KrakenD service compatibility with version 2.0.4

composefiles/swarm-uniflow.yml

@@ -28,13 +28,12 @@ services:
       - FC_TEMPLATES=/etc/krakend/templates
       # HTTPS SETTINGS
       - TLS_DISABLED=${TLS_DISABLED}
+      - KRAKEND_TLS_PROTOCOL=${KRAKEND_TLS_PROTOCOL}
       # AUTHORIZATION AND AUTHENTICATION SETTINGS
       # IF false, THEN Fake-Frinx-Token Used
       # IF true,  THEN Azure AD Token Required 
       - AUTH_ENABLED=${AUTH_ENABLED}
       # - FC_OUT=/etc/krakend/output.json
-      # Ignore x509 certificate errors
-      - GODEBUG="x509ignoreCN=0"
       - PROXY_ENABLED=${PROXY_ENABLED:-false}
       - HTTP_PROXY=${HTTP_PROXY}
       - HTTPS_PROXY=${HTTPS_PROXY}
@@ -46,9 +45,9 @@ services:
       - frinx_auth
       - frinx_rbac
       - source: frinx_krakend_tls_cert.pem
-        target: /home/krakend/frinx_krakend_tls_cert.pem
+        target: /usr/local/share/ca-certificates/frinx_krakend_tls_cert.pem
       - source: frinx_krakend_tls_key.pem
-        target: /home/krakend/frinx_krakend_tls_key.pem
+        target: /usr/local/share/ca-certificates/frinx_krakend_tls_key.pem
       - source: frinx_uniconfig_tls_cert.pem
         target: /usr/local/share/ca-certificates/frinx_uniconfig_tls_cert.crt
     configs:

config/krakend/krakend.json

@@ -1,11 +1,11 @@
 {
-  "version": 2,
+  "version": 3,
   "name": "krakend for FM",
   "port": 8080,
   "cache_ttl": "3600s",
   "tls": {
-    "public_key": "/home/krakend/frinx_krakend_tls_cert.pem",
-    "private_key": "/home/krakend/frinx_krakend_tls_key.pem",
+    "public_key": "/usr/local/share/ca-certificates/frinx_krakend_tls_cert.pem",
+    "private_key": "/usr/local/share/ca-certificates/frinx_krakend_tls_key.pem",
     "disabled": {{ env "TLS_DISABLED" }}
   },
   "timeout": "2m",
@@ -14,10 +14,16 @@
     "folder": "/usr/local/lib/krakend/"
   },
   "extra_config": {
-    "github_com/devopsfaith/krakend/transport/http/server/handler": {
+    "router":{
+      "disable_path_decoding" : true,
+      "logger_skip_paths":[
+        "/__health"
+      ]
+    },
+    "plugin/http-server": {
       "name": "krakend-azure-plugin"
     }, 
-    "github_com/devopsfaith/krakend-cors": {
+    "security/cors": {
       "allow_origins": [
         "*"
       ],
@@ -30,27 +36,11 @@
       ],
       "allow_credentials": true
     },
-    "github_com/devopsfaith/krakend-gologging": {
+    "telemetry/logging": {
       "level": "INFO",
       "prefix": "[KRAKEND]",
       "syslog": false,
       "stdout": true
-    },
-    "github_com/ifaisalalam/krakend-gin-logger": {
-      "enabled": true,
-      "skip_paths": ["/__health"]
-    },
-    "github_com/devopsfaith/krakend-opencensus": {
-      "exporters": {
-        "prometheus": {
-          "port": 9091,
-          "namespace": "krakend",
-          "tag_host": true,
-          "tag_path": true,
-          "tag_method": true,
-          "tag_statuscode": true
-        }
-      }
     }
   },
   "endpoints": [

config/krakend/partials/jwt_config.tmpl

@@ -1,4 +1,4 @@
-"github.com/devopsfaith/krakend-jose/validator": {
+"auth/validator": {
     "alg": "RS256",
-    "jwk-url": "https://login.microsoftonline.com/common/discovery/v2.0/keys"
+    "jwk_url": "https://login.microsoftonline.com/common/discovery/v2.0/keys"
 }

config/krakend/partials/jwt_fake_config.tmpl

@@ -1,4 +1,4 @@
-"github.com/devopsfaith/krakend-lua/router": {
+"modifier/lua-endpoint": {
     "sources": ["scripts/fake_frinx_token.lua"],
     "allow_open_libs": true,
     "pre": "local r = ctx.load(); fake_token_validate(r);",

config/krakend/partials/uniconfig_partial_1.tmpl

@@ -1,3 +1,3 @@
-"querystring_params": ["*"],
+"input_query_strings": ["*"],
 "output_encoding": "no-op",
-"headers_to_pass": ["*"],
+"input_headers": ["*"],

