Last active
February 7, 2024 20:24
-
-
Save nickboldt/107625858830ef6f0feccb918d338244 to your computer and use it in GitHub Desktop.
install helm chart
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global: | |
dynamic: | |
# -- Array of YAML files listing dynamic plugins to include with those listed in the `plugins` field. | |
# Relative paths are resolved from the working directory of the initContainer that will install the plugins (`/opt/app-root/src`). | |
includes: | |
# -- List of dynamic plugins included inside the `janus-idp/backstage-showcase` container image, some of which are disabled by default. | |
# This file ONLY works with the `janus-idp/backstage-showcase` container image. | |
- 'dynamic-plugins.default.yaml' | |
# -- List of dynamic plugins, possibly overriding the plugins listed in `includes` files. | |
# Every item defines the plugin `package` as a [NPM package spec](https://docs.npmjs.com/cli/v10/using-npm/package-spec), | |
# an optional `pluginConfig` with plugin-specific backstage configuration, and an optional `disabled` flag to disable/enable a plugin | |
# listed in `includes` files. It also includes an `integrity` field that is used to verify the plugin package [integrity](https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description). | |
plugins: | |
- package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-dynamic | |
disabled: false | |
pluginConfig: | |
catalog: | |
providers: | |
github: | |
my-test-org: | |
organization: janus-qe | |
catalogPath: '/catalog-info.yaml' # string | |
filters: | |
branch: 'main' # string | |
repository: '.*' # Regex | |
schedule: | |
frequency: | |
minutes: 1 | |
timeout: | |
minutes: 1 | |
initialDelay: | |
seconds: 15 | |
- package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-org-dynamic | |
disabled: false | |
- package: ./dynamic-plugins/dist/backstage-plugin-github-issues | |
disabled: false | |
- package: ./dynamic-plugins/dist/roadiehq-backstage-plugin-github-pull-requests | |
disabled: false | |
- package: ./dynamic-plugins/dist/backstage-plugin-github-actions | |
disabled: false | |
- package: ./dynamic-plugins/dist/janus-idp-backstage-plugin-quay | |
disabled: false | |
- package: ./dynamic-plugins/dist/janus-idp-backstage-plugin-keycloak-backend-dynamic | |
disabled: false | |
- package: ./dynamic-plugins/dist/backstage-plugin-kubernetes-backend-dynamic | |
disabled: false | |
pluginConfig: | |
kubernetes: | |
clusterLocatorMethods: | |
- clusters: | |
- authProvider: serviceAccount | |
name: ${K8S_CLUSTER_NAME} | |
serviceAccountToken: ${K8S_SERVICE_ACCOUNT_TOKEN} | |
url: ${K8S_CLUSTER_API_SERVER_URL} | |
type: config | |
customResources: | |
# Add for tekton | |
- apiVersion: 'v1beta1' | |
group: 'tekton.dev' | |
plural: 'pipelines' | |
- apiVersion: v1beta1 | |
group: tekton.dev | |
plural: pipelineruns | |
- apiVersion: v1beta1 | |
group: tekton.dev | |
plural: taskruns | |
# Add for topology plugin | |
- apiVersion: 'v1' | |
group: 'route.openshift.io' | |
plural: 'routes' | |
# Add to view topology code decorators | |
- group: 'org.eclipse.che' | |
apiVersion: 'v2' | |
plural: 'checlusters' | |
serviceLocatorMethod: | |
type: multiTenant | |
# Enable OCM plugins. | |
- package: ./dynamic-plugins/dist/janus-idp-backstage-plugin-ocm-backend-dynamic | |
disabled: false | |
pluginConfig: | |
catalog: | |
providers: | |
ocm: | |
default: | |
name: testCluster # Can be any arbitrary name supported by kubernetes | |
url: ${OCM_CLUSTER_URL} | |
serviceAccountToken: ${OCM_CLUSTER_TOKEN} | |
skipTLSVerify: true | |
owner: janus-authors | |
- package: ./dynamic-plugins/dist/janus-idp-backstage-plugin-ocm | |
disabled: false | |
# Enable tech-radar plugin. | |
- package: ./dynamic-plugins/dist/backstage-plugin-tech-radar | |
disabled: false | |
# this value will be overriden by 'helm install .... --set global.clusterRouterBase=value' | |
# -- Shorthand for users who do not want to specify a custom HOSTNAME. Used ONLY with the DEFAULT upstream.backstage.appConfig value and with OCP Route enabled. | |
clusterRouterBase: apps.example.com | |
# -- Custom hostname shorthand, overrides `global.clusterRouterBase`, `upstream.ingress.host`, `route.host`, and url values in `upstream.backstage.appConfig` | |
host: '' | |
# -- Enable service authentication within Backstage instance | |
auth: | |
# -- Backend service to service authentication | |
# <br /> Ref: https://backstage.io/docs/auth/service-to-service-auth/ | |
backend: | |
