Chapter 8. Red Hat Developer Hub integration with Microsoft Azure Kubernetes Service (AKS)
You can integrate Developer Hub with Microsoft Azure Kubernetes Service (AKS), which provides a significant advancement in development, offering a streamlined environment for building, deploying, and managing your applications.
This integration requires the deployment of Developer Hub on AKS using one of the following methods:
- The Helm chart
- The Red Hat Developer Hub Operator
8.1. Monitoring and logging with Azure Kubernetes Services (AKS) in Red Hat Developer Hub
Monitoring and logging are integral aspects of managing and maintaining Azure Kubernetes Services (AKS) in Red Hat Developer Hub. With features like Managed Prometheus Monitoring and Azure Monitor integration, administrators can efficiently monitor resource utilization, diagnose issues, and ensure the reliability of their containerized workloads.
To enable Managed Prometheus Monitoring, use the -enable-azure-monitor-metrics
option within either the az aks create
or az aks update
command, depending on whether you’re creating a new cluster or updating an existing one, such as:
az aks create/update --resource-group <your-ResourceGroup> --name <your-Cluster> --enable-azure-monitor-metrics
The previous command installs the metrics add-on, which gathers Prometheus metrics. Using the previous command, you can enable monitoring of Azure resources through both native Azure Monitor metrics and Prometheus metrics. You can also view the results in the portal under Monitoring
Furthermore, metrics from both the Managed Prometheus service and Azure Monitor can be accessed through Azure Managed Grafana service. For more information, see Link a Grafana workspace section.
By default, Prometheus uses the minimum ingesting profile, which optimizes ingestion volume and sets default configurations for scrape frequency, targets, and metrics collected. The default settings can be customized through custom configuration. Azure offers various methods, including using different ConfigMaps, to provide scrape configuration and other metric add-on settings. For more information about default configuration, see Default Prometheus metrics configuration in Azure Monitor and Customize scraping of Prometheus metrics in Azure Monitor managed service for Prometheus documentation.
8.1.1. Viewing logs with Azure Kubernetes Services (AKS)
You can access live data logs generated by Kubernetes objects and collect log data in Container Insights within AKS.
Prerequisites
- You have deployed Developer Hub on AKS.
For more information, see Installing Red Hat Developer Hub on Azure Kubernetes Service (AKS).
assembly-install-rhdh-aks.adoc
Procedure
- View live logs from your Developer Hub instance
- Navigate to the Azure Portal.
-
Search for the resource group
<your-ResourceGroup>
and locate your AKS cluster<your-Cluster>
. -
Select Kubernetes resources
Workloads from the menu. -
Select the
<your-rhdh-cr>-developer-hub
(in case of Helm Chart installation) or<your-rhdh-cr>-backstage
(in case of Operator-backed installation) deployment. - Click Live Logs in the left menu.
Select the pod.
NoteThere must be only single pod.
Live log data is collected and displayed.
- View real-time log data from the Container Engine
- Navigate to the Azure Portal.
-
Search for the resource group
<your-ResourceGroup>
and locate your AKS cluster<your-Cluster>
. -
Select Monitoring
Insights from the menu. - Go to the Containers tab.
- Find the backend-backstage container and click it to view real-time log data as it’s generated by the Container Engine.
8.2. Using Microsoft Azure as an authentication provider in Red Hat Developer Hub
The core-plugin-api
package in Developer Hub comes integrated with Microsoft Azure authentication provider, authenticating signing in using Azure OAuth.
Prerequisites
- You have deployed Developer Hub on AKS.
For more information, see Installing Red Hat Developer Hub on Azure Kubernetes Service (AKS).
- You have created registered your application in Azure portal. For more information, see Register an application with the Microsoft identity platform.
8.2.1. Using Microsoft Azure as an authentication provider in Helm deployment
You can use Microsoft Azure as an authentication provider in Red Hat Developer Hub, when installed using the Helm Chart.
For more information, see Deploying Developer Hub on AKS with the Helm chart.
