Create Opstella Core Configuration
This content is not available in your language yet.
Opstella needs configuration for integration and orchestration between components.
You will be creating a YAML-structure information (Opstella Core Configuration) that specify a list of tools in DevSecOps, Observability (That you previously installed and done configurations.), and Kubernetes Cluster.
Alongside with Credentials, to allows Opstella to integrate and orchestrate with tools arcoss system.
Preparation
Section titled “Preparation”-
Ensure
BASE_DOMAIN,K8S_INTERNAL_DOMAINandORGANIZATION_NAMEare defined as per the Shell Variables guide. Additionally, export the following variables: -
Gather your Opstella Company/Organization Short Name
export OPSTELLA_COMPANY_NAME="$ORGANIZATION_NAME"
devopstool kind
Section titled “devopstool kind”-
Compose a
Section titled “Compose a devopstool Object Header”devopstoolObject HeaderTerminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yamlapiVersion: v1kind: devopstoolmeta:name: "devopstool"display_name: "devopstool"description: "DevSecOps Tools, Observability Tools, and Kubernetes Integration List"data:EOF -
Integration with Opstella Keycloak
Section titled “Integration with Opstella Keycloak”Specify your Keycloak Information
Ensure
KEYCLOAK_DOMAIN,KEYCLOAK_REALM,KEYCLOAK_ADMIN_USERNAMEandKEYCLOAK_ADMIN_PASSWORDare defined as per the Shell Variables guide.Create Keycloak Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "keycloak"slug: "keycloak"config:REALM: "${KEYCLOAK_REALM}"API_USER: "${KEYCLOAK_ADMIN_USERNAME}"BASE_URL: "https://${KEYCLOAK_DOMAIN}"API_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "OIDC"display_kind: "OIDC"detail:URL_DISPLAY: "https://${KEYCLOAK_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Integration with DevSecOps
Section titled “Integration with DevSecOps” -
GitLab
Section titled “GitLab”Specify your GitLab Information
-
Domain
-
Access Token
-
Ensure
GITLAB_DOMAINis defined as per the Shell Variables guide.
Terminal window export GITLAB_ACCESS_TOKEN="CHANGEME"Create GitLab Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "gitlab"slug: "gitlab"config:API_KEY: "${GITLAB_ACCESS_TOKEN}"API_URL: "https://${GITLAB_DOMAIN}/api/v4"CUSTOM_ATTRIBUTES_KEY: "OPSTEALLA-SLUG"HELM_TYPE: "ONECHART"HELM_REPLACE: "FALSE"HELM_REPO_URL: "https://chart.onechart.dev"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "VCS"display_kind: "VCS"detail:URL_DISPLAY: "https://${GITLAB_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
-
SonarQube
Section titled “SonarQube”Specify your SonarQube Information
- Domain
- Admin User Credentials
- Ensure
SONARQUBE_DOMAIN,SONARQUBE_ADMIN_USERNAMEandSONARQUBE_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Create SonarQube Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "sonarqube"slug: "sonarqube"config:API_URL: "https://${SONARQUBE_DOMAIN}/api"API_USER: "${SONARQUBE_ADMIN_USERNAME}"API_PASSWORD: "${SONARQUBE_ADMIN_PASSWORD}"EDITION_LIST:- name: "DEVSECOPS"status: "COMPLETED"kind: "SECURITY"display_kind: "SAST"detail:URL_DISPLAY: "https://${SONARQUBE_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Harbor
Section titled “Harbor”Specify your Harbor Information
- Domain
- Admin User Credentials
- Ensure
HARBOR_DOMAIN,HARBOR_ADMIN_USERNAMEandHARBOR_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Create Harbor Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "harbor"slug: "harbor"config:API_URL: "https://${HARBOR_DOMAIN}/api/v2.0"API_USER: "${HARBOR_ADMIN_USERNAME}"SECRET_KEY: "${OPSTELLA_COMPANY_NAME}-company"API_PASSWORD: "${HARBOR_ADMIN_PASSWORD}"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "ARTIFACT"display_kind: "Artifact"detail:URL_DISPLAY: "https://${HARBOR_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Specify your Vault Information
- Domain
- Root Token
- Token will be
xyz.AbC123...dEf456format (28 Characters) - See more on: Gathering Vault Root Token from Auto-Unsealing Process
- Token will be
- Ensure
VAULT_DOMAINis defined as per the Shell Variables guide.
