Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 9. Red Hat Developer Hub integration with Microsoft Azure Kubernetes Service (AKS)

You can integrate Developer Hub with Microsoft Azure Kubernetes Service (AKS), which provides a significant advancement in development, offering a streamlined environment for building, deploying, and managing your applications.

This integration requires the deployment of Developer Hub on AKS using one of the following methods:

The Helm chart
The Red Hat Developer Hub Operator

9.1. Deploying Red Hat Developer Hub on Azure Kubernetes Service (AKS) using the Helm chart

You can deploy your Developer Hub application on Azure Kubernetes Service (AKS) to access a comprehensive solution for building, testing, and deploying applications.

Prerequisites

You have an Azure account with active subscription.
You have installed the Azure CLI.
You have installed the kubectl CLI.
You are logged into your cluster using kubectl, and have developer or admin permissions.
You have installed Helm 3 or the latest.

Comparison of AKS specifics with the base Developer Hub deployment

Permissions issue: Developer Hub containers might encounter permission-related errors, such as Permission denied when attempting certain operations. This error can be addresssed by adjusting the fsGroup in the PodSpec.securityContext.
Ingress configuration: In AKS, configuring ingress is essential for accessing the installed Developer Hub instance. Accessing the Developer Hub instance requires enabling the Routing add-on, an NGINX-based Ingress Controller, using the following command:
```
az aks approuting enable --resource-group <your_ResourceGroup> --name <your_ClusterName>
```
Tip
You might need to install the Azure CLI extension aks-preview. If the extension is not installed automatically, you might need to install it manually using the following command:
```
az extension add --upgrade -n aks-preview --allow-preview true
```
Note
After you install the Ingress Controller, the app-routing-system namespace with the Ingress Controller will be deployed in your cluster. Note the address of your Developer Hub application from the installed Ingress Controller (for example, 108.141.70.228) for later access to the Developer Hub application, later referenced as <app_address>.
```
kubectl get svc nginx --namespace app-routing-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
```
Namespace management: You can create a dedicated namespace for Developer Hub deployment in AKS using the following command:
```
kubectl create namespace <your_namespace>
```

Procedure

Log in to AKS by running the following command:
```
az login [--tenant=<optional_directory_name>]
```
Create a resource group by running the following command:
```
az group create --name <resource_group_name> --location <location>
```
Tip
You can list available regions by running the following command:
```
az account list-locations -o table
```

Create an AKS cluster by running the following command:

az aks create \
--resource-group <resource_group_name> \
--name <cluster_name> \
--enable-managed-identity \
--generate-ssh-keys

You can refer to --help for additional options.

Connect to your cluster by running the following command:
```
az aks get-credentials --resource-group <resource_group_name> --name <cluster_name>
```
The previous command configures the Kubernetes client and sets the current context in the kubeconfig to point to your AKS cluster.
Open terminal and run the following command to add the Helm chart repository:
```
helm repo add openshift-helm-charts https://charts.openshift.io/
```

Create and activate the <rhdh> namespace:

DEPLOYMENT_NAME=<redhat-developer-hub>
NAMESPACE=<rhdh>
kubectl create namespace ${NAMESPACE}
kubectl config set-context --current --namespace=${NAMESPACE}

Create a pull secret, which is used to pull the Developer Hub images from the Red Hat Ecosystem, by running the following command:

kubectl -n $NAMESPACE create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<redhat_user_name> \
    --docker-password=<redhat_password> \
    --docker-email=<email>

Create a file named values.yaml using the following template:

global:
  host: <app_address>
route:
  enabled: false
upstream:
  ingress:
    enabled: true
    className: webapprouting.kubernetes.azure.com
    host:
  backstage:
    image:
      pullSecrets:
        - rhdh-pull-secret
    podSecurityContext:
      fsGroup: 3000
  postgresql:
    image:
      pullSecrets:
        - rhdh-pull-secret
    primary:
      podSecurityContext:
        enabled: true
        fsGroup: 3000
  volumePermissions:
    enabled: true