Procedure
After the application is registered, note down the following:
-
clientId
: Application (client) ID, found under App RegistrationOverview. -
clientSecret
: Secret, found under *App RegistrationCertificates & secrets (create new if needed). -
tenantId
: Directory (tenant) ID, found under App RegistrationOverview.
-
Ensure the following fragment is included in your Developer Hub ConfigMap:
auth: environment: production providers: microsoft: production: clientId: ${AZURE_CLIENT_ID} clientSecret: ${AZURE_CLIENT_SECRET} tenantId: ${AZURE_TENANT_ID} domainHint: ${AZURE_TENANT_ID} additionalScopes: - Mail.Send
You can either create a new file or add it to an existing one.
Apply the ConfigMap to your Kubernetes cluster:
kubectl -n <your_namespace> apply -f <app-config>.yaml
Create or reuse an existing Secret containing Azure credentials and add the following fragment:
stringData: AZURE_CLIENT_ID: <value-of-clientId> AZURE_CLIENT_SECRET: <value-of-clientSecret> AZURE_TENANT_ID: <value-of-tenantId>
Apply the secret to your Kubernetes cluster:
kubectl -n <your_namespace> apply -f <azure-secrets>.yaml
Ensure your
values.yaml
file references the previously created ConfigMap and Secret:upstream: backstage: ... extraAppConfig: - filename: ... configMapRef: <app-config-containing-azure> extraEnvVarsSecrets: - <secret-containing-azure>
Optional: If the Helm Chart is already installed, upgrade it:
helm -n <your_namespace> upgrade -f <your-values.yaml> <your_deploy_name> redhat-developer/backstage --version 1.2.6
Optional: If your
rhdh.yaml
file is not changed, for example, you only updated the ConfigMap and Secret referenced from it, refresh your Developer Hub deployment by removing the corresponding pods:kubectl -n <your_namespace> delete pods -l backstage.io/app=backstage-<your-rhdh-cr>
8.2.2. Using Microsoft Azure as an authentication provider in Operator-backed deployment
You can use Microsoft Azure as an authentication provider in Red Hat Developer Hub, when installed using the Operator.
For more information, see Installing Red Hat Developer Hub on OpenShift Container Platform with the Operator.
Procedure
After the application is registered, note down the following:
-
clientId
: Application (client) ID, found under App RegistrationOverview. -
clientSecret
: Secret, found under *App RegistrationCertificates & secrets (create new if needed). -
tenantId
: Directory (tenant) ID, found under App RegistrationOverview.
-
Ensure the following fragment is included in your Developer Hub ConfigMap:
auth: environment: production providers: microsoft: production: clientId: ${AZURE_CLIENT_ID} clientSecret: ${AZURE_CLIENT_SECRET} tenantId: ${AZURE_TENANT_ID} domainHint: ${AZURE_TENANT_ID} additionalScopes: - Mail.Send
You can either create a new file or add it to an existing one.
Apply the ConfigMap to your Kubernetes cluster:
kubectl -n <your_namespace> apply -f <app-config>.yaml
Create or reuse an existing Secret containing Azure credentials and add the following fragment:
stringData: AZURE_CLIENT_ID: <value-of-clientId> AZURE_CLIENT_SECRET: <value-of-clientSecret> AZURE_TENANT_ID: <value-of-tenantId>
Apply the secret to your Kubernetes cluster:
kubectl -n <your_namespace> apply -f <azure-secrets>.yaml
Ensure your Custom Resource manifest contains references to the previously created ConfigMap and Secret:
apiVersion: rhdh.redhat.com/v1alpha1 kind: Backstage metadata: name: <your-rhdh-cr> spec: application: imagePullSecrets: - rhdh-pull-secret route: enabled: false appConfig: configMaps: - name: <app-config-containing-azure> extraEnvs: secrets: - name: <secret-containing-azure>
Apply your Custom Resource manifest:
kubectl -n <your_namespace> apply -f rhdh.yaml
Optional: If your
rhdh.yaml
file is not changed, for example, you only updated the ConfigMap and Secret referenced from it, refresh your Developer Hub deployment by removing the corresponding pods:kubectl -n <your_namespace> delete pods -l backstage.io/app=backstage-<your-rhdh-cr>