# -- Enable backend service to service authentication, unless configured otherwise it generates a secret value | |
enabled: true | |
# -- Instead of generating a secret value, refer to existing secret | |
existingSecret: '' | |
# -- Instead of generating a secret value, use fo;lowing value | |
value: '' | |
# -- Upstream Backstage [chart configuration](https://github.com/backstage/charts/blob/main/charts/backstage/values.yaml) | |
# @default -- Use Openshift compatible settings | |
upstream: | |
nameOverride: backstage | |
commonLabels: | |
backstage.io/kubernetes-id: developer-hub | |
backstage: | |
image: | |
pullPolicy: Always | |
pullSecrets: | |
- rhdh-pull-secret | |
# using test image from https://quay.io/repository/janus-idp/backstage-showcase | |
registry: quay.io | |
repository: janus-idp/backstage-showcase | |
tag: next | |
command: [] | |
# FIXME (tumido): USE POSTGRES_PASSWORD and POSTGRES_USER instead of POSTGRES_ADMIN_PASSWORD | |
# This is a hack. In {fedora,rhel}/postgresql images, regular user is forbidden | |
# from creating DBs in runtime. A single DB can be created ahead of time via | |
# POSTGRESQL_DATABASE env variable (in this case via | |
# upstream.postgresql.primary.extraEnvVars value), but this doesn't allow us to | |
# create multiple DBs. Since Backstage requires by default 5 different DBs, we | |
# can't accommodate that properly. | |
appConfig: | |
app: | |
# Please update to match host in case you don't want to configure hostname via `global.clusterRouterBase` or `global.host`. | |
baseUrl: 'https://{{- include "janus-idp.hostname" . }}' | |
backend: | |
baseUrl: 'https://{{- include "janus-idp.hostname" . }}' | |
cors: | |
origin: 'https://{{- include "janus-idp.hostname" . }}' | |
database: | |
connection: | |
password: ${POSTGRESQL_ADMIN_PASSWORD} | |
user: postgres | |
auth: | |
keys: | |
- secret: ${BACKEND_SECRET} | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /healthcheck | |
port: 7007 | |
scheme: HTTP | |
initialDelaySeconds: 30 | |
periodSeconds: 10 | |
successThreshold: 2 | |
timeoutSeconds: 2 | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /healthcheck | |
port: 7007 | |
scheme: HTTP | |
initialDelaySeconds: 60 | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 2 | |
extraEnvVars: | |
- name: BACKEND_SECRET | |
valueFrom: | |
secretKeyRef: | |
key: backend-secret | |
name: '{{ include "janus-idp.backend-secret-name" $ }}' | |
- name: POSTGRESQL_ADMIN_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: postgres-password | |
name: '{{ .Release.Name }}-postgresql' | |
args: | |
# This additional `app-config`` file is generated by the initContainer below, and contains the merged configuration of installed dynamic plugins. | |
- '--config' | |
- dynamic-plugins-root/app-config.dynamic-plugins.yaml | |
extraVolumeMounts: | |
# The initContainer below will install dynamic plugins in this volume mount. | |
- name: dynamic-plugins-root | |
mountPath: /opt/app-root/src/dynamic-plugins-root | |
extraVolumes: | |
# -- Ephemeral volume that will contain the dynamic plugins installed by the initContainer below at start. | |
# To have more control on underlying storage, the [emptyDir](https://docs.openshift.com/container-platform/4.13/storage/understanding-ephemeral-storage.html) | |
# could be changed to a [generic ephemeral volume](https://docs.openshift.com/container-platform/4.13/storage/generic-ephemeral-vols.html#generic-ephemeral-vols-procedure_generic-ephemeral-volumes). | |
- name: dynamic-plugins-root | |
emptyDir: {} | |
# Volume that will expose the `dynamic-plugins.yaml` file from the `dynamic-plugins` config map. | |
# The `dynamic-plugins` config map is created by the helm chart from the content of the `global.dynamic` field. | |
- name: dynamic-plugins | |
configMap: | |
defaultMode: 420 | |
name: dynamic-plugins | |
optional: true | |
# Optional volume that allows exposing the `.npmrc` file (through a `dynamic-plugins-npmrc` secret) | |
# to be used when running `npm pack` during the dynamic plugins installation by the initContainer. | |
- name: dynamic-plugins-npmrc | |
secret: | |
defaultMode: 420 | |
optional: true | |
secretName: dynamic-plugins-npmrc | |
initContainers: | |
- name: install-dynamic-plugins | |
# -- Image used by the initContainer to install dynamic plugins into the `dynamic-plugins-root` volume mount. | |
# It could be replaced by a custom image based on this one. | |
# @default -- `quay.io/janus-idp/backstage-showcase:latest` | |
image: '{{ include "backstage.image" . }}' | |
