diff --git a/docs/assets/operator-guide/extensions/argo-cd-krakend.png b/docs/assets/operator-guide/extensions/argo-cd-krakend.png deleted file mode 100644 index 93970fbbd4..0000000000 Binary files a/docs/assets/operator-guide/extensions/argo-cd-krakend.png and /dev/null differ diff --git a/docs/operator-guide/ci/tekton-long-term-storage.md b/docs/operator-guide/ci/tekton-long-term-storage.md index 5f9badf6ab..2860b6a78b 100644 --- a/docs/operator-guide/ci/tekton-long-term-storage.md +++ b/docs/operator-guide/ci/tekton-long-term-storage.md @@ -118,4 +118,3 @@ In this example, the PGO (PostgreSQL Operator) is used for the Tekton Results da * [Add Application](../../user-guide/add-application.md) * [Install Tekton](../install-tekton.md) * [Install KubeRocketCI](../install-kuberocketci.md) -* [KrakenD API Gateway](../extensions/krakend.md) diff --git a/docs/operator-guide/extensions/git-discovery.md b/docs/operator-guide/extensions/git-discovery.md index 9c47baa27a..efffe4f918 100644 --- a/docs/operator-guide/extensions/git-discovery.md +++ b/docs/operator-guide/extensions/git-discovery.md @@ -17,10 +17,6 @@ This page describes installation of the [GitFusion](https://github.com/KubeRocke GitFusion enhances the developer experience by facilitating automated discovery of Git repositories, remote branches, and organizational structures across multiple Git providers. The service operates as an intermediary layer, securing communication between the KubeRocketCI portal and Git infrastructure while enabling rich repository browsing capabilities. -## Prerequisites - -To install GitFusion, ensure that a [KrakenD](./krakend.md) instance is installed and configured using [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/krakend). - ## Installation :::warning @@ -36,58 +32,6 @@ To enable the GitFusion integration in KubeRocketCI, follow the steps below: enable: true ``` -2. Configure the KrakenD API Gateway to expose GitFusion endpoints by modifying its routing configuration. - - :::note - Reference KrakenD configurations in the [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/krakend) repository. - For more information on how to work with edp-cluster-add-ons, please refer to the [Install via Add-Ons](../add-ons-overview.md) page. - ::: - - 1. Clone your forked copy of the [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository. - - 2. Verify that KrakenD configuration includes the GitFusion API endpoints. If missing, add them in two steps: - 1. Navigate to the KrakenD configuration directory at `clusters//addons/krakend`. - 2. Update the [values.yaml](https://github.com/epam/edp-cluster-add-ons/blob/main/clusters/core/addons/krakend/values.yaml#L202-#L346) file to include the necessary GitFusion API endpoint definitions. - - 3. Configure the KrakenD secret to include GitFusion service connectivity details. - - :::note - The `GITFUSION_URL` variable should point to the GitFusion service URL, e.g., `http://gitfusion.krci:8080`. - ::: - - Modify the `krakend` secret configuration to include the `GITFUSION_URL` environment variable: - - ```yaml title="KrakenD secret" - kind: Secret - apiVersion: v1 - metadata: - name: krakend - namespace: krakend - data: - ... - GITFUSION_URL: http://gitfusion.krci:8080 - type: Opaque - ``` - - For environments utilizing External Secrets Operator with AWS Parameter Store, add the `GITFUSION_URL` variable to Parameter Store configuration: - - ```yaml title="AWS Parameter Store" - { - "SONARQUBE_URL": "http://sonar.sonar:9000", - "SONARQUBE_TOKEN": "", - "DEPTRACK_URL": "http://dependency-track-api-server.dependency-track:8080", - "DEPTRACK_TOKEN": "", - "JWK_URL": "https://keycloak.example.com/realms//protocol/openid-connect/certs", - "OPENSEARCH_URL": "https://opensearch-cluster-master.logging:9200", - "OPENSEARCH_CREDS": "", - "GITFUSION_URL": "http://gitfusion.krci:8080" - } - ``` - - 4. Save modifications by committing and pushing the updated files to the `edp-cluster-add-ons` repository. - - 5. Apply the configuration changes by accessing Argo CD and synchronizing the KrakenD application deployment. - ## Verification Once GitFusion deployment is complete, validate the integration functionality through the following testing procedures: @@ -120,4 +64,3 @@ Once GitFusion deployment is complete, validate the integration functionality th * [Add Application](../../user-guide/add-application.md) * [Manage Branches](../../user-guide/manage-branches.md) -* [KrakenD Integration](./krakend.md) diff --git a/docs/operator-guide/extensions/krakend.md b/docs/operator-guide/extensions/krakend.md deleted file mode 100644 index 94999438db..0000000000 --- a/docs/operator-guide/extensions/krakend.md +++ /dev/null @@ -1,281 +0,0 @@ ---- - -title: "KrakenD Integration" -description: "Integrate KrakenD with KubeRocketCI for enhanced API management, including service discovery, caching, and security features like JWT authentication." -sidebar_label: "KrakenD" - ---- - - -import Tabs from '@theme/Tabs'; -import TabItem from '@theme/TabItem'; - -# KrakenD Integration - - - - - -This guide explains how to integrate KrakenD with KubeRocketCI. [KrakenD](https://www.krakend.io/docs/) is a fast, open-source API gateway that helps manage requests, protect sensitive data, and optimize routing. It offers options for service discovery, caching, authorization, and rate limiting, which can be customized for the platform. - -KubeRocketCI uses KrakenD to connect with services like SonarQube, Dependency-Track, OpenSearch, and GitFusion. This integration allows the platform to fetch data from these services and show it in the KubeRocketCI portal, giving users a clear view of their projects and pipelines. For enhanced security, KrakenD uses JWT tokens from Identity Providers (such as Keycloak or Microsoft Entra ID) to authenticate and authorize requests. - -## Prerequisites - -To integrate KrakenD with KubeRocketCI, ensure the following prerequisites are met: - -- An [Ingress Controller](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/ingress-nginx) is installed and configured. -- A [Keycloak](../auth/keycloak.md) instance is installed and configured with the necessary settings from the [kuberocketci-rbac](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/kuberocketci-rbac) repository. -- A [SonarQube](../code-quality/sonarqube.md) instance is installed and configured. -- A [Dependency-Track](../devsecops/dependency-track.md) instance is installed and configured. -- (Optional) An [OpenSearch](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/opensearch) instance is installed and configured (required for the [Long-Term Storage](../ci/tekton-long-term-storage.md) feature). -- (Optional) The [External Secrets Operator](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/external-secrets) is installed. - -## Installation - -There are two approaches to install KrakenD using [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository: using Argo CD and using Helm. - -### Approach 1: Deploy Using Argo CD - -The first approach is to deploy KrakenD using Argo CD. Follow the steps below to install KrakenD using Argo CD: - -1. Clone the forked [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository. - -2. Navigate to the `clusters/core/addons/krakend` directory and configure the `values.yaml` file with the necessary values for the KrakenD installation. - -3. After configuring the KrakenD Helm chart values, navigate to the `clusters/core/apps` directory. In the `values.yaml` file, update the `krakend` section by specifying the `enable` field as `true` to enable Argo CD Application creation for the KrakenD: - - ```yaml - krakend: - enable: true - ``` - -4. Commit and push the changes to the remote repository. After the changes are pushed, navigate to the Argo CD and sync the KrakenD application. Verify that the KrakenD is successfully deployed: - - ![Argo CD KrakenD](../../assets/operator-guide/extensions/argo-cd-krakend.png) - -### Approach 2: Deploy Using Helm - -The second approach is to deploy KrakenD using Helm. Follow the steps below to install KrakenD using Helm: - -1. Clone the forked [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository. - -2. Navigate to the `clusters/core/addons/krakend` directory and configure the `values.yaml` file with the necessary values for the KrakenD installation. - -3. After configuring the KrakenD Helm chart values, run the following command to deploy the KrakenD: - - ```bash - helm upgrade --install krakend . -n krakend --create-namespace - ``` - -4. Verify that the KrakenD is successfully deployed. - -## Create Access Tokens - -To integrate KrakenD with KubeRocketCI, it is necessary to create access tokens for the services that KrakenD will connect to. Follow the guides below to generate the necessary tokens for each service: - -### SonarQube - -To generate an access token for SonarQube, follow the steps below: - -:::note -It is also possible to use the existing SonarQube user "view-user" to generate an access token. This user is created by default during the [sonar-operator](https://github.com/epam/edp-cluster-add-ons/blob/main/clusters/core/addons/sonar-operator/templates/sonar/user_view.yaml) installation process. -::: - -1. Log in to SonarQube as an administrator: - - ![SonarQube Login](../../assets/operator-guide/extensions/sonarqube-login.png) - -2. Navigate to the **Administration** tab and click **Security**. Select **Users** to navigate to the user management page: - - ![SonarQube Administration](../../assets/operator-guide/extensions/sonarqube-administration.png) - -3. In the user management page, click the **Create User** button to create a new user: - - ![SonarQube Create User](../../assets/operator-guide/extensions/sonarqube-create-user.png) - -4. Fill in the user details and click the **Create** button to create the user: - - ![SonarQube User Details](../../assets/operator-guide/extensions/sonarqube-user-details.png) - -5. After creating, find the user in the list and click the **Update Groups** button. In the opened dialog, navigate to the **Unselected** tab and select the checkbox for the **view-group** group. Click the **Reload** button to apply the changes: - - ![SonarQube Update Groups](../../assets/operator-guide/extensions/sonarqube-update-groups.png) - -6. After updating the groups, click the **Update Tokens** button to generate a token for the user. Fill in the token name and click the **Generate** button to create the token. Copy the generated token for use in the KrakenD configuration: - - ![SonarQube Update Tokens](../../assets/operator-guide/extensions/sonarqube-update-tokens.png) - -7. After generating the token, save it in a secure location for further use. - -### Dependency-Track - -To generate an access token for Dependency-Track, follow the steps below: - -1. Log in to Dependency-Track as an administrator: - - ![Dependency-Track Login](../../assets/operator-guide/extensions/dependency-track-login.png) - -2. In the left sidebar menu, navigate to the **Administration** tab. Click **Access Management** and select **Teams**: - - ![Dependency-Track Access Management](../../assets/operator-guide/extensions/dependency-track-access-management.png) - -3. In the team list, click the **Create Team** button to create a new team. Fill in the team name and click the **Create** button to create the team: - - ![Dependency-Track Create Team](../../assets/operator-guide/extensions/dependency-track-create-team.png) - -4. After creating the team, click the team name to navigate to the team details. In the **Permissions** section, add the **VIEW_PORTFOLIO** permission. In the **API Keys** section, generate a new API key. Copy the generated API key for use in the KrakenD configuration: - - ![Dependency-Track Team Details](../../assets/operator-guide/extensions/dependency-track-team-details.png) - -5. After generating the API key, save it in a secure location for further