Chapter 1. Installing Developer Hub on Microsoft Azure Kubernetes Service (AKS) by using the Operator

Procedure

1. Create the rhdh-operator namespace to contain the Red Hat Developer Hub Operator:

   $ kubectl create namespace rhdh-operator

   Copy to Clipboard Toggle word wrap

2. Create a pull secret using your Red Hat credentials to pull the container images from the protected Red Hat Ecosystem:

   $ kubectl -n rhdh-operator create secret docker-registry rhdh-pull-secret \
       --docker-server=registry.redhat.io \
       --docker-username=<redhat_user_name> \
       --docker-password=<redhat_password> \
       --docker-email=<email>

   Copy to Clipboard Toggle word wrap

3. Create a catalog source that contains the Red Hat Ecosystem Operators:

   $ cat <<EOF | kubectl -n rhdh-operator apply -f -
   apiVersion: operators.coreos.com/v1alpha1
   kind: CatalogSource
   metadata:
     name: redhat-catalog
   spec:
     sourceType: grpc
     image: registry.redhat.io/redhat/redhat-operator-index:v4.19
     secrets:
     - "rhdh-pull-secret"
     displayName: Red Hat Operators
   EOF

   Copy to Clipboard Toggle word wrap

4. Create an operator group to manage your operator subscriptions:

   $ cat <<EOF | kubectl apply -n rhdh-operator -f -
   apiVersion: operators.coreos.com/v1
   kind: OperatorGroup
   metadata:
     name: rhdh-operator-group
   EOF

   Copy to Clipboard Toggle word wrap

5. Create a subscription to install the Red Hat Developer Hub Operator:

   $ cat <<EOF | kubectl apply -n rhdh-operator -f -
   apiVersion: operators.coreos.com/v1alpha1
   kind: Subscription
   metadata:
     name: rhdh
     namespace: rhdh-operator
   spec:
     channel: fast
     installPlanApproval: Automatic
     name: rhdh
     source: redhat-catalog
     sourceNamespace: rhdh-operator
     startingCSV: rhdh-operator.v1.7.2
   EOF

   Copy to Clipboard Toggle word wrap

6. To wait until the Operator deployment finishes to be able to run the next step, run:

   until kubectl -n rhdh-operator get deployment rhdh-operator &>/dev/null; do
     echo -n .
     sleep 3
   done
   echo "RHDH Operator Deployment created"

   Copy to Clipboard Toggle word wrap

7. Include your pull secret name in the Operator deployment manifest, to avoid ImagePullBackOff errors:

   $ kubectl -n rhdh-operator patch deployment \
       rhdh-operator --patch '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"rhdh-pull-secret"}]}}}}' \
       --type=merge

   Copy to Clipboard Toggle word wrap

Procedure

1. Author your custom <my_product_secrets>.txt file to provision your secrets as environment variables values in a Kubernetes secret, rather than in clear text in your configuration files. It contains one secret per line in KEY=value form.

   • Enter your authentication secrets.

2. Author your custom app-config.yaml file. This is the main Developer Hub configuration file. You need a custom app-config.yaml file to avoid the Developer Hub installer to revert user edits during upgrades. When your custom app-config.yaml file is empty, Developer Hub is using default values.

   • To prepare a deployment with the Red Hat Developer Hub Operator on AKS, you can start with an empty file.

   • To prepare a deployment with the Red Hat Developer Hub Helm chart, or on Kubernetes, enter the Developer Hub base URL in the relevant fields in your app-config.yaml file to ensure proper functionality of Developer Hub. The base URL is what a Developer Hub user sees in their browser when accessing Developer Hub. The relevant fields are baseUrl in the app and backend sections, and origin in the backend.cors subsection:

     Example 1.1. Configuring the baseUrl in app-config.yaml

     app:
       title: Red Hat Developer Hub
       baseUrl: https://<my_developer_hub_domain>
     
     backend:
       auth:
         externalAccess:
           - type: legacy
             options:
               subject: legacy-default-config
               secret: "${BACKEND_SECRET}"
       baseUrl: https://<my_developer_hub_domain>
       cors:
         origin: https://<my_developer_hub_domain>

     Copy to Clipboard Toggle word wrap

   • Optionally, enter your configuration such as:

     • Authentication in Red Hat Developer Hub.
     • Authorization in Red Hat Developer Hub.
     • Customization.