Terminal window export VAULT_ROOT_TOKEN="CHANGEME"Create Vault Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "vault"slug: "vault"config:API_KEY: "${VAULT_ROOT_TOKEN}"API_URL: "https://${VAULT_DOMAIN}/v1"CUSTOM_ATTRIBUTES_KEY: "OPSTEALLA-SLUG"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "VAULT"display_kind: "Secret Management"detail:URL_DISPLAY: "https://${VAULT_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
DefectDojo
Section titled “DefectDojo”Specify your DefectDojo Information
- Domain
- Access Token
- Starts with
Token abc123... - Retrieve with DefectDojo Installation - Retrieve Access Token
- Starts with
- Ensure
DEFECTDOJO_DOMAINis defined as per the Shell Variables guide.
Terminal window export DEFECTDOJO_ACCESS_TOKEN="CHANGEME"Create DefectDojo Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "defectdojo"slug: "defectdojo"config:API_KEY: "Token ${DEFECTDOJO_ACCESS_TOKEN}"API_URL: "https://${DEFECTDOJO_DOMAIN}/api/v2"CUSTOM_ATTRIBUTES_KEY: "OPSTEALLA-SLUG"EDITION_LIST:- name: "DEVSECOPS"status: "COMPLETED"kind: "VULNERABILITY"display_kind: "VULNERABILITY"detail:URL_DISPLAY: "https://${DEFECTDOJO_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
ArgoCD (Non-Production)
Section titled “ArgoCD (Non-Production)”Specify your ArgoCD (Non-Production) Information
- Domain
- Admin User Credentials
- Ensure
ARGOCD_NONPROD_DOMAIN,ARGOCD_NONPROD_ADMIN_USERNAMEandARGOCD_NONPROD_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Create ArgoCD (Non-Production) Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "argocd-nonprod"slug: "argocd-nonprod"config:API_URL: "https://${ARGOCD_NONPROD_DOMAIN}/api/v1"API_USER: "${ARGOCD_NONPROD_ADMIN_USERNAME}"API_PASSWORD: "${ARGOCD_NONPROD_ADMIN_PASSWORD}"NAMESPACE: "devsecops-system"DEFAULT_REPO: "nginx"DEFAULT_PORT: "80"DEFAULT_IMAGE_TAG: "stable-alpine3.19-slim"CHART:NAME: "onechart"HELM_REPO_URL: "https://chart.onechart.dev"HELM_TARGET_REVISION: "0.73.0"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "DEPLOY"display_kind: "Deploy"detail:URL_DISPLAY: "https://${ARGOCD_NONPROD_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
ArgoCD (Production)
Section titled “ArgoCD (Production)”Specify your ArgoCD (Production) Information
- Domain
- Admin User Credentials
- Ensure
ARGOCD_PROD_DOMAIN,ARGOCD_PROD_ADMIN_USERNAMEandARGOCD_PROD_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Create ArgoCD (Production) Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "argocd-prod"slug: "argocd-prod"config:API_URL: "https://${ARGOCD_PROD_DOMAIN}/api/v1"API_USER: "${ARGOCD_PROD_ADMIN_USERNAME}"API_PASSWORD: "${ARGOCD_PROD_ADMIN_PASSWORD}"NAMESPACE: "devsecops-system"DEFAULT_REPO: "nginx"DEFAULT_PORT: "80"DEFAULT_IMAGE_TAG: "stable-alpine3.19-slim"CHART:NAME: "onechart"HELM_REPO_URL: "https://chart.onechart.dev"HELM_TARGET_REVISION: "0.73.0"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "DEPLOY"display_kind: "Deploy"detail:URL_DISPLAY: "https://${ARGOCD_PROD_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Headlamp (Non-Production)
Section titled “Headlamp (Non-Production)”Specify your Headlamp (Non-Production) Information
- Domain
- Ensure
HEADLAMP_NONPROD_DOMAINis defined as per the Shell Variables guide.
