Skip to main content
Version: 3.11-dev

KrakenD Integration

This guide provides comprehensive instructions for integrating KrakenD into KubeRocketCI. KrakenD is a high-performance, open-source API gateway that securely hides sensitive data and manages routing.

Prerequisites​

Ensure that an ingress controller and kuberocketci-rbac are preinstalled on the cluster. You can install them using the resources available in the Cluster Add-Ons repository.

Installation

To streamline the installation of KrakenD in your environment, use the resources available in the Cluster Add-Ons repository. This method involves deploying KrakenD alongside the appropriate components, ensuring efficient management and integration into your infrastructure.

Configuration

  1. KubeRocketCI API Gateway URL Configuration

To configure KrakenD as the API gateway, set the following parameter in the KubeRocketCI values.yaml file during installation or an upgrade:

  global:
apiGatewayUrl: "https://api.example.com"
note

This URL should point to the ingress URL of the KrakenD API Gateway. By default, this value is left empty, which disables widgets.

  1. Create krakenD secret that contains the following data

    • SONARQUBE_URL: Determine the URL of your SonarQube instance. For example: http://sonar.sonar:9000

    • SONARQUBE_TOKEN: Use SonarQube Integration guide for token generation(string in base64) ending with ':'.

      sonarqube_user_token="squ_19f5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx46b6"
      echo -n "${sonarqube_user_token}:" | base64
    • DEPTRACK_URL: Specify the api server URL of your Dependency-Track instance. For example: http://dependency-track-api-server.dependency-track:8080

    • DEPTRACK_TOKEN: Use the Dependency-Track Integration guide to generate the token.

    • OPENSEARCH_URL: Determine the URL of your OpenSearch instance. For example: https://opensearch-cluster-master.logging:9200

    • OPENSEARCH_CREDS: This field should contain the OpenSearch credentials in the format admin:<opensearch_admin_password>, encoded in base64. The OpenSearch password can be found in the opensearch-admin-creds secret within the logging namespace. To encode admin:<opensearch_admin_password> into Base64, execute the following command:

      echo -n "admin:MySecurePass123" | base64
    • JWK_URL: Determine the URL for obtaining the JWK. The format is: https://keycloak.example.com/auth/realms/<REALM_NAME>/protocol/openid-connect/certs

{
"SONARQUBE_URL": "http://sonar.sonar:9000",
"SONARQUBE_TOKEN": "<sonarqube-token>",
"DEPTRACK_URL": "http://dependency-track-api-server.dependency-track:8080",
"DEPTRACK_TOKEN": "<dependency-track-token>",
"OPENSEARCH_URL": "https://opensearch-cluster-master.logging:9200",
"OPENSEARCH_CREDS": "<base64-encoded-credentials>",
"JWK_URL": "https://keycloak.example.com/auth/realms/<sharedService>/protocol/openid-connect/certs"
}

More details about External Secrets Operator integration can be found in the External Secrets Operator page. Cluster Add-Ons