3. Provision your custom configuration files to your AKS cluster.

   1. Create the <my-rhdh-project> {namespace} aimed at containing your Developer Hub instance.

      $ oc create namespace my-rhdh-project

      Copy to Clipboard Toggle word wrap

   2. Provision your app-config.yaml file to the my-rhdh-app-config config map in the <my-rhdh-project> project.

      $ oc create configmap my-rhdh-app-config --from-file=app-config.yaml --namespace=my-rhdh-project

      Copy to Clipboard Toggle word wrap

   3. Provision your <my_product_secrets>.txt file to the <my_product_secrets> secret in the <my-rhdh-project> project.

      $ oc create secret generic <my_product_secrets> --from-file=<my_product_secrets>.txt --namespace=my-rhdh-project

      Copy to Clipboard Toggle word wrap

Procedure

1. Create a pull secret using your Red Hat credentials to pull the container images from the protected Red Hat Ecosystem:

   $ kubectl -n {my-rhdh-namespace} create secret docker-registry my-rhdh-pull-secret \
       --docker-server=registry.redhat.io \
       --docker-username=<redhat_user_name> \
       --docker-password=<redhat_password> \
       --docker-email=<email>

   Copy to Clipboard Toggle word wrap

2. To enable pulling Developer Hub images from the Red Hat Ecosystem Catalog, add the image pull secret in the default service account within the namespace where the Developer Hub instance is being deployed:

   $ kubectl patch serviceaccount default \
       -p '{"imagePullSecrets": [{"name": "my-rhdh-pull-secret"}]}' \
       -n {my-rhdh-namespace}

   Copy to Clipboard Toggle word wrap

Procedure

1. Author your Backstage CR in a my-rhdh-custom-resource.yaml file to use your custom config maps and secrets.

   Minimal my-rhdh-custom-resource.yaml custom resource example:

   apiVersion: rhdh.redhat.com/v1alpha3
   kind: Backstage
   metadata:
     name: my-rhdh-custom-resource
   spec:
     application:
       appConfig:
         mountPath: /opt/app-root/src
         configMaps:
            - name: my-rhdh-app-config
       extraEnvs:
         secrets:
            - name: <my_product_secrets>
       extraFiles:
         mountPath: /opt/app-root/src
       route:
         enabled: true
     database:
       enableLocalDb: true

   Copy to Clipboard Toggle word wrap

   my-rhdh-custom-resource.yaml custom resource example with dynamic plugins and RBAC policies config maps, and external PostgreSQL database secrets:

   apiVersion: rhdh.redhat.com/v1alpha3
   kind: Backstage
   metadata:
     name: <my-rhdh-custom-resource>
   spec:
     application:
       appConfig:
         mountPath: /opt/app-root/src
         configMaps:
            - name: my-rhdh-app-config
            - name: rbac-policies
       dynamicPluginsConfigMapName: dynamic-plugins-rhdh
       extraEnvs:
         secrets:
            - name: <my_product_secrets>
            - name: my-rhdh-database-secrets
       extraFiles:
         mountPath: /opt/app-root/src
         secrets:
           - name: my-rhdh-database-certificates-secrets
             key: postgres-crt.pem, postgres-ca.pem, postgres-key.key
       route:
         enabled: true
     database:
       enableLocalDb: false

   Copy to Clipboard Toggle word wrap

   Mandatory fields

   No fields are mandatory. You can create an empty Backstage CR and run Developer Hub with the default configuration.