Create Headlamp (Non-Production) Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "headlamp-nonprod"slug: "headlamp-nonprod"config:BASE_URL: "https://${HEADLAMP_NONPROD_DOMAIN}/"WORKER_K8S: "kubernetes"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "CLUSTER"display_kind: "Deploy"cluster: falsedetail:URL_DISPLAY: "https://${HEADLAMP_NONPROD_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Headlamp (Production)
Section titled “Headlamp (Production)”Specify your Headlamp (Production) Information
- Domain
- Ensure
HEADLAMP_PROD_DOMAINis defined as per the Shell Variables guide.
Create Headlamp (Production) Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "headlamp-prod"slug: "headlamp-prod"config:BASE_URL: "https://${HEADLAMP_PROD_DOMAIN}/"WORKER_K8S: "kubernetes"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "CLUSTER"display_kind: "Deploy"cluster: falsedetail:URL_DISPLAY: "https://${HEADLAMP_PROD_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Integration with Observability
Section titled “Integration with Observability” -
Grafana Dashboard + Grafana Mimir
Section titled “Grafana Dashboard + Grafana Mimir”Specify your Grafana Dashboard and Grafana Mimir Information
- Ensure
GRAFANA_DASHBOARD_DOMAIN,GRAFANA_MIMIR_DOMAIN,GRAFANA_DASHBOARD_ADMIN_USERNAMEandGRAFANA_DASHBOARD_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Terminal window export GRAFANA_DASHBOARD_URL="https://${GRAFANA_DASHBOARD_DOMAIN}"export GRAFANA_MIMIR_URL="https://${GRAFANA_MIMIR_DOMAIN}"export GRAFANA_MIMIR_HEALTHCHECK_URL="$GRAFANA_DASHBOARD_URL/mimir/write/ready"Create Grafana Dashboard and Grafana Mimir Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "grafana"slug: "grafana"config:API_URL: "${GRAFANA_DASHBOARD_URL}/api"API_USER: "${GRAFANA_DASHBOARD_ADMIN_USERNAME}"SECRET_KEY: "${OPSTELLA_COMPANY_NAME}-company"API_PASSWORD: "${GRAFANA_DASHBOARD_ADMIN_PASSWORD}"DASHBOARD_TEMPLATE: "version8-with-alloy"DATA_SOURCE_CONNECTION:- url: "${GRAFANA_MIMIR_URL}/prometheus/"healthCheckUrl: "${GRAFANA_MIMIR_HEALTHCHECK_URL}"name: "Prometheus"type: "prometheus"user: ""access: "proxy"database: ""jsonData:httpMethod: "POST"httpHeaderName1: "X-Scope-OrgID"password: ""typeName: "Prometheus"basicAuth: falseisDefault: truesecureJsonData:httpHeaderValue1: "opstella-platform"- url: "${GRAFANA_MIMIR_URL}/prometheus/"healthCheckUrl: "${GRAFANA_MIMIR_HEALTHCHECK_URL}"name: "Mimir"type: "prometheus"user: ""access: "proxy"database: ""jsonData:httpMethod: "POST"httpHeaderName1: "X-Scope-OrgID"password: ""typeName: "Prometheus"basicAuth: falseisDefault: falseEDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "METRIC_MONITORING"display_kind: "Monitor"detail:URL_DISPLAY: "${GRAFANA_DASHBOARD_URL}/"DETAIL_DISPLAY: ""EOF - Ensure
-
Grafana Loki
Section titled “Grafana Loki”Specify your Grafana Loki Information
- Ensure
GRAFANA_LOKI_DOMAINandGRAFANA_DASHBOARD_URLare defined as per the Shell Variables guide.
