Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 2. Install plugins from OCI registries by using custom certificates

In RHDH, you can install OCI plugins stored in an internal OCI artifact registry served over HTTPS with customer CA certificates, for example:

Example configuration in dynamic-plugins.yaml file

includes:
- dynamic-plugins.default.yaml

plugins:
- disabled: false
  package: oci://reg.example.com:5000/myplugin:v0.0.1!backstage-plugin-myplugin
Copy to Clipboard Toggle word wrap

Prerequisites

  • You have a corporate CA bundle or a set of custom container-registry TLS certificates that the system should trust.

    Note

    You can create a CA bundle from a set of CA certificates manually, by concatenating them into a single file, as follows: 

    # Concatenate CA certificates
cat registry.crt intermediate.crt corporate-root.crt > ca-bundle.crt

# Validate
openssl verify -CAfile ca-bundle.crt registry.crt
    Copy to Clipboard Toggle word wrap

2.1. Installing plugins from OCI plugins by using per-registry TLS configuration
링크 복사

Procedure

  1. Create a ConfigMap from the CA certificate in the namespace where you are deploying your RHDH instance: 

    oc create configmap registry-ca-crt --from-file=ca.crt
    Copy to Clipboard Toggle word wrap

  2. Mount the CA certificate ConfigMap into your RHDH configuration:

    1. For a Helm chart installation, update your Helm chart configuration file, as follows: 

      upstream:
  backstage:
    extraVolumes:
      # IMPORTANT: Due to a Helm limitation with arrays, you must also
      # include all the volumes defined in the default Helm Chart
      # before adding the new one
      # ...
      - name: registry-ca-crt
        configMap:
          name: registry-ca-crt

    initContainers:
      - name: install-dynamic-plugins
        # IMPORTANT: Due to a Helm limitation with arrays, you must also
        # include all the other fields defined in the default Helm Chart
        # ...

        volumeMounts:
          # IMPORTANT: Due to a Helm limitation with arrays, you must also
          # include all the volume mounts defined in the default Helm Chart
          # before adding the new one
          # ...
          - name: registry-ca-crt
            # Hostname and port must match your target registry
            mountPath: '/etc/containers/certs.d/reg.example.com:5000'
      Copy to Clipboard Toggle word wrap

    2. For Operator-based installations, update your Backstage Custom Resource (CR), as follows: 

      spec:
  application:
    extraFiles:
      configMaps:
        - name: registry-ca-crt
          # Hostname and port must match your target registry
          mountPath: '/etc/containers/certs.d/reg.example.com:5000'
          containers:
            - install-dynamic-plugins
      Copy to Clipboard Toggle word wrap

2.2. Installing plugins from OCI plugins by mounting the CA bundle
링크 복사

Procedure

  1. Create a ConfigMap from the CA bundle in the namespace where you are deploying your RHDH instance: 

    oc create configmap registry-ca-bundle --from-file=ca-bundle.crt
    Copy to Clipboard Toggle word wrap

  2. Mount the CA bundle ConfigMap into your RHDH configuration

    1. For a Helm chart installation, update your Helm chart configuration file, as follows: 

      upstream:
  backstage:
    extraVolumes:
      # IMPORTANT: Due to a Helm limitation with arrays, you must also
      # include all the volumes defined in the default Helm Chart
      # before adding the new one
      # ...
      - name: registry-ca-bundle
        configMap:
          name: registry-ca-bundle

    initContainers:
      - name: install-dynamic-plugins
        # IMPORTANT: Due to a Helm limitation with arrays, you must also
        # include all the other fields defined in the default Helm Chart
        # ...

        volumeMounts:
          # IMPORTANT: Due to a Helm limitation with arrays, you must also
          # include all the volume mounts defined in the default Helm Chart
          # before adding the new one
          # ...
          - name: registry-ca-bundle
            mountPath: /etc/pki/tls/certs/
      Copy to Clipboard Toggle word wrap

    2. For Operator-based installations, update your Backstage Custom Resource (CR), as follows: 

      spec:
  application:
    extraFiles:
      configMaps:
        - name: registry-ca-bundle
          mountPath: /etc/pki/tls/certs/
          containers:
            # Note: Set to "*" instead if you want to mount it in all containers
            - install-dynamic-plugins
      Copy to Clipboard Toggle word wrap

2.3. Installing plugins from OCI plugins in OpenShift
링크 복사

Prerequisites

  • Your cluster administrator must add the trusted corporate CA bundle to the cluster-wide configuration. For more information, see Security and compliance in the OpenShift Container Platform documentation.

Procedure

  1. Create an empty ConfigMap in the namespace where you are deploying your RHDH instance. You must add the config.openshift.io/inject-trusted-cabundle label to your ConfigMap, as follows: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: trusted-ca
  labels:
    config.openshift.io/inject-trusted-cabundle: "true"
    Copy to Clipboard Toggle word wrap

  2. Wait for the trusted CA bundle to be injected into the ConfigMap. You can verify with the following command: 

    oc get cm trusted-ca
    Copy to Clipboard Toggle word wrap

    You should see a block of certificates under the ca-bundle.crt key.

  3. Mount the ConfigMap into the /etc/pki/ca-trust/extracted/pem path of the RHDH init container.

    1. For a Helm chart installation, update your Helm chart configuration file, as follows: 

      upstream:
  backstage:
    extraVolumes:
      # IMPORTANT: Due to a Helm limitation with arrays, you must also
      # include all the volumes defined in the default Helm Chart
      # before adding the new one
      # ...
      - name: trusted-ca
        configMap:
          name: trusted-ca

    initContainers:
      - name: install-dynamic-plugins
        # IMPORTANT: Due to a Helm limitation with arrays, you must also
        # include all the other fields defined in the default Helm Chart
        # ...

        volumeMounts:
          # IMPORTANT: Due to a Helm limitation with arrays, you must also
          # include all the volume mounts defined in the default Helm Chart
          # before adding the new one
          # ...
          - name: trusted-ca
            mountPath: /etc/pki/ca-trust/extracted/pem
      Copy to Clipboard Toggle word wrap

    2. For Operator-based installations, update your Backstage Custom Resource (CR), as follows: 

      spec:
  application:
    extraFiles:
      configMaps:
        - name: trusted-ca
          mountPath: /etc/pki/ca-trust/extracted/pem
          containers:
            # Note: Set to "*" instead if you want to mount it in all containers
            - install-dynamic-plugins
      Copy to Clipboard Toggle word wrap
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat맨 위로 이동