Enable external trace sources support

If you enable external trace sources support, APIClarity can receive the trace sources from the entities that are external to the Kubernetes cluster. External trace sources such as Gateways and Load balancers can communicate with APIClarity to report APIs and send the traces.

Supported Trace Sources

APIClarity can support with the following trace sources and follow the instructions per required integration.

• Apigee X Gateway
  • Integration instructions
• BIG-IP LTM Load balancer
  • Integration instructions
• Kong
  • Integration instructions
• Tyk
  • Integration instructions

Deploy APIClarity with support for external trace sources

1. Add Helm Repo

   helm repo add apiclarity https://openclarity.github.io/apiclarity
   

2. Update values.yaml with:

   Apiclarity -> tls -> enabled as true
   supportExternalTraceSource -> enabled as true
   

3. Deploy APIClarity with the updated values.yaml to enable external traffic sources.

   helm install --values values.yaml --create-namespace apiclarity apiclarity/apiclarity -n apiclarity
   

4. Port forward to the APIClarity UI:

   kubectl port-forward -n apiclarity svc/apiclarity-apiclarity 9999:8080
   

5. Open the APIClarity UI in your browser at http://localhost:9999

Register a new external trace source

This section shows you how to access the service, register a new trace source, and how to receive the token and certificate. The examples use the Apigee X Gateway as the external trace source.

1. Port forward for service at 8443.

   kubectl port-forward -n apiclarity svc/apiclarity-apiclarity 8443:8443
   

2. Register a new external trace source and receive the token.

   TRACE_SOURCE_TOKEN=$(curl --http1.1 --insecure -s -H 'Content-Type: application/json' -d '{"name":"apigee_gateway","type":"APIGEE_X"}' https://localhost:8443/api/control/traceSources|jq -r '.token')
   

3. Get the External-IP for the apiclarity-external service.

   kubectl get services --namespace apiclarity
   

4. Use the External-IP address with the following command, then extract the certificate between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and save it to the server.crt file.

   openssl s_client -showcerts -connect <External-IP>:10443
   

5. If you want to configure other trace sources, use the extracted token in Step 2 and the certificate in Step 3.