To install Developer Hub by using the Helm chart, run the following command:

helm -n $NAMESPACE install -f values.yaml $DEPLOYMENT_NAME openshift-helm-charts/redhat-developer-hub --version 1.2.1

Verify the deployment status:

kubectl get deploy $DEPLOYMENT_NAME -n $NAMESPACE

Configure your Developer Hub Helm chart instance with the Developer Hub database password and router base URL values from your cluster:

PASSWORD=$(kubectl get secret redhat-developer-hub-postgresql -o jsonpath="{.data.password}" | base64 -d)
CLUSTER_ROUTER_BASE=$(kubectl get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
helm upgrade $DEPLOYMENT_NAME -i "https://github.com/openshift-helm-charts/charts/releases/download/redhat-redhat-developer-hub-1.2.1/redhat-developer-hub-1.2.1.tgz" \
    --set global.clusterRouterBase="$CLUSTER_ROUTER_BASE" \
    --set global.postgresql.auth.password="$PASSWORD"

Display the running Developer Hub instance URL, by running the following command:
```
echo "https://$DEPLOYMENT_NAME-$NAMESPACE.$CLUSTER_ROUTER_BASE"
```

Verification

Open the running Developer Hub instance URL in your browser to use Developer Hub.

Upgrade

To upgrade the deployment, run the following command:

helm upgrade $DEPLOYMENT_NAME -i https://github.com/openshift-helm-charts/charts/releases/download/redhat-redhat-developer-hub-1.2.1/redhat-developer-hub-1.2.1.tgz

Delete

To delete the deployment, run the following command:
```
helm -n $NAMESPACE delete $DEPLOYMENT_NAME
```

9.2. Deploying the Red Hat Developer Hub on Azure Kubernetes Service (AKS) using the Operator

You can deploy your Developer Hub on AKS using the Red Hat Developer Hub Operator.

Prerequisites

You have an Azure account with active subscription.
You have installed the Azure CLI.
You have installed the kubectl CLI.
You are logged into your cluster using kubectl, and have developer or admin permissions.
You have installed Helm 3 or the latest.

Comparison of AKS specifics with the base Developer Hub deployment

Permissions issue: Developer Hub containers might encounter permission-related errors, such as Permission denied when attempting certain operations. This error can be addresssed by adjusting the fsGroup in the PodSpec.securityContext.
Ingress configuration: In AKS, configuring ingress is essential for accessing the installed Developer Hub instance. Accessing the Developer Hub instance requires enabling the Routing add-on, an NGINX-based Ingress Controller, using the following command:
```
az aks approuting enable --resource-group <your_ResourceGroup> --name <your_ClusterName>
```
Tip
You might need to install the Azure CLI extension aks-preview. If the extension is not installed automatically, you might need to install it manually using the following command:
```
az extension add --upgrade -n aks-preview --allow-preview true
```
Note
After you install the Ingress Controller, the app-routing-system namespace with the Ingress Controller will be deployed in your cluster. Note the address of your Developer Hub application from the installed Ingress Controller (for example, 108.141.70.228) for later access to the Developer Hub application, later referenced as <app_address>.
```
kubectl get svc nginx --namespace app-routing-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
```
Namespace management: You can create a dedicated namespace for Developer Hub deployment in AKS using the following command:
```
kubectl create namespace <your_namespace>
```

Procedure

Log in to AKS by running the following command:
```
az login [--tenant=<optional_directory_name>]
```
Create a resource group by running the following command:
```
az group create --name <resource_group_name> --location <location>
```
Tip
You can list available regions by running the following command:
```
az account list-locations -o table
```

Create an AKS cluster by running the following command:

az aks create \
--resource-group <resource_group_name> \
--name <cluster_name> \
--enable-managed-identity \
--generate-ssh-keys

You can refer to --help for additional options.