command: | |
- python | |
- install-dynamic-plugins.py | |
- /dynamic-plugins-root | |
env: | |
- name: NPM_CONFIG_USERCONFIG | |
value: /opt/app-root/src/.npmrc.dynamic-plugins | |
imagePullPolicy: Always | |
volumeMounts: | |
- mountPath: /dynamic-plugins-root | |
name: dynamic-plugins-root | |
- mountPath: /opt/app-root/src/dynamic-plugins.yaml | |
name: dynamic-plugins | |
readOnly: true | |
subPath: dynamic-plugins.yaml | |
- mountPath: /opt/app-root/src/.npmrc.dynamic-plugins | |
name: dynamic-plugins-npmrc | |
readOnly: true | |
subPath: .npmrc | |
workingDir: /opt/app-root/src | |
installDir: /opt/app-root/src | |
podAnnotations: | |
checksum/dynamic-plugins: >- | |
{{- include "common.tplvalues.render" ( dict "value" | |
.Values.global.dynamic "context" $) | sha256sum }} | |
extraEnvVarsSecrets: | |
- rhdh-secrets | |
postgresql: | |
enabled: true | |
postgresqlDataDir: /var/lib/pgsql/data/userdata | |
image: | |
registry: quay.io | |
repository: fedora/postgresql-15 | |
tag: latest | |
auth: | |
secretKeys: | |
adminPasswordKey: postgres-password | |
userPasswordKey: password | |
primary: | |
securityContext: | |
enabled: false | |
podSecurityContext: | |
enabled: false | |
containerSecurityContext: | |
enabled: false | |
persistence: | |
enabled: true | |
size: 1Gi | |
mountPath: /var/lib/pgsql/data | |
extraEnvVars: | |
- name: POSTGRESQL_ADMIN_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
key: postgres-password | |
name: '{{ .Release.Name }}-postgresql' | |
ingress: | |
host: '{{ .Values.global.host }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# script to automate helm chart installation for testing purposes | |
# you must be logged into an OCP cluster first! | |
# configure your install settings | |
NAME_SPACE="my-project" | |
oc new-project $NAME_SPACE | |
RHDH="my-rhdh" | |
# Check we're logged into a cluster | |
if ! oc whoami > /dev/null 2>&1; then | |
errorf "Not logged into an OpenShift cluster" | |
exit 1 | |
fi | |
cd /tmp | |
# fetch config files and apply them | |
git clone --depth=1 https://github.com/janus-idp/backstage-showcase rhdh | |
pushd rhdh/.ibm/pipelines >/dev/null || exit | |
oc apply -f $dir/resources/service_account/service-account-rhdh.yaml --namespace=${NAME_SPACE} | |
oc apply -f $dir/auth/service-account-rhdh-secret.yaml --namespace=${NAME_SPACE} | |
oc apply -f $dir/auth/secrets-rhdh-secrets.yaml --namespace=${NAME_SPACE} | |
oc apply -f $dir/resources/deployment/deployment-test-app-component.yaml --namespace=${NAME_SPACE} | |
oc new-app https://github.com/janus-qe/test-backstage-customization-provider --namespace=${NAME_SPACE} | |
oc expose svc/test-backstage-customization-provider --namespace=${NAME_SPACE} | |
oc apply -f $dir/resources/cluster_role/cluster-role-k8s.yaml | |
oc apply -f $dir/resources/cluster_role_binding/cluster-role-binding-k8s.yaml | |
oc apply -f $dir/resources/cluster_role/cluster-role-ocm.yaml | |
oc apply -f $dir/resources/cluster_role_binding/cluster-role-binding-ocm.yaml | |
popd >/dev/null || exit | |
curl -sSLO https://gist.githubusercontent.com/nickboldt/107625858830ef6f0feccb918d338244/raw/dc1f4048b9afe084fa470bf6a21829a88375d93f/helm-values-testing.yaml | |
# add chart and dependencies | |
helm repo add bitnami https://charts.bitnami.com/bitnami | |
helm repo add backstage https://backstage.github.io/charts | |
helm repo add redhat-developer https://redhat-developer.github.io/rhdh-chart | |
# install from the chart you installed above, with optional overrides | |
helm upgrade -i $RHDH -n $NAME_SPACE rhdh-chart/backstage \ | |
-f /tmp/helm-values-testing.yaml \ | |
--set global.clusterRouterBase=apps.ci-ln-8h2lb7b-72292.origin-ci-int-gce.dev.rhcloud.com \ | |
--set upstream.backstage.image.registry=quay.io \ | |
--set upstream.backstage.image.repository=janus-idp/backstage-showcase \ | |
--set upstream.backstage.image.tag=next \ | |
--set upstream.postgresql.image.registry=quay.io \ | |
--set upstream.postgresql.image.repository=fedora/postgresql-15 \ | |
--set upstream.postgresql.image.tag=latest | |
# or install from a chart tarball | |
#helm upgrade -i $RHDH -n $NAME_SPACE \ | |
# -f /tmp/helm-values-testing.yaml \ | |
# https://github.com/openshift-helm-charts/charts/raw/main/charts/redhat/redhat/developer-hub/1.0.0-1/developer-hub-1.0.0-1.tgz | |
# cleanup | |
rm -fr /tmp/rhdh helm-values-testing.yaml |
Author
nickboldt
commented
Feb 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment