Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kong / APISecOps ROSA and Kong Konnect in the Red Hat Openshift / 31 Jan 2023
Kong / APISecOps ROSA and Kong Konnect in the Red Hat Openshift / 31 Jan 2023
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Part 2/8 - Getting Started: 8-Part APISecOps Tutorial ROSA and Kong Konnect in Red Hat Openshift

Description

APISecOps - Insomnia, Kong Konnect, Tekton - on ROSA

Part 2 of 8 Kong Partner Engineering's APISecOps Tutorial ROSA and Kong Konnect in the Red Hat Openshift Ecosystem: Getting Started.

In part 2 we walk through the tools, technology, clusters, run-time groups and other prerequisites you need to get started.

Follow along in GitHub: https://github.com/Kong/kong-apisecops-redhat#introduction

Getting Started

Prequisites

1. Openshift Cluster - This demo will step through the rosa cli command to create a ROSA cluster but any OpenShift cluster will suffice. This demo has been tested on OCP 4.11.

2. Ansible Core - The playbooks have been tested on 2.13.5 and python version 3.10.8. More information can be found at Installing Ansible.

3. Kong Konnect Plus Account - The demo requires an Konnect Plus grade account because 2 runtime groups and several enterprise grade plugins are used. For more information please review the Kong Konnect Pricing Plan and creation of a Personal Access Token in Konnect.

4. Insomnia - To download check out Insomnia Download.

5. oc cli - The binary download can be found in the openshift console, in the ? tab on the top right.

6. Helm 3 cli - Follow the helm documentation to install the binary Helm Install

ROSA and Konnect Configuration

Execute the install ansible playbook. The play will do the following:

Cert Manager Operator - install and create Konnect DP self-signed certs
Openshift Pipelines Operator - install
Gitea - install and configure
Konnect
create and/or configure runtime groups (Default and Dev)
create konnect gateways (runtime instances)
APIOps - create namespaces, install tekton pipelines and create tekton pipelineruns
Disputes Sample App - create namespace and deploy

Find all the resources you need in our self-paced demo on GitHub: https://github.com/Kong/kong-apisecops-redhat#introduction

A

Okay, so in this video we're gonna go ahead and get started with deploying the infrastructure for the tutorial.

A

um If you're, following along with the gate, repository navigate down to the getting started section of the readme and let's first discuss the prerequisites so starting starting with the openshift cluster I'm, going to step through the command to spin up a Rosa cluster. But formally you can use any flavor of openshift that you have, if you happen to already have an open shift cluster you want to use, um but formally speaking this, the demo has been tested on version of openshift for 11 and 412 at this point. So that is just one fact.

A

uh The next prerequisite is ansible core version, 213, 213 and greater. So uh there is a Playbook that we're going to use to configure Rosa and con connect once those two components are in place and so that Playbook was has been tested on version 213.

A

And then for con connect, you will need a con connect. Plus account. uh The reason being is twofolds for the actual promotion or CI CD pipeline process. We're gonna have two runtime groups that behave as two environments and we're also going to leverage several Enterprise grade plugins, and so because of that, you do need a Plus account.

A

Once you have a con connect account. Also, you do need to create a personal access token within connect as well to be used in The Playbook. So once you have that took create that token, have it handy for the Playbook step?

A

Insomnia is the next prerequisite so go ahead and navigate to this link and download the desktop application, because we will be using insomnia to design or update an API spec, the openshift clis. You do need to have the CLI available. There's several ways to get it. You can either navigate to the openshift documentation or if you happen to already have a cluster available go to. You can navigate to the console and and get it.

A

And then the helm, 3 CLI, we do need this for the ansible Playbook, because the mod or the ansible collection under the hood is going to use Helm the helm binary to um install the connect data plane.

A

So that's it for prerequisites. So if you need to take a moment, go ahead and pause the video now and go get that done.

A

Okay, welcome back I'm, assuming you've got your prerequisites in place. So if you have not already go ahead and download this git repository so go ahead and clone it and then we're gonna go ahead and step through uh deploying a Rosa cluster really quickly. So I put the command I use to spin up a Rosa cluster, primarily because I try to keep them for these demos as small as possible. So I've got a compute machine type of ta t3x large! That's all!

A

And that's for to be perfectly honest: that's all we really need for the purpose of the demo and then you know I just kept it simple, so I disabled, multiple availability zones.

A

So uh if you want go ahead and copy this command I'm, actually just going to go to my terminal and spin up.

B

From history, a cluster I mean List clusters, real quick to make sure I don't have any no clusters: okay, there's a 3D cluster and then I'm actually going to change region to us West one.

B

It's taking a very long time for this command to finish there.

A

We go perfect, so this is going to take about 45 minutes or maybe 30 minutes to complete. So I will pause the video here and come back what's done, but before we go.

A

um If you do want to, it is convenient to watch the logs to know when your cluster is completed so go ahead and copy out that command at the bottom to watch. Your cluster installation logs run roses I'm just going to copy this to CLI.

A

And so I will see you when this is done. Okay, welcome back, so I've got an open shift cluster, so the next step is to go ahead and create an admin user I'm just going to create a Rosa cluster admin user really quick. This is also documented in the repo but I'm just going to go ahead and run the command so I'm just going to do Rosa, create admin and specify the cluster that that admin needs to be created on.

A

And it said, it'll take up a minute. It really will take up to a minute, so we'll just have to try this periodically, because this takes so long. I will be back in a few minutes with the login working.

A

Okay, so now I'm able to successfully log into the cluster with that cluster admin user that I created, so we're ready to move on to the ansible step and go ahead and and run this Playbook. So the first thing we need to do is to install the collections that the Playbook requires. So if you go ahead and copy this command and navigate to the home directory of the git Repository.

A

And go ahead and execute. It should download any collections that you're missing when that is in place. We're now ready to run the Playbook.

A

So right here uh that the step is Rosa and connect configuration, so the Playbook is going to do a few things um we're going to install the cert manager operator because we do need some certificates for our connect data planes.

A

We're gonna, install the openshift pipelines operator because we're that's the cicd2 link of choice, we're going to use git T, which is to be our self-hosted git repository. This is really just more out of convenience so that there's no external dependencies on GitHub people don't need their own personal accounts for connect.

A

What we're going to do is we're going to create and configure two runtime groups so we're we have a default runtime group already, but if not, it will create it for you and then we'll create a second runtime group called Dev and then to each of these gateways we or to runtime groups, we'll will sync up one Gateway per runtime group and then we're going to just do some typical open shift day two operation.

A

So we need to create the API Ops namespaces, uh install the tecton pipelines and also dynamically create the pipeline runs or not. The pipeline runs yeah. The pipeline runs so we're gonna, execute apologize, yeah and then last is we're just going to focus on the API Ops aspect of this demo. So we're already going to have the disputes sample application.

A

The disputes Dev running in openshift as well, and you can see the only command that the Playbook requires is your connect personal access token, so go ahead and copy this command and go back to your terminal and we can go ahead and execute this I am just going to pull this out of History.

A

Here we go and begin the execution.

A

So this will take a few minutes just because there's a number of activities going on so I will see you when this Playbook finishes.

A

Okay, so the Playbook is now finished and you're just gonna see a few facts just to just let you know what it looks like when it's done is. You should see a print of the demo facts task, which is just information that we're going to use throughout the tutorial, and the second is just a message saying that the Playbook is finished running, so that's it for this in the next video we'll actually get started on the API SEC Ops tutorials themselves. So with that, thanks for joining.