use. - -### OpenSearch - -In the case of OpenSearch, there is no need to generate an access token. Instead, the OpenSearch user credentials are used to authenticate requests. To create the user for KrakenD integration with OpenSearch, follow the steps below: - -1. Log in to the OpenSearch instance as an administrator: - - ![OpenSearch Login](../../assets/operator-guide/extensions/opensearch-login-page.png) - -2. In the left sidebar menu, navigate to the **Management** tab and select the **Security** section: - - ![OpenSearch Security](../../assets/operator-guide/extensions/opensearch-security.png) - -3. In the security settings, select the **Internal users** tab and click **Create internal user**: - - ![OpenSearch Internal Users](../../assets/operator-guide/extensions/opensearch-internal-users.png) - -4. Fill in the username and password for the new user. In the **Backend roles** section, assign the **logstash** role. Click the **Create** button to create the user: - - ![OpenSearch Create User](../../assets/operator-guide/extensions/opensearch-create-user.png) - -5. After creating the user, save the username and password in a secure location for further use. - -## Configuration - -:::note -It is highly recommended to use the [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository to install and configure the necessary services for KrakenD integration. -For more details, refer to the [Installation via Add-Ons](../add-ons-overview.md) page. -::: - -To configure KrakenD as the API gateway for KubeRocketCI, follow the steps below: - -1. Define the KrakenD API gateway URL: - - It is necessary to define the KrakenD API gateway URL during platform installation or update process. In the [edp-install](https://github.com/epam/edp-install) repository, specify the `apiGatewayUrl` parameter in the `global` section of the `values.yaml` file: - - ```yaml - global: - apiGatewayUrl: "https://api.example.com" - ``` - - :::note - This URL should point to the ingress URL of the KrakenD API Gateway. By default, this [value](https://github.com/epam/edp-install/blob/v3.13.5/deploy-templates/values.yaml#L16) is left empty, which means that the widgets are disabled by default. - ::: - -2. Define the KrakenD secret: - - To allow KrakenD to connect to the services, it is necessary to create a secret with the required credentials and URLs. The secret should contain the following fields: - - - **SONARQUBE_URL**: The URL of the SonarQube instance. For example: `http://sonar.sonar:9000` - - - **SONARQUBE_TOKEN**: The access token, generated during the [SonarQube Access Token creation](#sonarqube) step. The token should be encoded in base64 format. To encode the token into Base64, execute the following command: - - :::warning - It is necessary to add a colon `:` at the end of the token before encoding it. - ::: - - ```bash - sonarqube_user_token="squ_19f5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx46b6" - echo -n "${sonarqube_user_token}:" | base64 - ``` - - - **DEPTRACK_URL**: The API Server URL of the Dependency-Track instance. For example: `http://dependency-track-api-server.dependency-track:8080` - - - **DEPTRACK_TOKEN**: The API key, generated during the [Dependency-Track Access Token creation](#dependency-track) step. Not required to encode in base64 format. - - - **OPENSEARCH_URL**: The URL of the OpenSearch instance. For example: `https://opensearch-cluster-master.logging:9200` - - - **OPENSEARCH_CREDS**: The user credentials, created during the [OpenSearch User creation](#opensearch) step. The credentials should be encoded in base64 format. To encode the credentials into Base64, execute the following command: - - ```bash - echo -n "admin:MySecurePass123" | base64 - ``` - - - **GITFUSION_URL**: The URL of the [GitFusion](https://github.com/KubeRocketCI/gitfusion) instance. For example: `http://gitfusion.:8080` - - :::note - The `` should be replaced with the actual namespace where GitFusion is deployed. - ::: - - - **JWK_URL**: The URL of the Identity Provider (Keycloak or Microsoft Entra ID) to fetch the JSON Web Key (JWK) set. - - - For Keycloak, the URL should be in the following format: `https://keycloak.example.com/auth/realms//protocol/openid-connect/certs`. - - For Microsoft Entra ID, the URL should be in the following format: `https://login.microsoftonline.com/common/discovery/v2.0/keys`. - - The secret can be specified in the following ways: - - - Using YAML manifest: - - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: krakend - namespace: krakend - type: Opaque - stringData: - SONARQUBE_URL: http://sonar.sonar:9000 - SONARQUBE_TOKEN: - DEPTRACK_URL: http://dependency-track-api-server.dependency-track:8080 - DEPTRACK_TOKEN: - OPENSEARCH_URL: https://opensearch-cluster-master.logging:9200 - OPENSEARCH_CREDS: - GITFUSION_URL: http://gitfusion.:8080 - JWK_URL: https://keycloak.example.com/auth/realms//protocol/openid-connect/certs - ``` - - - Using External Secrets Operator: - - To define the secret using the External Secrets Operator, it is necessary to create an AWS Parameter Store object with the required fields. The object should contain the following fields: - - ```json title="AWS Parameter Store Object" - { - "SONARQUBE_URL": "http://sonar.sonar:9000", - "SONARQUBE_TOKEN": "", - "DEPTRACK_URL": "http://dependency-track-api-server.dependency-track:8080", - "DEPTRACK_TOKEN": "", - "OPENSEARCH_URL": "https://opensearch-cluster-master.logging:9200", - "OPENSEARCH_CREDS": "", - "GITFUSION_URL": "http://gitfusion.:8080", - "JWK_URL": "https://keycloak.example.com/auth/realms//protocol/openid-connect/certs" - } - ``` - - Specify the External Secrets Operator configuration in `values.yaml` file of the [KrakenD](https://github.com/epam/edp-cluster-add-ons/blob/main/clusters/core/addons/krakend/values.yaml#L221) Helm chart: - - ```yaml title="values.yaml" - eso: - # -- Install components of the ESO. - enabled: true - # -- Defines provider type. One of `aws` or `generic`. - type: "aws" - # -- Defines Secret Store name. - secretStoreName: "aws-parameterstore" - # -- Value name in AWS ParameterStore, AWS SecretsManager or other Secret Store. - secretName: "/infra/core/addons/krakend" - # -- Role ARN for the ExternalSecretOperator to assume. - roleArn: arn:aws:iam::012345678910:role/AWSIRSA_Shared_ExternalSecretOperatorAccess - ``` - - More details about External Secrets Operator integration can be found in the [External Secrets Operator](../secrets-management/install-external-secrets-operator.md) page. - -## Related Articles - -* [Install KubeRocketCI With Values File](../install-kuberocketci.md) -* [Install via Add-Ons](../add-ons-overview.md) -* [SonarQube Integration](../code-quality/sonarqube.md) -* [Integrate Dependency-Track](../devsecops/dependency-track.md) -* [Install Keycloak](../auth/keycloak.md) -* [Install NGINX Ingress Controller](../install-ingress-nginx.md) diff --git a/docs/operator-guide/infrastructure-providers/atlantis-installation.md b/docs/operator-guide/infrastructure-providers/atlantis-installation.md index 5fa63618d5..349574cff5 100644 --- a/docs/operator-guide/infrastructure-providers/atlantis-installation.md +++ b/docs/operator-guide/infrastructure-providers/atlantis-installation.md @@ -658,7 +658,7 @@ The first approach is to deploy Atlantis using Argo CD. Follow the steps below t 4. Commit and push the changes to the remote repository. After the changes are pushed, navigate to the Argo CD and sync the Atlantis application. Verify that the Atlantis is successfully deployed: - ![Argo CD KrakenD](../../assets/operator-guide/infrastructure-providers/argo-cd-atlantis.png) + ![Argo CD Atlantis](../../assets/operator-guide/infrastructure-providers/argo-cd-atlantis.png) ### Approach 2: Deploy Using Helm diff --git a/docs/operator-guide/upgrade/upgrade-edp-3.10.md b/docs/operator-guide/upgrade/upgrade-edp-3.10.md index f456c0c464..2f4706228f 100644 --- a/docs/operator-guide/upgrade/upgrade-edp-3.10.md +++ b/docs/operator-guide/upgrade/upgrade-edp-3.10.md @@ -245,7 +245,7 @@ Starting from version 3.10, the Tekton Dashboard is no longer installed with Kub By default, in version 3.10, Code Quality widgets are disabled. To enable them, follow these steps: - 1. **Install KrakenD**: For detailed installation instructions, refer to the [KrakenD installation guide](../extensions/krakend.md). + 1. **Install KrakenD**: For detailed installation instructions, refer to the [KrakenD documentation](https://www.krakend.io/docs/). 2. **Configure the `values.yaml` file**: In the **edp-install** chart, set the `apiGatewayUrl` key to specify the API URL of KrakenD as configured during its installation. ```yaml title="values.yaml" diff --git a/docs/operator-guide/upgrade/upgrade-krci-3.12.md b/docs/operator-guide/upgrade/upgrade-krci-3.12.md index 6e5696cad6..50d2f722da 100644 --- a/docs/operator-guide/upgrade/upgrade-krci-3.12.md +++ b/docs/operator-guide/upgrade/upgrade-krci-3.12.md @@ -445,7 +445,7 @@ Kaniko is still used by default. To switch between Kaniko and BuildKit, set the ::: :::note - For more details about KrakenD integration with KubeRocketCI, refer to the [KrakenD installation](../extensions/krakend.md) guide. + For more details about KrakenD integration with KubeRocketCI, refer to the [KrakenD documentation](https://www.krakend.io/docs/) guide. ::: Starting from version 3.12, KubeRocketCI supports integration with the [GitFusion](https://github.com/KubeRocketCI/gitfusion) microservice. This integration enables automatic discovery of repositories, branches, and organizations from various Git providers during the component or branch creation process in the KubeRocketCI portal. GitFusion act as a bridge between the KubeRocketCI portal and the Git provider, allowing the portal to access repository-related information without requiring direct access to the Git provider. diff --git a/docs/user-guide/widgets.md b/docs/user-guide/widgets.md index fcc1183716..ac64f2b35e 100644 --- a/docs/user-guide/widgets.md +++ b/docs/user-guide/widgets.md @@ -63,14 +63,13 @@ KubeRocketCI also offers widgets to track codebases' code quality directly from To enable these widgets, you need to pass the following steps: 1. Integrate platform with [SonarQube](../operator-guide/code-quality/sonarqube.md) and/or [Dependency-Track](../operator-guide/devsecops/dependency-track.md). -2. Install and configure the [KrakenD](../operator-guide/extensions/krakend.md) tool. -3. Trigger the review pipeline in a codebase, allowing SonarQube and Dependency-Track to scan your code. +2. Trigger the review pipeline in a codebase, allowing SonarQube and Dependency-Track to scan your code. :::note At least one build pipeline must be run for the codebase to activate the widgets. ::: -4. Verify the widgets started working for the codebase. +3. Verify the widgets started working for the codebase. :::note The SonarQube and Dependency-Track widgets only track the default branch. @@ -88,4 +87,3 @@ To enable the widget, you need to deploy KubeRocketCI in a [Capsule](../operator * [SonarQube Integration](../operator-guide/code-quality/sonarqube.md) * [Integrate Dependency-Track](../operator-guide/devsecops/dependency-track.md) -* [KrakenD Integration](../operator-guide/extensions/krakend.md) diff --git a/sidebars.ts b/sidebars.ts index ae5c7d1acb..2ef2856fcb 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -121,7 +121,6 @@ const sidebars: SidebarsConfig = { 'type': 'category', 'label': 'Extensions', 'items': [ - 'operator-guide/extensions/krakend', 'operator-guide/extensions/git-discovery' ] }, diff --git a/versioned_docs/version-3.13/assets/operator-guide/extensions/argo-cd-krakend.png b/versioned_docs/version-3.13/assets/operator-guide/extensions/argo-cd-krakend.png deleted file mode 100644 index 93970fbbd4..0000000000 Binary files a/versioned_docs/version-3.13/assets/operator-guide/extensions/argo-cd-krakend.png and /dev/null differ diff --git a/versioned_docs/version-3.13/operator-guide/ci/tekton-long-term-storage.md b/versioned_docs/version-3.13/operator-guide/ci/tekton-long-term-storage.md index 5f9badf6ab..2860b6a78b 100644 --- a/versioned_docs/version-3.13/operator-guide/ci/tekton-long-term-storage.md +++ b/versioned_docs/version-3.13/operator-guide/ci/tekton-long-term-storage.md @@ -118,4 +118,3 @@ In this example, the PGO (PostgreSQL Operator) is used for the Tekton Results da * [Add Application](../../user-guide/add-application.md) * [Install Tekton](../install-tekton.md) * [Install KubeRocketCI](../install-kuberocketci.md) -* [KrakenD API Gateway](../extensions/krakend.md) diff --git a/versioned_docs/version-3.13/operator-guide/extensions/git-discovery.md b/versioned_docs/version-3.13/operator-guide/extensions/git-discovery.md index 9c47baa27a..efffe4f918 100644 --- a/versioned_docs/version-3.13/operator-guide/extensions/git-discovery.md +++ b/versioned_docs/version-3.13/operator-guide/extensions/git-discovery.md @@ -17,10 +17,6 @@ This page describes installation of the [GitFusion](https://github.com/KubeRocke GitFusion enhances the developer experience by facilitating automated discovery of Git repositories, remote branches, and organizational structures across multiple Git providers. The service operates as an intermediary layer, securing communication between the KubeRocketCI portal and Git infrastructure while enabling rich repository browsing capabilities. -## Prerequisites - -To install GitFusion, ensure that a [KrakenD](./krakend.md) instance is installed and configured using [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/krakend). - ## Installation :::warning @@ -36,58 +32,6 @@ To enable the GitFusion integration in KubeRocketCI, follow the steps below: enable: true ``` -2. Configure the KrakenD API Gateway to expose GitFusion endpoints by modifying its routing configuration. - - :::note - Reference KrakenD configurations in the [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/krakend) repository. - For more information on how to work with edp-cluster-add-ons, please refer to the [Install via Add-Ons](../add-ons-overview.md) page. - ::: - - 1. Clone your forked copy of the [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository. - - 2. Verify that KrakenD configuration includes the GitFusion API endpoints. If missing, add them in two steps: - 1. Navigate to the KrakenD configuration directory at `clusters//addons/krakend`. - 2. Update the [values.yaml](https://github.com/epam/edp-cluster-add-ons/blob/main/clusters/core/addons/krakend/values.yaml#L202-#L346) file to include the necessary GitFusion API endpoint definitions. - - 3. Configure the KrakenD secret to include GitFusion service connectivity details. - - :::note - The `GITFUSION_URL` variable should point to the GitFusion service URL, e.g., `http://gitfusion.krci:8080`. - ::: - - Modify the `krakend` secret configuration to include the `GITFUSION_URL` environment variable: - - ```yaml title="KrakenD secret" - kind: Secret - apiVersion: v1 - metadata: - name: krakend - namespace: krakend - data: - ... - GITFUSION_URL: http://gitfusion.krci:8080 - type: Opaque - ``` - - For environments utilizing External Secrets Operator with AWS Parameter Store, add the `GITFUSION_URL` variable to Parameter Store configuration: - - ```yaml title="AWS Parameter Store" - { - "SONARQUBE_URL": "http://sonar.sonar:9000", - "SONARQUBE_TOKEN": "", - "DEPTRACK_URL": "http://dependency-track-api-server.dependency-track:8080", - "DEPTRACK_TOKEN": "", - "JWK_URL": "https://keycloak.example.com/realms//protocol/openid-connect/certs", - "OPENSEARCH_URL": "https://opensearch-cluster-master.logging:9200", - "OPENSEARCH_CREDS": "", - "GITFUSION_URL": "http://gitfusion.krci:8080" - } - ``` - - 4. Save modifications by committing and pushing the updated files to the `edp-cluster-add-ons` repository. - - 5. Apply the configuration changes by accessing Argo CD and synchronizing the KrakenD application deployment. - ## Verification Once GitFusion deployment is complete, validate the integration functionality through the following testing procedures: @@ -120,4 +64,3 @@ Once GitFusion deployment is complete, validate the integration functionality th * [Add Application](../../user-guide/add-application.md) * [Manage Branches](../../user-guide/manage-branches.md) -* [KrakenD Integration](./krakend.md) diff --git a/versioned_docs/version-3.13/operator-guide/extensions/krakend.md b/versioned_docs/version-3.13/operator-guide/extensions/krakend.md deleted file mode 100644 index 94999438db..0000000000 --- a/versioned_docs/version-3.13/operator-guide/extensions/krakend.md +++ /dev/null @@ -1,281 +0,0 @@ ---- - -title: "KrakenD Integration" -description: "Integrate KrakenD with KubeRocketCI for enhanced API management, including service discovery, caching, and security features like JWT authentication." -sidebar_label: "KrakenD" - ---- - - -import Tabs from '@theme/Tabs'; -import TabItem from '@theme/TabItem'; - -# KrakenD Integration - - - - - -This guide explains how to integrate KrakenD with KubeRocketCI. [KrakenD](https://www.krakend.io/docs/) is a fast, open-source API gateway that helps manage requests, protect sensitive data, and optimize routing. It offers options for service discovery, caching, authorization, and rate limiting, which can be customized for the platform. - -KubeRocketCI uses KrakenD to connect with services like SonarQube, Dependency-Track, OpenSearch, and GitFusion. This integration allows the platform to fetch data from these services and show it in the KubeRocketCI portal, giving users a clear view of their projects and pipelines. For enhanced security, KrakenD uses JWT tokens from Identity Providers (such as Keycloak or Microsoft Entra ID) to authenticate and authorize requests. - -## Prerequisites - -To integrate KrakenD with KubeRocketCI, ensure the following prerequisites are met: - -- An [Ingress Controller](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/ingress-nginx) is