Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Installing Red Hat Developer Hub on Amazon Elastic Kubernetes Service

Red Hat Developer Hub 1.4

Red Hat Customer Content Services

Abstract

Red Hat Developer Hub is an enterprise-grade platform for building developer portals. Administrative users can configure roles, permissions, and other settings to enable other authorized users to deploy a Developer Hub instance on Amazon Elastic Kubernetes Service (EKS) using either the Operator or Helm chart.

Preface
Copy link

You can install Red Hat Developer Hub on Amazon Elastic Kubernetes Service (EKS) using one of the following methods:

  • The Red Hat Developer Hub Operator
  • The Red Hat Developer Hub Helm chart

The Red Hat Developer Hub Operator installation requires the Operator Lifecycle Manager (OLM) framework.

Additional resources

You can install the Developer Hub Operator on EKS using the Operator Lifecycle Manager (OLM) framework. Following that, you can proceed to deploy your Developer Hub instance in EKS.

Prerequisites

Procedure

  1. Run the following command in your terminal to create the rhdh-operator namespace where the Operator is installed: 

    kubectl create namespace rhdh-operator
    Copy to Clipboard Toggle word wrap

  2. Create a pull secret using the following command: 

    kubectl -n rhdh-operator create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<user_name> \
    1 
    
    --docker-password=<password> \
    2 
    
    --docker-email=<email>
    3
    Copy to Clipboard Toggle word wrap
    1
    Enter your username in the command.
    2
    Enter your password in the command.
    3
    Enter your email address in the command.

    The created pull secret is used to pull the Developer Hub images from the Red Hat Ecosystem.

  3. Create a CatalogSource resource that contains the Operators from the Red Hat Ecosystem: 

    cat <<EOF | kubectl -n rhdh-operator apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: redhat-catalog
spec:
  sourceType: grpc
  image: registry.redhat.io/redhat/redhat-operator-index:v4.17
  secrets:
  - "rhdh-pull-secret"
  displayName: Red Hat Operators
EOF
    Copy to Clipboard Toggle word wrap

  4. Create an OperatorGroup resource as follows: 

    cat <<EOF | kubectl apply -n rhdh-operator -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: rhdh-operator-group
EOF
    Copy to Clipboard Toggle word wrap

  5. Create a Subscription resource using the following code: 

    cat <<EOF | kubectl apply -n rhdh-operator -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: rhdh
  namespace: rhdh-operator
spec:
  channel: fast
  installPlanApproval: Automatic
  name: rhdh
  source: redhat-catalog
  sourceNamespace: rhdh-operator
  startingCSV: rhdh-operator.v1.4.3
EOF
    Copy to Clipboard Toggle word wrap

  6. Run the following command to verify that the created Operator is running: 

    kubectl -n rhdh-operator get pods -w
    Copy to Clipboard Toggle word wrap

    If the operator pod shows ImagePullBackOff status, then you might need permissions to pull the image directly within the Operator deployment’s manifest.

    Tip

    You can include the required secret name in the deployment.spec.template.spec.imagePullSecrets list and verify the deployment name using kubectl get deployment -n rhdh-operator command: 

    kubectl -n rhdh-operator patch deployment \
    rhdh.fast --patch '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"rhdh-pull-secret"}]}}}}' \
    --type=merge
    Copy to Clipboard Toggle word wrap

  7. Update the default configuration of the operator to ensure that Developer Hub resources can start correctly in EKS using the following steps:

    1. Edit the backstage-default-config ConfigMap in the rhdh-operator namespace using the following command: 

      kubectl -n rhdh-operator edit configmap backstage-default-config
      Copy to Clipboard Toggle word wrap

    2. Locate the db-statefulset.yaml string and add the fsGroup to its spec.template.spec.securityContext, as shown in the following example: 

        db-statefulset.yaml: |
    apiVersion: apps/v1
    kind: StatefulSet
--- TRUNCATED ---
    spec:
    --- TRUNCATED ---
      restartPolicy: Always
      securityContext:
      # You can assign any random value as fsGroup
        fsGroup: 2000
      serviceAccount: default
      serviceAccountName: default
--- TRUNCATED ---
      Copy to Clipboard Toggle word wrap

    3. Locate the deployment.yaml string and add the fsGroup to its specification, as shown in the following example: 

        deployment.yaml: |
    apiVersion: apps/v1
    kind: Deployment
--- TRUNCATED ---
    spec:
      securityContext:
        # You can assign any random value as fsGroup
        fsGroup: 3000
      automountServiceAccountToken: false
--- TRUNCATED ---
      Copy to Clipboard Toggle word wrap

    4. Locate the service.yaml string and change the type to NodePort as follows: 

        service.yaml: |
    apiVersion: v1
    kind: Service
    spec:
     # NodePort is required for the ALB to route to the Service
      type: NodePort
--- TRUNCATED ---
      Copy to Clipboard Toggle word wrap

    5. Save and exit.

      Wait for a few minutes until the changes are automatically applied to the operator pods.

