Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Installing Developer Hub on Google Kubernetes Engine (GKE) by using the Operator

To benefit from over-the-air updates and catalogs provided by Operator-based applications distributed with the Operator Lifecycle Manager (OLM) framework, consider installing Red Hat Developer Hub by using the Red Hat Developer Hub Operator distributed in the Red Hat Ecosystem.

On GKE, the most notable differences over an OpenShift-based installation are:

  • The OLM framework and the Red Hat Ecosystem are not built-in.
  • The Red Hat Ecosystem pull-secret is not managed globally.
  • To expose the application, Ingresses replace OpenShift Routes.

For clarity, the content is broken down in sections highlighting these platform-specific additional steps.

The Red Hat Ecosystem, based on the Operator Lifecycle Manager (OLM) framework, contains a distribution of the Red Hat Developer Hub Operator, aimed at managing your Red Hat Developer Hub instance lifecycle.

However, on Google Kubernetes Engine (GKE):

  • The Operator Lifecycle Manager (OLM) framework and the Red Hat Ecosystem are not built-in.
  • The Red Hat Ecosystem pull-secret is not managed globally.

Therefore, install the OLM framework, the Red Hat Ecosystem, and provision your Red Hat Ecosystem pull secret to install Developer Hub Operator.

Prerequisites

Procedure

  1. Connect to your GKE cluster: 

    $ gcloud container clusters get-credentials <cluster-name> --location=<cluster-location>
    Copy to Clipboard Toggle word wrap
    <cluster-name>
    Enter your GKE cluster name.
    <cluster-location>
    Enter your GKE cluster location.

  2. Create the rhdh-operator namespace to contain the Red Hat Developer Hub Operator: 

    $ kubectl create namespace rhdh-operator
    Copy to Clipboard Toggle word wrap

  3. Create a pull secret using your Red Hat credentials to pull the container images from the protected Red Hat Ecosystem: 

    $ kubectl -n rhdh-operator create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<redhat_user_name> \
    --docker-password=<redhat_password> \
    --docker-email=<email>
    Copy to Clipboard Toggle word wrap

  4. Create a catalog source that contains the Red Hat Ecosystem Operators: 

    $ cat <<EOF | kubectl -n rhdh-operator apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: redhat-catalog
spec:
  sourceType: grpc
  image: registry.redhat.io/redhat/redhat-operator-index:v4.18
  secrets:
  - "rhdh-pull-secret"
  displayName: Red Hat Operators
EOF
    Copy to Clipboard Toggle word wrap

  5. Create an operator group to manage your operator subscriptions: 

    $ cat <<EOF | kubectl apply -n rhdh-operator -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: rhdh-operator-group
EOF
    Copy to Clipboard Toggle word wrap

  6. Create a subscription to install the Red Hat Developer Hub Operator: 

    $ cat <<EOF | kubectl apply -n rhdh-operator -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: rhdh
  namespace: rhdh-operator
spec:
  channel: fast
  installPlanApproval: Automatic
  name: rhdh
  source: redhat-catalog
  sourceNamespace: rhdh-operator
  startingCSV: rhdh-operator.v1.7.1
EOF
    Copy to Clipboard Toggle word wrap

  7. To wait until the Operator deployment finishes to be able to run the next step, run: 

    until kubectl -n rhdh-operator get deployment rhdh-operator &>/dev/null; do
  echo -n .
  sleep 3
done
echo "RHDH Operator Deployment created"
    Copy to Clipboard Toggle word wrap

  8. Include your pull secret name in the Operator deployment manifest, to avoid ImagePullBackOff errors: 

    $ kubectl -n rhdh-operator patch deployment \
    rhdh-operator --patch '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"rhdh-pull-secret"}]}}}}' \
    --type=merge
    Copy to Clipboard Toggle word wrap

Verification

  • Verify the deployment name: 

    $ kubectl get deployment -n rhdh-operator
    Copy to Clipboard Toggle word wrap

To configure Red Hat Developer Hub, provision your custom Red Hat Developer Hub config maps and secrets to Google Kubernetes Engine (GKE) before running Red Hat Developer Hub.

