KrakenD Integration
This guide provides comprehensive instructions for integrating KrakenD into KubeRocketCI. KrakenD is a high-performance, open-source API gateway designed to securely manage requests, hide sensitive data, and optimize routing. It supports a wide variety of configuration options, including service discovery, caching, authorization, and rate limiting, allowing to tailor the gateway to the platform needs.
KubeRocketCI leverages KrakenD to integrate with various services, such as SonarQube, Dependency-Track, and OpenSearch. This integration enables the platform to retrieve data from these services and display it in the KubeRocketCI UI, providing users with a comprehensive overview of their projects and pipelines.
Configuration and Installation​
Ensure that an ingress controller and kuberocketci-rbac are preinstalled on the cluster. You can install them using the resources available in the Cluster Add-Ons repository.
Installation​
To streamline the installation of KrakenD in your environment, use the resources available in the Cluster Add-Ons repository. This method involves deploying KrakenD alongside the appropriate components, ensuring efficient management and integration into your infrastructure.
Configuration​
- KubeRocketCI API Gateway URL Configuration
To configure KrakenD as the API gateway, set the following parameter in the KubeRocketCI values.yaml file during installation or an upgrade:
global:
apiGatewayUrl: "https://api.example.com"
This URL should point to the ingress URL of the KrakenD API Gateway. By default, this value is left empty, which disables widgets.
-
Create krakenD secret that contains the following data
-
SONARQUBE_URL: Determine the URL of your SonarQube instance. For example:
http://sonar.sonar:9000
-
SONARQUBE_TOKEN: Use SonarQube Integration guide for token generation(string in base64) ending with ':'.
sonarqube_user_token="squ_19f5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx46b6"
echo -n "${sonarqube_user_token}:" | base64 -
DEPTRACK_URL: Specify the api server URL of your Dependency-Track instance. For example:
http://dependency-track-api-server.dependency-track:8080
-
DEPTRACK_TOKEN: Use the Dependency-Track Integration guide to generate the token.
-
OPENSEARCH_URL: Determine the URL of your OpenSearch instance. For example:
https://opensearch-cluster-master.logging:9200
-
OPENSEARCH_CREDS: This field should contain the OpenSearch credentials in the format
admin:<opensearch_admin_password>
, encoded in base64. The OpenSearch password can be found in theopensearch-admin-creds
secret within thelogging
namespace. To encodeadmin:<opensearch_admin_password>
into Base64, execute the following command:echo -n "admin:MySecurePass123" | base64
-
JWK_URL: Determine the URL for obtaining the JWK. The format is:
https://keycloak.example.com/auth/realms/<REALM_NAME>/protocol/openid-connect/certs
-
- Manifests
- External Secrets Operator
apiVersion: v1
kind: Secret
metadata:
name: krakend
namespace: krakend
type: Opaque
stringData:
SONARQUBE_URL: http://sonar.sonar:9000
SONARQUBE_TOKEN: <sonarqube-token>
DEPTRACK_URL: http://dependency-track-api-server.dependency-track:8080
DEPTRACK_TOKEN: <dependency-track-token>
OPENSEARCH_URL: https://opensearch-cluster-master.logging:9200
OPENSEARCH_CREDS: <base64-encoded-credentials>
JWK_URL: https://keycloak.example.com/auth/realms/<sharedService>/protocol/openid-connect/certs
{
"SONARQUBE_URL": "http://sonar.sonar:9000",
"SONARQUBE_TOKEN": "<sonarqube-token>",
"DEPTRACK_URL": "http://dependency-track-api-server.dependency-track:8080",
"DEPTRACK_TOKEN": "<dependency-track-token>",
"OPENSEARCH_URL": "https://opensearch-cluster-master.logging:9200",
"OPENSEARCH_CREDS": "<base64-encoded-credentials>",
"JWK_URL": "https://keycloak.example.com/auth/realms/<sharedService>/protocol/openid-connect/certs"
}
More details about External Secrets Operator integration can be found in the External Secrets Operator page. Cluster Add-Ons