Connect to your cluster by running the following command:
```
az aks get-credentials --resource-group <resource_group_name> --name <cluster_name>
```
The previous command configures the Kubernetes client and sets the current context in the kubeconfig to point to your AKS cluster.
Obtain the Red Hat Developer Hub Operator manifest file, named rhdh-operator-<VERSION>.yaml, and modify the default configuration of db-statefulset.yaml and deployment.yaml by adding the following fragment:
```
securityContext:
  fsGroup: 300
```
Following is the specified locations in the manifests:
```
db-statefulset.yaml: | spec.template.spec
deployment.yaml: | spec.template.spec
```
Apply the modified Operator manifest to your Kubernetes cluster:
```
kubectl apply -f rhdh-operator-<VERSION>.yaml
```
Note
Execution of the previous command is cluster-scoped and requires appropriate cluster privileges.

Create an ImagePull Secret named rhdh-pull-secret using your Red Hat credentials to access images from the protected registry.redhat.io as shown in the following example:

kubectl -n <your_namespace> create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<redhat_user_name> \
    --docker-password=<redhat_password> \
    --docker-email=<email>

Create an Ingress manifest file, named rhdh-ingress.yaml, specifying your Developer Hub service name as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rhdh-ingress
  namespace: <your_namespace>
spec:
  ingressClassName: webapprouting.kubernetes.azure.com
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: backstage-<your-CR-name>
                port:
                  name: http-backend

To deploy the created Ingress, run the following command:
```
kubectl -n <your_namespace> apply -f rhdh-ingress.yaml
```

Create a ConfigMap named app-config-rhdh containing the Developer Hub configuration using the following example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config-rhdh
data:
  "app-config-rhdh.yaml": |
    app:
      title: Red Hat Developer Hub
      baseUrl: https://<app_address>
    backend:
      auth:
        keys:
          - secret: "${BACKEND_SECRET}"
      baseUrl: https://<app_address>
      cors:
        origin: https://<app_address>

Create a Secret named secrets-rhdh and add a key named BACKEND_SECRET with a Base64-encoded string value as shown in the following example:
```
apiVersion: v1
kind: Secret
metadata:
  name: secrets-rhdh
stringData:
  BACKEND_SECRET: "xxx"
```

Create a Custom Resource (CR) manifest file named rhdh.yaml and include the previously created rhdh-pull-secret as follows:

apiVersion: rhdh.redhat.com/v1alpha1
kind: Backstage
metadata:
  name: <your-rhdh-cr>
spec:
  application:
    imagePullSecrets:
      - rhdh-pull-secret
    appConfig:
      configMaps:
        - name: "app-config-rhdh"
    extraEnvs:
      secrets:
        - name: "secrets-rhdh"

Apply the CR manifest to your namespace:

kubectl -n <your_namespace> apply -f rhdh.yaml

Access the deployed Developer Hub using the URL: https://<app_address>, where <app_address> is the Ingress address obtained earlier (for example, https://108.141.70.228).
Optional: To delete the CR, run the following command:
```
kubectl -n <your_namespace> delete -f rhdh.yaml
```

9.3. Monitoring and logging with Azure Kubernetes Services (AKS) in Red Hat Developer Hub

Monitoring and logging are integral aspects of managing and maintaining Azure Kubernetes Services (AKS) in Red Hat Developer Hub. With features like Managed Prometheus Monitoring and Azure Monitor integration, administrators can efficiently monitor resource utilization, diagnose issues, and ensure the reliability of their containerized workloads.

To enable Managed Prometheus Monitoring, use the -enable-azure-monitor-metrics option within either the az aks create or az aks update command, depending on whether you’re creating a new cluster or updating an existing one, such as:

az aks create/update --resource-group <your-ResourceGroup> --name <your-Cluster> --enable-azure-monitor-metrics

The previous command installs the metrics add-on, which gathers Prometheus metrics. Using the previous command, you can enable monitoring of Azure resources through both native Azure Monitor metrics and Prometheus metrics. You can also view the results in the portal under Monitoring Insights. For more information, see Monitor Azure resources with Azure Monitor.