Tip

On Red Hat OpenShift Container Platform, you can skip this step to run Developer Hub with the default config map and secret. Your changes on this configuration might get reverted on Developer Hub restart.

Prerequisites

  • By using the Kubernetes CLI ('kubectl'), you have access, with developer permissions, to the Kubernetes cluster aimed at containing your Developer Hub instance.

Procedure

  1. Author your custom <my_product_secrets>.txt file to provision your secrets as environment variables values in a Kubernetes secret, rather than in clear text in your configuration files. It contains one secret per line in KEY=value form.

  2. Author your custom app-config.yaml file. This is the main Developer Hub configuration file. You need a custom app-config.yaml file to avoid the Developer Hub installer to revert user edits during upgrades. When your custom app-config.yaml file is empty, Developer Hub is using default values.

    • To prepare a deployment with the Red Hat Developer Hub Operator on GKE, you can start with an empty file.

    • To prepare a deployment with the Red Hat Developer Hub Helm chart, or on Kubernetes, enter the Developer Hub base URL in the relevant fields in your app-config.yaml file to ensure proper functionality of Developer Hub. The base URL is what a Developer Hub user sees in their browser when accessing Developer Hub. The relevant fields are baseUrl in the app and backend sections, and origin in the backend.cors subsection:

      Example 1.1. Configuring the baseUrl in app-config.yaml

      app:
  title: Red Hat Developer Hub
  baseUrl: https://<my_developer_hub_domain>

backend:
  auth:
    externalAccess:
      - type: legacy
        options:
          subject: legacy-default-config
          secret: "${BACKEND_SECRET}"
  baseUrl: https://<my_developer_hub_domain>
  cors:
    origin: https://<my_developer_hub_domain>
      Copy to Clipboard Toggle word wrap

    • Optionally, enter your configuration such as:

  3. Provision your custom configuration files to your GKE cluster.

    1. Create the <my-rhdh-project> {namespace} aimed at containing your Developer Hub instance. 

      $ oc create namespace my-rhdh-project
      Copy to Clipboard Toggle word wrap

    2. Provision your app-config.yaml file to the my-rhdh-app-config config map in the <my-rhdh-project> project. 

      $ oc create configmap my-rhdh-app-config --from-file=app-config.yaml --namespace=my-rhdh-project
      Copy to Clipboard Toggle word wrap

    3. Provision your <my_product_secrets>.txt file to the <my_product_secrets> secret in the <my-rhdh-project> project. 

      $ oc create secret generic <my_product_secrets> --from-file=<my_product_secrets>.txt --namespace=my-rhdh-project
      Copy to Clipboard Toggle word wrap

Next steps

On Google Kubernetes Engine (GKE), the Red Hat Ecosystem pull-secret is not managed globally. Therefore add your pull-secret in your Red Hat Developer Hub instance namespace.

Prerequisites

  • Your credentials to the Red Hat Container Registry:

    • <redhat_user_name>
    • <redhat_password>
    • <email>
  • You created the {my-rhdh-project} namespace on GKE to host your Developer Hub instance.

Procedure

  1. Create a pull secret using your Red Hat credentials to pull the container images from the protected Red Hat Ecosystem: 

    $ kubectl -n {my-rhdh-namespace} create secret docker-registry my-rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<redhat_user_name> \
    --docker-password=<redhat_password> \
    --docker-email=<email>
    Copy to Clipboard Toggle word wrap

  2. To enable pulling Developer Hub images from the Red Hat Ecosystem Catalog, add the image pull secret in the default service account within the namespace where the Developer Hub instance is being deployed: 

    $ kubectl patch serviceaccount default \
    -p '{"imagePullSecrets": [{"name": "my-rhdh-pull-secret"}]}' \
    -n {my-rhdh-namespace}
    Copy to Clipboard Toggle word wrap

To use the Developer Hub Operator to run Red Hat Developer Hub with your custom configuration, create your Backstage custom resource (CR) that:

  • Mounts files provisioned in your custom config maps.
  • Injects environment variables provisioned in your custom secrets.

