KrakenD Integration
This guide provides comprehensive instructions for integrating KrakenD into KubeRocketCI. KrakenD is a high-performance, open-source API gateway that securely hides sensitive data and manages routing.
Prerequisites​
Ensure that an ingress controller and kuberocketci-rbac are preinstalled on the cluster. You can install them using the resources available in the Cluster Add-Ons repository.
Installation
To streamline the installation of KrakenD in your environment, use the resources available in the Cluster Add-Ons repository. This method involves deploying KrakenD alongside the appropriate components, ensuring efficient management and integration into your infrastructure.
Once KrakenD is installed, update the KrakenD deployment configuration by adding the envFrom parameter with the secret name:
kubectl patch deployment krakend -n krakend --type=json -p='[{"op": "add", "path": "/spec/template/spec/containers/0/envFrom", "value": [{"secretRef": {"name": "krakend"}}]}]'
Configuration
- KubeRocketCI API Gateway URL Configuration
To configure KrakenD as the API gateway, set the following parameter in the KubeRocketCI values.yaml file during installation or an upgrade:
global:
apiGatewayUrl: "https://api.example.com"
This URL should point to the ingress URL of the KrakenD API Gateway. By default, this value is left empty, which disables widgets.
-
Create krakenD secret that contains the following data
-
SONARQUBE_URL: Determine the URL of your SonarQube instance. For example:
http://sonar.sonar:9000
-
SONARQUBE_TOKEN: Use SonarQube Integration guide for token generation(string in base64) ending with ':'.
sonarqube_user_token="squ_19f5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx46b6"
echo -n "${TOKEN}:" | base64-
DEPTRACK_URL: Specify the api server URL of your Dependency-Track instance. For example:
http://dependency-track-api-server.dependency-track:8080
-
DEPTRACK_TOKEN: Use the Dependency-Track Integration guide to generate the token.
-
JWK_URL: Determine the URL for obtaining the JWK. The format is:
https://keycloak.example.com/auth/realms/<REALM_NAME>/protocol/openid-connect/certs
-
- Manifests
- External Secrets Operator
apiVersion: v1
kind: Secret
metadata:
name: krakend
namespace: krakend
type: Opaque
stringData:
SONARQUBE_URL: http://sonar.sonar:9000
SONARQUBE_TOKEN: <sonarqube-token>
DEPTRACK_URL: http://dependency-track-api-server.dependency-track:8080
DEPTRACK_TOKEN: <dependency-track-token>
JWK_URL: https://keycloak.example.com/auth/realms/<sharedService>/protocol/openid-connect/certs
{
"SONARQUBE_URL": "http://sonar.sonar:9000",
"SONARQUBE_TOKEN": "<sonarqube-token>",
"DEPTRACK_URL": "http://dependency-track-api-server.dependency-track:8080",
"DEPTRACK_TOKEN": "<dependency-track-token>",
"JWK_URL": "https://keycloak.example.com/auth/realms/<sharedService>/protocol/openid-connect/certs"
}
More details about External Secrets Operator integration can be found in the External Secrets Operator page. Cluster Add-Ons