config/krakend/settings/workflow_proxy_docs_settings.json

@@ -20,7 +20,7 @@
             "method": "GET",
             "url_pattern": "/docs/swagger-ui-bundle.js",
             "extra_config": {
-                "github.com/devopsfaith/krakend-lua/proxy": {
+                "modifier/lua-proxy": {
                     "sources": ["scripts/wp_azure_swagger.lua"],
                     "allow_open_libs": true,
                     "post": "local r = response.load(); r:body(swagger_auth_modal(r, os.getenv('AUTH_ENABLED'), 'openid', os.getenv('AZURE_KRAKEND_PLUGIN_CLIENT_ID')));",

config/krakend/settings/workflow_proxy_settings.json

@@ -24,7 +24,7 @@
             "endpoint": "/api/uniflow/metadata/taskdefs/{name}",
             "method": "DELETE",
             "url_pattern": "/metadata/taskdefs/{name}",
-            "querystring_params": [
+            "input_query_strings": [
                 "archiveWorkflow"
               ]
         },
@@ -47,7 +47,7 @@
             "endpoint": "/api/uniflow/metadata/workflow/{name}",
             "method": "GET",
             "url_pattern": "/metadata/workflow/{name}",
-            "querystring_params": [
+            "input_query_strings": [
                 "version"
               ]
         },
@@ -95,7 +95,7 @@
             "endpoint": "/api/uniflow/id/{workflowId}",
             "method": "GET",
             "url_pattern": "/id/{workflowId}",
-            "querystring_params": [
+            "input_query_strings": [
                 "includeTasks"
               ]
         },
@@ -170,7 +170,7 @@
             "endpoint": "/api/uniflow/hierarchical",
             "method": "GET",
             "url_pattern": "/hierarchical",
-            "querystring_params": [
+            "input_query_strings": [
                 "start",
                 "size",
                 "status",
@@ -182,7 +182,7 @@
             "endpoint": "/api/uniflow/executions",
             "method": "GET",
             "url_pattern": "/executions?q=&h=",
-            "querystring_params": [
+            "input_query_strings": [
                 "start",
                 "size",
                 "status",

config/krakend/templates/frinx_frontend.tmpl

@@ -5,7 +5,7 @@
     "endpoint": "/{{range $index_for_uri, $not_used_element2 := $.range -}} {{- if lt $index_for_uri $index_in_range -}} /{{"{"}}n_{{$index_for_uri}}{{"}" -}} {{end}}{{end}}",
     "method": "GET",
     "output_encoding": "no-op",
-    "headers_to_pass": ["*"],
+    "input_headers": ["*"],
 
     "backend": [
     {

config/krakend/templates/inventory.tmpl

@@ -2,7 +2,7 @@
     "endpoint": "/api/inventory",
     "method": "POST",
     "output_encoding": "no-op",
-    "headers_to_pass": ["*"],
+    "input_headers": ["*"],
 
     "extra_config": {
         {{ $jwt_production := env "AUTH_ENABLED" }}
@@ -20,7 +20,7 @@
             "sd": "static",
             "disable_host_sanitize": false,
             "extra_config": {
-                "github.com/devopsfaith/krakend-martian": {
+                "modifier/martian": {
                     "fifo.Group": {
                         "scope": ["request", "response"],
                         "aggregateErrors": true,
@@ -46,7 +46,7 @@
     "endpoint": "/api/inventory",
     "method": "GET",
     "output_encoding": "no-op",
-    "headers_to_pass": ["*"],
+    "input_headers": ["*"],
 
     "backend": [
         {
@@ -55,7 +55,7 @@
             "sd": "static",
             "disable_host_sanitize": false,
             "extra_config": {
-                "github.com/devopsfaith/krakend-martian": {
+                "modifier/martian": {
                     "fifo.Group": {
                         "scope": ["request", "response"],
                         "aggregateErrors": true,

config/krakend/templates/uniconfig.tmpl

@@ -1,4 +1,5 @@
 {{ $zones := env "UNICONFIG_ZONES_LIST" }}
+{{ $protocol := env "KRAKEND_TLS_PROTOCOL" }}
 {{ $zone_list := splitList "," $zones }}
 