Terminal window export GRAFANA_LOKI_URL="https://${GRAFANA_LOKI_DOMAIN}"export GRAFANA_LOKI_READ_HEALTHCHECK_URL="$GRAFANA_DASHBOARD_URL/loki/read/ready"export GRAFANA_LOKI_WRITE_HEALTHCHECK_URL="$GRAFANA_DASHBOARD_URL/loki/write/ready"export GRAFANA_LOKI_BACKEND_HEALTHCHECK_URL="$GRAFANA_DASHBOARD_URL/loki/backend/ready"Specify your Domains for
🟦 Non-Production DEV WorkloadTerminal window export GRAFANA_ALLOY_NONPROD_URL="https://alloy-nonprod.${BASE_DOMAIN}"Specify your Domains for
🟥 Production PRD WorkloadTerminal window export GRAFANA_ALLOY_PROD_URL="https://alloy-prod.${BASE_DOMAIN}"Create Grafana Loki Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "loki"slug: "loki"config:WEB_URL: "${GRAFANA_DASHBOARD_URL}"ENDPOINT: "${GRAFANA_LOKI_URL}"CONFIGMAP_NAME: "grafana-alloy"CONFIGMAP_NAMESPACE: "opstella-platform"DASHBOARD_WORKER_NAME: "grafana"HEALTH_CHECK_DATA:URL_READ: "${GRAFANA_LOKI_READ_HEALTHCHECK_URL}"URL_WRITE: "${GRAFANA_LOKI_WRITE_HEALTHCHECK_URL}"URL_BACKEND: "${GRAFANA_LOKI_BACKEND_HEALTHCHECK_URL}"AGENT_HEALTH_CHECK_URL: "${GRAFANA_ALLOY_NONPROD_URL}/workload/ready"AGENT_URL: "${GRAFANA_ALLOY_NONPROD_URL}"AGENT_EXPORTER_URL: "http://grafana-alloy-workload.observability-agents.svc.${K8S_INTERNAL_DOMAIN}:4317"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "LOG_SERVER"display_kind: "Log_server"detail:URL_DISPLAY: "${GRAFANA_DASHBOARD_URL}"DETAIL_DISPLAY: ""EOF - Ensure
-
Grafana Tempo
Section titled “Grafana Tempo”Specify your Domains for
🟦 Non-Production DEV WorkloadTerminal window export GRAFANA_ALLOY_NONPROD_URL="https://alloy-nonprod.${BASE_DOMAIN}"Specify your Domains for
🟥 Production PRD WorkloadTerminal window export GRAFANA_ALLOY_PROD_URL="https://alloy-prod.${BASE_DOMAIN}"Specify your Grafana Tempo Information
Ensure
GRAFANA_TEMPO_DOMAINandGRAFANA_DASHBOARD_URLare defined as per the Shell Variables guide.Terminal window export GRAFANA_TEMPO_URL="https://${GRAFANA_TEMPO_DOMAIN}"export GRAFANA_TEMPO_HEALTHCHECK_URL="$GRAFANA_DASHBOARD_URL/tempo/write/ready"export GRAFANA_ALLOY_NONPROD_HEALTHCHECK_URL="$GRAFANA_ALLOY_NONPROD_URL/workload/ready"Create Grafana Tempo Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "tempo"slug: "tempo"config:WEB_URL: "${GRAFANA_DASHBOARD_URL}"ENDPOINT: "${GRAFANA_TEMPO_URL}"AGENT_URL: "${GRAFANA_ALLOY_NONPROD_URL}"CONFIGMAP_NAME: "grafana-alloy-workload"CONFIGMAP_NAMESPACE: "observability-agents"DASHBOARD_WORKER_NAME: "grafana"HEALTH_CHECK_DATA :URL_TEMPO: "${GRAFANA_TEMPO_HEALTHCHECK_URL}"AGENT_EXPORTER_URL: "http://grafana-alloy-workload.observability-agents.svc.${K8S_INTERNAL_DOMAIN}:4317"AGENT_HEALTH_CHECK_URL: "${GRAFANA_ALLOY_NONPROD_HEALTHCHECK_URL}"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "TRACING"display_kind: "Tracing"detail:URL_DISPLAY: "${GRAFANA_DASHBOARD_URL}"DETAIL_DISPLAY: ""EOF -
Integration with Application Deployment (Kubernetes)
Section titled “Integration with Application Deployment (Kubernetes)”Opstella Platform will need to divide into 2 groups, which are
NON-PRODandPRODNON-PRODcan be divided into multiple groups ofDEV,SIT,UATPRODcan be divided into multiple groups ofPREPRD,PRD
Non-Production Group Production Group DEV: Development Environment for DevelopersPRD: Production Environment for Go Live/Use by Actual External Users -
🟦 Non-Production DEV Workload Kubernetes Cluster
Section titled “🟦 Non-Production DEV Workload Kubernetes Cluster”18.1 Specify Information