Furthermore, metrics from both the Managed Prometheus service and Azure Monitor can be accessed through Azure Managed Grafana service. For more information, see Link a Grafana workspace section.

By default, Prometheus uses the minimum ingesting profile, which optimizes ingestion volume and sets default configurations for scrape frequency, targets, and metrics collected. The default settings can be customized through custom configuration. Azure offers various methods, including using different ConfigMaps, to provide scrape configuration and other metric add-on settings. For more information about default configuration, see Default Prometheus metrics configuration in Azure Monitor and Customize scraping of Prometheus metrics in Azure Monitor managed service for Prometheus documentation.

9.3.1. Viewing logs with Azure Kubernetes Services (AKS)

You can access live data logs generated by Kubernetes objects and collect log data in Container Insights within AKS.

Prerequisites

You have deployed Developer Hub on AKS. For more information, see Section 9.1, “Deploying Red Hat Developer Hub on Azure Kubernetes Service (AKS) using the Helm chart”.

Procedure

View live logs from your Developer Hub instance

Navigate to the Azure Portal.
Search for the resource group <your-ResourceGroup> and locate your AKS cluster <your-Cluster>.
Select Kubernetes resources Workloads from the menu.
Select the <your-rhdh-cr>-developer-hub (in case of Helm Chart installation) or <your-rhdh-cr>-backstage (in case of Operator-backed installation) deployment.
Click Live Logs in the left menu.
Select the pod.
Note
There must be only single pod.

Live log data is collected and displayed.

View real-time log data from the Container Engine

Navigate to the Azure Portal.
Search for the resource group <your-ResourceGroup> and locate your AKS cluster <your-Cluster>.
Select Monitoring Insights from the menu.
Go to the Containers tab.
Find the backend-backstage container and click it to view real-time log data as it’s generated by the Container Engine.

9.4. Using Microsoft Azure as an authentication provider in Red Hat Developer Hub

The core-plugin-api package in Developer Hub comes integrated with Microsoft Azure authentication provider, authenticating signing in using Azure OAuth.

Prerequisites

You have deployed Developer Hub on AKS. For more information, see Section 9.1, “Deploying Red Hat Developer Hub on Azure Kubernetes Service (AKS) using the Helm chart”.
You have created registered your application in Azure portal. For more information, see Register an application with the Microsoft identity platform.

9.4.1. Using Microsoft Azure as an authentication provider in Helm deployment

You can use Microsoft Azure as an authentication provider in Red Hat Developer Hub, when installed using the Helm Chart. For more information, see Section 9.1, “Deploying Red Hat Developer Hub on Azure Kubernetes Service (AKS) using the Helm chart”.

Procedure

After the application is registered, note down the following:
- clientId: Application (client) ID, found under App Registration Overview.
- clientSecret: Secret, found under *App Registration Certificates & secrets (create new if needed).
- tenantId: Directory (tenant) ID, found under App Registration Overview.

Ensure the following fragment is included in your Developer Hub ConfigMap:

auth:
  environment: production
  providers:
    microsoft:
      production:
        clientId: ${AZURE_CLIENT_ID}
        clientSecret: ${AZURE_CLIENT_SECRET}
        tenantId: ${AZURE_TENANT_ID}
        domainHint: ${AZURE_TENANT_ID}
        additionalScopes:
          - Mail.Send

You can either create a new file or add it to an existing one.