   Optional fields

   spec.application.appConfig.configMaps

   Enter your config map name list.

   Mount files in the my-rhdh-app-config config map:

   spec:
     application:
       appConfig:
         mountPath: /opt/app-root/src
         configMaps:
            - name: my-rhdh-app-config

   Copy to Clipboard Toggle word wrap

   Mount files in the my-rhdh-app-config and rbac-policies config maps:

   spec:
     application:
       appConfig:
         mountPath: /opt/app-root/src
         configMaps:
            - name: my-rhdh-app-config
            - name: rbac-policies

   Copy to Clipboard Toggle word wrap

   spec.application.extraEnvs.envs

   Optionally, enter your additional environment variables that are not secrets, such as your proxy environment variables.

   Inject your HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables:

   spec:
     application:
       extraEnvs:
         envs:
           - name: HTTP_PROXY
             value: 'http://10.10.10.105:3128'
           - name: HTTPS_PROXY
             value: 'http://10.10.10.106:3128'
           - name: NO_PROXY
             value: 'localhost,example.org'

   Copy to Clipboard Toggle word wrap

   spec.application.extraEnvs.secrets

   Enter your environment variables secret name list.

   Inject the environment variables in your Red Hat Developer Hub secret:

   spec:
     application:
       extraEnvs:
         secrets:
            - name: <my_product_secrets>

   Copy to Clipboard Toggle word wrap

   Inject the environment variables in the Red Hat Developer Hub and my-rhdh-database-secrets secrets:

   spec:
     application:
       extraEnvs:
         secrets:
            - name: <my_product_secrets>
            - name: my-rhdh-database-secrets

   Copy to Clipboard Toggle word wrap

   Note

   <my_product_secrets> is your preferred Developer Hub secret name, specifying the identifier for your secret configuration within Developer Hub.

   spec.application.extraFiles.secrets

   Enter your certificates files secret name and files list.

   Mount the postgres-crt.pem, postgres-ca.pem, and postgres-key.key files contained in the my-rhdh-database-certificates-secrets secret:

   spec:
     application:
       extraFiles:
         mountPath: /opt/app-root/src
         secrets:
           - name: my-rhdh-database-certificates-secrets
             key: postgres-crt.pem, postgres-ca.pem, postgres-key.key

   Copy to Clipboard Toggle word wrap

   spec.database.enableLocalDb

   Enable or disable the local PostgreSQL database.

   Disable the local PostgreSQL database generation to use an external postgreSQL database:

   spec:
     database:
       enableLocalDb: false

   Copy to Clipboard Toggle word wrap

   On a development environment, use the local PostgreSQL database:

   spec:
     database:
       enableLocalDb: true

   Copy to Clipboard Toggle word wrap

   spec.deployment

   Optionally, enter your deployment configuration.

2. Apply your Backstage CR to start or update your Developer Hub instance:

   $ oc apply --filename=my-rhdh-custom-resource.yaml --namespace=my-rhdh-project

   Copy to Clipboard Toggle word wrap

Procedure

1. Create an Ingress manifest file, named rhdh-ingress.yaml, specifying your Developer Hub service name as follows:

   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: my-rhdh-ingress
     namespace: my-rhdh-project
   spec:
     ingressClassName: webapprouting.kubernetes.azure.com
     rules:
       - http:
           paths:
             - path: /
               pathType: Prefix
               backend:
                 service:
                   name: my-rhdh-custom-resource
                   port:
                     name: http-backend

   Copy to Clipboard Toggle word wrap

2. To deploy the created Ingress, run the following command:

   $ kubectl -n my-rhdh-project apply -f rhdh-ingress.yaml

   Copy to Clipboard Toggle word wrap

Verification

1. Access the deployed Developer Hub using the URL: https://<app_address>, where <app_address> is the Ingress address obtained earlier (for example, https://108.141.70.228).