installed and configured. -- A [Keycloak](../auth/keycloak.md) instance is installed and configured with the necessary settings from the [kuberocketci-rbac](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/kuberocketci-rbac) repository. -- A [SonarQube](../code-quality/sonarqube.md) instance is installed and configured. -- A [Dependency-Track](../devsecops/dependency-track.md) instance is installed and configured. -- (Optional) An [OpenSearch](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/opensearch) instance is installed and configured (required for the [Long-Term Storage](../ci/tekton-long-term-storage.md) feature). -- (Optional) The [External Secrets Operator](https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/external-secrets) is installed. - -## Installation - -There are two approaches to install KrakenD using [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository: using Argo CD and using Helm. - -### Approach 1: Deploy Using Argo CD - -The first approach is to deploy KrakenD using Argo CD. Follow the steps below to install KrakenD using Argo CD: - -1. Clone the forked [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository. - -2. Navigate to the `clusters/core/addons/krakend` directory and configure the `values.yaml` file with the necessary values for the KrakenD installation. - -3. After configuring the KrakenD Helm chart values, navigate to the `clusters/core/apps` directory. In the `values.yaml` file, update the `krakend` section by specifying the `enable` field as `true` to enable Argo CD Application creation for the KrakenD: - - ```yaml - krakend: - enable: true - ``` - -4. Commit and push the changes to the remote repository. After the changes are pushed, navigate to the Argo CD and sync the KrakenD application. Verify that the KrakenD is successfully deployed: - - ![Argo CD KrakenD](../../assets/operator-guide/extensions/argo-cd-krakend.png) - -### Approach 2: Deploy Using Helm - -The second approach is to deploy KrakenD using Helm. Follow the steps below to install KrakenD using Helm: - -1. Clone the forked [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository. - -2. Navigate to the `clusters/core/addons/krakend` directory and configure the `values.yaml` file with the necessary values for the KrakenD installation. - -3. After configuring the KrakenD Helm chart values, run the following command to deploy the KrakenD: - - ```bash - helm upgrade --install krakend . -n krakend --create-namespace - ``` - -4. Verify that the KrakenD is successfully deployed. - -## Create Access Tokens - -To integrate KrakenD with KubeRocketCI, it is necessary to create access tokens for the services that KrakenD will connect to. Follow the guides below to generate the necessary tokens for each service: - -### SonarQube - -To generate an access token for SonarQube, follow the steps below: - -:::note -It is also possible to use the existing SonarQube user "view-user" to generate an access token. This user is created by default during the [sonar-operator](https://github.com/epam/edp-cluster-add-ons/blob/main/clusters/core/addons/sonar-operator/templates/sonar/user_view.yaml) installation process. -::: - -1. Log in to SonarQube as an administrator: - - ![SonarQube Login](../../assets/operator-guide/extensions/sonarqube-login.png) - -2. Navigate to the **Administration** tab and click **Security**. Select **Users** to navigate to the user management page: - - ![SonarQube Administration](../../assets/operator-guide/extensions/sonarqube-administration.png) - -3. In the user management page, click the **Create User** button to create a new user: - - ![SonarQube Create User](../../assets/operator-guide/extensions/sonarqube-create-user.png) - -4. Fill in the user details and click the **Create** button to create the user: - - ![SonarQube User Details](../../assets/operator-guide/extensions/sonarqube-user-details.png) - -5. After creating, find the user in the list and click the **Update Groups** button. In the opened dialog, navigate to the **Unselected** tab and select the checkbox for the **view-group** group. Click the **Reload** button to apply the changes: - - ![SonarQube Update Groups](../../assets/operator-guide/extensions/sonarqube-update-groups.png) - -6. After updating the groups, click the **Update Tokens** button to generate a token for the user. Fill in the token name and click the **Generate** button to create the token. Copy the generated token for use in the KrakenD configuration: - - ![SonarQube Update Tokens](../../assets/operator-guide/extensions/sonarqube-update-tokens.png) - -7. After generating the token, save it in a secure location for further use. - -### Dependency-Track - -To generate an access token for Dependency-Track, follow the steps below: - -1. Log in to Dependency-Track as an administrator: - - ![Dependency-Track Login](../../assets/operator-guide/extensions/dependency-track-login.png) - -2. In the left sidebar menu, navigate to the **Administration** tab. Click **Access Management** and select **Teams**: - - ![Dependency-Track Access Management](../../assets/operator-guide/extensions/dependency-track-access-management.png) - -3. In the team list, click the **Create Team** button to create a new team. Fill in the team name and click the **Create** button to create the team: - - ![Dependency-Track Create Team](../../assets/operator-guide/extensions/dependency-track-create-team.png) - -4. After creating the team, click the team name to navigate to the team details. In the **Permissions** section, add the **VIEW_PORTFOLIO** permission. In the **API Keys** section, generate a new API key. Copy the generated API key for use in the KrakenD configuration: - - ![Dependency-Track Team Details](../../assets/operator-guide/extensions/dependency-track-team-details.png) - -5. After generating the API key, save it in a secure location for further use. - -### OpenSearch - -In the case of OpenSearch, there is no need to generate an