Prerequisites

Procedure

  1. Create a my-rhdh-app-config config map containing the app-config.yaml Developer Hub configuration file by using the following template: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: my-rhdh-app-config
data:
  "app-config.yaml": |
    app:
      title: Red Hat Developer Hub
      baseUrl: https://<rhdh_dns_name>
    backend:
      auth:
        externalAccess:
            - type: legacy
              options:
                subject: legacy-default-config
                secret: "${BACKEND_SECRET}"
      baseUrl: https://<rhdh_dns_name>
      cors:
        origin: https://<rhdh_dns_name>
    Copy to Clipboard Toggle word wrap

  2. Create a Red Hat Developer Hub secret and add a key named BACKEND_SECRET with a Base64-encoded string as value: 

    apiVersion: v1
kind: Secret
metadata:
  name: <my_product_secrets>
    1 
    
stringData:
  # TODO: See https://backstage.io/docs/auth/service-to-service-auth/#setup
  BACKEND_SECRET: "xxx"
    Copy to Clipboard Toggle word wrap
    1
    <my_product_secrets> is your preferred Developer Hub secret name, where <my_product_secrets> specifies the unique identifier for your secret configuration within Developer Hub.
    Important

    Ensure that you use a unique value of BACKEND_SECRET for each Developer Hub instance.

    You can use the following command to generate a key: 

    node-p'require("crypto").randomBytes(24).toString("base64")'
    Copy to Clipboard Toggle word wrap

  3. To enable pulling the PostgreSQL image from the Red Hat Ecosystem Catalog, add the image pull secret in the default service account within the namespace where the Developer Hub instance is being deployed: 

    kubectl patch serviceaccount default \
    -p '{"imagePullSecrets": [{"name": "rhdh-pull-secret"}]}' \
    -n <your_namespace>
    Copy to Clipboard Toggle word wrap

  4. Create your Backstage custom resource using the following template: 

    apiVersion: rhdh.redhat.com/v1alpha3
kind: Backstage
metadata:
 # TODO: this the name of your Developer Hub instance
  name: my-rhdh
spec:
  application:
    imagePullSecrets:
    - "rhdh-pull-secret"
    route:
      enabled: false
    appConfig:
      configMaps:
        - name: my-rhdh-app-config
    extraEnvs:
      secrets:
        - name: <my_product_secrets>
    1
    Copy to Clipboard Toggle word wrap
    1
    <my_product_secrets> is your preferred Developer Hub secret name, where <my_product_secrets> specifies the identifier for your secret configuration within Developer Hub.

  5. Create an Ingress resource using the following template, ensuring to customize the names as needed: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  # TODO: this the name of your Developer Hub Ingress
  name: my-rhdh
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing

    alb.ingress.kubernetes.io/target-type: ip

    # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.:
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-xxx:xxxx:certificate/xxxxxx

     alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'

    alb.ingress.kubernetes.io/ssl-redirect: '443'

    # TODO: Set your application domain name.
    external-dns.alpha.kubernetes.io/hostname: <rhdh_dns_name>

spec:
  ingressClassName: alb
  rules:
    # TODO: Set your application domain name.
    - host: <rhdh_dns_name>
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              # TODO: my-rhdh is the name of your `Backstage` custom resource.
              # Adjust if you changed it!
              name: backstage-my-rhdh
              port:
                name: http-backend
    Copy to Clipboard Toggle word wrap

    In the previous template, replace ` <rhdh_dns_name>` with your Developer Hub domain name and update the value of alb.ingress.kubernetes.io/certificate-arn with your certificate ARN.

Verification

Wait until the DNS name is responsive, indicating that your Developer Hub instance is ready for use.

When you install the Developer Hub Helm chart in Elastic Kubernetes Service (EKS), it orchestrates the deployment of a Developer Hub instance, which provides a robust developer platform within the AWS ecosystem.

Prerequisites

Procedure

  1. Go to your terminal and run the following command to add the Helm chart repository containing the Developer Hub chart to your local Helm registry: 

    helm repo add openshift-helm-charts https://charts.openshift.io/
    Copy to Clipboard Toggle word wrap

  2. Create a pull secret using the following command: 

    kubectl create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<user_name> \
    1 
    
    --docker-password=<password> \
    2 
    
    --docker-email=<email>
    3
    Copy to Clipboard Toggle word wrap
    1
    Enter your username in the command.
    2
    Enter your password in the command.
    3
    Enter your email address in the command.

    The created pull secret is used to pull the Developer Hub images from the Red Hat Ecosystem.

  3. Create a file named values.yaml using the following template: 

    global:
  # TODO: Set your application domain name.
  host: <your Developer Hub domain name>


route:
  enabled: false


upstream:
  service:
    # NodePort is required for the ALB to route to the Service
    type: NodePort


  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: alb


      alb.ingress.kubernetes.io/scheme: internet-facing


      # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.:
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:xxx:xxxx:certificate/xxxxxx


      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'


      alb.ingress.kubernetes.io/ssl-redirect: '443'


      # TODO: Set your application domain name.
      external-dns.alpha.kubernetes.io/hostname: <your rhdh domain name>


  backstage:
    image:
      pullSecrets:
      - rhdh-pull-secret
    podSecurityContext:
      # you can assign any random value as fsGroup
      fsGroup: 2000
  postgresql:
    image:
      pullSecrets:
      - rhdh-pull-secret
    primary:
      podSecurityContext:
        enabled: true
        # you can assign any random value as fsGroup
        fsGroup: 3000
  volumePermissions:
    enabled: true
    Copy to Clipboard Toggle word wrap

  4. Run the following command in your terminal to deploy Developer Hub using the latest version of Helm Chart and using the values.yaml file created in the previous step: 

    helm install rhdh \
  openshift-helm-charts/redhat-developer-hub \
  [--version 1.4.3] \
  --values /path/to/values.yaml
    Copy to Clipboard Toggle word wrap
Note

Verification

Wait until the DNS name is responsive, indicating that your Developer Hub instance is ready for use.

Legal Notice
Copy link

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top