Prerequisites

  • By using the Kubernetes CLI ('kubectl'), you have access, with developer permissions, to the GKE cluster aimed at containing your Developer Hub instance.
  • Your administrator has installed the Red Hat Developer Hub Operator in the cluster.
  • You have provisioned your custom config maps and secrets in your <my-rhdh-project> project.

Procedure

  1. Author your Backstage CR in a my-rhdh-custom-resource.yaml file to use your custom config maps and secrets.

    Minimal my-rhdh-custom-resource.yaml custom resource example: 

    apiVersion: rhdh.redhat.com/v1alpha3
kind: Backstage
metadata:
  name: my-rhdh-custom-resource
spec:
  application:
    appConfig:
      mountPath: /opt/app-root/src
      configMaps:
         - name: my-rhdh-app-config
    extraEnvs:
      secrets:
         - name: <my_product_secrets>
    extraFiles:
      mountPath: /opt/app-root/src
    route:
      enabled: true
  database:
    enableLocalDb: true
    Copy to Clipboard Toggle word wrap

    my-rhdh-custom-resource.yaml custom resource example with dynamic plugins and RBAC policies config maps, and external PostgreSQL database secrets: 

    apiVersion: rhdh.redhat.com/v1alpha3
kind: Backstage
metadata:
  name: <my-rhdh-custom-resource>
spec:
  application:
    appConfig:
      mountPath: /opt/app-root/src
      configMaps:
         - name: my-rhdh-app-config
         - name: rbac-policies
    dynamicPluginsConfigMapName: dynamic-plugins-rhdh
    extraEnvs:
      secrets:
         - name: <my_product_secrets>
         - name: my-rhdh-database-secrets
    extraFiles:
      mountPath: /opt/app-root/src
      secrets:
        - name: my-rhdh-database-certificates-secrets
          key: postgres-crt.pem, postgres-ca.pem, postgres-key.key
    route:
      enabled: true
  database:
    enableLocalDb: false
    Copy to Clipboard Toggle word wrap
    Mandatory fields
    No fields are mandatory. You can create an empty Backstage CR and run Developer Hub with the default configuration.
    Optional fields
    spec.application.appConfig.configMaps
    Enter your config map name list.

    Mount files in the my-rhdh-app-config config map: 

    spec:
  application:
    appConfig:
      mountPath: /opt/app-root/src
      configMaps:
         - name: my-rhdh-app-config
    Copy to Clipboard Toggle word wrap

    Mount files in the my-rhdh-app-config and rbac-policies config maps: 

    spec:
  application:
    appConfig:
      mountPath: /opt/app-root/src
      configMaps:
         - name: my-rhdh-app-config
         - name: rbac-policies
    Copy to Clipboard Toggle word wrap
    spec.application.extraEnvs.envs

    Optionally, enter your additional environment variables that are not secrets, such as your proxy environment variables.

    Inject your HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables: 

    spec:
  application:
    extraEnvs:
      envs:
        - name: HTTP_PROXY
          value: 'http://10.10.10.105:3128'
        - name: HTTPS_PROXY
          value: 'http://10.10.10.106:3128'
        - name: NO_PROXY
          value: 'localhost,example.org'
    Copy to Clipboard Toggle word wrap
    spec.application.extraEnvs.secrets

    Enter your environment variables secret name list.

    Inject the environment variables in your Red Hat Developer Hub secret: 

    spec:
  application:
    extraEnvs:
      secrets:
         - name: <my_product_secrets>
    Copy to Clipboard Toggle word wrap

    Inject the environment variables in the Red Hat Developer Hub and my-rhdh-database-secrets secrets: 

    spec:
  application:
    extraEnvs:
      secrets:
         - name: <my_product_secrets>
         - name: my-rhdh-database-secrets
    Copy to Clipboard Toggle word wrap
    Note

    <my_product_secrets> is your preferred Developer Hub secret name, specifying the identifier for your secret configuration within Developer Hub.

    spec.application.extraFiles.secrets

    Enter your certificates files secret name and files list.