Apply the ConfigMap to your Kubernetes cluster:

kubectl -n <your_namespace> apply -f <app-config>.yaml

Create or reuse an existing Secret containing Azure credentials and add the following fragment:

stringData:
  AZURE_CLIENT_ID: <value-of-clientId>
  AZURE_CLIENT_SECRET: <value-of-clientSecret>
  AZURE_TENANT_ID: <value-of-tenantId>

Apply the secret to your Kubernetes cluster:

kubectl -n <your_namespace> apply -f <azure-secrets>.yaml

Ensure your values.yaml file references the previously created ConfigMap and Secret:

upstream:
  backstage:
  ...
    extraAppConfig:
      - filename: ...
        configMapRef: <app-config-containing-azure>
    extraEnvVarsSecrets:
      - <secret-containing-azure>

Optional: If the Helm Chart is already installed, upgrade it:

helm -n <your_namespace> upgrade -f <your-values.yaml> <your_deploy_name> redhat-developer/backstage --version 1.2.1

Optional: If your rhdh.yaml file is not changed, for example, you only updated the ConfigMap and Secret referenced from it, refresh your Developer Hub deployment by removing the corresponding pods:
```
kubectl -n <your_namespace> delete pods -l backstage.io/app=backstage-<your-rhdh-cr>
```

9.4.2. Using Microsoft Azure as an authentication provider in Operator-backed deployment

You can use Microsoft Azure as an authentication provider in Red Hat Developer Hub, when installed using the Operator. For more information, see Section 2.2, “Deploying Red Hat Developer Hub on OpenShift Container Platform using the Operator”.

Procedure

After the application is registered, note down the following:
- clientId: Application (client) ID, found under App Registration Overview.
- clientSecret: Secret, found under *App Registration Certificates & secrets (create new if needed).
- tenantId: Directory (tenant) ID, found under App Registration Overview.

Ensure the following fragment is included in your Developer Hub ConfigMap:

auth:
  environment: production
  providers:
    microsoft:
      production:
        clientId: ${AZURE_CLIENT_ID}
        clientSecret: ${AZURE_CLIENT_SECRET}
        tenantId: ${AZURE_TENANT_ID}
        domainHint: ${AZURE_TENANT_ID}
        additionalScopes:
          - Mail.Send

You can either create a new file or add it to an existing one.

Apply the ConfigMap to your Kubernetes cluster:

kubectl -n <your_namespace> apply -f <app-config>.yaml

Create or reuse an existing Secret containing Azure credentials and add the following fragment:

stringData:
  AZURE_CLIENT_ID: <value-of-clientId>
  AZURE_CLIENT_SECRET: <value-of-clientSecret>
  AZURE_TENANT_ID: <value-of-tenantId>

Apply the secret to your Kubernetes cluster:

kubectl -n <your_namespace> apply -f <azure-secrets>.yaml

Ensure your Custom Resource manifest contains references to the previously created ConfigMap and Secret:

apiVersion: rhdh.redhat.com/v1alpha1
kind: Backstage
metadata:
  name: <your-rhdh-cr>
spec:
  application:
    imagePullSecrets:
    - rhdh-pull-secret
    route:
      enabled: false
    appConfig:
      configMaps:
        - name: <app-config-containing-azure>
    extraEnvs:
      secrets:
        - name: <secret-containing-azure>

Apply your Custom Resource manifest:

kubectl -n <your_namespace> apply -f rhdh.yaml

Optional: If your rhdh.yaml file is not changed, for example, you only updated the ConfigMap and Secret referenced from it, refresh your Developer Hub deployment by removing the corresponding pods:
```
kubectl -n <your_namespace> delete pods -l backstage.io/app=backstage-<your-rhdh-cr>
```

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 9. Red Hat Developer Hub integration with Microsoft Azure Kubernetes Service (AKS)

9.1. Deploying Red Hat Developer Hub on Azure Kubernetes Service (AKS) using the Helm chart

9.2. Deploying the Red Hat Developer Hub on Azure Kubernetes Service (AKS) using the Operator

9.3. Monitoring and logging with Azure Kubernetes Services (AKS) in Red Hat Developer Hub

9.3.1. Viewing logs with Azure Kubernetes Services (AKS)

9.4. Using Microsoft Azure as an authentication provider in Red Hat Developer Hub

9.4.1. Using Microsoft Azure as an authentication provider in Helm deployment

9.4.2. Using Microsoft Azure as an authentication provider in Operator-backed deployment

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Rendre l’open source plus inclusif

À propos de Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links