 {{range $host_index, $host := $zone_list}}
@@ -13,7 +14,7 @@
         {{ $jwt_production := env "AUTH_ENABLED" }}
         {{ if eq $jwt_production "true" }}
             {{ include "jwt_config.tmpl" }},
-            "github.com/devopsfaith/krakend-lua/router": {
+            "modifier/lua-endpoint": {
                 "sources": ["scripts/uniconfig_rbac.lua"],
                 "allow_open_libs": true,
                 "pre": "local r = ctx.load(); user_group_auth(r, os.getenv('UNICONFIG_CONTROLLER_ADMIN_GROUP'));",
@@ -51,14 +52,14 @@
         {{ $jwt_production := env "AUTH_ENABLED" }}
         {{ if eq $jwt_production "true" }}
             {{ include "jwt_config.tmpl" }},
-            "github.com/devopsfaith/krakend-lua/router": {
+            "modifier/lua-endpoint": {
                 "sources": ["scripts/uniconfig_query_escape.lua", "scripts/uniconfig_rbac.lua"],
                 "allow_open_libs": true,
                 "pre": "local r = ctx.load(); r:url(urlencode(r)); user_group_auth(r, os.getenv('UNICONFIG_CONTROLLER_ADMIN_GROUP'))",
                 "live": true
             }                    
         {{ else if eq $jwt_production "false" }}
-            "github.com/devopsfaith/krakend-lua/router": {
+            "modifier/lua-endpoint": {
                 "@comment": "Fixing escape queries with multiple fields separated by semicolon",
                 "sources": ["scripts/uniconfig_query_escape.lua", "scripts/fake_frinx_token.lua"],
                 "allow_open_libs": true,
@@ -88,9 +89,18 @@
 
     "endpoint": "/static/list/uniconfig",
     "method": "GET",
-    "backend": [{ }],
+    "backend": [
+        {
+            "url_pattern": "/__health",
+            "host": [ "{{$protocol}}://krakend:8080/" ],
+            "allow": [
+                "instances"
+            ]
+        }
+    ],
+
     "extra_config": {
-        "github.com/devopsfaith/krakend/proxy": {
+        "proxy": {
             "static": {
                 "strategy": "always",
                 "data": {

config/krakend/templates/uniresource.tmpl

@@ -4,11 +4,11 @@
     "endpoint": "{{ .endpoint }}",
     "method": "{{ .method }}",
     "output_encoding": "no-op",
-    "headers_to_pass": ["*"],
+    "input_headers": ["*"],
 
-    {{ if .querystring_params }}
-    "querystring_params": [ 
-        {{range $query_enabled, $query := .querystring_params}} {{if gt $query_enabled 0}},{{end}} "{{$query}}" {{ end }} 
+    {{ if .input_query_strings }}
+    "input_query_strings": [ 
+        {{range $query_enabled, $query := .input_query_strings}} {{if gt $query_enabled 0}},{{end}} "{{$query}}" {{ end }} 
         ],
     {{end}}
 
@@ -28,7 +28,7 @@
         "sd": "static",
         "disable_host_sanitize": false,
         "extra_config": {
-            "github.com/devopsfaith/krakend-martian": {
+            "modifier/martian": {
                 "fifo.Group": {
                     "scope": ["request", "response"],
                     "aggregateErrors": true,

config/krakend/templates/unistore.tmpl

@@ -13,7 +13,7 @@
             {{ $jwt_production := env "AUTH_ENABLED" }}
             {{ if eq $jwt_production "true" }}
                 {{ include "jwt_config.tmpl" }},
-                "github.com/devopsfaith/krakend-lua/router": {
+                "modifier/lua-endpoint": {
                     "sources": ["scripts/unistore_rbac.lua"],
                     "allow_open_libs": true,
                     "pre": "local r = ctx.load(); user_group_auth(r)",
@@ -57,14 +57,14 @@
                     {{ $jwt_production := env "AUTH_ENABLED" }}
                     {{ if eq $jwt_production "true" }}
                         {{ include "jwt_config.tmpl" }},
-                        "github.com/devopsfaith/krakend-lua/router": {
+                        "modifier/lua-endpoint": {
                             "sources": ["scripts/uniconfig_query_escape.lua", "scripts/unistore_rbac.lua"],
                             "allow_open_libs": true,
                             "pre": "local r = ctx.load(); r:url(urlencode(r)); user_group_auth(r)",
                             "live": true
                         }
                     {{ else if eq $jwt_production "false" }}
-                        "github.com/devopsfaith/krakend-lua/router": {
+                        "modifier/lua-endpoint": {
                             "@comment": "Fixing escape queries with multiple fields separated by semicolon",
                             "sources": ["scripts/uniconfig_query_escape.lua", "scripts/fake_frinx_token.lua"],
                             "allow_open_libs": true,

config/krakend/templates/workflow_proxy.tmpl

@@ -4,11 +4,11 @@
     "endpoint": "{{ .endpoint }}",
     "method": "{{ .method }}",
     "output_encoding": "no-op",
-    "headers_to_pass": ["*"],
+    "input_headers": ["*"],
 