access token. Instead, the OpenSearch user credentials are used to authenticate requests. To create the user for KrakenD integration with OpenSearch, follow the steps below: - -1. Log in to the OpenSearch instance as an administrator: - - ![OpenSearch Login](../../assets/operator-guide/extensions/opensearch-login-page.png) - -2. In the left sidebar menu, navigate to the **Management** tab and select the **Security** section: - - ![OpenSearch Security](../../assets/operator-guide/extensions/opensearch-security.png) - -3. In the security settings, select the **Internal users** tab and click **Create internal user**: - - ![OpenSearch Internal Users](../../assets/operator-guide/extensions/opensearch-internal-users.png) - -4. Fill in the username and password for the new user. In the **Backend roles** section, assign the **logstash** role. Click the **Create** button to create the user: - - ![OpenSearch Create User](../../assets/operator-guide/extensions/opensearch-create-user.png) - -5. After creating the user, save the username and password in a secure location for further use. - -## Configuration - -:::note -It is highly recommended to use the [edp-cluster-add-ons](https://github.com/epam/edp-cluster-add-ons) repository to install and configure the necessary services for KrakenD integration. -For more details, refer to the [Installation via Add-Ons](../add-ons-overview.md) page. -::: - -To configure KrakenD as the API gateway for KubeRocketCI, follow the steps below: - -1. Define the KrakenD API gateway URL: - - It is necessary to define the KrakenD API gateway URL during platform installation or update process. In the [edp-install](https://github.com/epam/edp-install) repository, specify the `apiGatewayUrl` parameter in the `global` section of the `values.yaml` file: - - ```yaml - global: - apiGatewayUrl: "https://api.example.com" - ``` - - :::note - This URL should point to the ingress URL of the KrakenD API Gateway. By default, this [value](https://github.com/epam/edp-install/blob/v3.13.5/deploy-templates/values.yaml#L16) is left empty, which means that the widgets are disabled by default. - ::: - -2. Define the KrakenD secret: - - To allow KrakenD to connect to the services, it is necessary to create a secret with the required credentials and URLs. The secret should contain the following fields: - - - **SONARQUBE_URL**: The URL of the SonarQube instance. For example: `http://sonar.sonar:9000` - - - **SONARQUBE_TOKEN**: The access token, generated during the [SonarQube Access Token creation](#sonarqube) step. The token should be encoded in base64 format. To encode the token into Base64, execute the following command: - - :::warning - It is necessary to add a colon `:` at the end of the token before encoding it. - ::: - - ```bash - sonarqube_user_token="squ_19f5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx46b6" - echo -n "${sonarqube_user_token}:" | base64 - ``` - - - **DEPTRACK_URL**: The API Server URL of the Dependency-Track instance. For example: `http://dependency-track-api-server.dependency-track:8080` - - - **DEPTRACK_TOKEN**: The API key, generated during the [Dependency-Track Access Token creation](#dependency-track) step. Not required to encode in base64 format. - - - **OPENSEARCH_URL**: The URL of the OpenSearch instance. For example: `https://opensearch-cluster-master.logging:9200` - - - **OPENSEARCH_CREDS**: The user credentials, created during the [OpenSearch User creation](#opensearch) step. The credentials should be encoded in base64 format. To encode the credentials into Base64, execute the following command: - - ```bash - echo -n "admin:MySecurePass123" | base64 - ``` - - - **GITFUSION_URL**: The URL of the [GitFusion](https://github.com/KubeRocketCI/gitfusion) instance. For example: `http://gitfusion.:8080` - - :::note - The `` should be replaced with the actual namespace where GitFusion is deployed. - ::: - - - **JWK_URL**: The URL of the Identity Provider (Keycloak or Microsoft Entra ID) to fetch the JSON Web Key (JWK) set. - - - For Keycloak, the URL should be in the following format: `https://keycloak.example.com/auth/realms//protocol/openid-connect/certs`. - - For Microsoft Entra ID, the URL should be in the following format: `https://login.microsoftonline.com/common/discovery/v2.0/keys`. - - The secret can be specified in the following ways: - - - Using YAML manifest: - - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: krakend - namespace: krakend - type: Opaque - stringData: - SONARQUBE_URL: http://sonar.sonar:9000 - SONARQUBE_TOKEN: - DEPTRACK_URL: http://dependency-track-api-server.dependency-track:8080 - DEPTRACK_TOKEN: - OPENSEARCH_URL: https://opensearch-cluster-master.logging:9200 - OPENSEARCH_CREDS: - GITFUSION_URL: http://gitfusion.:8080 - JWK_URL: https://keycloak.example.com/auth/realms//protocol/openid-connect/certs - ``` - - - Using External Secrets Operator: - - To define the secret using the External Secrets Operator, it is necessary to create an AWS Parameter Store object with the required fields. The object should contain the following fields: - - ```json title="AWS Parameter Store Object" - { - "SONARQUBE_URL": "http://sonar.sonar:9000", - "SONARQUBE_TOKEN": "", - "DEPTRACK_URL": "http://dependency-track-api-server.dependency-track:8080", - "DEPTRACK_TOKEN": "", - "OPENSEARCH_URL": "https://opensearch-cluster-master.logging:9200", - "OPENSEARCH_CREDS": "", - "GITFUSION_URL": "http://gitfusion.:8080", - "JWK_URL": "https://keycloak.example.com/auth/realms//protocol/openid-connect/certs" - } - ``` - - Specify the External Secrets Operator configuration in `values.yaml` file of the [KrakenD](https://github.com/epam/edp-cluster-add-ons/blob/main/clusters/core/addons/krakend/values.yaml#L221) Helm chart: - - ```yaml title="values.yaml" - eso: - # -- Install components of the ESO. - enabled: true - # -- Defines provider type. One of `aws` or `generic`. - type: "aws" - # -- Defines Secret Store name. - secretStoreName: "aws-parameterstore" - # -- Value name in AWS ParameterStore, AWS SecretsManager or other Secret Store. - secretName: "/infra/core/addons/krakend" - # -- Role ARN for the ExternalSecretOperator to assume. - roleArn: arn:aws:iam::012345678910:role/AWSIRSA_Shared_ExternalSecretOperatorAccess - ``` - - More details about External Secrets Operator integration can be found in the [External Secrets Operator](../secrets-management/install-external-secrets-operator.md) page. - -## Related Articles - -* [Install KubeRocketCI With Values File](../install-kuberocketci.md) -* [Install via Add-Ons](../add-ons-overview.md) -* [SonarQube Integration](../code-quality/sonarqube.md) -* [Integrate Dependency-Track](../devsecops/dependency-track.md) -* [Install Keycloak](../auth/keycloak.md) -* [Install NGINX Ingress Controller](../install-ingress-nginx.md) diff --git a/versioned_docs/version-3.13/operator-guide/infrastructure-providers/atlantis-installation.md b/versioned_docs/version-3.13/operator-guide/infrastructure-providers/atlantis-installation.md index 5fa63618d5..349574cff5 100644 --- a/versioned_docs/version-3.13/operator-guide/infrastructure-providers/atlantis-installation.md +++ b/versioned_docs/version-3.13/operator-guide/infrastructure-providers/atlantis-installation.md @@ -658,7 +658,7 @@ The first approach is to deploy Atlantis using Argo CD. Follow the steps below t 4. Commit and push the changes to the remote repository. After the changes are pushed, navigate to the Argo CD and sync the Atlantis application. Verify that the Atlantis is successfully deployed: - ![Argo CD KrakenD](../../assets/operator-guide/infrastructure-providers/argo-cd-atlantis.png) + ![Argo CD Atlantis](../../assets/operator-guide/infrastructure-providers/argo-cd-atlantis.png) ### Approach 2: Deploy Using Helm diff --git a/versioned_docs/version-3.13/operator-guide/upgrade/upgrade-edp-3.10.md b/versioned_docs/version-3.13/operator-guide/upgrade/upgrade-edp-3.10.md index f456c0c464..2f4706228f 100644 --- a/versioned_docs/version-3.13/operator-guide/upgrade/upgrade-edp-3.10.md +++ b/versioned_docs/version-3.13/operator-guide/upgrade/upgrade-edp-3.10.md @@ -245,7 +245,7 @@ Starting from version 3.10, the Tekton Dashboard is no longer installed with Kub By default, in version 3.10, Code Quality widgets are disabled. To enable them, follow these steps: - 1. **Install KrakenD**: For detailed installation instructions, refer to the [KrakenD installation guide](../extensions/krakend.md). + 1. **Install KrakenD**: For detailed installation instructions, refer to the [KrakenD documentation](https://www.krakend.io/docs/). 2. **Configure the `values.yaml` file**: In the **edp-install** chart, set the `apiGatewayUrl` key to specify the API URL of KrakenD as configured during its installation. ```yaml title="values.yaml" diff --git a/versioned_docs/version-3.13/operator-guide/upgrade/upgrade-krci-3.12.md b/versioned_docs/version-3.13/operator-guide/upgrade/upgrade-krci-3.12.md index 6e5696cad6..50d2f722da 100644 --- a/versioned_docs/version-3.13/operator-guide/upgrade/upgrade-krci-3.12.md +++ b/versioned_docs/version-3.13/operator-guide/upgrade/upgrade-krci-3.12.md @@ -445,7 +445,7 @@ Kaniko is still used by default. To switch between Kaniko and BuildKit, set the ::: :::note - For more details about KrakenD integration with KubeRocketCI, refer to the [KrakenD installation](../extensions/krakend.md) guide. + For more details about KrakenD integration with KubeRocketCI, refer to the [KrakenD documentation](https://www.krakend.io/docs/) guide. ::: Starting from version 3.12, KubeRocketCI supports integration with the [GitFusion](https://github.com/KubeRocketCI/gitfusion) microservice. This integration enables automatic discovery of repositories, branches, and organizations from various Git providers during the component or branch creation process in the KubeRocketCI portal. GitFusion act as a bridge between the KubeRocketCI portal and the Git provider, allowing the portal to access repository-related information without requiring direct access to the Git provider. diff --git a/versioned_docs/version-3.13/user-guide/widgets.md b/versioned_docs/version-3.13/user-guide/widgets.md index fcc1183716..ac64f2b35e 100644 --- a/versioned_docs/version-3.13/user-guide/widgets.md +++ b/versioned_docs/version-3.13/user-guide/widgets.md @@ -63,14 +63,13 @@ KubeRocketCI also offers widgets to track codebases' code quality directly from To enable these widgets, you need to pass the following steps: 1. Integrate platform with [SonarQube](../operator-guide/code-quality/sonarqube.md) and/or [Dependency-Track](../operator-guide/devsecops/dependency-track.md). -2. Install and configure the [KrakenD](../operator-guide/extensions/krakend.md) tool. -3. Trigger the review pipeline in a codebase, allowing SonarQube and Dependency-Track to scan your code. +2. Trigger the review pipeline in a codebase, allowing SonarQube and Dependency-Track to scan your code. :::note At least one build pipeline must be run for the codebase to activate the widgets. ::: -4. Verify the widgets started working for the codebase. +3. Verify the widgets started working for the codebase. :::note The SonarQube and Dependency-Track widgets only track the default branch. @@ -88,4 +87,3 @@ To enable the widget, you need to deploy KubeRocketCI in a [Capsule](../operator * [SonarQube Integration](../operator-guide/code-quality/sonarqube.md) * [Integrate Dependency-Track](../operator-guide/devsecops/dependency-track.md) -* [KrakenD Integration](../operator-guide/extensions/krakend.md) diff --git a/versioned_sidebars/version-3.13-sidebars.json b/versioned_sidebars/version-3.13-sidebars.json index f36b6ee5c9..a2c891157d 100644 --- a/versioned_sidebars/version-3.13-sidebars.json +++ b/versioned_sidebars/version-3.13-sidebars.json @@ -103,7 +103,6 @@ "type": "category", "label": "Extensions", "items": [ - "operator-guide/extensions/krakend", "operator-guide/extensions/git-discovery" ] },