts.bitnami.com
  • Triggering command: /usr/local/bin/helm helm dependency update /home/REDACTED/.nvm/ROADMAP.md /home/REDACTED/.nvm/alias /home/REDACTED/.nvm/bash_completion /home/REDACTED/.nvm/install.sh /home/REDACTED/.nvm/nvm-exec /home/REDACTED/.nvm/nvm.sh /home/REDACTED/.nvm/package.json /home/REDACTED/.nvm/rename_test.sh /home/REDACTED/.nvm/test rev-�� --abbrev-ref HEAD nfig/composer/vendor/bin/git \#^[^v]# d; sed (dns block)
  • Triggering command: /usr/local/bin/helm helm repo add bitnami REDACTED /home/REDACTED/.nvm/bash_completion /home/REDACTED/.nvm/install.sh /home/REDACTED/.nvm/nvm-exec /home/REDACTED/.nvm/nvm.sh /home/REDACTED/.nvm/package.json /home/REDACTED/.nvm/rename_test.sh /home/REDACTED/.nvm/test rev-�� --abbrev-ref -linux/rg /usr/bin/base64 --abbrev-ref HEAD p/bin/git (dns block)
  • Triggering command: /usr/local/bin/helm helm dependency build /home/REDACTED/.nvm/ROADMAP.md /home/REDACTED/.nvm/alias /home/REDACTED/.nvm/bash_completion /home/REDACTED/.nvm/install.sh /home/REDACTED/.nvm/nvm-exec /home/REDACTED/.nvm/nvm.sh /home/REDACTED/.nvm/package.json /home/REDACTED/.nvm/rename_test.sh /home/REDACTED/.nvm/test -c f() { test "$1" = get && echo "******"; }; f stoOUTPUT f() { test "$1" = get && echo "******"; }; f sto-d tnet/tools/git --abbrev-ref HEAD /usr/bin/base64 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>feat: [PRD] API7 Developer Portal Frontend Helm Chart</issue_title>
<issue_description>## 1. 背景 (Background)

API7 开发者门户由两部分组成：

• Portal API（后端）：api7/api7-ee-developer-portal，监听端口 4321，已经作为 api7 umbrella chart 的一部分部署在 Kubernetes 中
• Developer Portal FE（前端）：api7/api7-ee-developer-portal-fe，监听端口 3001，基于 api7-portal-boilerplate 构建的 Next.js 应用，目前只有 Docker Compose 部署方式

本 PRD 的目标是为 Developer Portal FE 创建一个独立的 Helm Chart，使其可以在 Kubernetes 集群中部署。

参考文档：使用提供方门户设置开发者门户

---

2. 架构概览

┌─────────────────────────────────────────────────┐
│  api7 umbrella chart (已有)                       │
│  ┌──────────┐  ┌──────────┐  ┌──────────────┐   │
│  │ Dashboard │  │DP Manager│  │  Portal API  │   │
│  │  :7443    │  │  :7900   │  │ (后端) :4321 │   │
│  └──────────┘  └──────────┘  └──────┬───────┘   │
│                                      │           │
│                                PostgreSQL        │
│                                (共享 api7ee)      │
└──────────────────────────────────────┼───────────┘
                                       │ portal.url + portal.token
                                       │
┌──────────────────────────────────────┼───────────┐
│  developer-portal-fe chart (新建)     │           │
│  ┌──────────────────┐                │           │
│  │ Developer Portal  │◄──────────────┘           │
│  │ FE (Next.js)     │                            │
│  │  :3001           │                            │
│  └────────┬─────────┘                            │
│           │                                      │
│     PostgreSQL                                   │
│     (独立，用于 Better Auth 用户管理)               │
└──────────────────────────────────────────────────┘

关键区分：

• Portal API 后端（已有 chart）和 Developer Portal FE 前端（本 chart）使用不同的 PostgreSQL 数据库
• FE 通过 portal.url + portal.token 连接后端 Portal API
• FE 有自己的用户认证系统（Better Auth），数据存储在自己的 PostgreSQL 中

---

3. 应用运行时画像

3.1 Docker 镜像信息

属性	值
镜像	api7/api7-ee-developer-portal-fe
最新版本	v0.5.7
架构	linux/amd64, linux/arm64 (~85-86 MB)
基础镜像	Node.js 22 Alpine
容器端口	3001
配置文件路径	/app/apps/site/config.yaml
入口	./docker-entrypoint.sh → node apps/site/server.js

3.2 启动流程

docker-entrypoint.sh
  └─ preflight.js       # 验证数据库连通性 + Portal API 可用性
      └─ node apps/site/server.js   # 启动 Next.js 服务

3.3 Health Check

探针类型	路径	端口	协议
Liveness	/healthz	3001	HTTP
Readiness	/healthz	3001	HTTP

3.4 环境变量

变量	必需	说明
NODE_ENV	是	设为 production
PORT	是	服务端口（默认 3001）
HOSTNAME	是	监听地址（默认 0.0.0.0）
NODE_TLS_REJECT_UNAUTHORIZED	仅自签名证书场景	设为 0 跳过 TLS 验证
PORTAL_URL	是	API7 Portal API endpoint
PORTAL_TOKEN	是	从 Provider Portal 生成的 Token

3.5 配置文件 Schema

config.yaml 支持 ${VAR} 和 ${VAR:default} 环境变量模板语法。

完整 schema（来自 apps/site/config.yaml.example）：

# 必需 - Portal API 连接
portal:
  url: ${PORTAL_URL:http://provider-portal.api.local}
  token: ${PORTAL_TOKEN:}

# 必需 - 数据库
db:
  url: ""                              # PostgreSQL 连接字符串
  # pool:                              # 可选连接池配置
  #   max: 20
  #   min: 0
  #   idleTimeout: 30000
  # ssl: false

# 必需 - 认证
auth:
  secret: ""                           # 至少 32 字符
  # session:
  #   expiresIn: 604800               # 7 天（秒）
  #   updateAge: 86400                # 1 天
  # emailAndPassword:
  #   enabled: true
  # socialProviders:                  # GitHub, Google 等

# 可选 - 应用设置
app:
  name: "Developer Portal"
  baseURL: "http://localhost:3001"
  trustedOrigins:
    - "*"

3.6 依赖

依赖	版本	用途
PostgreSQL	15+	用户/组织数据存储（通过 Drizzle ORM）
API7 Portal API	-	后端 REST API（端口 4321）

---

4. Docker Compose → Helm Chart 映射

Docker Compose 组件	Helm Chart 资源	说明
developer-portal service	Deployment + Service + Ingress	镜像 api7/api7-ee-developer-portal-fe:v0.5.7
postgres service	子依赖 (bitnami/postgresql) 或外部连接	可选内置 PostgreSQL
config.yaml 挂载	ConfigMap（非敏感）+ Secret（敏感值通过环境变量注入）	挂载到 /app/apps/site/config.yaml
ports: "80:3001"	Service port 80 → containerPort 3001
NODE_TLS_REJECT_UNAUTHORIZED env	env in Deployment spec
volumes: postgres_data	PVC（通过 postgresql subchart 管理）

---

5. Chart 设计

5.1 Chart 元数据

# charts/developer-portal-fe/Chart.yaml
apiVersion: v2
name: developer-portal-fe
description: A Helm chart for API7 Developer Portal Frontend
type: application
version: 0.1.0
appVersion: "0.5.7"
maintainers:
  - name: API7
    email: support@api7.ai
    url: https://api7.ai
dependen...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes api7/api7-helm-chart#265

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}