-    {{ if .querystring_params }}
-    "querystring_params": [ 
-        {{range $query_enabled, $query := .querystring_params}} {{if gt $query_enabled 0}},{{end}} "{{$query}}" {{ end }} 
+    {{ if .input_query_strings }}
+    "input_query_strings": [ 
+        {{range $query_enabled, $query := .input_query_strings}} {{if gt $query_enabled 0}},{{end}} "{{$query}}" {{ end }} 
         ],
     {{end}}
 
@@ -33,7 +33,7 @@
 
         "disable_host_sanitize": false,
         "extra_config": {
-            "github.com/devopsfaith/krakend-martian": {
+            "modifier/martian": {
                 "fifo.Group": {
                     "scope": ["request", "response"],
                     "aggregateErrors": true,

config/krakend/templates/workflow_proxy_docs.tmpl

@@ -4,11 +4,11 @@
     "endpoint": "{{ .endpoint }}",
     "method": "{{ .method }}",
     "output_encoding": "no-op",
-    "headers_to_pass": ["*"],
+    "input_headers": ["*"],
 
-    {{ if .querystring_params }}
-    "querystring_params": [ 
-        {{range $query_enabled, $query := .querystring_params}} {{if gt $query_enabled 0}},{{end}} "{{$query}}" {{ end }} 
+    {{ if .input_query_strings }}
+    "input_query_strings": [ 
+        {{range $query_enabled, $query := .input_query_strings}} {{if gt $query_enabled 0}},{{end}} "{{$query}}" {{ end }} 
         ],
     {{end}}
 
@@ -23,7 +23,7 @@
         "sd": "static",
         "disable_host_sanitize": false,
         "extra_config": {
-            "github.com/devopsfaith/krakend-martian": {
+            "modifier/martian": {
                 "fifo.Group": {
                     "scope": ["request", "response"],
                     "aggregateErrors": true,

install.sh

@@ -135,7 +135,6 @@ function installPrerequisities {
   fi
 }
 
-
 function generateUniconfigTLSCerts {
 
   if ([[ $(docker secret ls --filter name=${UNICONFIG_SSL_KEY} --format {{.Name}}) == '' ]] || [[ $(docker secret ls --filter name=${UNICONFIG_SSL_CERT} --format {{.Name}}) == '' ]]) || [ "${__UPDATE_SECRETS}" == "true" ]; then
@@ -144,7 +143,7 @@ function generateUniconfigTLSCerts {
       echo -e "${INFO} Generating SSL key/cert used for uniconfig-zone TLS communication"
       openssl genrsa --out ${dockerCertSettings}/${UNICONFIG_SSL_KEY} &>/dev/null
       openssl req -new -x509 -key ${dockerCertSettings}/${UNICONFIG_SSL_KEY} -out ${dockerCertSettings}/${UNICONFIG_SSL_CERT} -days 365 \
-            -subj '/C=SK/ST=Slovakia/L=Bratislava/O=Frinx/OU=Frinx Machine/CN=*/emailAddress=frinx@frinx.io'
+            -subj '/C=SK/ST=Slovakia/L=Bratislava/O=Frinx/OU=Frinx Machine/CN=*/emailAddress=frinx@frinx.io' -addext "subjectAltName = DNS:*"
     fi
       echo -e "${INFO} Updating SSL key/cert used for uniconfig-zone TLS communication"
       docker secret create "${UNICONFIG_SSL_KEY}" "${dockerCertSettings}/${UNICONFIG_SSL_KEY}" > /dev/null || echo -e "${ERROR} Docker secret ${UNICONFIG_SSL_KEY} not imported" | exit 1
@@ -175,7 +174,7 @@ function generateKrakenDTLSCerts {
       echo -e "${INFO} Generating SSL key/cert used for KrakenD TLS communication"
       openssl genrsa --out ${dockerCertSettings}/${KRAKEND_SSL_KEY} &>/dev/null
       openssl req -new -x509 -key ${dockerCertSettings}/${KRAKEND_SSL_KEY} -out ${dockerCertSettings}/${KRAKEND_SSL_CERT} -days 365 \
-            -subj '/C=SK/ST=Slovakia/L=Bratislava/O=Frinx/OU=Frinx Machine/CN=*/emailAddress=frinx@frinx.io'
+            -subj '/C=SK/ST=Slovakia/L=Bratislava/O=Frinx/OU=Frinx Machine/CN=*/emailAddress=frinx@frinx.io' -addext "subjectAltName = DNS:*"
     fi
     echo -e "${INFO} Updating SSL key/cert used for KrakenD TLS communication"
     docker secret create "${KRAKEND_SSL_KEY}" "${dockerCertSettings}/${KRAKEND_SSL_KEY}" > /dev/null || echo -e "${ERROR} Docker secret ${KRAKEND_SSL_KEY} not imported" | exit 1