- Cluster Name
- Cluster API Endpoint URL
Terminal window export K8S_DEV_CLUSTER_NAME="cluster1-non-prod-dev"export K8S_DEV_API_ENDPOINT="https://CHANGEME:6443"- Cluster API Certificate
K8S_DEV_API_CERT- Create and Retrieve with
OPSTELLA_ADMIN_CACERTAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
- Cluster API Token
K8S_DEV_API_KEY- Create and Retrieve with
OPSTELLA_ADMIN_TOKENAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
Terminal window export K8S_DEV_API_CERT="CHANGEME"export K8S_DEV_API_KEY="CHANGEME"18.2 Compose Kubernetes Configuration List
Terminal window export OPSTELLA_KUBECONFIG=$(cat <<EOF- HOST: "${K8S_DEV_API_ENDPOINT}"OIDC_HOST: ""API_KEY: "${K8S_DEV_API_KEY}"CA_CERT: "${K8S_DEV_API_CERT}"ENV: "DEV"GROUP: "NON-PROD"NAME: "${K8S_DEV_CLUSTER_NAME}"DOMAIN_NAME: "${BASE_DOMAIN}"SUB_DOMAIN: "dev"CLUSTER_TYPE: "onpremise"EOF)18.3 Compose Kubernetes Display List
Terminal window export OPSTELLA_KUBE_DISPLAY=$(cat <<EOF- HOST: "${K8S_DEV_API_ENDPOINT}"ENV: "DEV"GROUP: "NON-PROD"NAME: "${K8S_DEV_CLUSTER_NAME}"EOF) -
🟥 Production PRD Workload Kubernetes Cluster
Section titled “🟥 Production PRD Workload Kubernetes Cluster”19.1 Specify Information
- Cluster Name
- Cluster API Endpoint URL
Terminal window export K8S_PRD_CLUSTER_NAME="cluster1-prod-prd"export K8S_PRD_API_ENDPOINT="https://CHANGEME:6443"- Cluster API Certificate
K8S_DEV_API_CERT- Create and Retrieve with
OPSTELLA_ADMIN_CACERTAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
- Cluster API Token
K8S_DEV_API_KEY- Create and Retrieve with
OPSTELLA_ADMIN_TOKENAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
Terminal window export K8S_PRD_API_CERT="CHANGEME"export K8S_PRD_API_KEY="CHANGEME"19.2 Compose Configuration List
Terminal window export OPSTELLA_KUBECONFIG=$(cat <<EOF${OPSTELLA_KUBECONFIG}- HOST: "${K8S_PRD_API_ENDPOINT}"OIDC_HOST: ""API_KEY: "${K8S_PRD_API_KEY}"CA_CERT: "${K8S_PRD_API_CERT}"ENV: "PRD"GROUP: "PROD"NAME: "${K8S_PRD_CLUSTER_NAME}"DOMAIN_NAME: "${BASE_DOMAIN}"SUB_DOMAIN: ""CLUSTER_TYPE: "onpremise"EOF)19.3 Compose Display Configuration List
Terminal window export OPSTELLA_KUBE_DISPLAY=$(cat <<EOF${OPSTELLA_KUBE_DISPLAY}- HOST: "${K8S_PRD_API_ENDPOINT}"ENV: "PRD"GROUP: "PROD"NAME: "${K8S_PRD_CLUSTER_NAME}"EOF) -
🟢 Management Kubernetes Cluster
Section titled “🟢 Management Kubernetes Cluster”20.1 Specify Information
- Cluster Name
- Cluster API Endpoint URL
Terminal window export K8S_DSO_CLUSTER_NAME="cluster1-non-prod-devops"export K8S_DSO_API_ENDPOINT="https://CHANGEME:6443"- Cluster API Certificate
K8S_DEV_API_CERT- Create and Retrieve with
OPSTELLA_ADMIN_CACERTAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
- Cluster API Token
K8S_DEV_API_KEY- Create and Retrieve with
OPSTELLA_ADMIN_TOKENAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
Terminal window export K8S_DSO_API_CERT="CHANGEME"export K8S_DSO_API_KEY="CHANGEME"20.2 Compose Configuration List
Terminal window export OPSTELLA_KUBECONFIG=$(cat <<EOF${OPSTELLA_KUBECONFIG}- HOST: "${K8S_DSO_ENDPOINT}"OIDC_HOST: ""API_KEY: "${K8S_DSO_API_KEY}"CA_CERT: "${K8S_DSO_API_CERT}"ENV: "DEVOPS"GROUP: "NON-PROD"NAME: "${K8S_DSO_CLUSTER_NAME}"DOMAIN_NAME: "${BASE_DOMAIN}"SUB_DOMAIN: ""CLUSTER_TYPE: "onpremise"EOF)20.3 Compose Display Configuration List