    Mount the postgres-crt.pem, postgres-ca.pem, and postgres-key.key files contained in the my-rhdh-database-certificates-secrets secret: 

    spec:
  application:
    extraFiles:
      mountPath: /opt/app-root/src
      secrets:
        - name: my-rhdh-database-certificates-secrets
          key: postgres-crt.pem, postgres-ca.pem, postgres-key.key
    Copy to Clipboard Toggle word wrap
    spec.database.enableLocalDb

    Enable or disable the local PostgreSQL database.

    Disable the local PostgreSQL database generation to use an external postgreSQL database: 

    spec:
  database:
    enableLocalDb: false
    Copy to Clipboard Toggle word wrap

    On a development environment, use the local PostgreSQL database: 

    spec:
  database:
    enableLocalDb: true
    Copy to Clipboard Toggle word wrap
    spec.deployment
    Optionally, enter your deployment configuration.

  2. Apply your Backstage CR to start or update your Developer Hub instance: 

    $ oc apply --filename=my-rhdh-custom-resource.yaml --namespace=my-rhdh-project
    Copy to Clipboard Toggle word wrap

On Google Kubernetes Engine (GKE), to expose your Red Hat Developer Hub instance, Kubernetes ingresses replace OpenShift Container Platform routes. The Red Hat Developer Hub operator does not create ingresses. Therefore, to access your Developer Hub instance via a domain name, create the required ingresses on GKE and point your domain name to it.

Prerequisites

  • You have installed Red Hat Developer Hub by using the Red Hat Developer Hub Operator.
  • You have configured a domain name for your Developer Hub instance.
  • You have reserved a static external Premium IPv4 Global IP address that is not attached to any virtual machine (VM). For more information see Reserve a new static external IP address

  • You have configured the DNS records for your domain name to point to the IP address that has been reserved.

    Note

    You need to create an A record with the value equal to the IP address. This process can take up to one hour to propagate.

Procedure

  1. Create a Google-managed certificate manifest file, named managed-certificate.yaml: 

    apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: my-rhdh-certificate-name
spec:
  domains:
    - <my_developer_hub_domain>
    Copy to Clipboard Toggle word wrap

    For more information about setting up a Google-managed certificate, see Setting up a Google-managed certificate.

  2. Deploy the managed certificate: 

    $ kubectl -n my-rhdh-project apply -f managed-certificate.yaml
    Copy to Clipboard Toggle word wrap

  3. Create a frontend config manifest file, named frontend-config.yaml, to set a policy for redirecting to HTTPS. 

    apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
  name: my-ingress_security_config
spec:
  sslPolicy: gke-ingress-ssl-policy-https
  redirectToHttps:
    enabled: true
    Copy to Clipboard Toggle word wrap

    For more information about setting a policy to redirect to HTTPS, see HTTP to HTTPS redirects.

  4. Deploy the frontend config: 

    $ kubectl -n my-rhdh-project apply -f frontend-config.yaml
    Copy to Clipboard Toggle word wrap

  5. Create an ingress manifest file, named rhdh-ingress.yaml, specifying your Developer Hub service name, and using your managed certificate and your frontend config: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-rhdh-ingress
  annotations:
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.global-static-ip-name: <ADDRESS_NAME>
    networking.gke.io/managed-certificates: my-rhdh-certificate-name
    networking.gke.io/v1beta1.FrontendConfig: my-ingress_security_config
spec:
  ingressClassName: gce
  rules:
    - host: <my_developer_hub_domain>
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: my-rhdh-custom-resource
              port:
                name: http-backend
    Copy to Clipboard Toggle word wrap

  6. Deploy the ingress: 

    $ kubectl -n my-rhdh-project apply -f rhdh-ingress.yaml
    Copy to Clipboard Toggle word wrap

Verification

  • Wait for the ManagedCertificate to be provisioned. This process can take a couple of hours.
  • Access RHDH with https://<my_developer_hub_domain>.

Additional information

For more information on setting up GKE using Ingress with TLS, see Secure GKE Ingress.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat