KrakenD Integration

This guide provides comprehensive instructions for integrating KrakenD into KubeRocketCI. KrakenD is a high-performance, open-source API gateway that securely hides sensitive data and manages routing.

Prerequisites

Ensure that an ingress controller and kuberocketci-rbac are preinstalled on the cluster. You can install them using the resources available in the Cluster Add-Ons repository.

Installation

To streamline the installation of KrakenD in your environment, use the resources available in the Cluster Add-Ons repository. This method involves deploying KrakenD alongside the appropriate components, ensuring efficient management and integration into your infrastructure.

Configuration

1. KubeRocketCI API Gateway URL Configuration

To configure KrakenD as the API gateway, set the following parameter in the KubeRocketCI values.yaml file during installation or an upgrade:

  global:
    apiGatewayUrl: "https://api.example.com"

note

This URL should point to the ingress URL of the KrakenD API Gateway. By default, this value is left empty, which disables widgets.

2. Create krakenD secret that contains the following data

   • SONARQUBE_URL: Determine the URL of your SonarQube instance. For example: http://sonar.sonar:9000

   • SONARQUBE_TOKEN: Use SonarQube Integration guide for token generation(string in base64) ending with ':'.

     sonarqube_user_token="squ_19f5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx46b6"
     echo -n "${sonarqube_user_token}:" | base64

   • DEPTRACK_URL: Specify the api server URL of your Dependency-Track instance. For example: http://dependency-track-api-server.dependency-track:8080

   • DEPTRACK_TOKEN: Use the Dependency-Track Integration guide to generate the token.

   • OPENSEARCH_URL: Determine the URL of your OpenSearch instance. For example: https://opensearch-cluster-master.logging:9200

   • OPENSEARCH_CREDS: This field should contain the OpenSearch credentials in the format admin:<opensearch_admin_password>, encoded in base64. The OpenSearch password can be found in the opensearch-admin-creds secret within the logging namespace. To encode admin:<opensearch_admin_password> into Base64, execute the following command:

     echo -n "admin:MySecurePass123" | base64

   • JWK_URL: Determine the URL for obtaining the JWK. The format is: https://keycloak.example.com/auth/realms/<REALM_NAME>/protocol/openid-connect/certs

Manifests

apiVersion: v1
kind: Secret
metadata:
  name: krakend
  namespace: krakend
type: Opaque
stringData:
  SONARQUBE_URL: http://sonar.sonar:9000
  SONARQUBE_TOKEN: <sonarqube-token>
  DEPTRACK_URL: http://dependency-track-api-server.dependency-track:8080
  DEPTRACK_TOKEN: <dependency-track-token>
  OPENSEARCH_URL: https://opensearch-cluster-master.logging:9200
  OPENSEARCH_CREDS: <base64-encoded-credentials>
  JWK_URL: https://keycloak.example.com/auth/realms/<sharedService>/protocol/openid-connect/certs

External Secrets Operator

{
  "SONARQUBE_URL": "http://sonar.sonar:9000",
  "SONARQUBE_TOKEN": "<sonarqube-token>",
  "DEPTRACK_URL": "http://dependency-track-api-server.dependency-track:8080",
  "DEPTRACK_TOKEN": "<dependency-track-token>",
  "OPENSEARCH_URL": "https://opensearch-cluster-master.logging:9200",
  "OPENSEARCH_CREDS": "<base64-encoded-credentials>",
  "JWK_URL": "https://keycloak.example.com/auth/realms/<sharedService>/protocol/openid-connect/certs"
}

More details about External Secrets Operator integration can be found in the External Secrets Operator page. Cluster Add-Ons

• Install KubeRocketCI With Values File
• Cluster Add-Ons Overview
• SonarQube Integration
• DependencyTrack Integrate
• Keycloak Integrate
• Ingress Controller