Terminal window export OPSTELLA_KUBE_DISPLAY=$(cat <<EOF${OPSTELLA_KUBE_DISPLAY}- HOST: "${K8S_DSO_ENDPOINT}"ENV: "DEVOPS"GROUP: "NON-PROD"NAME: "${K8S_DSO_CLUSTER_NAME}"EOF) -
Create Kubernetes Configuration Object
Terminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-devopstool.yaml- display_name: "kubernetes"slug: "kubernetes"config_devopstool:COMPANY_NAME: "${OPSTELLA_COMPANY_NAME}"SECURITY_RULE:"pod-security.kubernetes.io/enforce": "privileged""pod-security.kubernetes.io/enforce-version": "latest""pod-security.kubernetes.io/warn": "baseline""pod-security.kubernetes.io/warn-version": "latest""pod-security.kubernetes.io/audit": "baseline""pod-security.kubernetes.io/audit-version": "latest"kind: "CLUSTER"display_kind: "Deploy"cluster: trueconfig:${OPSTELLA_KUBECONFIG}detail:${OPSTELLA_KUBE_DISPLAY}EOF
tag kind
Section titled “tag kind”Brief Explaination
tag kind Object of Opstella is used to catagorise a set of tools/instruments.
This is useful in Hybrid Environment configuration, consult further with Opstella Team for more advanced configuration scenarios.
-
Create
Section titled “Create tag Object Header”tagObject HeaderTerminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-tag-on-premise.yamlapiVersion: v1kind: tagmeta:display_name: On-Premisename: on-premisedescription: Component Tag for On-Premisegroups:EOF -
Create
Section titled “Create tag Object Body”tagObject BodyUsing all of the previously specified in
devopstoolkind as reference fromslugof each of tools/instruments -
Create
Section titled “Create gitlab Object/Group code Context”gitlabObject/GroupcodeContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Code"color: "#FFB600"slug: "code"subgroups:- slug: "gitlab"env:- DEV- PRDEOF -
Create
Section titled “Create sonarqube, defectdojo Objects/Group pre-build Context”sonarqube,defectdojoObjects/Grouppre-buildContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Pre-Build"color: "#D9D9D9CC"slug: "pre-build"subgroups:- slug: "sonarqube"env:- DEV- PRD- slug: "defectdojo"env:- DEV- PRDEOF -
Create
Section titled “Create harbor Object/Group build Context”harborObject/GroupbuildContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Build"color: "#E1E6FB"slug: "build"subgroups:- slug: "harbor"env:- DEV- PRDEOF -
Create
Section titled “Create vault Object/Group pre-deploy Context”vaultObject/Grouppre-deployContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Pre-Deploy"color: "#054FE259"slug: "pre-deploy"subgroups:- slug: "vault"env:- DEV- PRDEOF -
Create
Section titled “Create argocd-nonprod, argocd-prod, kubernetes Objects/Group deploy Context”argocd-nonprod,argocd-prod,kubernetesObjects/GroupdeployContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Deploy"color: "#16D8CA33"slug: "deploy"subgroups:- slug: "argocd-nonprod"env:- DEV- slug: "argocd-prod"env:- PRD- slug: "kubernetes"cluster:- "${K8S_DSO_CLUSTER_NAME}"- "${K8S_DEV_CLUSTER_NAME}"- "${K8S_PRD_CLUSTER_NAME}"env:- DEV- PRDEOF -
Create
Section titled “Create grafana, loki, tempo Objects/Group observability Context”grafana,loki,tempoObjects/GroupobservabilityContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $HOME/opstella-installation/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Observability"color: "#E1472A66"slug: "observability"subgroups:- slug: "grafana"env:- DEV- PRD- slug: "loki"env:- DEV- PRD- slug: "tempo"env:- DEV- PRDEOF
Finished?
Use the below navigation to proceed